Sudo
GitHub Blog Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

ChangeLog

2022-12-08  Todd C. Miller

	* Makefile.in:
	Only build ChangeLog from a repo checkout, not a release tarball.
	The CODEOWNERS file is not present in the release tarball so we can
	use that when determining what is (or is not) a repo checkout.
	[290ce43f0f66] [tip]

	* docs/CODEOWNERS:
	Add CODEOWNERS file, currently all owned by @millert.
	[3becb02b5cd6]

	* .gitignore, .hgignore, Makefile.in:
	Only regenerate ChangeLog if there have been changes. Also check
	that "hg --version" or "git --version" works before using hg or git.
	Bug #1043.
	[d9a28bb02621]

2022-12-07  Todd C. Miller

	* plugins/sudoers/parse.c:
	Fix potential crash introduced in the fix for GitHub issue #134. If
	a user's sudoers entry did not have any RunAs user's set, running
	"sudo -U otheruser -l" would dereference a NULL pointer. We need to
	compare the default RunAs user if the sudoers entry does not specify
	one explicitly. Problem reported by Andreas Mueller who also
	suggested a different solution in PR #219.
	[3d12dfeef26b]

	* scripts/build_pkgs:
	Defer installing the SIGCHLD handler until after non-job commands
	run. Lock the socket dir to avoid races in
	open_persistent_connection(). Also avoid using "ssh -f" since that
	may return before the socket is created. Strip carriage returns from
	log when running in a pty.
	[d0da1a261fbc]

2022-12-06  Todd C. Miller

	* configure, m4/sudo.m4:
	Fix a typo in SUDO_CHECK_NET_FUNC.
	[08cb2ba84897]

	* lib/util/inet_ntop.c:
	Fix -Wsign-compare warning.
	[45e2716ece56]

	* configure, m4/sudo.m4:
	Initialize "found" in SUDO_CHECK_NET_FUNC.
	[a5daeb77e6bb]

	* configure, m4/sudo.m4:
	Fix pasto introduced in last commit.
	[7e1b09977be3]

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
	src/Makefile.in:
	Fix failure in check targets when there is no UTF-8 C locale.
	[721c8bdff28f]

	* configure, configure.ac, m4/sudo.m4:
	Add SUDO_CHECK_NET_FUNC to check functions in the network libraries.
	If a function is not found, check again with "-lsocket", "-linet",
	"-lsocket -lnsl", or "-lresolv". Also display network libs in final
	summary as well as the different linker flags.
	[a0ce3347cd8d]

	* configure, m4/sudo.m4:
	Make sure HAVE_MAILLOCK_H is defined on Solaris 10.
	[bb9f3a1beff5]

	* configure, configure.ac:
	Remove extraneous "(cached)" line when the -C option is used. We do
	not need to call AC_CACHE_VAL() to ensure that a variable is cached,
	its name just needs to match the pattern *_cv_*.
	[b8ffa09d0cd7]

	* configure, m4/sudo.m4:
	Make path checks in sudo.m4 cachable.
	[0bcfa73702d3]

	* configure, configure.ac:
	Use AC_PATH_PROGS_FEATURE_CHECK to find mandoc/nroff. We don't use
	the NROFFPROG or MANDOCPROG any longer so no need to set those.
	[7d96680046a6]

	* configure, configure.ac:
	Don't check for _sys_siglist if sys_siglist is found.
	[2c70aba3935c]

	* configure, configure.ac:
	Fix check for sys_sigabbrev.
	[b8537a76815f]

2022-12-05  Todd C. Miller

	* configure, configure.ac:
	Skip test for __func__ on C99 and above, avoid extra _sys_signame
	test.
	[71f3497a6a3a]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/gettext.m4:
	Move gettext checks to m4/gettext.m4
	[693029542e06]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/ldap.m4:
	Move LDAP library checks to m4/ldap.m4 and make more tests
	cacheable.
	[85fa1f49298a]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/openssl.m4:
	Move OpenSSL/wolfSSL checks to m4/openssl.m4
	[08b90f3cef52]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/pie.m4:
	Move PIE executable checks to m4/pie.m4
	[6b5cac6cecd5]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/sanitizer.m4:
	Move address sanitizer and fuzzer checks to m4/sanitizer.m4
	[a6372917d53b]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/visibility.m4:
	Move symbol visibility checks to m4/visibility.m4
	[4684049c2d2c]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/hardening.m4:
	Move hardening checks to m4/hardening.m4
	[c03abb3c9f55]

	* configure, configure.ac, m4/sudo.m4:
	Make cpp variadic arguments check into a macro and move to sudo.m4.
	Also move the PVS-Studio.cfg generation to sudo.m4.
	[c1a8d3b46be1]

2022-12-03  Todd C. Miller

	* lib/util/snprintf.c:
	Sync with OpenBSD.
	[157439118867]

	* Merge pull request #218 from sohomdatta1/snprintf

	[snprintf] Check for '\0' to prevent undef memory read
	[050882923c98]

2022-12-03  Sohom

	* lib/util/snprintf.c:
	[snprintf] Check for '\0' to prevent undef memory read
	[aff60c479c10]

2022-12-01  Todd C. Miller

	* lib/eventlog/eventlog.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c,
	src/parse_args.c, src/regress/noexec/check_noexec.c:
	Place C23 attributes before keywords in function declarations. In
	practice this means we must use "sudo_noreturn static foo(void)"
	instead of "static sudo_noreturn foo(void)".
	[6c1836dcb2d6]

2022-11-30  Todd C. Miller

	* scripts/build_pkgs:
	Convert from using IPC::Open3 to IPC::Run. Run tests in a pty so
	check_ttyname works as expected. Explicitly set short command line
	options letters in GetOptions(). Add a debug flag to help see what
	is going on internally. Add hook for die() to kill running jobs when
	we are dying. SSH_AGENT_PID will not be present if the agent is
	forwarded. In close_persistent_connections() only close active
	connections.
	[d49e1ac7e2f2]

2022-11-29  Todd C. Miller

	* config.h.in, configure.ac, include/sudo_compat.h:
	Use C23 [[__fallthrough__]] and [[__noreturn__]] attributes if
	supported. If the C23 attributes are not supported, use gcc-style
	attributes where possible.
	[57676068e9a9]

	* configure, configure.ac:
	Move the check for the fallthrough attribute outside the warnings
	block. Use AX_APPEND_FLAG instead of addind to CFLAGS directly.
	[dc22d8238827]

2022-11-28  Todd C. Miller

	* scripts/build_pkgs:
	The distributed package build script I use to build all sudo
	packages. This is not included in the release tarball because it is
	of limited use to other people.
	[94c58cc272c8]

2022-11-25  Todd C. Miller

	* Makefile.in:
	Pass the list of files to include in the tarball on stdin. This
	avoids any limit on the size of argv.
	[0af8578c89fe]

2022-11-23  Todd C. Miller

	* Merge pull request #214 from BornThisWay/1124_repeated_invocation

	check_syntax(): Remove duplicate calls to init_defaults()
	[3383fb0a6f5f]

2022-11-24  modric

	* plugins/sudoers/visudo.c:
	check_syntax(): Remove duplicate calls to init_defaults()
	[048ccd968df9]

2022-11-22  Todd C. Miller

	* plugins/sample/sample_plugin.c:
	build_command_info: free command_info on failure. Once upon a time,
	command_info was a stack variable, now it is dynamically allocated.
	Coverity CID 299987.
	[a80110e49952]

	* plugins/sample/sample_plugin.c:
	Better handling of out-of-memory conditions.
	[ee3e47c4d272]

	* plugins/group_file/group_file.c:
	Keep group file open until the call to myendgrent(). This restores
	the previous behavior.
	[79751f7308d7]

	* lib/util/json.c, plugins/group_file/getgrent.c,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/env.c,
	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/log_client.c,
	plugins/sudoers/match_command.c, plugins/sudoers/strvec_join.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/sudo.c:
	Eliminate a few harmless dead stores. Quiets warnings from Infer.
	[8bed7579b75d]

	* plugins/sudoers/ldap_util.c:
	sudo_ldap_parse_option: add explicit NULL check for strchr(). This
	should not be needed since we only use the returned pointer if it is
	larger than the string passed to strchr(). Quiets a warning from
	Infer.
	[852aec3e0450]

	* logsrvd/logsrvd_journal.c:
	journal_fdopen: free journal_path and close journal before setting
	Fixes a potential resource leak that currently cannot happen. Quiets
	a warning from Infer.
	[bfe41e247c35]

	* plugins/sudoers/ldap.c:
	sudo_ldap_result_add_entry: check sudo_ldap_get_values_len() return
	value. Previously, we just compared the error code with
	LDAP_NO_MEMORY when checking for sudoOrder since this is the only
	error we care about. We now return NULL for LDAP_NO_MEMORY and
	ignore other errors. Quiets a warning from Infer.
	[6e5a490b735c]

	* plugins/group_file/getgrent.c, plugins/sudoers/tsgetgrpw.c,
	plugins/sudoers/tsgetgrpw.h:
	Refactor code to open passwd/group file and add
	setpassent/setgroupent. This makes the "stayopen" semantics match
	the system passwd/group functions. The getpwent/getgrent functions
	now open the database if it is not already open.
	[27bfa97ad47c]

	* plugins/sudoers/Makefile.in, plugins/sudoers/gram.h:
	gram.h: #line directives should reference gram.h not y.tab.h.
	[7a2d4a24d839]

	* scripts/mkpkg:
	Use clang, not /usr/bin/cc on FreeBSD and macOS. While /usr/bin/cc
	_is_ clang on those platforms, some static analyzers get confused if
	we don't run it as clang.
	[d0c1f5940789]

2022-11-21  Todd C. Miller

	* Merge pull request #212 from BornThisWay/1122_null_deref

	sudo_rcstr_dup: Fix potential NULL pointer deref
	[58fcefa888fa]

2022-11-22  modric

	* lib/util/rcstr.c:
	sudo_rcstr_dup: Fix potential NULL pointer deref
	[f45acaded1e5]

2022-11-21  Todd C. Miller

	* plugins/sudoers/check.c:
	Add a reminder to the default lecture that the password will not
	echo. This line is only displayed when the pwfeedback option is
	disabled. GitHub issue #195.
	[7bc25043c760]

	* Merge pull request #210 from BornThisWay/1121_typo

	Fix some typos
	[9d1e9278effb]

2022-11-21  modric

	* plugins/python/regress/testhelpers.h, plugins/sudoers/parse.c:
	Fix some typos
	[d7d1c3ade748]

2022-11-20  Todd C. Miller

	* Merge pull request #208 from BornThisWay/1121_return

	intercept_read: Print and then return.
	[615c2d5fca36]

2022-11-21  modric

	* src/exec_intercept.c:
	intercept_read: Print and then return.
	[049547eb7ac0]

2022-11-20  Todd C. Miller

	* Merge pull request #205 from BornThisWay/1119_access_null_pointer

	sudo_mmap_strdup_v1: Fix potential NULL pointer deref
	[bad55afc72bb]

2022-11-19  modric

	* lib/util/mmap_alloc.c:
	sudo_mmap_strdup_v1: Fix potential NULL pointer deref
	[f8da23aff2ec]

2022-11-18  Todd C. Miller

	* src/sudo_intercept.c:
	copy_vector: plug memory leak in error path Only the array was being
	freed, not the contents. GitHub issue #202.
	[cd1407dbe65f]

2022-11-17  Todd C. Miller

	* scripts/mkpkg:
	Better matching of macOS version to SDK path.
	[db7f2cbdb023]

	* Merge pull request #200 from BornThisWay/fix_mem_leak_converse

	Fix memory leak of pass in converse().
	[b411801abdf7]

	* plugins/sudoers/auth/passwd.c:
	sudo_passwd_cleanup: Set auth->data to NULL after freeing. GitHub
	issue #201
	[e558188bd99d]

2022-11-17  modric

	* plugins/sudoers/auth/pam.c:
	Fix memory leak of pass in converse().
	[052c99eaad8f]

2022-11-16  Todd C. Miller

	* config.h.in, configure, configure.ac:
	Use AC_SYS_YEAR2038 instead of setting _TIME_BITS by hand.
	[049113d798e9]

	* configure, m4/ax_append_flag.m4, m4/ax_check_compile_flag.m4,
	m4/ax_func_snprintf.m4, m4/ax_prog_cc_for_build.m4:
	Update macros from autoconf-archive.
	[48b960c883df]

	* plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif,
	plugins/sudoers/regress/visudo/test3.sh:
	Fix typo; excerise -> exercise
	[42cdb396b72b]

	* config.h.in, configure, scripts/config.guess, scripts/config.sub:
	Regenerate with the autoconf 2.72a pre-release.
	[51d043878181]

	* configure.ac:
	Fix insufficient quoting in AC_CHECK_LIB() calls.
	[78d37b60a912]

	* autogen.sh:
	If AUTOCONF_VERSION is unset, use version 2.71 not 2.69.
	[108faf700aa7]

	* configure.ac, m4/ax_func_getaddrinfo.m4, m4/sudo.m4:
	Replace `foo` in descriptions with 'foo'
	[ba63cef7bbe8]

2022-11-15  Todd C. Miller

	* configure, configure.ac:
	Add -Wvla and -Walloca to --enable-warnings
	[7b9b59e35905]

2022-11-11  Todd C. Miller

	* plugins/sudoers/pwutil.c:
	sudo_debug_group_list: short-circuit if groups is NULL
	[0f8f11ef82b6]

	* configure, configure.ac:
	configure: only check for getauxval() if getentropy() is missing.
	[c056c2fc3898]

	* config.h.in, configure, configure.ac:
	Remove checks for random() and lrand48(), they are no longer used.
	Also remove duplicate checks for arc4random() and getentropy().
	[e3433874211d]

	* configure, configure.ac:
	Skip check for cpp variadic macro support if the compiler supports
	C99.
	[42efc9934ef5]

	* configure, configure.ac:
	HI-UX/MPP is based on OSF-1, not HP-UX Completely untested.
	[c55ba59cd24d]

	* configure, configure.ac:
	Only check for utmps.h on HP-UX.
	[682bb16545cf]

	* configure, configure.ac:
	Only check for sys/syscall.h on Linux. We only use it in the Linux-
	specific getentropy() emulation code.
	[eac313bfc142]

	* config.h.in, configure, configure.ac:
	configure: avoid running unnecessary tests on modern systems. Remove
	AC_SYS_POSIX_TERMIOS, AC_TYPE_MODE_T, AC_TYPE_UID_T. Add missing
	checks for int16_t, uint16_t, int32_t, and int64_t. Only check for
	intmax_t, uintmax_t and bit-width types if missing both inttypes.h
	and stdint.h. Remove unused clockid_t replacement.
	[9f1f9d365f60]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test40.out.ok,
	plugins/sudoers/regress/cvtsudoers/test40.sh:
	Add a regress check for the cvtsudoers filter crash. GitHub issue
	#198.
	[f0abea1f10d0]

	* Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
	src/Makefile.in:
	The name of the C locale w/ UTF-8 support is not always C.UTF-8. Use
	a pattern to find it (if present) and use that value instead of
	hard-coding C.UTF-8. This works around a leak sanitizer crash on
	certain inputs.
	[99aeb5a875f7]

2022-11-10  Todd C. Miller

	* plugins/sudoers/parse_ldif.c:
	Fix a potential use-after-free bug with cvtsudoers filtering. In
	role_to_sudoers() when merging a privilege to the previous one where
	the runas lists are the same we need to re-use the runas lists of
	the last command in the previous privilege, not the first.
	Otherwise, the check in free_cmndspec() will not notice the re-used
	runas lists. Reported/analyzed by Sohom Datta. GitHub issue #198.
	[29d1380d2fe0]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/corpus/seed/ldif/invalid_b64.ldif,
	plugins/sudoers/regress/corpus/seed/ldif/pr196.ldif,
	plugins/sudoers/regress/corpus/seed/ldif/sample.ldif,
	plugins/sudoers/regress/corpus/seed/ldif/valid_b64.ldif,
	plugins/sudoers/regress/cvtsudoers/test39.sh:
	Copy some LDIF test data from the cvtsudoers tests to the seed
	corpus. This includes a test to exercise the fix in PR #196.
	[f74d65cf34d1]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Set LDAP base for sudoers_parse_ldif(). Without this set the fuzzer
	will not exercise the dn parsing.
	[c154b1a5d287]

	* src/exec_ptrace.h:
	Include linux/elf.h, not elf.h to make sure we get
	NT_ARM_SYSTEM_CALL. The NT_PRSTATUS define is present in both files.
	[4a4e3142381a]

2022-11-09  Todd C. Miller

	* include/sudo_compat.h:
	Remove CMSG_* compatibility macros, they are no longer used.
	[5914434ecb5c]

	* lib/util/multiarch.c, lib/util/sudo_dso.c:
	Add missing include of sys/stat.h
	[d3b0f701c75f]

	* include/sudo_util.h:
	Move forward declaration of struct stat before its first use.
	[f3cc645d197c]

	* plugins/sudoers/regress/cvtsudoers/test28.sh,
	plugins/sudoers/regress/cvtsudoers/test29.sh,
	plugins/sudoers/regress/cvtsudoers/test33.sh,
	plugins/sudoers/regress/cvtsudoers/test39.sh:
	Use a consistent base when testing cvtsudoers conversion from ldif.
	[a22cb486b2a3]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/cvtsudoers/test39.out.ok,
	plugins/sudoers/regress/cvtsudoers/test39.sh,
	plugins/sudoers/regress/harness.in:
	Test parsing LDIF when a backslash is the last char of the file. If
	run with address sanitizer, this test will crash when the fix in
	ceaf706ab74b is reverted.
	[f50c78b7ed32]

	* Merge pull request #196 from sohomdatta1/main

	Prevent cvtsudoers from reading into undefined memory
	[f21c417bbbb3]

2022-11-09  Sohom

	* plugins/sudoers/parse_ldif.c:
	[cvtsudoers]: Prevent sudo from reading into undefined memory
	[ceaf706ab74b]

2022-11-08  Todd C. Miller

	* plugins/sudoers/auth/passwd.c:
	sudo_passwd_verify: zero out des_pass before returning.
	[c809232fdb7d]

2022-11-07  Todd C. Miller

	* src/exec_pty.c:
	Don't kill the parent process group on suspend if it is not sudo's
	pid. If sudo is not the process group leader we must only send the
	suspend signal to sudo itself. When sudo is run via a shell script,
	it usually has the same process group as the shell script
	interpreter. We do not want to suspend the script itself when the
	command run by sudo is suspended.
	[e6715ec62335]

	* src/exec_nopty.c, src/regress/intercept/test_ptrace.c,
	src/sudo_exec.h, src/suspend_nopty.c:
	Pass sudo's process ID to suspend_sudo_nopty() since we already know
	it. Saves an unnecessary getpid(2) call.
	[1e12d9b0ce53]

	* src/exec_nopty.c:
	Call terminate_command() with use_pgrp = false when not running in a
	pty. When sudo runs a command in the user's existing terminal the
	command is run in the same process group as sudo itself. The proper
	way to terminate it is to use kill(2), not killpg(3)
	[3d9862963e92]

	* src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
	src/sudo_exec.h:
	Fix handling of signal forwarding when running commands in a script.
	We need to forward signals from a process in the same pgrp if the
	pgrp leader is not either sudo or the command itself.
	[d1bf60eac57f]

	* src/regress/intercept/test_ptrace.c:
	Make test_ptrace compile again after recent changes.
	[e766db5aa9d4]

	* src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c:
	Update the cwd for log_subcmds too. Fixes a problem for
	intercept_method=trace when running a relative command from a
	different directory than what sudo ws started from. GitHub issue
	#194
	[b831f2397d9f]

2022-11-04  Todd C. Miller

	* NEWS, aclocal.m4, configure, configure.ac:
	sudo 1.9.12p1
	[6268fbabdb16]

2022-11-03  Todd C. Miller

	* lib/iolog/host_port.c:
	Include time.h for struct timespec used by sudo_iolog.h.
	[369c8e799652]

	* src/sudo.c:
	Display sudo_mode in hex in debug log. This makes it easier to match
	against the MODE_ defines.
	[971e8f88bc12]

2022-11-01  Todd C. Miller

	* plugins/sudoers/auth/bsdauth.c:
	bsdauth_verify: do not write to prompt, it is now const
	[1969a562cf14]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Store raw sudoers lines in the debug log. Also add a "sudoerslex"
	prefix to the token debug info in sudoers_trace_print().
	[be03aef496cb]

2022-10-31  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	The line numbers in sudoers_trace_print() were off by one. The line
	counter is incremented when a newline is seen so the output actually
	refers to the previous line.
	[a97182a63419]

	* plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h:
	Make the second arg to the sudo auth verify function const. This may
	be either a plaintext password or a password prompt. Either way it
	should not be modified by the verify function.
	[11aefc2bc3da]

2022-10-29  Todd C. Miller

	* plugins/sudoers/match.c:
	Move debugging info from hostname_matches() to host_matches().
	[2a53d2dcd1f5]

2022-10-28  Todd C. Miller

	* plugins/sudoers/pwutil.c:
	Add debugging to sudo_set_grlist() and sudo_set_gidlist().
	[620d6f7fb4f8]

	* plugins/sudoers/auth/passwd.c:
	Fix CVE-2022-43995, potential heap overflow for passwords < 8
	characters. Starting with sudo 1.8.0 the plaintext password buffer
	is dynamically sized so it is not safe to assume that it is at least
	9 bytes in size. Found by Hugo Lefeuvre (University of Manchester)
	with ConfFuzz.
	[a6229aa26fbf]

2022-10-27  Todd C. Miller

	* configure, configure.ac:
	configure: better test for -fstack-clash-protection The gcc front-
	end may accept -fstack-clash-protection even if the machine-specific
	code does not support it. We use a test program with a large stack
	allocation to try to cause the compiler to insert the stack clash
	protection code, or fail if not supported. GitHub issue #191
	[bbfbe758258c]

	* configure, configure.ac:
	Check that compiler accepts -fstack-clash-protection and -fcf-
	protection. Previously, we only checked that linker accepted them.
	GitHub issue #191
	[7d36b89b6e4d]

2022-10-26  Todd C. Miller

	* src/exec_ptrace.c:
	Fix compilation error on Linux/mips.
	[ae4c28d8a050]

2022-10-21  Todd C. Miller

	* src/Makefile.in:
	Regenerate dependencies for src/sesh.c.
	[ada8f04afc6d]

	* plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in:
	Sync clean target with other Makefile.in files.
	[8048628a554e]

	* Makefile.in, plugins/sample/Makefile.in:
	Build the sample plugin but do not install it by default. We no
	longer install the sample approval plugin.
	[a8644924b6a1]

	* plugins/sample/sample_plugin.c:
	Adapt to current plugin API and fix warnings.
	[d822f1a10361]

2022-10-20  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Disable admin_flag by setting to NULL, not false. Found by cppcheck.
	[6e32481e0555]

	* NEWS:
	Bug #1042.
	[85d508b6d5e5]

	* include/sudo_util.h, lib/util/fatal.c, lib/util/term.c,
	lib/util/util.exp.in, src/conversation.c:
	Only add trailing carriage return to messages if output is a raw
	tty. If output is being written to a terminal in "raw" mode, we need
	to add a carriage return after the newline to avoid "stair-step"
	output. However, we should not write the carriage return if the
	terminal is in "cooked" mode, output to a pipe, or output redirected
	to a file. Bug #1042.
	[14f5bf04245f]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Make it clear that runas_default sets the default user for
	Runas_Spec. Also use mention runas_default in other parts of the
	manual, use @runas_default@ instead of root and add markup around
	user names. GitHub issue #186.
	[73f0b82a2b22]

	* lib/util/multiarch.c, lib/util/sudo_dso.c:
	Fix a typo, muti-arch -> multi-arch GitHub issue #185
	[d88270b9e98f]

2022-10-19  Todd C. Miller

	* NEWS:
	Mention log_servers eventlog fix.
	[484b76589309]

	* plugins/sudoers/policy.c:
	Don't NULL out the plugin close function when logging to a log
	server. If sudo calls execve(2) directly the accept info will not be
	sent. We also need the sudo front-end to wait until the command
	finishes to send the exit status.
	[11976aa84040]

2022-10-17  Todd C. Miller

	* INSTALL.md:
	Fix numbering in "Simple sudo installation"
	[695bec2a6223]

2022-10-14  Todd C. Miller

	* NEWS:
	zlib 1.2.13 update
	[2119981787f0]

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/ja.mo,
	po/ja.po, po/ka.mo, po/ka.po, po/ko.mo, po/ko.po, po/pl.mo,
	po/pl.po, po/ro.mo, po/ro.po, po/sr.mo, po/sr.po, po/sv.mo,
	po/sv.po, po/uk.mo, po/uk.po:
	Updated translations from translationproject.org
	[b1f28405c58d]

	* lib/zlib/zconf.h.in:
	Don't define _LARGEFILE64_SOURCE or _LFS64_LARGEFILE. We don't need
	them and the missing prototype for crc32_combine_gen64() issue has
	been fixed upstream.
	[39eb41f1dba4]

2022-10-13  Todd C. Miller

	* lib/zlib/compress.c, lib/zlib/crc32.c, lib/zlib/deflate.c,
	lib/zlib/deflate.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
	lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inflate.c,
	lib/zlib/inftrees.c, lib/zlib/inftrees.h, lib/zlib/trees.c,
	lib/zlib/uncompr.c, lib/zlib/zconf.h.in, lib/zlib/zlib.h,
	lib/zlib/zutil.c, lib/zlib/zutil.h:
	Update embedded copy of zlib to version 1.2.13. Fixes
	CVE-2022-37434.
	[737d6de5253c]

	* lib/util/fchownat.c:
	Add fchownat() for systems without it.
	[7c4aeda51522]

2022-10-10  Todd C. Miller

	* NEWS:
	Update NEWS for 1.9.12.
	[a4b090f3f6c8]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.12
	[179fba83936d]

	* src/selinux.c, src/sesh.c, src/sudo_edit.c:
	Use getopt() and getopt_long() for sesh command line options.
	[fbaa6c75e2ef]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
	Update the description of intercept_verify
	[63f80a7cd4a6]

2022-10-07  Todd C. Miller

	* src/load_plugins.c:
	Silence a warning from the Solaris Studio compiler.
	[49a3c72cb539]

	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
	include/sudo_eventlog.h, include/sudo_json.h, include/sudo_plugin.h,
	lib/eventlog/eventlog.c, lib/iolog/iolog_loginfo.c,
	lib/iolog/regress/iolog_json/check_iolog_json.c, lib/util/json.c,
	logsrvd/logsrvd_local.c, plugins/audit_json/audit_json.c,
	plugins/sudoers/sudoers.h, src/env_hooks.c, src/exec_intercept.c,
	src/net_ifs.c, src/sudo_intercept_common.c, src/sudo_plugin_int.h:
	Avoid a -Wshadow warning on Solaris 9.
	[e6bc419fa976]

	* lib/util/mmap_alloc.c:
	Fix a build error on Solaris 9.
	[679b60caf5a3]

2022-10-06  Todd C. Miller

	* plugins/sudoers/parse.c:
	Fix display of command tags and options in "sudo -l" when RunAs
	changes. A new line is started when RunAs changes which means we
	need to display the command tags and options again. GitHub issue
	#184
	[3180777986de]

	* plugins/sudoers/fmtsudoers.c:
	Fix printing of MYSELF when listing another user's privileges. We
	need to use list_pw if it is set instead of user_name. GitHub issue
	#183
	[268044635b44]

	* NEWS:
	Update NEWS file with recent changes.
	[200ac32d330b]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/multiarch.c, lib/util/regress/multiarch/multiarch_test.c,
	lib/util/sudo_dso.c, lib/util/util.exp.in, src/load_plugins.c:
	Apply multiarch rules when loading plugins too.
	[f53fe06fce06]

2022-10-05  Todd C. Miller

	* lib/util/sudo_dso.c:
	sudo_dso_load: try multi-arch on Linux if we can't load the path.
	For example, if loading /usr/lib/libsss_sudo.so fails, try again
	with /usr/lib/x86_64-linux-gnu/libsss_sudo.so.
	[4eabffa486b5]

	* MANIFEST, lib/util/Makefile.in,
	lib/util/regress/open_parent_dir/open_parent_dir_test.c:
	Add test for sudo open_parent_dir()
	[2d6b1be616c9]

	* MANIFEST, plugins/sudoers/regress/testsudoers/test19.out.ok,
	plugins/sudoers/regress/testsudoers/test19.sh:
	Add test for matching a literal "" command line argument as "" in
	sudoers. GitHub issue #182.
	[ccb5dc8b23ee]

2022-10-04  Todd C. Miller

	* docs/visudo.man.in, docs/visudo.mdoc.in, plugins/sudoers/visudo.c:
	Add -I flag to disable editing include files unless there is an
	error. This can be used when you only want to edit a single sudoers
	file unless there is a pre-existing syntax error.
	[18fbf720fdbf]

	* plugins/sudoers/match_command.c:
	Do not match a literal "" command line argument as "" in sudoers. If
	the empty string is specified in sudoers, no user args are allowed.
	GitHub issue #182.
	[5de0370eddcb]

	* lib/util/sudo_conf.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c:
	sudo_secure_open_{file,dir}: always check thatreturn value is not
	-1. Avoids false positives from static analyzers that can't figure
	out that the fd is always valid when error is SUDO_PATH_SECURE.
	[f0ebb2b836b9]

	* lib/iolog/iolog_mkdtemp.c:
	Correct return value when mkdtempat() fails.
	[5a491fac8f49]

	* lib/util/mkdir_parents.c:
	sudo_open_parent_dir: stop before creating the last path component
	Fix a regression introduced in sudo 1.9.9 where the entire directory
	path was created instead of just the parent directory.
	[fdaa5aeb744b]

2022-10-01  Todd C. Miller

	* Makefile.in, scripts/log2cl.pl:
	Use "hg log --template" instead of "hg log --style".
	[63f020404fbb]

2022-09-29  Todd C. Miller

	* plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c,
	src/parse_args.c:
	Mark code that escapes/unescapes "sudo -s cmd args..." for removal.
	A future version of the plugin API will defer any such escaping to
	the policy plugin so it can be configurable.
	[658d1bba4319]

	* NEWS:
	Update with recent changes.
	[4a739e30c77f]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
	Improve the description of JSON output.
	[258b57ce22ab]

2022-09-28  Todd C. Miller

	* INSTALL.md, etc/codespell.ignore, lib/eventlog/eventlog.c,
	plugins/group_file/getgrent.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h,
	src/exec_nopty.c:
	Fix typos found by codespell 2.2.1.
	[3beaf856c861]

	* logsrvd/iolog_writer.c:
	Change max user-ID and group-ID from INT_MAX to UINT_MAX.
	[0971e5f9f398]

	* logsrvd/logsrvd_local.c:
	Add support for NumberList stored in an InfoMessage.
	[a762fe45e5cc]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c,
	plugins/sudoers/log_client.c:
	Add missing NULL checks for mandatory fields in protobuf messages.
	Also no longer reject an InfoMessage with an unknown value_case,
	just log and ignore it.
	[41c38e7f075b]

2022-09-27  Todd C. Miller

	* plugins/sudoers/log_client.c:
	Don't send ttyname to log server if it is NULL. Otherwise the log
	server will reject the AcceptMessage because a NULL string is not
	allowed.
	[df7fea4bef26]

	* src/exec_nopty.c:
	HP-UX has struct winsize in termios.h.
	[5827a1f234fe]

	* plugins/python/Makefile.in, src/Makefile.in:
	Regen dependencies
	[817623addc62]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in, src/exec.c,
	src/exec_nopty.c, src/exec_pty.c,
	src/regress/intercept/test_ptrace.c, src/sudo_exec.h,
	src/suspend_nopty.c:
	Add support for logging stdin/stdout/stderr in the non-pty exec
	path. If we are logging I/O but not terminal input/output (either
	because no terminal is present or because that is what the plugin
	requested), the non-pty exec path is now taken.
	[205c68d452df]

	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_iolog.c,
	src/exec_nopty.c, src/exec_pty.c, src/regress/noexec/check_noexec.c,
	src/sudo_exec.h, src/sudo_intercept_common.c:
	Move exec code to call into I/O log plugin to exec_iolog.c. This
	will be shared with exec_nopty.c in the future to log
	stdin/stdout/stderr without running the command in a pty. Both
	exec_pty.c and exec_nopty.c now use the same closure.
	[45a19e8e3721]

	* plugins/python/python_importblocker.c:
	Implement find_spec, not the deprecated find_module. Fixes a test
	failure due to find_module having removed from setuptools.
	[cc1e68c0ee1e]

2022-09-23  Todd C. Miller

	* plugins/sudoers/editor.c,
	plugins/sudoers/regress/editor/check_editor.c:
	copy_arg: fix copying an escaped backslash GitHub issue #179
	[d21d95ec5cb0]

2022-09-22  Todd C. Miller

	* config.h.in, configure, configure.ac, include/sudo_compat.h,
	lib/util/mktemp.c:
	Use mkdtempat_np() and mkostempsat_np() on macOS
	[ad0cd430347e]

2022-09-21  Todd C. Miller

	* include/sudo_iolog.h, lib/iolog/iolog_mkdirs.c,
	lib/iolog/iolog_mkdtemp.c, lib/util/mkdir_parents.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c:
	Convert remaining uses of sudo_mkdir_parents() to
	sudo_open_parent_dir().
	[62fd9644a605]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl:
	Add fchownat() systems without it.
	[d51316f1026d]

	* config.h.in, configure, configure.ac, include/sudo_compat.h,
	lib/util/mktemp.c, plugins/python/regress/iohelpers.h:
	Add mkdtempat() and mkostempsat() for systems without them.
	[099468742d16]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in, include/sudo_util.h,
	lib/util/secure_path.c, lib/util/sudo_conf.c,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/timestamp.c:
	Use sudo_secure_open_file() instead of sudo_secure_file() where
	possible. Both sudo_secure_open_file() and sudo_secure_open_dir()
	are now passed a struct stat pointer like sudo_secure_file() and
	sudo_secure_dir().
	[c4e4c3f74ea4]

	* include/sudo_util.h, lib/util/mkdir_parents.c,
	lib/util/secure_path.c, lib/util/util.exp.in,
	plugins/sudoers/timestamp.c:
	Fix potential TOCTOU when creating time stamp directory and file.
	[d36591f966c5]

	* lib/util/mkdir_parents.c:
	sudo_mkdir_parents: just use memcpy() to copy the path component.
	Using snprintf() for this is overkill, we need to do the same length
	check either way.
	[8ea754871a54]

	* lib/util/Makefile.in:
	regen
	[ab40def3376c]

2022-09-20  Todd C. Miller

	* lib/util/digest_gcrypt.c:
	Quiet libgcrypt run-time warning about not being initialized. Fixes
	Debian bug #1019428 and Ubuntu bug #1397663.
	[ebf9a6477d5d]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/audit.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.h,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Split log_{input,output} into log_{stdin,ttyin} and
	log_{ttyout,stdout,stderr} If log_input is set, log_{stdin,ttyin}
	will be set as well. If log_output is set,
	log_{stdout,stderr,ttyout} will be set as well. This provides more
	fine-grained control over I/O logging and makes it possible to
	disable logging piped or redirected intput or output.
	[5b7ea42ac63b]

	* LICENSE.md, include/protobuf-c/protobuf-c.h,
	lib/protobuf-c/protobuf-c.c:
	Update to protobuf-c 1.4.1 We already had all the relevant fixes so
	this is just cosmetic.
	[aa51e48afe49]

	* src/load_plugins.c:
	new_container: no need to initialize container pointer in
	declaration. From Li zeming.
	[729a8a417d88]

2022-09-15  Todd C. Miller

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Use tcpgid if passed from sudo front-end and use it in
	tty_present(). This can be used as another indicator that a terminal
	is present without having to open /dev/tty.
	[b804b8b7fc03]

2022-09-13  Todd C. Miller

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin.mdoc.in, docs/sudo_sendlog.man.in,
	docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
	docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
	Remove most uses of the deprecated Li macro which has no effect.
	Also fix some other incorrect markup.
	[8f94cc555092]

2022-09-12  Todd C. Miller

	* Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
	src/Makefile.in:
	Use $(GREP) and $(EGREP) variables in Makefile.in files.
	[cf8d7fb45169]

	* Merge pull request #177 from a1346054/fixes

	Makefile.in: replace `egrep` and fix target name
	[751aa03eb470]

2022-09-12  a1346054

	* Makefile.in:
	Fix incorrect makefile target name
	[318288fb712f]

	* Makefile.in:
	Use `grep -E` instead of `egrep`
	[4a2d9543643c]

2022-09-11  Todd C. Miller

	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
	Document apparmor_profile, intercept_verify, and update_ticket.
	[d55caa1af788]

	* docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
	Fix some of the markup to be more consistent with
	sudo_plugin.mdoc.in. Also reword a few awkward phrases.
	[8682c067c38b]

	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
	Use correct markup of function arguments and struct members. Also
	remove most uses of the deprecated Li macro which has no effect.
	[59b01b9ff183]

	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
	Move the init_session() errstr description to where it belongs.
	[8c1e7cb23d1f]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Fix a typo
	[591b75013070]

2022-09-07  Todd C. Miller

	* plugins/sudoers/logging.c:
	log_parse_error: make errstr const to quiet a -Wwrite-strings
	warning
	[9827a2a01316]

	* config.h.in, configure.ac, include/sudo_compat.h,
	include/sudo_debug.h, include/sudo_fatal.h, include/sudo_lbuf.h,
	include/sudo_util.h, lib/eventlog/eventlog.c,
	plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers.h, plugins/sudoers/defaults.c,
	plugins/sudoers/logging.h, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.h,
	plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c,
	src/parse_args.c, src/regress/noexec/check_noexec.c, src/sudo.h:
	Move gcc-style __attribute__ macros to config.h.in Renamed __malloc
	-> sudo_malloclike, __printflike -> sudo_printflike, __printf0like
	-> sudo_printf0like. Add sudo_noreturn instead of
	__attribute__((__noreturn__)). We do not use stdnoreturn.h since it
	has been deprecated in C23 in favor of the [[noreturn]] attribute.
	[ad3c04a1bbb0]

	* plugins/sudoers/visudo.c:
	Add __printf0like to visudo_track_error().
	[7a118c40d360]

2022-09-06  Todd C. Miller

	* plugins/sudoers/gram.y:
	Back out unintended change in last commit.
	[5d52c966212d]

	* plugins/sudoers/gram.y, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	It is possibble for sudoerserrorf() to be called with a NULL format.
	So log_parse_error() needs to check fmt for NULL before using it.
	[5b779a6888c9]

2022-09-03  Todd C. Miller

	* docs/UPGRADE.md:
	Mention how to restore the historic core resource limit behavior.
	[bfd792bd9d07]

	* plugins/sudoers/audit.c:
	Set MODE_POLICY_INTERCEPTED for log_subcmds too. This fixes a
	problem where sub-commands were not being logged to the remote log
	server, if configured. Since we don't go through
	sudoers_policy_main() again for log_subcmds, we set the flag in
	sudoers_audit_accept() instead. The reason this is complicated is
	that when I/O logging is enabled the initial accept message gets
	sent as part of the remote logging handshake. GitHub issue #174
	[297fa6bbd769]

2022-09-02  Todd C. Miller

	* NEWS:
	Update with latest changes.
	[d7ca5db7adc7]

	* docs/cvtsudoers.mdoc.in:
	Fix typo.
	[7629516758e2]

	* plugins/sudoers/sudoers.c:
	Only check the admin flag file once in intercept mode.
	[c439914e08e1]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
	Document cvtsudoers CSV output format
	[c5164466cae2]

2022-08-31  Todd C. Miller

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
	Document cvtsudoers JSON output format
	[9fce227c2c61]

2022-08-30  Todd C. Miller

	* src/exec_ptrace.c:
	Zero out register struct before calling ptrace_getregs(). Quiets a
	spurious valgrind warning.
	[32f19e2e508f]

2022-08-29  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	intercept_verify is fast, but the policy check is (relatively) slow.
	[0a120a78bd37]

	* src/exec_ptrace.c:
	Realloc the buffer used to store argv and envp as needed. We now
	store the vector immediately after the string table. It is possible
	for argv and its contents to be invalidated by realloc() when
	reading envp so we store the pointers as offsets until we are done
	allocating.
	[7620f3dceac4]

2022-08-28  Todd C. Miller

	* src/exec_ptrace.c, src/exec_ptrace.h:
	ptrace_verify_post_exec: use /proc/PID/cmdline and /proc/PID/environ
	There is no reason to read these directly from the tracee when we
	rely on /proc being mounted to access /proc/PID/exe.
	[5da938210647]

	* src/exec_ptrace.c:
	Protect ptrace_readv_string() with #ifdef HAVE_PROCESS_VM_READV
	[cc8e71c4c529]

2022-08-25  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Rework the intercept section in "Preventing shell escapes".
	[5e5b1ea90ce1]

	* .github/workflows/codeql-analysis.yml:
	Update CodeQL Action to v2 using current example config.
	[d0aa8b4dda28]

	* lib/util/arc4random.c:
	Suppress PVS-Studio false positive.
	[32fd02734378]

	* src/exec_intercept.c:
	intercept_check_policy_req: an empty argv[] is now supported
	[a668708cc0a9]

	* config.h.in, configure, configure.ac, src/exec_ptrace.c:
	Use process_vm_readv(2) and process_vm_writev(2) if available. This
	is faster than reading/writing from/to the remote process one word
	at a time using PTRACE_PEEKDATA and PTRACE_POKEDATA.
	[d0c5ed82738c]

	* plugins/sudoers/check.c:
	Skip all of check_user() for intercept unless intercept_authenticate
	set. Previously we were calling the PAM approval modules even in
	intercept mode which can take a lot of time. We may wish to make PAM
	approval configurable in intercept mode in the future.
	[e06fbc7e4ca6]

	* plugins/sudoers/sudoers.c:
	Only set MODE_POLICY_INTERCEPTED on subsequent policy checks. This
	fixes a bug where MODE_POLICY_INTERCEPTED was set too early if the
	intercept option was set globally in sudoers. It should only be set
	after the original command has executed.
	[8f5d47c2635a]

2022-08-23  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	intercept_verify also compares the environment. Also mention the
	overhead involved in checking things.
	[44da04558285]

2022-08-22  Todd C. Miller

	* src/exec_ptrace.c:
	ptrace_getregs: make compat check more generic No need to use
	different checks for mips and non-mips, the compiler will optimize
	away the superfluous check.
	[0f2ff0f3f388]

	* src/preload.c:
	Correct type of sudoers_audit. GitHub issue #61
	[17a7806ad3ba]

2022-08-20  Todd C. Miller

	* src/sesh.c:
	Fix shadowed variable warning.
	[e200b6b5b4fd]

2022-08-19  Todd C. Miller

	* src/exec_ptrace.h:
	Fix shadowed variable warning on aarch64.
	[84169692bd1c]

	* src/regress/intercept/test_ptrace.c:
	Quiet another -Wwrite-strings warning.
	[ff2860056976]

	* src/exec_ptrace.c:
	ptrace_getregs: try to determine compat mode if caller doesn't know.
	In ptrace_verify_post_exec(), we don't know whether the executable
	that is now running is a native or compat binary. In most cases
	ptrace_getregs() will be able to figure it out for us.
	[fb0fa29ff554]

	* src/exec_ptrace.c:
	ptrace_intercept_execve: fail syscall rather than killing process on
	error. If the execve(2) args are bogus pointers, we should just
	return an error instead of killing the process. For consistency with
	the kernel, convert EIO from ptrace(2) to EFAULT. Also convert some
	ptrace(2) warnings to debug printfs so sudo is less chatty.
	[3d30c6d28005]

2022-08-18  Todd C. Miller

	* src/exec_ptrace.c:
	Treat argv and closure->run_argv of different sizes as a mismatch.
	If argv and closure->run_argv match up to the point where we hit a
	NULL but one of them has additional entries, we still need to
	rewrite argv.
	[91d522d9c3b6]

	* src/exec_ptrace.c:
	Handle the case where argc is 0 when allocating space for argv. We
	need to pass the pathname to the policy plugin in argv[0] so we must
	be sure to allocate space for it even if argc is 0.
	[953f92c9e7a5]

	* src/sudo_intercept.c:
	copy_vector: treat a NULL pointer as an empty vector. Linux
	execve(2) allows argv to be NULL so we must allocate an empty vector
	in this case and not return an error.
	[cf30608ed6cb]

	* src/exec_preload.c:
	Update debug_decl name for sudo_preload_dso ->
	sudo_preload_dso_alloc change.
	[b0db53a62c7a]

	* src/exec_intercept.c:
	Handle the case where argc is 0 when rebuilding argv. We need to
	pass the pathname to the policy plugin in argv[0] so we must be sure
	to allocate space for it even if argc is 0.
	[10358fc408a1]

	* src/exec_ptrace.c:
	Handle sysconf(_SC_ARG_MAX) failure, Coverity CID 276504.
	[ddb88da56bd7]

	* plugins/sudoers/match_digest.c:
	Avoid a Coverity false positive.
	[dd9fd747bd7f]

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
	Remove cast from time_t to int to avoid a Coverity false positive.
	The cast should not be required.
	[a305b10eb17e]

2022-08-11  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/group_plugin.c:
	Use multilib rules to look for a 64-bit group plugin on failure. If
	sudo_dso_load() fails on a 64-bit system, try to load a 64-bit
	native version of the file using system-dependent multilib rules. If
	we don't support multilib on the platform, check for a version of
	the file that ends in "64" before the .so suffix.
	[d36bcc89ee34]

	* docs/sudo_plugin.man.in:
	regen
	[c14c0882a07d]

2022-08-08  Todd C. Miller

	* plugins/sudoers/env.c, src/env_hooks.c:
	In putenv(3) replacement reject a string with no '=' or that starts
	with one.
	[59c6e6e5232b]

2022-08-05  Todd C. Miller

	* LICENSE.md:
	Update copyright year for embedded zlib.
	[2c52d016e583]

2022-08-04  Todd C. Miller

	* configure, configure.ac:
	Use our own arc4random() in preference to the glibc version. The
	glibc arc4random() may fail in chroot on older kernels and exit.
	[9b4a62c9f468]

	* lib/util/sudo_dso.c:
	sudo_dso_load: restore original error for AIX on failure. For AIX,
	if dlopen() fails we try again with RTLD_MEMBER set and a default
	member (shr.o or shr_64.o). However, if that also fails, the user
	will receive a useless error message that doesn't correspond to the
	actual problem. We now retry the original dlopen() if the fallback
	to RTLD_MEMBER fails, which has the effect of restoring the original
	error message.
	[ec539996a4aa]

2022-08-02  Todd C. Miller

	* Merge pull request #165 from bdrung/xdg-current-desktop

	Add XDG_CURRENT_DESKTOP to initial_keepenv_table
	[3d2e82e32ea8]

	* NEWS, configure, configure.ac:
	Sudo 1.9.12.
	[08c096ada8b2]

	* docs/sudo_plugin.mdoc.in, include/sudo_plugin.h, plugins/python/regr
	ess/testdata/check_multiple_approval_plugin_and_arguments.stdout,
	src/exec.c:
	Bump the sudo plugin minor version. The "update_ticket" entry was
	added to the settings list and the "intercept_verify" entry was
	added to the command_info list.
	[3259f3199798]

	* docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/check.c,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
	src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_usage.h.in:
	Add a way to run a command without updating the cached credentials.
	This can also be used to test for whether or not the user's
	credentials are currently cached.
	[f5825a6f881b]

	* Merge pull request #168 from likunyur/lky

	Remove unnecessary initialization and casts.
	[fcb251c895ce]

	* Merge pull request #169 from kempstonjoystick/main

	Fix incorrect SHA384/512 digest calculation.
	[f016c3a37255]

2022-08-02  Tim Shearer

	* lib/util/sha2.c:
	Fix incorrect SHA384/512 digest calculation.

	Resolves an issue where certain message sizes result in an incorrect
	checksum. Specifically, when: (n*8) mod 1024 == 896 where n is the
	file size in bytes.
	[e9f235a8d432]

2022-08-01  Todd C. Miller

	* src/exec.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h:
	Defer chdir(2) until sesh when running with SELinux. We need to be
	running with the correct security context or the chdir(2) may fail.
	GitHub issue #160.
	[a8713dd21be9]

2022-08-01  Li zeming

	* lib/util/arc4random.c:
	util/arc4random: (void*) type pointer passing address could remove
	cast

	Signed-off-by: Li zeming <zeming@...>
	[aa4e8c73f131]

	* lib/iolog/hostcheck.c:
	iolog/hostcheck: These two parameters do not need to be initialized
	and assigned, the following code is directly assigned

	Signed-off-by: Li zeming <zeming@...>
	[dd657435f277]

2022-07-31  Todd C. Miller

	* Merge pull request #166 from c4rlo/patch-1

	visudo.c: add nvim (Neovim) to lineno_editor list
	[97e0a7b00daa]

2022-07-31  Carlo Teubner

	* plugins/sudoers/visudo.c:
	visudo.c: add nvim (Neovim) to lineno_editor list

	Neovim supports it: https://neovim.io/doc/user/starting.html#-+
	[020b59cf0f6b]

2022-07-29  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Document the TOCTOU issue with intercept mode. Describe how
	intercept_verify attempts to reduce the risk.
	[b118de8d4c66]

	* etc/codespell.exclude, etc/codespell.ignore:
	Update a codespell exclude pattern.
	[3193ffb4c938]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/policy.c, src/exec_ptrace.c, src/sudo.c, src/sudo.h:
	Add intercept_verify sudoers option to control execve(2) argument
	checking.
	[79131cfb0125]

	* src/exec_ptrace.c:
	Use PTRACE_EVENT_EXEC to stop execution before return from
	execve(2). We can now verify that the arguments match what we
	accepted before the command actually runs. If there is a mismatch,
	the process is killed. Shell scripts must be handled specially since
	the path executed will be the interpreter, not the script name.
	Linux allows interpreters to be nested up to 4 deep.
	[5e7b1828dbb0]

	* plugins/sudoers/sudoers.c:
	Only set MODE_POLICY_INTERCEPTED if we are running a command. Fixes
	an error with "sudo -l" when intercept is enabled globally.
	[7a1d0ff5a498]

2022-07-29  Benjamin Drung

	* plugins/sudoers/env.c:
	Add XDG_CURRENT_DESKTOP to initial_keepenv_table

	Qt needs `XDG_CURRENT_DESKTOP` to be set to determine the correct
	theme.

	Since `DISPLAY` and `XAUTHORITY` are already in the default table of
	variables to preserve in the environment, just add
	`XDG_CURRENT_DESKTOP` to it.

	Bug: https://launchpad.net/bugs/1958055 Signed-off-by: Benjamin
	Drung <bdrung@...>
	[aa5132684c89]

2022-07-27  Todd C. Miller

	* src/exec_ptrace.c:
	The length returned by ptrace_read_string() include the NUL. We were
	wasting a extra byte in the string table for each entry.
	[b1220aae7141]

2022-07-26  Todd C. Miller

	* include/sudo_compat.h, include/sudo_util.h:
	Use gcc's malloc attribute for malloc-like allocation functions.
	[bff3b0ab89c5]

	* lib/util/mmap_alloc.c:
	Avoid a Coverity positive.
	[81f526688296]

	* src/exec_preload.c:
	fmtstr: add missing va_end() for the overflow case Coverity CID
	275335
	[42a4f4467ca5]

	* lib/util/sudo_debug.c:
	Fix potential NULL pointer deference found by clang-analyzer.
	[5b0a9c0f2e71]

	* src/sudo.c, src/sudo_intercept_common.c:
	Quiet some harmless PVS-Studio warnings.
	[9b9cc92f0585]

	* src/exec_intercept.c:
	Reject relative command paths if runcwd is not set. This is now
	treated as a policy rejection.
	[bf35a6818c77]

	* src/exec_intercept.c:
	intercept_check_policy: close saved_dir before returning
	[04adba5e85fa]

	* src/exec_intercept.c:
	Change to runcwd during the policy check where possible. Otherwise,
	attempts to run "./command" from a shell with intercept set will
	fail if the current working directory is different from the main
	sudo process.
	[cd218f081cf2]

2022-07-25  Todd C. Miller

	* include/sudo_util.h, lib/util/mmap_alloc.c, lib/util/util.exp.in,
	src/sudo_intercept.c:
	For preload DSO make copies of cmnd, argv, envp and map them read-
	only.
	[56a160c55e4c]

	* src/exec_preload.c, src/sudo_exec.h, src/sudo_intercept.c,
	src/sudo_intercept_common.c:
	Use sudo_mmap_alloc functions in DSO-based intercept code.
	[806dacd141ad]

	* lib/util/snprintf.c:
	Use sudo_mmap_alloc functions instead of private versions. We no
	longer need to keep track of the allocation size.
	[6f375ed7a927]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/mmap_alloc.c, lib/util/util.exp.in:
	Add sudo_mmap_{alloc,allocarrary,strdup,free} functions. These
	allocate memory via mmap anonymous regions and store the mapped size
	immediately before the returned pointer as an unsigned long. They
	are intended to be used in cases where malloc(3) and free(3) are
	unsuitable due to concerns about corrupting global state in multi-
	threaded programs or signal handlers.
	[803b4a82bedd]

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
	Sync with schema.OpenLDAP for user/group utf8 support.
	[14705b52a4f9]

	* Merge pull request #163 from Firstyear/20220725-sudo-ldap-schema

	Update sudoUser to be utf8 in ldap schemas
	[91354fc2ed23]

	* src/sudo_intercept.c:
	resolve_path: skip non-regular files
	[2ed5efdb48ea]

2022-07-25  William Brown

	* docs/schema.OpenLDAP, docs/schema.iPlanet, docs/schema.olcSudo:
	Update sudoUser to be utf8 in ldap schemas

	In most unix-style LDAP servers, uid is a utf8 string defined by OID
	1.3.6.1.4.1.1466.115.121.1.15. However, sudoUser was defined as an
	IA5 String (OID 1.3.6.1.4.1.1466.115.121.1.26) which meant that
	sudoUser could only represent a subset of possible values.

	In some cases when using sudoers.ldap, the uid from the machine
	which was utf8 was fed back into sudo which would then issue a
	search for sudoUsers. If this uid contained utf8 characters, the
	ldap server would refuse to match into sudoUsers because these were
	limited to IA5.

	This is a safe-forward upgrade as IA5 is a subset of UTF8 meaning
	that this change will not impact existing deployments and their
	rules.
	[7a47e711ca88]

2022-07-14  Todd C. Miller

	* src/exec_intercept.c, src/sudo.c:
	Make sure the plugin provides a command, argv and envp.
	[7e4e93118622]

	* lib/util/sudo_debug.c, src/exec_intercept.c, src/exec_preload.c,
	src/exec_ptrace.c, src/sudo_intercept.c,
	src/sudo_intercept_common.c:
	Linux execve(2) allows argv or envp to be NULL. Add checks to make
	sure we don't deference a NULL pointer.
	[be380b71df62]

2022-07-13  Todd C. Miller

	* src/exec_intercept.c:
	intercept_check_policy: add oom label and fix approval failure case.
	If the approval plugin fails we need to set the state to
	POLICY_REJECT just like we do if the policy rejected the command.
	[e7ba37e32af7]

2022-07-09  Todd C. Miller

	* plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.in,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/policy.c, src/apparmor.c:
	Fix a few whitespace issues.
	[deb6391a3ba0]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Increase the realloc increment from 128 to 1024. The contents of the
	env_add array should not include the leading "env=" prefix.
	[d8c0067fc3fd]

	* plugins/sudoers/env.c:
	sudo_putenv_nodebug: require that the environment string include a
	'='
	[fb200f301070]

2022-07-08  Todd C. Miller

	* plugins/sudoers/visudo.c:
	If update_defaults() fails, treat it as a parse error.
	[d9860eb2257a]

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Add additional PVS-studio suppression comments for generated code.
	[dfb89944dcce]

2022-07-07  Todd C. Miller

	* plugins/sudoers/match_command.c:
	Fix compilation error when SUDOERS_NAME_MATCH is defined.
	[3b76707bc5fa]

	* plugins/sudoers/match_command.c:
	Fix a NOPASSWD issue with a non-existent command when fdexec=always
	In command_matches_all(), if the command is fully-qualified and
	open_cmnd() return false, only treat it as an error if we are able
	to stat(2) the command. For "sudo ALL" a non-existent command is not
	an error.
	[e2d756137ce9]

	* plugins/sudoers/regress/testsudoers/test18.sh:
	Quote ^foo$ on command line to protect it from the shell.
	[0f1274e0be93]

2022-07-05  Todd C. Miller

	* lib/eventlog/regress/logwrap/check_wrap.c,
	lib/util/regress/closefrom/closefrom_test.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsig/strsig_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/uuid/uuid_test.c,
	logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c,
	plugins/python/regress/check_python_examples.c, src/exec_ptrace.c:
	Add explicit include of unistd.h for getopt(3) and related
	variables.
	[e1c369cd5ae8]

2022-07-04  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c, src/sudo_intercept_common.c:
	Merge pull request #161 from likunyur/lky

	sudoers/cvtsudoers: Remove the repeated ';' from code
	[9b961a3b9c86]

2022-07-04  Li kunyu

	* src/sudo_intercept_common.c:
	src/send: Remove the repeated ';' from code

	Signed-off-by: Li kunyu <kunyu@...>
	[6fc809eac0b1]

	* plugins/sudoers/cvtsudoers.c:
	sudoers/cvtsudoers: Remove the repeated ';' from code

	Signed-off-by: Li kunyu <kunyu@...>
	[75582c880c30]

2022-07-01  Todd C. Miller

	* lib/util/timegm.c:
	In timegm() initialize tm_isdst to 0 like tzcode does.
	[d3f2d10c3559]

2022-06-30  Todd C. Miller

	* include/intercept.pb-c.h, include/sudo_event.h,
	src/exec_intercept.c, src/exec_intercept.h, src/intercept.pb-c.c,
	src/intercept.proto, src/sudo_intercept_common.c:
	Stop sending an InterceptResponse to a PolicyCheckRequest for
	log_subcmds. There's no real reason for the command to wait for sudo
	send back a response that will always be a PolicyAcceptMessage.
	[d2fe28a652d0]

	* plugins/sudoers/sudoers.c:
	sudoers_main: defer setting return value until the end when running
	a command Otherwise, we could return success when there was an error
	from a system call or memory allocation failure.
	[bd993a2948ce]

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Save the initial command run via sudo and use it when logging exit
	status. Otherwise, if we are in intercept mode or logging sub-
	commands the exit status will be logged with the wrong command.
	[54e3494473ac]

2022-06-29  Todd C. Miller

	* lib/zlib/zconf.h.in:
	Define _LARGEFILE64_SOURCE if _FILE_OFFSET_BITS == 64. Fixes a
	-Wwrite-strings warning on 32-bit systems.
	[61eff691496f]

	* lib/util/strsignal.c:
	Quiet another -Wwrite-strings warning.
	[a03bb85d581d]

	* lib/protobuf-c/protobuf-c.c:
	Fix a clang analyzer 14 warning about a possible NULL deref.
	[4c0db4ac3e1d]

	* lib/iolog/Makefile.in, lib/logsrv/Makefile.in,
	lib/protobuf-c/Makefile.in, plugins/sudoers/Makefile.in,
	src/Makefile.in:
	Regenerate dependencies
	[ff7de2b59097]

	* scripts/mkdep.pl:
	Do not check files generated by protbuf-c with PVS-Studio
	[86f56c21339f]

	* logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_queue.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
	plugins/sudoers/log_client.c, src/sudo_intercept_common.c:
	Quiet some harmless PVS Studio warnings.
	[476fbef7a0c4]

	* logsrvd/logsrvd_conf.c, logsrvd/sendlog.c:
	Use "unable to allocate memory" warning on malloc failure. This is
	consistent with the rest of the sudo source code.
	[5954fc067647]

	* lib/eventlog/Makefile.in, lib/fuzzstub/Makefile.in,
	lib/iolog/Makefile.in, lib/iolog/host_port.c,
	lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
	lib/util/Makefile.in, lib/util/getentropy.c, lib/util/roundup.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
	logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
	logsrvd/tls_init.c, plugins/sudoers/log_client.c, src/Makefile.in,
	src/apparmor.c:
	Add missing PVS Studio Open Source comments. Also avoid checking
	protobuf-c source and protobuf-c generated files.
	[e1277c1f6585]

	* lib/iolog/host_port.c, lib/iolog/hostcheck.c, lib/util/roundup.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_journal.c, logsrvd/logsrvd_local.c,
	logsrvd/logsrvd_queue.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
	logsrvd/tls_init.c, plugins/python/pyhelpers.h,
	plugins/python/regress/iohelpers.h, plugins/sudoers/log_client.c:
	Use #include <config.h> not #include "config.h" for consistency.
	Otherwise, some compilers may do the wrong thing in a build dir if
	there is a config.h file in the source dir too.
	[79aaab18dc6d]

2022-06-28  Todd C. Miller

	* plugins/sudoers/group_plugin.c:
	Update group_plugin_load() stub to match its prototype.
	[9ea7126e6d5c]

	* configure, configure.ac, include/sudo_iolog.h,
	lib/eventlog/eventlog.c, lib/eventlog/logwrap.c,
	lib/iolog/host_port.c, lib/iolog/regress/host_port/host_port_test.c,
	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c, lib/util/aix.c,
	lib/util/getgrouplist.c, lib/util/getopt_long.c, lib/util/lbuf.c,
	lib/util/logfac.c, lib/util/logpri.c,
	lib/util/regress/progname/progname_test.c, lib/util/snprintf.c,
	lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_local.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	plugins/audit_json/audit_json.c,
	plugins/python/python_convmessage.c,
	plugins/python/python_plugin_common.c,
	plugins/python/regress/check_python_examples.c,
	plugins/python/sudo_python_module.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.h,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_csv.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/editor.c,
	plugins/sudoers/env.c, plugins/sudoers/exptilde.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
	plugins/sudoers/insults.h, plugins/sudoers/iolog.c,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/pwutil.c,
	plugins/sudoers/regress/editor/check_editor.c,
	plugins/sudoers/regress/exptilde/check_exptilde.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/serialize_list/check_serialize_list.c,
	plugins/sudoers/regress/unescape/check_unesc.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/sudoers_hooks.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	src/edit_open.c, src/exec_common.c, src/parse_args.c,
	src/regress/noexec/check_noexec.c, src/selinux.c, src/sudo.c,
	src/sudo_edit.c, src/sudo_intercept.c:
	Make sudo pass -Wwrite-strings
	[7ac3dd7b1634]

	* configure, configure.ac:
	A typo prevented -Wno-deprecated-declarations from being used on
	macOS.
	[4d6d4b9e7191]

2022-06-27  Todd C. Miller

	* src/preload.c:
	Fix missing prototype warning.
	[66e460d3c1d2]

	* lib/zlib/zconf.h.in:
	Define _LFS64_LARGEFILE, _LARGEFILE64_SOURCE if 64-bit or
	_LARGE_FILES set. autoconf does not define _LARGEFILE64_SOURCE by
	default but zlib expects it (its own configure script will define
	it). Fixes a missing prototype for crc32_combine_gen64() on AIX and
	HP-UX.
	[c5b314bebbcb]

	* configure, configure.ac, include/sudo_iolog.h, include/sudo_util.h,
	lib/iolog/host_port.c, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/iolog/regress/iolog_json/check_iolog_json.c,
	lib/iolog/regress/iolog_timing/check_iolog_timing.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/mktemp/mktemp_test.c, lib/util/strtoid.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, logsrvd/sendlog.c,
	plugins/python/pyhelpers.c, plugins/python/python_plugin_approval.c,
	plugins/python/python_plugin_approval_multi.inc,
	plugins/python/python_plugin_audit.c,
	plugins/python/python_plugin_audit_multi.inc,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_group.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_io_multi.inc,
	plugins/python/python_plugin_policy.c,
	plugins/python/regress/check_python_examples.c,
	plugins/python/sudo_python_module.c, plugins/sudoers/audit.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/iolog.c, plugins/sudoers/log_client.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_stubs.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/stubs.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.h,
	plugins/sudoers/unesc_str.c, src/copy_file.c, src/exec_ptrace.c,
	src/load_plugins.c, src/net_ifs.c, src/sudo.h, src/sudo_intercept.c,
	src/sudo_intercept_common.c, src/sudo_noexec.c:
	Make sudo pass -Wmissing-prototypes
	[195b024b9f54]

	* src/exec_ptrace.c:
	Include inttypes.h if stdint.h is not present. Bug #1035
	[da6185c4c418]

2022-06-21  Todd C. Miller

	* src/exec_ptrace.c:
	readlink(2) does NUL-terminate the buffer, do it manually. Fixes a
	bug where the current working directory could include garbage in
	intercept mode using ptrace(2).
	[dc7c547f518f]

	* src/exec_preload.c, src/sudo_exec.h, src/sudo_intercept_common.c:
	sudo_preload_dso: make the envp function argument const This lets us
	fix an inappropriate cast in sudo_intercept_common.c.
	[c2fa860b684e]

	* src/exec_intercept.c:
	intercept_write: remove unused CD_USE_PTRACE code. It is not
	possible to end up in intercept_write when CD_USE_PTRACE is set.
	[f8bdc5e37294]

2022-06-20  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.11p3
	[c96ded63ae46]

	* src/exec_intercept.c, src/sudo_intercept_common.c:
	Set TCP_NODELAY on the socket used for intercept IPC to reduce
	latency. On some systems, Nagle's algorithm was delaying receipt of
	the data, causing commands with intercept or log_subcmds to run
	slowly. Related to Bug #1034.
	[11b129850ac1]

	* src/sudo_intercept_common.c:
	Use blocking I/O when talking to the sudo process. Also check for
	EAGAIN/EINTR when reading the message size. Fixes a problem seen on
	AIX where recv_intercept_response() could fail unexpectedly. Bug
	#1034.
	[8554618665a2]

	* src/exec_intercept.c:
	Add debug printfs when send/recv return EAGAIN or EINTR. These are
	not actually errors but can help gain insight into what is going on
	and, in the case of EAGAIN, whether or not there may be a kernel
	resource starvation problem.
	[fd2dee906d2f]

2022-06-14  Todd C. Miller

	* plugins/sudoers/logging.c:
	log_exit_status: make local variables match struct evlog members.
	[f93d5141e818]

2022-06-13  Todd C. Miller

	* lib/util/getgrouplist.c:
	Quiet a compiler warning on macOS. The getgrouplist() groups array
	on macOS is int * instead of gid_t *.
	[c64bf72a1416]

2022-06-12  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.11p2
	[9505276e5c97]

2022-06-11  Todd C. Miller

	* src/exec_ptrace.h:
	Fix compilation on Linux/x32; GitHub issue #158
	[8cebfdd49205]

2022-06-10  Todd C. Miller

	* plugins/sudoers/policy.c:
	Fix pasto in comment after HAVE_PRIV_SET #endif
	[2275ab3b016d]

	* include/sudo_compat.h:
	Fix typo, we should define SSIZE_MAX if it is not defined.
	[51c68f801479]

2022-06-09  Todd C. Miller

	* plugins/sudoers/env.c:
	Change black list -> blocklist This was missed in the previous
	conversion.
	[da610ebb5cb1]

	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoers.h:
	Save a pointer to the event_alloc parameter in the plugin open
	function. That way we don't need to pass event_alloc around to the
	log client functions.
	[a8a47f3770b3]

	* lib/protobuf-c/protobuf-c.c:
	Fix regression with zero-length messages introduced in protobuf-c PR
	500.
	[42062b9f75d5]

2022-06-08  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.11p1
	[7fcfdaacb15e]

2022-06-07  Todd C. Miller

	* src/exec_pty.c:
	Make read and write events persistent and disable as needed. For the
	read callback, disable reader when the buffer is full. For the write
	callback, disable writer when the buffer is consumed.
	[2b6953dc4224]

	* config.h.in, configure, configure.ac, src/sudo_exec.h,
	src/sudo_noexec.c:
	Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. This
	matches the actual prctl() call we use.
	[4222768293d1]

	* Merge pull request #157 from 0x2b3bfa0/improve-tag-spec-ebnf-docs

	Improve Tag_Spec EBNF documentation
	[f528335aded5]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c:
	Treat EINTR in a callback like we do EAGAIN. We shouldn't get EINTR
	in practice since we set SA_RESTART when registering signal handlers
	but it doesn't hurt to be consistent.
	[acf3394e2df2]

	* Merge pull request #156 from delroth/aarch64-build

	exec_ptrace: fix missing sudo_pt_regs on aarch64
	[a7062c609a96]

2022-06-07  Pierre Bourdon

	* src/exec_ptrace.h:
	exec_ptrace: fix missing sudo_pt_regs on aarch64

	AArch64 already had an existing "user_pt_regs" struct and didn't
	need a struct alias before the renaming to "sudo_pt_regs". Make the
	code build again by adding the now missing alias.

	Fixes: 2eb8ff17
	[3b55f40e9b83]

2022-06-07  Helio Machado

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Improve Tag_Spec EBNF documentation
	[7e23ec31d124]

2022-06-07  Todd C. Miller

	* Merge pull request #154 from 0x2b3bfa0/fix-tag-spec-docs

	Add missing colon in Tag_Spec documentation
	[ec8f4610b677]

	* Merge pull request #152 from particleflux/fix-sudoers-typo

	Fix typo in sudoers comment
	[bbbcff4c14ba]

2022-06-07  Helio Machado

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Add missing colon in Tag_Spec documentation
	[e6f4c612e22a]

2022-06-07  Stefan Linke

	* plugins/sudoers/sudoers.in:
	Fix typo in sudoers comment

	Fix a typo in the sudoers comment about `maxseq` param.

	Introduced by 906eb19ece47023c659b4b3db2e7a6bb57dff0d9 in 1.9.11.
	[b38fae41b3eb]

2022-06-06  Todd C. Miller

	* lib/protobuf-c/protobuf-c.c:
	Only shift unsigned values to avoid implementation-specific
	behavior. This converts the arithmetic shifts to logical shifts.
	[e25aa8e9891a]

	* lib/protobuf-c/protobuf-c.c:
	Fix issue protobuf-c#499: unsigned integer overflow Signed-off-by:
	10054172 <hui.zhang@...>
	[f3637be4df4f]

	* include/sudo_event.h, lib/util/event_select.c:
	Fix building with select (not poll) when fd_set is not defined in
	sys/types.h. We can use a void * for the fd_set arrays and just add
	a cast when using the FD_SET macros.
	[5c636cbc11f0]

	* src/exec_pty.c:
	Reinstall the event handler if we get EAGAIN from read/write
	callback. The read and write events do not set SUDO_EV_PERSIST so we
	need to explicitly re-enable the event if there is still data to be
	read. Bug #963.
	[0006cb6531f4]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c:
	If write(2) returns EAGAIN just re-enter the event loop. This is
	consistent with how we handle EAGAIN for read(2).
	[e6478d917a0f]

	* docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
	Document how setting ModulePath affects the Python search path. Also
	advise the user to use a unique prefix to avoid name space
	collisions with installed Python modules. Bug #1031.
	[68a9d50d7806]

	* configure, configure.ac, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in:
	Add EXAMPLES variables for use in the man pages for the examples
	directory.
	[148272d9a6d3]

2022-06-04  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
	Updated translations from translationproject.org
	[985902730e5b]

	* plugins/sudoers/po/hr.mo, po/hr.mo:
	Rebuild Croatian message catalog.
	[438136f65c13]

2022-06-03  Todd C. Miller

	* .gitignore, .hgignore:
	Add new test binaries to the ignore files.
	[ea9de2ded48d]

	* po/cs.mo, po/cs.po:
	Updated translations from translationproject.org
	[eac0aba546ed]

	* lib/protobuf-c/protobuf-c.c:
	Define WORDS_BIGENDIAN on big endian systems. Instead of a configure
	check, we use endian.h (or a fallback).
	[4d5603a9528c]

	* include/intercept.pb-c.h, include/log_server.pb-c.h,
	include/protobuf-c/protobuf-c.h, lib/protobuf-c/protobuf-c.c,
	scripts/unanon:
	Update to protobuf-c 1.4.0
	[47ff9b8bab21]

	* logsrvd/logsrvd.c, plugins/sudoers/cvtsudoers_csv.c:
	Quiet two clang analyzer false positives.
	[2c878f7853cc]

	* src/exec_intercept.c:
	Move a comment to the correct location.
	[caacb3fae078]

	* logsrvd/logsrvd.c:
	union sockaddr_union: pass in sockaddr_union * instead of sockaddr
	*. This eliminates the need for a few casts and is consistent with
	how create_listener() is written.
	[4def05f8d895]

	* src/exec_ptrace.c:
	Eliminate some dead stores that clang-analyzer complains about.
	[3aac29fe0101]

	* src/exec_ptrace.c:
	ptrace_read_vec: don't try to free memory on the error path This is
	leftover from when ptrace_read_string() allocated its own memory.
	[7f5b5d21bce9]

	* config.h.in, configure, configure.ac, src/sudo_intercept.c:
	Avoid using vfork(2) in the DSO system(3) wrapper. Traditional
	vfork(2) semantics make it unsafe for use for more than just
	vfork(2) + execve(2).
	[9a8ce7aef55d]

2022-06-02  Todd C. Miller

	* po/vi.mo, po/vi.po:
	Updated translations from translationproject.org
	[e3197ef8a98d]

	* NEWS:
	Mention sudo_logsrvd.conf "log_server" parsing fix.
	[575a31b83bfd]

	* MANIFEST, logsrvd/Makefile.in,
	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in,
	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in,
	logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.1.in,
	logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.2.in:
	For logsrvd_conf_test include both tls and non-tls configs.
	[ec1815793aab]

	* MANIFEST, logsrvd/Makefile.in,
	logsrvd/regress/logsrvd_conf/cacert.pem,
	logsrvd/regress/logsrvd_conf/logsrvd_cert.pem,
	logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c,
	logsrvd/regress/logsrvd_conf/logsrvd_dhparams.pem,
	logsrvd/regress/logsrvd_conf/logsrvd_key.pem,
	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in,
	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in:
	Add a simple regression test for logsrvd.conf parser. Unlike the
	parser fuzzer, this includes sample certs and keys. This test would
	have detected the BIO_new_file() bug in set_dhparams().
	[7ddabb9d022f]

	* logsrvd/logsrvd_conf.c:
	Fix inverted logic when setting server_log. A value that starts with
	a '/' should be treated as a path.
	[8941fd924fbf]

	* plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in:
	Use abs_top_builddir instead of `pwd`/$(top_builddir).
	[0f4e20a7aeed]

2022-06-01  Todd C. Miller

	* lib/util/regress/parse_gids/parse_gids_test.c:
	Plug a memory leak.
	[8a9eb498ed55]

	* plugins/sudoers/parse_ldif.c:
	Fix bug in last commit, need to reinitialize role to NULL.
	[1e454b967993]

	* plugins/sudoers/parse_ldif.c:
	Simplify the check for when we can reuse the previous user and host
	specs. This makes the code easier to read and quiets a cppcheck
	false positive.
	[037c4943f1ac]

	* docs/Makefile.in:
	Install the plugin man pages in section 5 (or 4 for System V). The
	manual had the correct section in the text but was installed in the
	wrong directory.
	[5df7d3f9a010]

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/de.mo,
	po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo,
	po/hr.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo,
	po/ro.po, po/uk.mo, po/uk.po:
	Updated translations from translationproject.org
	[9ac84e5c9250]

	* NEWS:
	Sudo now supports intercepting system(3).
	[a46db96a3b03]

2022-05-31  Todd C. Miller

	* plugins/sudoers/log_client.c:
	Only display "unable to connect to log server" warning once.
	Previously, in intercept mode, if the log server is unreachable the
	message would be printed for each sub-command.
	[df4c53518bb7]

	* src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/sudo_exec.h:
	When using ptrace(2), push the point where we suspend into
	exec_cmnd(). This should reduce the amount of time the child has to
	wait for the parent to use PTRACE_SEIZE to seize control and then
	PTRACE_CONT to continue the child.
	[f9caab4bf18b]

	* config.h.in, configure, configure.ac, src/sudo_intercept.c:
	Add configure check for vfork(2) and fall back to fork(2) if
	missing.
	[ddfaba8d2a09]

	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, src/intercept.exp.in, src/sudo_intercept.c:
	Add support for intercepting the system(3) function. This also means
	we can log system(3) with log_subcmds.
	[aca241d96c0b]

	* include/compat/endian.h:
	Newer compilers define __BYTE_ORDER__ and
	__ORDER_{BIG,LITTLE}_ENDIAN__ Also add riscv the little endian list.
	[55731e5517fc]

2022-05-29  Todd C. Miller

	* configure, configure.ac:
	On AIX, fmemopen(3) has a bug where feof() returns false at EOF. See
	https://www.ibm.com/support/pages/apar/IJ11845
	[a703278bceed]

2022-05-27  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Fix potential signed integer overflow on 32-bit CPUs. Converting
	fractional minutes to nanoseconds could overflow a 32-bit integer,
	use long long instead.
	[b1d2afc0cc4d]

	* plugins/sudoers/Makefile.in:
	Fix path to example sudoers file, it is now in the build dir.
	[899850a04adf]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	init_options: initialize apparmor_profile to NULL
	[ad0de9e0474f]

	* NEWS:
	Update with latest 1.9.11 changes.
	[12650d2b6184]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Fix typo
	[ce83f628330c]

	* docs/CONTRIBUTORS.md:
	Update contributors.
	[5b69f27ea398]

	* logsrvd/tls_init.c:
	Fix uninitialized use of ca_store when building with wolfSSL.
	[e7cc6d8d9f7e]

	* docker/debian/testing/Dockerfile, docker/ubuntu/devel/Dockerfile,
	docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
	Newer Debian/Ubuntu uses libsepol-dev not libsepol1-dev.
	[b2c1326bfb0d]

	* configure, configure.ac, plugins/sudoers/def_data.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/toke.c, src/Makefile.in:
	Regenerate files after merging AppArmor integration.
	[d24fcec2cb87]

	* Merge pull request #148 from kernelmethod/apparmor_support

	Add AppArmor support to sudo
	[fcbfb2410afd]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	src/parse_args.c, src/sudo.c, src/sudo.h:
	Merge branch 'main' into apparmor_support
	[7832ecc5eb7f]

2022-05-26  Todd C. Miller

	* src/sudo_intercept.c:
	Pass envp, not environ, to real execve() from exec_wrapper() if
	possible. The replacement execve() function was passing the global
	environ to exec_wrapper() instead of the envp parameter. This caused
	the command to be run with the wrong environment on AIX systems, and
	possibly others, when intercept or log_subcmds was enabled. Bug
	#1030.
	[dc0187c68c1b]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.11
	[b4c8ec57842f]

	* src/exec_ptrace.c:
	Consolidate some translatable strings.
	[05dae7c3c8da]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	plugins/sudoers/log_client.c, src/exec_intercept.c:
	Standardize protobuf "unable to unpack" warning messages.
	[6f4e026c7a02]

	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
	e_approval_plugin_and_arguments.stdout, src/exec.c:
	Bump plugin minor version and document new intercept-related
	settings. There should have been a minor version bump for sudo 1.9.8
	when intercept was originally implemented.
	[2b7591704df4]

2022-05-25  Todd C. Miller

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Reset intercept_allow_setid if intercept_type changes from trace to
	dso. But only reset intercept_allow_setid if the user didn't
	explicitly set it.
	[e398111d824e]

2022-05-24  Todd C. Miller

	* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	CentOS Stream only uses a major version number, no minor version.
	This prevents the packages from being created as foo.el.arch.rpm
	since we were assuming that the version number was two digits.
	[a3caed91ea8c]

	* src/exec_ptrace.c, src/exec_ptrace.h:
	Add support for running o32 and n32 binaries on mips64.
	[887ab363f2a4]

	* src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h:
	Enable ptrace support for MIPS but only for log_subcmds. It is not
	possible to change the syscall return value on MIPS so we cannot
	support full intercept mode. Another complication on MIPS is that if
	a system call is invoked via syscall(__NR_###), v0 holds
	__NR_O32_Linux and the real syscall is in the first arg (a0) and
	other args are shifted by one.
	[0345a4137047]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
	src/exec_ptrace.c, src/parse_args.c, src/sudo.c, src/sudo.h,
	src/sudo_exec.h:
	Add intercept_type sudoers option to set intercept/log_subcmds
	mechanism.
	[b97e461f7da1]

2022-05-23  kernelmethod

	* MANIFEST, include/sudo_debug.h, src/Makefile.in, src/apparmor.c,
	src/parse_args.c, src/sudo.c, src/sudo.h:
	Add an apparmor_profile sudo setting

	Define a new sudo setting, `apparmor_profile`, that can be used to
	pass in an AppArmor profile that should be used to confine commands.
	If apparmor_profile is specified, sudo will execute the command
	using the new `apparmor_execve` function, which confines the command
	under the provided profile before exec'ing it.
	[a54897efe031]

	* plugins/sudoers/check.c, plugins/sudoers/cvtsudoers_csv.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.dict,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/toke.l:
	Add an APPARMOR_PROFILE user spec option to sudoers

	sudoers now supports an APPARMOR_PROFILE option, which can be
	specified as e.g.

	 alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo ALL

	The line above says "user alice can run any command as any
	user/group, under confinement by the AppArmor profile 'foo'."
	Profiles can be specified in any way that complies with the rules of
	aa_change_profile(2). For instance, the sudoers configuration

	 alice ALL=(ALL:ALL) APPARMOR_PROFILE=unconfined ALL

	allows alice to run any command unconfined (i.e., without an
	AppArmor profile), while

	 alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo//&bar ALL

	tells sudoers that alice can run any command under the stacked
	AppArmor profiles 'foo' and 'bar'.

	The intention of this option is to give sysadmins on Linux distros
	supporting AppArmor better options for fine-grained access control.
	Among other things, this option can enforce mandatory access control
	(MAC) over the operations that a privileged user is able to perform
	to ensure that they cannot privesc past the boundaries of a
	specified profile. It can also be used to limit which users are able
	to get unconfined system access, by enforcing a default AppArmor
	profile on all users and then specifying
	'APPARMOR_PROFILE=unconfined' for a privileged subset of users.
	[2afe8c910959]

	* config.h.in, configure.ac, scripts/mkdep.pl, scripts/mkpkg:
	Add a --with-apparmor build flag

	Add a new build flag, --with-apparmor, that builds sudo with
	AppArmor support. Modify the build script for Debian and Ubuntu to
	enable this flag by default.
	[596b4e6dce4d]

	* INSTALL.md, docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Add documentation for AppArmor support

	- Document the AppArmor userspec option in the sudoers man pages.
	- Add information about the --with-apparmor build configuration option
	to INSTALL.md.
	[524dde965b94]

2022-05-22  kernelmethod

	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
	docker/ubuntu/rolling/Dockerfile:
	Add libapparmor-dev to the Debian and Ubuntu Dockerfiles

	Install libapparmor-dev on Debian- and Ubuntu-based Docker images so
	that they can build sudo with AppArmor support.
	[8491c8b6d240]

2022-05-19  Todd C. Miller

	* src/exec_nopty.c, src/exec_pty.c:
	Pass the WUNTRACED flag to waitpid() even if __WALL is present.
	Otherwise, we won't get the wait status of a suspended command that
	is not being traced.
	[7c2b46ec73be]

	* configure, configure.ac, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	Use explicit library dependencies instead of implicit. We now
	include all the dependent libraries when linking. Fixes a linking
	problem on CentOS Stream 9.
	[6f06cdbb1552]

	* plugins/sudoers/logging.c:
	mail_parse_errors: allocate the correct amount of space for mail
	body. Use strlen(), not sizeof(), on "problem parsing sudoers" since
	it is a tranlated string and not a constant. This was caught by the
	existing overflow checks.
	[5aa53136cd9d]

2022-05-18  Todd C. Miller

	* MANIFEST, src/Makefile.in, src/exec_nopty.c, src/exec_pty.c,
	src/regress/intercept/test_ptrace.c, src/sudo_exec.h,
	src/suspend_nopty.c:
	Move code to suspend sudo when no pty is in use to separate file.
	Use this in test_ptrace.c to be able to suspend just like sudo does.
	[ddef421918b7]

2022-05-17  Todd C. Miller

	* src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c,
	src/regress/intercept/test_ptrace.c, src/sudo_exec.h:
	Fix suspending a sudo-run shell in ptrace intercept mode with no
	pty. When ptracing a process, we receive the signal-delivery-stop
	signal before the group-stop signal. If sudo is running the command
	in the same terminal, we need to wait until the stop signal is
	actually delivered to the command before we can suspend sudo itself.
	If we suspend sudo before receiving the group-stop, the command will
	be restarted with PTRACE_LISTEN too late and will miss the SIGCONT
	from sudo.
	[bf9a482ecddd]

	* docs/TROUBLESHOOTING.md, docs/sudo_logsrvd.man.in,
	docs/sudo_logsrvd.mdoc.in:
	OpenSSL 3.x requires the key usage extension be present in CA and
	certs. Certificates generated with a CA that doesn't set the key
	usage extension will fail to validate if "tls_verify" is enabled.
	[3ae4ef1ecf57]

	* logsrvd/tls_init.c:
	Include the cert or ca file in error messages where applicable.
	[3e0558886a3d]

	* logsrvd/tls_init.c:
	Add missing include of string.h for strerror(3).
	[253a5634d441]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	logsrvd/tls_client.c, logsrvd/tls_init.c,
	plugins/sudoers/log_client.c:
	If ERR_reason_error_string() returns NULL, fall back on
	strerror(errno). That way we get reasonable error messages for
	missing files, etc.
	[d2423ef0e284]

	* logsrvd/tls_init.c:
	set_dhparams: pass BIO_new_file() "r" for the file mode, not
	O_RDONLY. Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style
	mode string.
	[7a67aec88cb4]

	* src/exec_ptrace.c:
	The set_sc_arg3, get_sc_arg3 and set_sc_arg4 functions are not used.
	Use ifdef notyet to disable for now since they may be used in the
	future.
	[99d2f2a42da5]

2022-05-16  Todd C. Miller

	* src/exec_ptrace.h, src/sudo_exec.h:
	Use __x86_64__ preprocessor symbol, not __amd64__ Also clarify a
	comment about MIPS ptrace.
	[b02ad513eb64]

	* src/exec_ptrace.h, src/sudo_exec.h:
	ptrace support has been tested on Debian/s390x. It should also work
	on s390 but this has not been tested. I have not added a compat mode
	to trace 31-bit binaries on s390x due to the lack of a test system.
	[3176433e7456]

	* src/exec_ptrace.h:
	Define sudo_pt_regs instead of user_pt_regs and include the struct
	keyword. On s390, the struct is typedef'd without a name.
	[b2b74f378eef]

	* src/exec_ptrace.h, src/sudo_exec.h:
	ptrace support has been tested on Debian/riscv64.
	[e1011074d984]

2022-05-15  Todd C. Miller

	* plugins/sudoers/sudoers.in:
	Add maxseq setting to log_output example. This should make it more
	obvious that you need to adjust maxseq unless you have (virtually)
	unlimited disk space.
	[5203240a248b]

	* scripts/mkpkg:
	Fix dependency check for libssl on Debian/Ubuntu with OpenSSL 3.
	Also add check for python 3.10 and 3.11 and remove versions < 3.4.
	Fixes building on Ubuntu 22.04.
	[c9114582911c]

2022-05-14  Todd C. Miller

	* src/exec_ptrace.h:
	Tracing 32-bit arm binaries from a 64-bit sudo works.
	[c1e1602874ed]

	* src/exec_ptrace.c:
	ptrace_write_string: the terminating NUL fix was reverted by
	mistake.
	[587dd11b2783]

	* src/exec_ptrace.h, src/sudo_exec.h:
	ptrace-based intercept has now been tested on 32-bit arm
	[493b17a89e63]

2022-05-13  Todd C. Miller

	* src/exec_ptrace.h:
	Don't use PTRACE_SET_SYSCALL for 32-bit arm binaries running on
	aarch64. Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just
	like we would for a 64-bit binary. Newer Linux headers don't define
	PTRACE_SET_SYSCALL for aarch64.
	[5930846e9c9e]

	* src/regress/intercept/test_ptrace.c:
	Replace verbose flag with debug flag. This is more accurate since it
	actually uses the debug subsystem.
	[dda8b8af8bd2]

	* src/exec_ptrace.h:
	Initial cut at MIPS support, untested. Mips is a bit different in
	that most Linux distros appear to use the n32 ABI on 64-bit CPUs. We
	don't currently support tracing a 64-bit binary from a 32-bit sudo.
	We could suport tracing o32 ABI binaries in compat mode, though.
	[05e5e246463a]

2022-05-12  Todd C. Miller

	* src/regress/intercept/test_ptrace.c:
	Add have_seccomp_action("trap") call to check for
	SECCOMP_MODE_FILTER.
	[250c6b72c4f4]

	* src/exec_ptrace.c, src/exec_ptrace.h:
	Add arm-specific code to set the system call number. Fixes rejection
	of commands due to policy on arm when in intercept mode.
	[74c5bd26713b]

	* scripts/mkpkg:
	Fix OS major version detection on CentOS Stream
	[cd4d5aaf59a7]

	* src/exec_ptrace.c:
	Repair ptrace_write_vec() for compat binaries.
	[77ee302b0631]

	* src/regress/intercept/test_ptrace.c:
	Fix a crash when not run in verbose mode.
	[adf481623228]

	* src/exec_ptrace.c:
	ptrace_intercept_execve: read back the updated syscall args in test
	mode. This makes it easier to detect problems with the syscall
	rewrite code when testing with test_ptrace.
	[4eb9e09d90d9]

2022-05-11  Todd C. Miller

	* src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h:
	Enable ptrace intercept on powerpc. Tested on ppc64 and ppc64le.
	[fbd12baa1a02]

	* src/exec_ptrace.c:
	Fix tracing compat binaries on big endian systems. We need to swap
	the order of the two 32-bit addresses for big-endian.
	[375004a3ef09]

	* src/exec_ptrace.c:
	Move code to write a string vector to ptrace_write_vec().
	[8401e0397f11]

	* src/exec_ptrace.c:
	Fix compilation error on systems with no compat arch. Currently only
	affects i386.
	[b95c707298c5]

	* MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c,
	src/regress/intercept/test_ptrace.c, src/sudo_exec.h:
	Add test_ptrace program to test ptrace-based intercept support.
	[5f7162bcdbfd]

	* src/exec_ptrace.c:
	Use unsigned long for addresses so we don't have to worry about sign
	extension.
	[7a0d4ea2fa70]

2022-05-10  Todd C. Miller

	* src/exec_ptrace.c:
	ptrace_write_string: make sure we always write the terminating NUL.
	We can't check *str for NUL since it may not have been written yet.
	[9d95217981ac]

	* src/exec_ptrace.c:
	Fix compilation error when SECCOMP_AUDIT_ARCH_COMPAT is not defined.
	[3162054bac24]

2022-05-09  Todd C. Miller

	* src/exec_ptrace.c, src/exec_ptrace.h:
	It is now safe to make WORDALIGN use compat (not native) aligment.
	We allocate space for an extra pointer between argv and the string
	table for compat binaries so there is no need to align address to
	sizeof(long).
	[898626f1cdf6]

	* src/exec_ptrace.c, src/exec_ptrace.h:
	Use the entire word in ptrace_get_vec_len() and ptrace_read_vec().
	For compat binaries, use the upper 32-bits as the next word instead
	of calling ptrace(2) to get it. This reduces the number of ptrace(2)
	calls when reading argv and envp for compat binaries.
	[cf5d1ae47dbe]

2022-05-07  Todd C. Miller

	* src/exec_ptrace.c:
	We don't need to align strings in the string table. We align the
	start of the string table to a word boundary to help prevent overlap
	when writing the pointers. However, the actual strings themselves
	don't need to be aligned.
	[219a1a07fc2e]

2022-05-06  Todd C. Miller

	* src/exec_ptrace.c:
	Avoid potentially overwriting string table when writing argv. In
	compat mode, if argc is odd, writing the last pointer of argv will
	overlap with the address of argv[0], so leave an extra word in
	between. Also remove incorrect comments about PTRACE_PEEKDATA
	unaligned access.
	[13f7e63a31bd]

	* src/exec_ptrace.c, src/exec_ptrace.h:
	Use native word size for padding and when reading/writing strings.
	If we try to use the compat word size we can end up in a situation
	where a subsequent PTRACE_POKEDATA overwrites part of what we've
	already written since it always writes in sizeof(long) units.
	[e0d7fdc3f8e2]

2022-05-05  Todd C. Miller

	* src/exec_ptrace.c:
	ptrace_intercept_execve: rewrite path to exec if changed by the
	policy
	[089f0e32cf2a]

	* src/exec_ptrace.c:
	ptrace_intercept_execve: plug memory leak of get_execve_info()
	buffer
	[5ce2cf252c80]

	* MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c,
	src/exec_ptrace.h:
	Move register definitions to exec_ptrace.h
	[59cc9bec6925]

	* src/exec_ptrace.c:
	Add support for intercepting 32-bit binaries on 64-bit systems. We
	need to define the ptrace register struct ourselves for the 32-bit
	system since there is no good way to get it from the system headers.
	Currently only implemented for x86_64 and aarch64.
	[a0407bb1fee0]

	* src/exec_ptrace.c:
	Add setters and getters for ptrace(2) register access. This will be
	used when running 32-bit binaries from a 64-bit sudo.
	[f7da9453d9fa]

	* src/exec_ptrace.c:
	exec_ptrace_handled: don't return early if ptrace_intercept_execve()
	fails. We need to continue the traced process even if there is a
	fatal error. Otherwise, sudo will appear to hang as the running
	process is left in PTRACE_EVENT stop.
	[5b3bd75c4486]

	* src/exec_ptrace.c:
	Don't use PTRACE_GETREGS, it is too complicated when runing compat
	binaries. Unlike PTRACE_GETREGSET, PTRACE_GETREGS requires that we
	manually map registers from 64-bit to 32-bit layouts when running,
	e.g. a 32-bit binary from a 64-bit sudo process.
	[bb3476230373]

2022-05-04  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, src/exec_nopty.c, src/exec_pty.c,
	src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
	Initialize intercept_allow_setid to true if we use ptrace(2) and
	seccomp(2).
	[57e58c0ada44]

2022-05-03  Todd C. Miller

	* src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c,
	src/sudo_exec.h:
	If the process is already being traced, just resume it and clear
	flags. This makes it possible to run sudo in ptrace intercept mode
	from within a shell (or other process) that is already being traced
	by sudo.
	[db4d7cd5f673]

	* src/exec_ptrace.c:
	exec_ptrace_handled: fix delivery of non-stop signals. We need to
	deliver signals to the tracee as long as it is not a group stop.
	Fixes a hang while tracing another sudo process.
	[4ede8b4cfbd9]

	* src/exec_nopty.c:
	Make SIGCHLD handler more consistent with the pty version. No real
	change other than a few debug statements.
	[bd52284b1e2a]

	* plugins/sudoers/parse.c:
	sudoers_lookup_check: preserve intercepted flag when reinitializing
	cmnd_info Otherwise we may not reject an attempt to run a set-user-
	ID command.
	[43d72d1537b2]

	* src/exec_nopty.c, src/exec_pty.c:
	Kill the command if intercept_setup() or ptrace_seize() fail.
	[1037f81b327b]

2022-05-02  Todd C. Miller

	* plugins/sudoers/match_command.c:
	Move intercept setid check out of do_stat() and into its own
	function. For command_matches_all() we should only perform the setid
	check if the file exists and intercept is enabled. Otherwise, we can
	end up returning an error if the fully-qualified command does not
	exist. Fixes a regression introduced in sudo 1.9.0 with the support
	for digests in conjunction with "sudo ALL".
	[1b5f9ed2160a]

	* src/exec_ptrace.c:
	Add support for intercepting x32 binaries on Linux x64_64.
	[c5fc89f38c43]

2022-04-29  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.11
	[d3e832f94348]

	* plugins/sudoers/auth/kerb5.c, src/exec_ptrace.c:
	Fix typos
	[8ef3e84fc62e]

	* MANIFEST, docs/CONTRIBUTORS.md, po/ka.mo, po/ka.po:
	New Georgian translation from translationproject.org
	[f6b9c7d2192c]

	* src/exec_ptrace.c:
	Short-circuit the policy check if the command doesn't exist.
	Otherwise, both sudo and the shell will report the error.
	[f16f1b6705d9]

	* src/exec_ptrace.c:
	Add support for replacing argv in ptrace intecept mode. The new argv
	is written below the tracee's stack and the system call argument is
	replaced with the new argv address.
	[3974c784be8b]

	* src/exec_ptrace.c:
	Check architecture in the seccomp filter. Currently only supports
	the native architecture.
	[13f88e436ae0]

	* src/exec_common.c, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_ptrace.c:
	Suspend the child process and wait for SIGUSR when using ptrace.
	This fixes a race condition in ptrace-based intercept mode when
	running the command in a pty. It was possible for the monitor to
	receive SIGCHLD when the command sent itself SIGSTOP before the main
	sudo process did.
	[cf1f0bea9931]

	* plugins/sudoers/parse.c, src/exec.c, src/selinux.c, src/sudo.h:
	Enable intercept and log_subcmds for SELinux using ptrace and
	seccomp.
	[5d7a3df4457e]

	* src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c,
	src/sudo.c, src/sudo.h:
	For ptrace intercept mode, do not do a policy check for the initial
	command. We can skip the policy check for the execve(2) of the
	initial command since it has already been check. Otherwise, we would
	log the command twice. When using fexecve(2) due to a digest check,
	there should be no need to skip the initial command since it will be
	executed via execveat(2) not execve(2). However, on older kernels
	without execveat(2), glibc will emulate fexecve(2) using /proc which
	will result in the extra log entry.
	[e411d6bc3855]

	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in:
	Update intercept documentation.
	[f44f1cb2a5d2]

	* src/exec_intercept.c, src/exec_ptrace.c:
	In ptrace(2) intercept mode, add execveat to the seccomp(2) filter.
	This allows us to avoid logging the initial command twice regardless
	of whether the kernel supports execveat(2) or not.
	[d39bd5adac13]

	* src/exec_ptrace.c:
	Use PTRACE_GETREGS/PTRACE_SETREGS on platforms that support it. This
	has a better chance of working on things like user-mode Linux.
	[c53475bd4020]

	* MANIFEST, src/Makefile.in, src/exec_intercept.c,
	src/exec_intercept.h, src/exec_nopty.c, src/exec_ptrace.c,
	src/exec_pty.c, src/sudo_exec.h:
	Check the policy for ptrace-based intercept mode.
	[6eadd667ca6d]

	* src/exec_ptrace.c:
	Add support for getting the execve(2) arguments via ptrace(2). This
	will be used to perform a policy check in intercept mode.
	[84b23ae53e2f]

	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
	src/exec_intercept.c, src/exec_nopty.c, src/exec_ptrace.c,
	src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
	Add scaffolding for ptrace-based intercept mode.
	[34a6269ac4eb]

	* include/sudo_compat.h, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c:
	Stop using the WCONTINUED flag with waitpid(2). We don't use it for
	anything other than a debug message and it will cause problems when
	intercept mode starts using ptrace(2).
	[1f55993d68eb]

	* src/exec_nopty.c, src/exec_pty.c:
	Handle multiple child processes in the SIGCHLD handler. This is
	required by the uncoming ptrace intercept code.
	[6dd72fb8f53f]

2022-04-24  Todd C. Miller

	* logsrvd/iolog_writer.c, logsrvd/logsrvd_journal.c,
	plugins/sudoers/log_client.c:
	sudo_logsrvd: update elapsed time for winsize and suspend in journal
	mode Fixes a bug in store-first relay mode where the commit point
	messages sent by the server were incorrect.
	[5607e8c7b559]

2022-04-23  Todd C. Miller

	* docs/visudo.man.in, docs/visudo.mdoc.in:
	Fix typo; GitHub issue #144
	[fb1a539569b4]

2022-04-20  Todd C. Miller

	* docs/TROUBLESHOOTING.md:
	Expand section about expired accounts to include /etc/shadow info.
	GitHub issue #143
	[78368dadddfb]

	* src/exec_monitor.c:
	Add struct command details * to struct monitor_closure. This will be
	used in the future by the ptrace intercept code.
	[0603acf1ff96]

	* src/exec.c:
	Translate "unable to set limit privileges" strings.
	[a8426e224497]

	* ABOUT-NLS, MANIFEST, docs/CONTRIBUTING.md:
	Remove ABOUT-NLS file, it is no longer maintained as part of GNU
	gettext. Expand the Translations section in CONTRIBUTING.md.
	[b4f0269a8f13]

	* src/exec.c, src/exec_intercept.c:
	Don't require a pty for intercept or log_subcmmds. The code to take
	back control of the tty before a policy check doesn't appear to be
	needed. If the command is run in its own pty, sudo has control over
	the user's tty. If the command is run in the user's tty, sudo should
	be in the foreground process group.
	[bddcc0d9fee6]

2022-04-19  Todd C. Miller

	* config.h.in, configure, configure.ac:
	Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU
	libc. This should be replaced by a specialized autoconf macro when
	one becomes available.
	[f63b7f9ea5c2]

2022-04-11  Todd C. Miller

	* plugins/python/regress/testdata/check_example_group_plugin_is_able_t
	o_debug.log, plugins/python/regress/testhelpers.c:
	clean_output: prune lines that consisting of '^' characters and
	whitespace. Starting with Python 3.11, backtraces may contain a line
	with '^' characters to bring attention to the important part of the
	line. Also replace "REJECT" with "0" in backtrace output for Python
	3.11.
	[f6a5d1c05b2b]

2022-04-04  Todd C. Miller

	* configure, configure.ac:
	Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private.
	[4f3fd0d1fd34]

2022-04-01  Todd C. Miller

	* configure, configure.ac, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
	lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS
	[92aa57606481]

	* INSTALL.md:
	Mention other hardening compilation and linker options.
	[7da9cf428e39]

2022-03-31  Todd C. Miller

	* configure, configure.ac:
	Fix check for EVP_MD_CTX_new using static libcrypto with
	dependencies.
	[c02d6b6e474c]

	* configure, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
	m4/ltversion.m4, m4/lt~obsolete.m4, scripts/ltmain.sh:
	Update to libtool 2.4.7.
	[b8824f6b792c]

2022-03-30  Todd C. Miller

	* configure, configure.ac:
	--enable-openssl: don't add non-existent directories to
	PKG_CONFIG_LIBDIR
	[daa9cab172da]

2022-03-29  Todd C. Miller

	* scripts/mkpkg:
	Fix a typo in the AIX section.
	[4d122a222632]

2022-03-28  Todd C. Miller

	* lib/zlib/crc32.c, lib/zlib/crc32.h, lib/zlib/deflate.c,
	lib/zlib/deflate.h, lib/zlib/gzguts.h, lib/zlib/gzlib.c,
	lib/zlib/gzread.c, lib/zlib/gzwrite.c, lib/zlib/infback.c,
	lib/zlib/inffast.c, lib/zlib/inflate.c, lib/zlib/inflate.h,
	lib/zlib/inftrees.c, lib/zlib/trees.c, lib/zlib/zlib.exp,
	lib/zlib/zlib.h, lib/zlib/zutil.c, lib/zlib/zutil.h:
	Update embedded copy of zlib to version 1.2.12. Fixes CVE-2018-25032
	[3e2517079d86]

2022-03-16  Todd C. Miller

	* plugins/sudoers/auth/kerb5.c:
	Minor style nit.
	[9bdde2c81a3d]

	* Merge pull request #138 from dfskoll/main

	If we're using Kerberos, don't overwrite a custom prompt
	[266b04c9ee0a]

2022-03-16  Dianne Skoll

	* plugins/sudoers/auth/kerb5.c:
	If we're using Kerberos, don't overwrite a custom prompt if one was
	given with -p

	Thanks to @thend20 for testing this patch.
	[e62136f88c3e]

2022-03-15  Todd C. Miller

	* src/conversation.c:
	Write the \r\n pair to ttyfp if possible, falling back on fp. This
	is consistent with the vfprintf() call and fixes a problem
	introduced by the last commit where the newline could be written
	before the message instead of after.
	[3aaebbec4ee5]

	* include/sudo_util.h,
	plugins/sudoers/regress/starttime/check_starttime.c:
	Adjust starttime test when run under Debian faketime. Bug #1026
	[b8ac7dec6e11]

2022-03-14  Todd C. Miller

	* src/conversation.c:
	sudo_conversation_printf: convert trailing nl to cr + nl combo. This
	fixes output when the terminal is in raw mode and is consistent with
	how sudo_conversation() behaves.
	[e377f2a71021]

	* lib/eventlog/eventlog.c, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c, src/tgetpass.c:
	Block SIGCHLD when forking the mailer. Otherwise, it may be picked
	up by the signal handler instead of our waitpid(2) call. Don't warn
	if waitpid() returns 0 in a SIGCHLD handler.
	[e34a3f90de5b]

	* plugins/sudoers/sudoers.c:
	Do not warn, log or send mail for errors when reinitializing
	defaults. If there is a problem, we would have already warned,
	logged or mailed it. The one exception is the initial defaults,
	which should never fail.
	[0d273f4d307d]

	* plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/parse.c, plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.c:
	If there are multiple parse errors, send them in a single mail
	message.
	[5de37ad1101f]

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
	src/Makefile.in:
	Unset LANGUAGE when running tests, otherwise it may override LC_ALL.
	Bug #1025.
	[87573102f25b]

2022-03-11  Todd C. Miller

	* plugins/sudoers/visudo.c:
	Looser owner/permission checks for an uninstalled sudoers file. We
	don't check the owner or permissions on a sudoers file that is
	specified as an argument to visudo by default. However, the owner
	and mode of files included via @includedir were still checked. This
	commit makes the owner and permissions checks for filed included via
	@includedir follow the same as for the original sudoers file.
	[db78857306d4]

	* lib/util/regress/getdelim/getdelim_test.c:
	getdelim_test: increase longstr to check end pointer after realloc
	This would have caught the recent bug in our getdelim replacement
	when run under address-sanitizer or valgrind.
	[6559a42a3205]

	* plugins/sudoers/check_aliases.c:
	Add missing va_start/va_end around call to sudoers_error_hook().
	Coverity CID 250885
	[49d026ba67b2]

	* lib/util/getdelim.c:
	Correctly update the end pointer when we expand the buffer. From
	Robert Manner.
	[99617ae8332d]

2022-03-10  Todd C. Miller

	* lib/util/secure_path.c:
	sudo_secure_path: pass the struct stat * argument directly to
	stat(2) Set the pointer to a struct stat on the stack if st is NULL.
	Avoids a needless memcpy() at the end.
	[11636745ce29]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Fix off-by-one when storing line number in userspec. We store the
	line number *after* parsing the newline so we need to subtract one.
	[40d6521a966e]

	* lib/eventlog/eventlog.c:
	For alert messages, the command or runuser may not be set. This
	fixes the logging of parse errors when JSON logging is enabled.
	[cfde228ef422]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
	plugins/sudoers/locale.c, plugins/sudoers/logging.h,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c:
	Pass file, line and column to sudoers defaults callbacks.
	[04a26b1a224c]

	* plugins/sudoers/audit.c, plugins/sudoers/check_aliases.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.c,
	plugins/sudoers/file.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/sudoers/test18.toke.ok,
	plugins/sudoers/regress/visudo/test2.err.ok,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/visudo.c:
	Add a hook for sudoers parse errors (including defaults and
	aliases). The hook can be used to log parser errors (sudoers module)
	or keep track of which files have an error (visudo). Previously, we
	only kept track of a single parse error.
	[601915bb6265]

2022-03-09  Todd C. Miller

	* plugins/sudoers/file.c, plugins/sudoers/ldap.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/sudoers/test18.out.ok,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
	Add a source to struct sudo_nss and use it if getdefs() fails. Also
	remove useless "Problem with defaults entries" warning in
	testsudoers.
	[f9ba65e975a0]

2022-03-08  Todd C. Miller

	* lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c:
	Plug a few test memory leaks now that they return from main().
	[dc4db97a1d57]

2022-03-06  Todd C. Miller

	* lib/eventlog/regress/logwrap/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c:
	Remove extra newline in sudo_warnx() calls.
	[3366401671fc]

	* plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/file.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
	Preserve the column and error message when there is a syntax error.
	This information is now included in the error mail sent to root.
	[a224b006bfb3]

	* plugins/python/python_plugin_common.c:
	Deinit python subinterpreters in reverse order (last to first). This
	appears to work around a crash on OpenBSD with Python 3.9.10.
	[ad4d7b33da9b]

2022-03-03  Todd C. Miller

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
	src/Makefile.in:
	For 'make check-verbose' run fuzzers with -verbose=1 This is the
	default for libFuzzer but not for the stub fuzzer lib.
	[7f2551a87c08]

2022-03-02  Todd C. Miller

	* INSTALL.md:
	INSTALL.md: Mention "make check" and "make check-verbose"
	[17a30e329ba7]

	* scripts/generate_test_coverage.sh:
	Repair generate_test_coverage.sh after move to scripts directory.
	[ffef93da0436]

	* Makefile.in, docs/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
	lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add check-verbose Makefile target that runs tests in verbose mode.
	[929d079dbfc7]

	* lib/eventlog/regress/logwrap/check_wrap.c,
	lib/iolog/regress/host_port/host_port_test.c,
	lib/iolog/regress/iolog_filter/check_iolog_filter.c,
	lib/iolog/regress/iolog_json/check_iolog_json.c,
	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_timing/check_iolog_timing.c,
	lib/util/regress/closefrom/closefrom_test.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/getgrouplist/getgids.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/mktemp/mktemp_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsig/strsig_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/uuid/uuid_test.c:
	Add -v option parsing to regress tests, currently a no-op. This will
	be used by a "check-verbose" target in the future.
	[9cdcc23e6a70]

2022-03-01  Todd C. Miller

	* plugins/python/regress/check_python_examples.c,
	plugins/python/regress/testhelpers.h:
	Less verbose output unless the -v option is used. Also display a
	test summary at the end.
	[b18a8f6526e9]

	* src/regress/net_ifs/check_net_ifs.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c:
	verbose flag is boolean, not int
	[8663ac48be27]

	* configure.ac:
	Update copyright year.
	[461698b72a64]

	* plugins/sudoers/Makefile.in, src/Makefile.in:
	Regenerate dependencies.
	[f007ec225986]

	* MANIFEST, configure, configure.ac, lib/util/Makefile.in,
	lib/util/regress/closefrom/closefrom_test.c:
	Add sudo_closefrom() regression test.
	[14f4439a8437]

	* NEWS, config.h.in, configure, configure.ac, lib/util/closefrom.c:
	Use close_range(2) in closefrom() emulation if available. On Linux,
	prefer our own closefrom() emulation since the glibc version may
	fail if /proc is not present and close_range() is not supported. On
	FreeBSD, closefrom(3) will either call the closefrom or close_range
	system call, depending on which is available.
	[d84eff07783f]

	* configure, configure.ac:
	Repair --enable-pvs-studio on Linux.
	[add3c7fff7f5]

	* configure, configure.ac:
	Mention apple radar 3710161 in the comment about broken macOS
	poll(2).
	[ffb6c8c070dc]

2022-02-28  Todd C. Miller

	* src/regress/net_ifs/check_net_ifs.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c:
	Only display test totals unless run in verbose mode.
	[f543b41f226e]

	* lib/util/regress/harness.in, plugins/sudoers/regress/harness.in:
	Allow test harness to be run from any directory. Also add missing
	copyright notice.
	[5e60bc5beb52]

	* lib/util/regress/harness.in:
	Adapt test harness for lib/util and move to regress directory.
	[f415d958bca7]

	* .gitignore, .hgignore, MANIFEST, configure, configure.ac,
	lib/util/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/harness.in, plugins/sudoers/regress/harness.in:
	Adapt test harness for lib/util and move to regress directory.
	[5f488712f797]

	* lib/fuzzstub/fuzzstub.c:
	Make fuzzer stub main() quiet by default. LLVM LibFuzzer displays
	the input and running time by default but we don't care about that
	for the stub fuzzer library.
	[728005c2de78]

	* .gitignore, .hgignore, MANIFEST, configure, configure.ac,
	plugins/sudoers/Makefile.in, plugins/sudoers/harness.in:
	Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script.
	It is easier to maintain these tests in script form. The output now
	more closely matches that of the other tests. The harness script can
	be invoked directly and supports running specific tests.
	[fbad6e93201e]

2022-02-27  Todd C. Miller

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po:
	Updated translations from translationproject.org
	[b2622a56fcbc]

2022-02-25  Todd C. Miller

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	sudo_regex_compile_v1 stub: set errstr on error
	[2da61535e60d]

	* logsrvd/Makefile.in, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). We
	want to fuzz our parser, not the libc regular expression code.
	[2662a181acc8]

	* plugins/sudoers/regress/testsudoers/test18.out.ok,
	plugins/sudoers/regress/testsudoers/test18.sh:
	testsudoers/test18: don't rely on /usr/bin/w being present Fixes a
	test failure on Alpine Linux.
	[5b3915cef32b]

2022-02-24  Todd C. Miller

	* configure, configure.ac:
	Add configure check for gzclearerr() when using system zlib.
	[388dd60cd577]

	* configure, configure.ac:
	Fix PVS-Studio platform check for macOS.
	[cc46ae5d60a3]

	* plugins/sudoers/ldap.c:
	sudo_ldap_parse_options: fix memory leak of sudoRole cn string.
	Coverity CID 249976
	[bcf86c362e05]

	* src/sudo_intercept_common.c:
	command_allowed: plug memory leak on strdup() failure. Coverity CID
	249972
	[f15a58ed68d6]

2022-02-23  Todd C. Miller

	* plugins/sudoers/check.c:
	display_lecture: just return if callback is NULL
	[3e7352fbc28b]

	* lib/eventlog/eventlog.c:
	For alert messages it is possible for evlog to be NULL. Coverity CID
	238641
	[3e89523699fd]

	* logsrvd/logsrv_util.c:
	iolog_seekto: initialize struct timing_closure before using.
	Coverity CID 249977
	[ea53680a2367]

	* logsrvd/iolog_writer.c:
	iolog_rewrite: initialize struct timing_closure before using.
	Coverity CID 249971
	[d214237f3ce8]

	* scripts/mkpkg:
	Allow ARCH_FLAGS to be overridden and handle macOS 12.
	[f04f3405fa50]

	* scripts/mkpkg:
	Prefer if [ ... ]; then over if test ...; then.
	[4ba3e6ed7280]

	* .circleci/config.yml:
	Do not build with -Werror on macOS. Some macOS warnings are bogus,
	for instance it has an incorrect getgrouplist(3) definition.
	[7e5f469cb0ec]

	* .circleci/config.yml:
	Build and test macos with circleci.
	[fc62dc986646]

2022-02-22  Todd C. Miller

	* NEWS:
	Mention lecture behavior change.
	[cc034a54eb11]

	* lib/iolog/regress/iolog_filter/check_iolog_filter.c:
	Fix compilation on systems without a real openat(2).
	[25067ad6772b]

	* plugins/sudoers/match_digest.c:
	Better warning message when the digest in sudoers is the wrong
	length.
	[c2043906f356]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is
	set.
	[fd3d5706ffda]

2022-02-21  Todd C. Miller

	* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/dce.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
	plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
	Display the lecture immediately before prompting for a password.
	This means we no longer display the lecture unless the user is going
	to enter a password. Authentication methods that don't interact with
	the user via the terminal don't trigger the lecture.
	[17ef981664c3]

	* NEWS, plugins/sudoers/logging.c:
	Add back warning when a user is not allowed to run a command.
	Previously, the warning was displayed when a user was not in the
	sudoers file, or was present but not listed for the local host. The
	new behavior is to display the warning if a command is denied and
	mail is sent to the administrator. Whether or not mail is sent is
	controlled by the "mail_*" flags in sudoers. The warning text is now
	"This incident has been reported to the administrator." which is
	hopefully less confusing. The message will not be printed if either
	the "mailto" or "mailerpath" sudoers settings are disabled.
	[dcaeadb7e558]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Document that negating mailto or mailerpath disables sending mail.
	[02d8aabd9af3]

	* TODO:
	Remove obsolete TODO file.
	[98e112abab92]

2022-02-20  Todd C. Miller

	* plugins/sudoers/logging.c:
	Don't try to send mail if mailto not set or the mailer is not
	present.
	[37166e692a9c]

2022-02-18  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
	po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo,
	po/ro.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/vi.mo,
	po/vi.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[194b42011062]

	* MANIFEST, lib/iolog/Makefile.in,
	lib/iolog/regress/iolog_filter/check_iolog_filter.c,
	lib/iolog/regress/iolog_filter/test1/log,
	lib/iolog/regress/iolog_filter/test1/timing,
	lib/iolog/regress/iolog_filter/test1/ttyin,
	lib/iolog/regress/iolog_filter/test1/ttyin.filtered,
	lib/iolog/regress/iolog_filter/test1/ttyout,
	lib/iolog/regress/iolog_filter/test2/log,
	lib/iolog/regress/iolog_filter/test2/timing,
	lib/iolog/regress/iolog_filter/test2/ttyin,
	lib/iolog/regress/iolog_filter/test2/ttyin.filtered,
	lib/iolog/regress/iolog_filter/test2/ttyout,
	lib/iolog/regress/iolog_filter/test3/log,
	lib/iolog/regress/iolog_filter/test3/timing,
	lib/iolog/regress/iolog_filter/test3/ttyin,
	lib/iolog/regress/iolog_filter/test3/ttyin.filtered,
	lib/iolog/regress/iolog_filter/test3/ttyout:
	Add tests for iolog filtering. This is the functionality used by the
	log_passwords and passprompt_regex options.
	[07e587dfd765]

	* lib/iolog/iolog_filter.c:
	iolog_pwfilt_run: apply regex on ttyout even if we disabled
	filtering. The heuristic used to decide when to disable filtering is
	when we see another ttyout buffer or find a cr or nl in the ttyin
	buffer. However, we should also check the buffer that caused us to
	disable filtering for a matching regex that would re-enable
	filtering. Programs that prompt for a password twice might otherwise
	not have the second password filtered.
	[f34bf167c3b4]

2022-02-16  Todd C. Miller

	* INSTALL.md, README.LDAP.md, docs/TROUBLESHOOTING.md,
	docs/UPGRADE.md, docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in,
	docs/sudo.man.in, docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
	examples/sudo_logsrvd.conf.in:
	Avoid using "note that" and "note: " in documentation.
	[d75995c86fe0]

	* INSTALL.md, README.LDAP.md, README.md, docs/CONTRIBUTING.md,
	docs/CONTRIBUTORS.md, docs/SECURITY.md, docs/TROUBLESHOOTING.md,
	docs/UPGRADE.md, docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in,
	docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
	docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
	Remove "please" from the documentation, it is considered bad style.
	[9c4a7bc1b48c]

	* docs/UPGRADE.md:
	Mention regular expressions and "sudo -l -U user" behavior change.
	[9bf947ed3e30]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Add security notes about regular expressions in sudoers rules.
	[1748e3a05906]

	* NEWS:
	Update NEWS for GitHub issue #134.
	[c69636554901]

2022-02-15  Todd C. Miller

	* lib/eventlog/eventlog.c:
	do_logfile_sudo: plug memory leak of full_line Coverity CID 249329
	[d1d2bc51077a]

	* plugins/sudoers/logging.c:
	log_server_alert: plug potential memory leak Coverity CID 249328
	[4d01a8e7dffb]

	* plugins/sudoers/logging.c:
	fmt_authfail_message: compute the exact amount of space needed.
	Instead of truncating on overflow, warn and return NULL.
	[96542ddc9674]

	* plugins/sudoers/parse.c:
	Fix potential NULL deref if getpwuid(0) fails. Coverity CID 249326
	[23249273cd01]

2022-02-14  Todd C. Miller

	* docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/parse.c,
	plugins/sudoers/policy.c:
	Restrict "sudo -U other -l" to users with sudo ALL for root or
	"other". Having "sudo ALL" permissions in no longer sufficient to be
	able to list another user's privileges. The invoking user must now
	have "sudo ALL" for root or the target user. GitHub issue #134
	[e2b4f8400599]

2022-02-13  Todd C. Miller

	* NEWS:
	Reword some of the NEWS items for 1.9.10.
	[b2d757e7889c]

2022-02-12  Todd C. Miller

	* docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.mdoc.in, lib/util/regex.c,
	po/sudo.pot:
	Limit regular expressions to 1024 characters each. Avoids a problem
	with the fuzzer creating large regular expressions that blow up the
	glibc regcomp().
	[83b1cac11c79]

2022-02-11  Todd C. Miller

	* .gitignore, .hgignore, MANIFEST, configure, configure.ac,
	examples/Makefile.in, examples/sudo.conf.in, examples/syslog.conf,
	examples/syslog.conf.in:
	Substitute values in the example syslog.conf too. Also update ignore
	files for example changes
	[b13a7e6a630c]

	* MANIFEST, configure, configure.ac, docs/sudo.conf.man.in,
	docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
	docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.mdoc.in, examples/Makefile.in,
	examples/sudo_logsrvd.conf, examples/sudo_logsrvd.conf.in,
	examples/sudoers, examples/sudoers.in:
	Substitute paths set by configure in examples. Bug #1023
	[f528fe7a8f88]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update Project-Id-Version to 1.9.10.
	[0ad7934baa9f]

	* plugins/sudoers/po/sudoers.pot:
	Update .pot files for 1.9.10
	[c7a477455e2e]

	* NEWS, configure, configure.ac:
	Sudo 1.9.10
	[b437c4c37971]

	* MANIFEST, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, include/sudo_util.h, lib/iolog/iolog_filter.c,
	lib/util/Makefile.in, lib/util/regex.c, lib/util/util.exp.in,
	plugins/sudoers/defaults.c, plugins/sudoers/match_command.c,
	plugins/sudoers/regress/sudoers/test28.in,
	plugins/sudoers/regress/sudoers/test28.json.ok,
	plugins/sudoers/regress/sudoers/test28.ldif.ok,
	plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test28.out.ok,
	plugins/sudoers/regress/sudoers/test28.toke.ok,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c:
	Add helper function to compile a regex that supports (?i).
	[d680d423d2df]

2022-02-10  Todd C. Miller

	* MANIFEST, configure, configure.ac, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, examples/sudoers,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/match_command.c,
	plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test28.in,
	plugins/sudoers/regress/sudoers/test28.json.ok,
	plugins/sudoers/regress/sudoers/test28.ldif.ok,
	plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test28.out.ok,
	plugins/sudoers/regress/sudoers/test28.toke.ok,
	plugins/sudoers/regress/sudoers/test29.in,
	plugins/sudoers/regress/sudoers/test29.json.ok,
	plugins/sudoers/regress/sudoers/test29.ldif.ok,
	plugins/sudoers/regress/sudoers/test29.out.ok,
	plugins/sudoers/regress/sudoers/test29.toke.ok,
	plugins/sudoers/regress/testsudoers/test18.out.ok,
	plugins/sudoers/regress/testsudoers/test18.sh,
	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
	Add support for matching command and args using regular expressions.
	Either the command, its arguments or both may be (separate) regular
	expressions.
	[bef0b1a14771]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Clear sudoers_errstr after it is used. This way we avoid printing
	the same error message more than once if there are multiple ERROR
	tokens returned from the lexer.
	[8a7509cd1c46]

	* logsrvd/logsrvd_local.c:
	store_iobuf_local: fix potential double free on the error path.
	[f9a0e3cb3c7f]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in,
	docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
	docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
	Update links to sudo web site and reference markdown docs.
	[da9a9eb04f04]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.mdoc.in, docs/sudo_logsrvd.man.in,
	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
	Use a 4n indent for code blocks instead of the default 6n.
	[7322dd26a3d4]

	* plugins/sudoers/testsudoers.c:
	testsudoers: disable argument permutation in GNU getopt This makes
	it easier to test commands with arguments.
	[fb005b03a75e]

	* lib/iolog/iolog_filter.c:
	iolog_pwfilt_run: fix types in error return
	[663deea257d0]

	* lib/iolog/iolog_filter.c, plugins/sudoers/iolog.c:
	Free potential leaks of passprompt_regex_handle. Coverity CID 249057
	[d562ea42ab66]

2022-02-09  Todd C. Miller

	* Merge pull request #133 from Dzejrou/main

	Do not unset user timeout when no default timeout is set.
	[58504381014e]

2022-02-09  Jaroslav Jindrak

	* plugins/sudoers/policy.c:
	Do not unset user timeout when no default timeout is set.
	[25f32be7d18d]

2022-02-08  Todd C. Miller

	* plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/sudoers/test2.in,
	plugins/sudoers/regress/sudoers/test2.json.ok,
	plugins/sudoers/regress/sudoers/test2.ldif.ok,
	plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test2.out.ok,
	plugins/sudoers/regress/sudoers/test2.toke.ok:
	Don't escape double quotes (") in a command when printing it.
	Previously, cvtsudoers and "sudo -l" would escape double quotes in a
	command or command line argument, which is not valid sudoers syntax.
	[3bd0505b03e2]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	A few minor (mostly cosmetic) fixes. Add missing ALL to Runas_Member
	and Host. Replace some tabs with spaces. Fix the syntax of a
	sudoedit example.
	[a943116eb35b]

2022-02-04  Todd C. Miller

	* Merge pull request #132 from ninedotnine/patch-1

	Sync example sudoers with default sudoers
	[8c903452e624]

2022-02-04  dan soucy

	* examples/sudoers:
	Sync example sudoers with default sudoers

	`sudoers.in` was changed by 1d13533
	[f34657ff9345]

2022-02-04  Todd C. Miller

	* ABOUT-NLS, INSTALL.md, NEWS, README.LDAP.md, docs/CONTRIBUTING.md,
	plugins/sudoers/po/README, po/README:
	Upgrade http links to https where possible and fix some broken
	links.
	[e33d61fdafdb]

2022-02-03  Todd C. Miller

	* plugins/sudoers/logging.c:
	Remove "This incident will be reported." from user warnings. This
	used to indicate that email had been sent to the administrator
	telling them that someone tried to run sudo. Whether or not sudo
	sends email is now configurable, so the warning may not be accurate.
	It is also confusing to the user since they will not know who the
	incident is being reported to. See also https://xkcd.com/838/
	[b2860bb51393]

	* plugins/sudoers/sssd.c:
	Log fn_get_values() return code in the debug log on error. Also move
	a nested switch() statement out of 'case 0' for improved
	readability.
	[ad609804a70c]

	* plugins/sudoers/sssd.c:
	Do not return an error if we cannot connect to the SSSD connector.
	This may simply mean that nsswitch.conf lists sss as a sudoers
	source but SSSD is not configured for sudo. Otherwise, the user will
	receive a useless "problem with defaults entries" when the sssd
	backend tries to fetch the global defaults. Bug #1022.
	[60bb147ed3e6]

	* plugins/sudoers/log_client.c, plugins/sudoers/logging.c:
	Set client_closure to NULL after freeing it.
	[20da8f0c9226]

	* plugins/sudoers/log_client.c:
	client_closure_alloc: init write_bufs/free_bufs before other
	allocations. We must initialize the tail queues before any possible
	call to client_closure_free(), such as due to malloc() failure.
	[5dd7d1ba2b76]

	* logsrvd/logsrvd_journal.c:
	Add missing default return in last commit.
	[e17820ba6ff8]

	* logsrvd/logsrvd_journal.c:
	sudo_logsrvd: make sure journal exists before writing the alert
	message. Fixes a potential NULL dereference when journaling an alert
	message.
	[19d109fb1420]

	* include/sudo_compat.h:
	Fix compilation on Debian kFreeBSD. The configure script correctly
	detects that utimensat() and futimens() are missing but the headers
	define stub versions of the functions. Including sys/stat.h pulls in
	the system definitions so we can override them safely. Bug #1021.
	[10775e14164a]

2022-02-02  Todd C. Miller

	* src/ttyname.c:
	Add fallback if /proc/self/stat or /proc/pid/psinfo is missing or
	invalid. If the /proc file indicates no terminal is present there is
	no fallback. Bug #1020
	[c32620c9f115]

2022-02-01  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/check.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
	Add sudoers option to perform authentication even in non-interative
	mode. If noninteractive_auth is set, authentication methods that do
	not require input from the user's terminal may proceed. It is off by
	default, which restores the pre-1.9.9 behavior of "sudo -n".
	[f06dcd0957d0]

	* MANIFEST, lib/iolog/iolog_filter.c,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7:
	Work around a glibc regcomp() bug with repeated '+' operators. Glibc
	regcomp() has a bug where it uses excessive memory for repeated '+'
	ops. Collapse them to avoid running the fuzzer out of memory.
	[db423326311f]

	* logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6:
	Rebase seed corpus on updated sudo_logsrvd.conf example.
	[1f30b95c6ce6]

	* logsrvd/logsrvd_conf.c:
	Fix parsing of "retry_interval" in the relay section. The setting
	was present but the callback was missing so it could not be parsed
	in the conf file.
	[09666425a392]

	* logsrvd/logsrvd_conf.c:
	Use TIME_T_MAX as the upper limit when parsing timeouts.
	[989eaa812d4e]

	* plugins/sudoers/auth/pam.c:
	converse: don't set response pointer on error Linux pam_conv(3) says
	not to set the pointer on PAM_CONV_ERR.
	[79934c8631c0]

2022-01-31  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/sudoers4:
	Add missing sudoers4 test file for new cvtsudoers test.
	[5b9f3084d9e9]

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test38.out.ok,
	plugins/sudoers/regress/cvtsudoers/test38.sh:
	defaults_check_conflict: it is only really a conflict if the binding
	match If the Defaults name matched but the binding does not, we can
	simply leave it be. Fixes a problem where given two sudoers sources
	that have a host specified, if they contain conflicting Defaults
	entries we would drop one of the Defaults instead of keeping both
	after making them host-specific.
	[9b8ad3d1e163]

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/sudoers1,
	plugins/sudoers/regress/cvtsudoers/sudoers2,
	plugins/sudoers/regress/cvtsudoers/sudoers3,
	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test34.sh,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test35.sh,
	plugins/sudoers/regress/cvtsudoers/test36.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.sh,
	plugins/sudoers/regress/cvtsudoers/test37.out.ok,
	plugins/sudoers/regress/cvtsudoers/test37.sh:
	Make it possible to merge a host-based Defaults with a global one.
	We convert the global Defaults to a host-based one with a single
	"ALL" member. Later, when we simplify the host list, we'll convert
	this back to a global Defaults.
	[152c16a608c1]

2022-01-29  Todd C. Miller

	* logsrvd/logsrvd_conf.c:
	Check for garbage after [section] in sudo_logsrvd.conf.
	[46a222b60747]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict:
	Sync fuzzing dictionary with current configuration keyword list.
	[9af3929a2f6a]

2022-01-28  Todd C. Miller

	* docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c:
	Add new log_passwords and passprompt_regex settings. When logging
	terminal input, if log_passwords is false and any of the regular
	expressions in the passprompt_regex list are found in the terminal
	output, terminal input will be replaced with '*' characters until a
	newline or carriage return is found in the input or an output
	character is received.
	[1d07eaada99c]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/serialize_list/check_serialize_list.c,
	plugins/sudoers/regress/unescape/check_unesc.c,
	plugins/sudoers/serialize_list.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/unesc_str.c:
	Escape/unescape commas when serializing/deserializing a stringlist.
	[17c422c0b236]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
	plugins/sudoers/locale.c, plugins/sudoers/logging.h,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c:
	Pass the operator to the Defaults callback too. That way we can tell
	what to do in callbacks for lists.
	[d541809b62bf]

	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
	lib/iolog/iolog_filter.c:
	lib/iolog: add support for filtering password out of tty input If a
	password regex is found in the tty output, tty input will be
	replaced with '*' chars until a newline or another tty output
	character is received.
	[19c3a58dfe29]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c:
	Add a new sudoers settings log_passwords and passprompt_regex. When
	logging terminal input, if log_passwords is disabled and any of the
	regular expressions in the passprompt_regex list are found in the
	terminal output, terminal input will be replaced with '*' characters
	until a newline or carriage return is found in the input or an
	output character is received.
	[5fa969cfdef4]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
	Add a flag to avoid splitting list entries on white space.
	[32ac4cd5eae7]

2022-01-27  Todd C. Miller

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
	"plain text" -> "plaintext" for consistency.
	[6cbefac27286]

2022-01-25  Todd C. Miller

	* po/ro.mo, po/ro.po:
	Updated translations from translationproject.org
	[c264de490846]

	* INSTALL.configure:
	Sync with autoconf git.
	[efd6e2df1b4f]

	* scripts/mkdep.pl:
	Fix potential infinite loop when trying to format long lines.
	[e17a3b7b657b]

2022-01-20  Todd C. Miller

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	Document how commands are passed to the shell for the -i and -s
	options. The concatenation of command and arguments and escaping of
	special characters was not documented. Text adapted from GitHub
	issue #121 from Kris Rinzwind
	[852f803234af]

	* docs/TROUBLESHOOTING.md:
	Also mention no_new_privs error in the troubleshooting guide.
	[70cc0679098f]

	* INSTALL.md, docs/TROUBLESHOOTING.md, docs/sudo.conf.man.in,
	docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
	docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
	docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in,
	docs/visudo.mdoc.in:
	Replace uid and gid with user-ID and group-ID in more places.
	[2b6bc95509fd]

2022-01-19  Todd C. Miller

	* INSTALL.md:
	PAM is enabled on NetBSD by default too.
	[3bc31511f687]

	* INSTALL.md, README.LDAP.md, docs/HISTORY.md,
	docs/TROUBLESHOOTING.md, docs/UPGRADE.md:
	Use the Oxford comma consistently, it is helpful in technical
	documents.
	[3df4b26d035e]

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	Document the error message when no_new_privs is set.
	[492a154dec10]

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
	Sudo now recovers from sudoers syntax errors.
	[77d457c4e722]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
	examples/sudo.conf.in, examples/sudo_logsrvd.conf:
	Use the Oxford comma consistently, it is helpful in technical
	documents.
	[e8d29c772963]

	* INSTALL.md:
	Mention docker configuration.
	[8312350518cb]

	* plugins/sudoers/ldap_util.c:
	Quiet a cppcheck false positive.
	[023468af3269]

	* docs/CONTRIBUTING.md:
	Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing
	section.
	[87767f7b89ad]

	* plugins/sudoers/sssd.c:
	Fix logic inversion when setting negated flag.
	[3e4051bc9f30]

	* src/sudo.c:
	Quiet a PVS-Studio format string warning.
	[77e953f3c46f]

2022-01-18  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Regen .pot files.
	[b999972bc90d]

	* NEWS:
	Bug #1016, #1017 and negated sudoUser in LDAP.
	[4ec54e728437]

	* plugins/sudoers/defaults.c:
	Don't set/run early Defaults if a custom defaults_list is specified.
	Defaults settings passed in by the front end are already "early" so
	there is no need to treat any of them as special.

	Otherwise, we end up running the early defaults callbacks before
	sudoers has been parsed. This means that, for instance, it is not
	possible to disable the fqdn flag before its callback is run if sudo
	is build with the --with-fqdn option. Bug #1016.
	[8c6eaa503793]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
	Mark is_early_default(), run_early_defaults(), set_early_default()
	static. They are not used outside of defaults.c.
	[1045e8c7a92e]

	* plugins/sudoers/sssd.c:
	Add support in SSSD for negated users.
	[bca3d02cdd8b]

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	plugins/sudoers/ldap.c:
	Add support in the LDAP filter for negated users. Based on a diff
	from Simon Lees
	[e1d48d44229e]

2022-01-12  Todd C. Miller

	* lib/util/mkdir_parents.c:
	Use PATH_MAX, not NAME_MAX+1 for the directory entry length. On some
	systems, such as Solaris, the max length of a directory entry is
	filesystem-dependent. We could use fpathconf() and dynamically
	allocate the name but it is simpler to just use PATH_MAX here.
	[d1a097783717]

	* plugins/python/python_plugin_common.c:
	Only emulate Py_FinalizeEx for Python 3.[0-5].
	[b314942c0f2f]

	* lib/util/getcwd.c, lib/util/mkdir_parents.c:
	Use POSIX NAME_MAX, not the obsolete MAXNAMLEN define. Fixes
	compilation with musl libc.
	[a1609b2d968f]

2022-01-11  Todd C. Miller

	* src/limits.c:
	When applying fallback limits, make sure we don't reduce rlim_max.
	Fixes a problem where sudo could reduce the max stack size on some
	systems if the original limit was higher than the fallback limit,
	but not unlimited/infinity.
	[1fef77204f17]

	* src/limits.c:
	Don't modify the stack limit if it is >= SUDO_STACK_MIN.
	[b9e473780083]

	* plugins/sudoers/Makefile.in:
	The pre-install target requires visudo, add an explicit dependency.
	[b5b073d2fc9b]

2022-01-09  Todd C. Miller

	* src/sudo.c:
	If sudo is not set-user-ID root, check for the no_new_privs flag on
	Linux. This flag disables set-user-ID at execve(2) time and may be
	set by default for some containers. GitHub issue #129.
	[462249058274]

2022-01-08  Todd C. Miller

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
	src/parse_args.c:
	Add pam_askpass_service sudoers setting for "sudo -A". This makes it
	possible to use a different PAM configuration for when "sudo -A" is
	used. The main use case is to only use PAM modules that can interact
	with the askpass program. GitHub issue #112.
	[5f59bc3f9d81]

2022-01-07  Todd C. Miller

	* lib/iolog/iolog_loginfo.c:
	Improve debugging info when fdopen() fails.
	[0d9711d8564a]

2022-01-06  Todd C. Miller

	* plugins/sudoers/sssd.c:
	sss_sudo_free_values() checks for NULL, no need to do it manually.
	[ccf012907a01]

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
	Quiet a clang analyzer false positive.
	[90b6791616b0]

2022-01-05  Todd C. Miller

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
	Quiet a clang analyzer false positive.
	[3c66e9be5f24]

	* plugins/sudoers/auth/sudo_auth.c:
	Fix return value for non-interactive mode for non-standalone auth
	methods. AUTH_NONINTERACTIVE was being stored in the wrong variable.
	[199a180e7fab]

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, po/fi.mo,
	po/fi.po, po/ko.mo, po/ko.po, po/tr.mo, po/tr.po:
	Updated translations from translationproject.org
	[032877650fe6]

	* plugins/sudoers/cvtsudoers_merge.c:
	defaults_var_matches() should return bool, not enum match_result.
	Remove enum match_result as it is no longer used.
	[6559769ddcd1]

	* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c:
	Quiet two PVS-studio warnings.
	[3a7c89cff3d6]

	* plugins/sudoers/auth/pam.c:
	Remove PAM_TTY workaround for old, buggy PAM modules. In the past,
	some PAM modules assumed that PAM_TTY was set and would misbehave
	(or crash) if not. This was primarily obsolete versions of Linux-
	PAM, so it should now be safe to remove this. Setting PAM_TTY to an
	empty string can cause its own set of issues. GitHub issue #74
	[491cb67ea43b]

2022-01-04  Todd C. Miller

	* NEWS:
	Mention fix for Bug #956 and GitHub issue #83.
	[8692b9985381]

	* plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
	plugins/sudoers/logging.c, plugins/sudoers/sudoers.h:
	Push non-interactive mode checking down into the auth methods. For
	"sudo -n" we only want to reject a command if user input is actually
	required. In the case of PAM at least, we may not need to interact
	with the user. Bug #956, GitHub issue #83
	[bc9653ffe82f]

2022-01-03  Todd C. Miller

	* plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/sudoers1,
	plugins/sudoers/regress/cvtsudoers/sudoers2,
	plugins/sudoers/regress/cvtsudoers/sudoers3,
	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.out.ok:
	userspec_overridden: fix checks when there is more than one userspec
	[199996d29f50]

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.sh:
	Fix merging of global/ALL entries when each input file has a host.
	If a host is specified for the input file, cvtsudoers will bind
	global Defaults to that host and change host "ALL" in a userspec to
	the host name. However, if all the input files have matching hosts
	we can simplify the merged file by converting back to ALL after
	resolving conflicts.
	[bfdb2edfca71]

	* LICENSE.md:
	Welcome to 2022.
	[039e8c0efd7e]

	* docs/Makefile.in:
	LICENSE.md moved to the top-level src dir.
	[b1c2687eef9d]

2021-12-22  Todd C. Miller

	* Merge pull request #127 from Tyler887/main

	Typo
	[c4780c2a3056]

2021-12-22  Tyler887

	* INSTALL.md:
	Typo
	[b650bec9f275]

2021-12-22  Todd C. Miller

	* NEWS, docs/UPGRADE.md, plugins/sudoers/policy.c, src/selinux.c,
	src/sudo.c:
	Back out changes to enable SELinux by default. This may return in a
	future release in a different form.
	[73e46fbe5c27]

	* LICENSE.md, MANIFEST, README.md, docs/LICENSE.md:
	Move LICENSE.md out of docs and back to the top-level. GitHub
	expects it to be in the top-level directory.
	[3c62dd396aff]

2021-12-20  Todd C. Miller

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test35.sh:
	cvtsudoers: fix a regression when merging matching Defaults. If a
	host is specified with a sudoers file, we have to treat Defaults as
	Defaults@host checking for duplicates.
	[9db413953938]

2021-12-18  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	add_defaults: add defs == NULL check to quiet coverity false
	positive
	[a534eee04069]

2021-12-17  Todd C. Miller

	* plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test34.sh:
	When merging Defaults, allow a subsequent global Defaults (no
	binding) to override a prior Defaults setting with a binding.
	[0be52fa6d4d8]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	add_defaults: defs can never be NULL
	[9ba97823b757]

	* plugins/sudoers/cvtsudoers_merge.c:
	Plug memory leak when making a default host-specific. We don't need
	to allocate new space for the binding list, just the members of the
	list.
	[5667d09136f2]

2021-12-16  Todd C. Miller

	* MANIFEST, examples/Makefile.in, examples/cvtsudoers.conf:
	Add an example cvtsudoers.conf file.
	[aa738148e712]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
	Add group_file, match_local, and passwd_file to cvtsudoers.conf.
	Previously, these were only settable via command line options.
	[a7a8b0af3c42]

2021-12-12  Todd C. Miller

	* docs/TROUBLESHOOTING.md:
	Remove question about running Solaris 11 binaries on Solaris 10.
	Current versions of sudo use many APIs that are not present on
	Solaris 10. If you want a sudo Solaris 10 binary, build it on
	Solaris 10, not 11.
	[0346a46cf595]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test34.sh:
	Add simple test for cvtsudoers merge functionality.
	[fda86b17249a]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo,
	po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, po/ja.po, po/pl.mo,
	po/pl.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[edfdaac9b1e7]

	* MANIFEST, plugins/sudoers/po/es.mo, plugins/sudoers/po/es.po:
	Add sudoers Spanish translation from translationproject.org
	[502d45c0af5f]

2021-12-11  Todd C. Miller

	* NEWS:
	Bugs #1013 and #1014
	[1a7b533c5829]

	* lib/util/mkdir_parents.c:
	sudo_mkdir_parents: make sure the path we created is a directory For
	extra paranoia, verify that the directory we created is still a
	directory before we fchown() it.
	[75c23aaa9fca]

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	In SECURITY NOTES, clarify that PATH may be overridden by the
	policy. Bug #1014
	[4f7035d6b921]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/mkdir_parents.c, lib/util/mkdirat.c, logsrvd/logsrvd.c,
	plugins/sudoers/timestamp.c, scripts/mkdep.pl:
	Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2).
	This also allows us to make path const as it should be.
	[46db77e4afb8]

	* plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap_conf.h:
	Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set
	the options. The switch() in the sudo_ldap_set_options_table()
	function needed to be updated to treat CONF_DEREF_VAL and
	CONF_REQCERT_VAL data types as int. Fix from Dennis Filder. Bug
	#1013.
	[5f5bdf9010d7]

2021-12-10  Todd C. Miller

	* docs/SECURITY.md:
	Minor formatting tweak so we can import into the sudo web site.
	[220c647b6635]

	* plugins/sudoers/defaults.c, plugins/sudoers/pwutil_impl.c:
	Fix CodeQL "Multiplication result converted to larger type"
	warnings.
	[a17db0b94018]

2021-12-09  Todd C. Miller

	* docs/SECURITY.md:
	Surround email addresses with angle brackets, not square backets.
	[b9514c0165f2]

2021-12-08  Todd C. Miller

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/fa.mo,
	po/fa.po, po/fi.mo, po/fi.po, po/ja.mo, po/ja.po, po/sr.mo,
	po/sr.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[b2815226875b]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.9
	[e4e903808160]

2021-12-06  Todd C. Miller

	* README.LDAP.md, docs/CONTRIBUTING.md, docs/TROUBLESHOOTING.md,
	docs/UPGRADE.md:
	Minor formatting tweaks.
	[eee91b1fc68c]

2021-12-05  Todd C. Miller

	* INSTALL, INSTALL.md, MANIFEST, README, README.LDAP, README.LDAP.md,
	README.md, docs/CONTRIBUTING.md, docs/CONTRIBUTORS,
	docs/CONTRIBUTORS.md, docs/HISTORY, docs/HISTORY.md, docs/LICENSE,
	docs/LICENSE.md, docs/Makefile.in, docs/TROUBLESHOOTING,
	docs/TROUBLESHOOTING.md, docs/UPGRADE, docs/UPGRADE.md, etc/sudo-
	logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	Convert README and docs files to markdown. This makes things look
	better on GitHub and we can use the markdown version directly in the
	new sudo web site.
	[1cdcbce74a73]

2021-12-04  Todd C. Miller

	* docs/SECURITY.md:
	Policy -> Disclosure Policy
	[13f278869e03]

	* Merge pull request #124 from juspence/main

	Allow sudo -g anyone and sudo -u anyone -g anytwo
	[1a000f5aaba1]

2021-12-04  juspence

	* plugins/sudoers/sudoers.in:
	Allow sudo -g anyone and sudo -u anyone -g anytwo

	When only the user (ALL) is specified explicitly, and the group is
	implied, only sudo -u works. Specifying both the user and group,
	like (ALL:ALL), is required to:

	1) Use sudo -g by itself (with no -u user) 2) Use sudo -u and -g
	together, with a -g group that is different from the -u user's
	primary group
	[ca31aaa0b074]

2021-12-02  Todd C. Miller

	* lib/util/Makefile.in:
	Add build dir to include search path for mksiglist.h and mksigname.h
	Fixes out of tree builds on systems without sys_siglist[] or
	sys_signame[]. GitHub issue #123.
	[fccd76813052]

2021-11-29  Todd C. Miller

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/sudoers1,
	plugins/sudoers/regress/cvtsudoers/sudoers2,
	plugins/sudoers/regress/cvtsudoers/sudoers3:
	cvtsudoers: better merging of lists that are not exact duplicates
	When merging rules, if one list would be overridden by another,
	remove the overridden rule and continue merging.
	[19dc52bd9c6f]

2021-11-28  Todd C. Miller

	* NEWS:
	Update NEWS with latest changes.
	[fafe74e0b20f]

2021-11-27  Todd C. Miller

	* src/edit_open.c:
	dir_is_writable: don't treat EPERM from faccessat() as a fatal
	error. We can get EPERM on Linux with SELinux. GitHub issue #122.
	[25bbc56b2f6d]

2021-11-24  Todd C. Miller

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: add -l option to log merge actions The "-l logfile"
	option can be used to store a log of what actions cvtsudoers took
	when merging multiple files. For example, which aliases were
	renamed, which entries were overriden or removed as duplicated.
	[fa96976882aa]

	* NEWS, configure, configure.ac:
	Sudo 1.9.9
	[dad415a982bc]

2021-11-21  Todd C. Miller

	* MANIFEST, docs/CONTRIBUTORS, po/fa.mo, po/fa.po:
	New Persian (Farsi) translation from translationproject.org
	[3665533a7219]

2021-11-20  Todd C. Miller

	* plugins/sudoers/cvtsudoers_csv.c:
	Quiet a PVS Studio warning. The warning that need_comma is always
	false is correct but in this case it is better to use a consistent
	construct so that if the code is re-ordered no bugs are introduced.
	[5109a34444f5]

	* lib/util/getentropy.c:
	Pass correct size to free_zero(). Coverity CID 241233
	[2ba51f57deb5]

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/defaults.c,
	plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c:
	Add reference counting to Defaults bindings. Previously, we checked
	that the previous entry's binding pointer was not the same while
	freeing. However, to be able to merge Defaults records we cannot
	rely on Defaults entries with the same binding being immediately
	adjacent. This removes the prev_binding checks in favor of a
	reference count which allows us to plug the memory leak in
	cvtsudoers when merging Defaults.
	[0a789516622b]

2021-11-19  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/parse.h:
	cvtsudoers: merge aliases when multiple sudoers files are specified
	Duplicate aliases are remove. If there are conflicting alias names,
	the conflicts are renamed by appending a numerical suffix. For
	example, if there are two SERVERS Host_Aliases, the second one will
	be renamed to SERVERS_1.
	[d9b602626b8c]

	* plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: merge Defaults when multiple sudoers files are specified
	If a hostname is specified with the sudoers file, it will be used to
	make the Defaults setting host-specific, if possible. Duplicate
	Defaults settings are removed and conflicts are warned about. It is
	not possible to resolve all conflicts automatically.
	[756b05304ccb]

	* plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: merge userspecs when multiple sudoers files are
	specified If a hostname is specified with the sudoers file, it will
	be used to make the userspec host-specific, if possible. Duplicate
	userspecs are removed but conflicting entries are not currently
	pruned.
	[643b533bb4f4]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
	Document how to merge sudoers files with cvtsudoers.
	[241c3786f5a8]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c:
	init_parse_tree() now takes ownership of lhost and shost, if any.
	This means that lhost and shost in struct sudoers_parse_tree are no
	longer const and that free_parse_tree() will free lhost/shost. The
	only consumer that passed in lho.st/shost was the SSSD back-end
	which has been updated to avoid a double-free.
	[650bb75666fb]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: use init_parse_tree() to initialize a parse tree. Also
	free the parse tree before exit.
	[9d8f8bb88192]

	* MANIFEST, Makefile.in, etc/macos-background.png, etc/sudo-
	logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	Add a background image for the macOS installer.
	[39889307b278]

	* scripts/pp:
	Update PolyPkg
	[44b1d08be1b0]

2021-11-18  Todd C. Miller

	* scripts/mkpkg:
	mkpkg: handle a macOS SDK that just uses the major version. For
	example, MacOSX11.sdk instead of MacOSX11.3.sdk.
	[ce41fc5aa672]

	* lib/util/Makefile.in:
	Add missing dependencies for timegm.
	[b20c4936504b]

2021-11-16  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c:
	Add support for specifying the hostname as a prefix to the sudoers
	file. If present, the host name is copied into the struct
	sudoers_parse_tree.
	[e87e11cccb6e]

2021-11-11  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c:
	cvtsudoers: parse multiple sudoers files and store them in a tail
	queue In the future the parsed files will be merged before they are
	output.
	[89c77b3f4157]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h:
	Add sudoers_parse_tree_list, a tail queue of struct
	sudoers_parse_tree. This will be used to store multiple parse trees
	and merge them into a single sudoers_parse_tree.
	[073ada18f18b]

	* docs/CONTRIBUTING.md:
	Fix formatting of links.
	[df50208b3f70]

	* MANIFEST, docs/CONTRIBUTING.md:
	Add contributing guide.
	[a99f3a0757f6]

	* .github/workflows/codeql-analysis.yml:
	Create codeql-analysis.yml
	[efab25dab29c]

2021-11-10  Todd C. Miller

	* MANIFEST, docs/SECURITY.md:
	Add security doc, inspired by the Microsoft template.
	[0a8012f8ee35]

	* .gitignore, .hgignore, INSTALL, MANIFEST, Makefile.in, README,
	configure, configure.ac, doc/CONTRIBUTORS, doc/HISTORY, doc/LICENSE,
	doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE,
	doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/fixman.sh,
	doc/fixmdoc.sed, doc/schema.ActiveDirectory, doc/schema.OpenLDAP,
	doc/schema.iPlanet, doc/schema.olcSudo, doc/sudo.conf.man.in,
	doc/sudo.conf.man.in.sed, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
	doc/sudo.man.in.sed, doc/sudo.mdoc.in, doc/sudo_logsrv.proto.man.in,
	doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in,
	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
	doc/sudo_logsrvd.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudo_plugin_python.man.in,
	doc/sudo_plugin_python.mdoc.in, doc/sudo_sendlog.man.in,
	doc/sudo_sendlog.mdoc.in, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
	doc/visudo.mdoc.in, docs/CONTRIBUTORS, docs/HISTORY, docs/LICENSE,
	docs/Makefile.in, docs/TROUBLESHOOTING, docs/UPGRADE,
	docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/fixman.sh,
	docs/fixmdoc.sed, docs/schema.ActiveDirectory, docs/schema.OpenLDAP,
	docs/schema.iPlanet, docs/schema.olcSudo, docs/sudo.conf.man.in,
	docs/sudo.conf.man.in.sed, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.man.in.sed, docs/sudo.mdoc.in,
	docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in,
	docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
	docs/sudo_logsrvd.man.in, docs/sudo_logsrvd.mdoc.in,
	docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
	docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in,
	docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.man.in.sed, docs/sudoers.mdoc.in,
	docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in,
	docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in, docs/visudo.man.in,
	docs/visudo.mdoc.in, etc/codespell.skip:
	Rename "doc" directory to "docs" for better GitHub compatibility.
	[1268c3ae0916]

	* lib/util/Makefile.in:
	Use $(SED), not sed, when generating mksiglist.h/mksigname.h
	[7a7b636a3f32]

	* configure, configure.ac, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	Add configure check for sha1sum and use "openssh dgst -sha1" if
	missing. Only needed when building the seed corpus zip files.
	[3c74ceba0446]

	* include/sudo_compat.h:
	sudo_compat.h: include unistd.h regardless of OS type This helps to
	avoid issues with mismatched headers and libraries.
	[4a22435a2832]

2021-11-09  Todd C. Miller

	* plugins/sudoers/visudo.c:
	install_sudoers: fix return value when there is no temp file to
	install This can happen when no changes were made. Also preserve the
	edited temp file on error if we are unable to move it into place.
	[01c1052ac874]

	* plugins/python/regress/testdata/check_multiple_approval_plugin_and_a
	rguments.stdout:
	Bump plugin version in test data to 1.18.
	[138b9f6a6143]

	* plugins/sudoers/defaults.c:
	free_defs_val: free rlimits like strings (which they are).
	[ade32de829cb]

	* plugins/sudoers/visudo.c:
	Rename {check,set}_perms variable to {check,set}_mode. Avoids a name
	clash with the set_perms() function.
	[a2dfa0d36690]

	* src/edit_open.c:
	Avoid symbol name clash with is_writable() function variable. Rename
	"is_writable" variable to "writable".
	[a52bd106933b]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document new resource limit settings.
	[022e51bff860]

	* doc/UPGRADE:
	Mention that the core dump size resource limit now defaults to 0.
	[22997e8008c9]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, src/exec.c:
	Document resource limit support in command_info[] and Bump plugin
	API minor. This is supported beginning with sudo 1.9.9 and plugin
	API 1.17.
	[2004a71a11b3]

2021-11-08  Todd C. Miller

	* config.h.in, configure, configure.ac, plugins/sudoers/defaults.c,
	src/limits.c:
	Use strtoul() on systems without strtoull(). We can assume that
	systems without strtoull() have 32-bit resource limits.
	[59c1be5a0387]

	* src/exec.c, src/limits.c, src/sudo.c, src/sudo.h:
	Add front-end support for setting resouce limits. The special value
	"user" means preserve the invoking user's limit. The value "default"
	means don't override the default limit for the user as assigned by
	the system (PAM, loging.conf, userdb, etc).
	[7ad6961d5d72]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults,
	plugins/sudoers/policy.c:
	Add basic support for setting resource limits in sudoers. The
	default for rlimit_core is "0,0" Resource limits are passed back to
	the front-end in command_info[] when set.
	[298d5e228635]

	* src/edit_open.c:
	switch_user_nonfatal: only define if using faccessat()
	[1a6b2c0240f5]

2021-11-06  Todd C. Miller

	* doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c:
	visudo: add -O and -P options to check/set owner and permissions.
	This can be used in conjunction with the -c option to check that the
	sudoers file ownership and permissions are correct. Bug #1007
	[1f20721148b0]

2021-11-05  Todd C. Miller

	* doc/UPGRADE:
	UPGRADE: mention SELinux behavior change.
	[0b8cef633225]

	* src/selinux.c, src/sudo.h, src/sudo_edit.c:
	Rename selinux_setcon -> selinux_setexeccon
	[50bde2e4d922]

	* src/selinux.c:
	In the SELinux role is "unconfined_r", disable SELinux support. We
	only want to apply SELinux to confined users. This is a bit of a
	hack as unconfined_r is specific to the targeted policy.
	[aaa8ee97f31e]

	* src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
	src/sudo.h, src/sudo_edit.c:
	Separate out the code to compute the context from selinux_setup().
	This makes it possible to determine whether we really need to
	execute the command via the sesh helper. What was left of
	selinux_setup() is now selinux_relabel_tty() and
	selinux_audit_role_change().
	[687a81e59fdd]

	* plugins/sudoers/policy.c, src/selinux.c, src/sudo.c:
	Pass status of selinux sudoers setting to front-end as selinux-rbac.
	The front-end uses this to decide whether or not to enable SELinux.
	If selinux-rbac is true _or_ if it is not present and selinux_role
	or selinux_type are set, SELinux support is enabled. Previously,
	SELinux support was only enabled if a role was specified.
	[2f21ae08ebbd]

	* src/edit_open.c:
	dir_is_writable: add fallback if changing UIDs fails The SELinux
	policy may not allow uid/gid changes which will break the
	writability checks and cause sudoedit to fail.
	[5c5928a0c314]

2021-11-04  Todd C. Miller

	* scripts/mkpkg:
	Build python package on Fedora
	[7261434fc60c]

2021-11-01  Todd C. Miller

	* src/selinux.c:
	Make get_exec_context static, it is unused outside selinux.c.
	[be59f91e53dd]

	* doc/sudo.conf.mdoc.in:
	Fix lint warning: skipping paragraph macro: Pp before Bd
	[f84297a652d8]

2021-10-31  Todd C. Miller

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	Escape some minus signs ('-') as required by newer groff.
	[4a1a2d6d5c19]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/timegm.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c,
	plugins/sudoers/gmtoff.c, plugins/sudoers/parse.h, scripts/mkdep.pl:
	parse_gentime: use timegm() to generate time since the epoch The
	timegm() function is non-standard but widely available. Provide an
	implementation for those systems that lack it. Bug #1006
	[3ca20dfdb44c]

	* include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl:
	Fix pasto in gmtime_r and localtime_r macros. Also add missing
	Makefile targets for them.
	[2310e188fdd4]

	* plugins/sudoers/gmtoff.c:
	Take daylight saving time into consideration when computing offset.
	Otherwise, the resulting time may be off by and hour, depending on
	whether DST is currently active compared to the target time.
	[20c60fe8e8fc]

2021-10-29  Todd C. Miller

	* scripts/mkpkg:
	Back out f2d82771e7dd, arm64e on macOS is still in preview state.
	Until arm64e on macOS is finalized, continue to build arm64
	packages.
	[6c3bbd6ffc3a]

2021-10-27  Todd C. Miller

	* scripts/mkpkg:
	Build arm64e ABI binaries on macOS 11 and above. We originally used
	arm64 here but the correct ABI is arm64e. The arm64 arch will be
	removed in a future release.
	[f2d82771e7dd]

	* logsrvd/logsrvd_local.c:
	Use iolog_openat() when opening the log.json file in the I/O log
	dir.
	[9041b20b8d01]

2021-10-26  Todd C. Miller

	* logsrvd/tls_init.c:
	Use BIO_new_file() not BIO_new_fd() to read dhparams file. Older
	versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly
	include openssl/bio.h and openssl/dh.h for wolfSSL.
	[8338f58d5ba0]

	* INSTALL, config.h.in, configure, configure.ac:
	wolfSSL not WolfSSL
	[4ee7f96ef87c]

	* .circleci/config.yml:
	Add wolfSSL variant to continuous integration tests.
	[dbbab23e069c]

	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
	docker/ubuntu/rolling/Dockerfile:
	Add libwolfssl-dev to Debian and Ubuntu Dockerfiles Fedora does not
	appear to have an official wolfssl package.
	[12c0feaa0ebb]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	White space in an include file path supported by sudo 1.9.1 or
	higher.
	[9a22034de181]

2021-10-25  Todd C. Miller

	* INSTALL, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/iolog/hostcheck.c,
	lib/util/digest_openssl.c, lib/util/getentropy.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
	logsrvd/tls_init.c, plugins/sudoers/log_client.c,
	plugins/sudoers/log_client.h:
	Add support for WolfSSL's OpenSSL compatibility layer. Based on
	changes from Hayden Roche
	[568557ecb77b]

	* lib/util/Makefile.in, plugins/sudoers/Makefile.in:
	regenerate dependencies
	[d36bf7724e49]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
	logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	Move include of log_server.pb-c.h into logsrvd.h and sendlog.h This
	way there is no include file order issue with the
	PROTOBUF_C_VERSION_NUMBER check.
	[23678487ffaf]

	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
	docker/ubuntu/rolling/Dockerfile:
	Add pkg-config to all Dockerfile
	[63457bb84c4d]

2021-10-24  Todd C. Miller

	* logsrvd/tls_init.c:
	Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not
	X509_FILETYPE_PEM While they are defined to the same value in
	OpenSSL one should not rely on this.
	[1a1557931dbf]

2021-10-23  Todd C. Miller

	* configure, configure.ac:
	Fix setting _PATH_ASAN_LIB, need to double up the square brackets.
	[98143164620a]

	* logsrvd/sendlog.c:
	sudo_sendlog: send runenv, rungid and runuid from log.json too With
	this change, sudo_sendlog can now round-trip sudo-style I/O logs
	that use the newer log.json format without losing any information.
	[d9d3dad6cca3]

2021-10-22  Todd C. Miller

	* config.h.in, configure, configure.ac, lib/util/arc4random.c:
	arc4random: need to include sys/random.h on Solaris too. This was
	removed when Linux genentropy() was disabled.
	[18ea9b386950]

2021-10-21  Todd C. Miller

	* lib/iolog/hostcheck.c, lib/util/inet_ntop.c, logsrvd/logsrv_util.h,
	plugins/sudoers/log_client.h:
	Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined.
	[e347465e0a05]

	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h:
	Only include log_client.h if SUDOERS_LOG_CLIENT is defined.
	[c318f74cf2a8]

	* Merge pull request #118 from larb0b/main

	Define MAP_FAILED where relevant if undefined
	[74f3e9f1a1f4]

2021-10-21  Larkin Nickle

	* lib/util/getentropy.c, lib/util/regress/mktemp/mktemp_test.c,
	lib/util/snprintf.c:
	Define MAP_FAILED where relevant if undefined

	On systems such as HP-UX 10.20, MAP_FAILED is not defined.
	[9f4976caa567]

2021-10-20  Todd C. Miller

	* configure, m4/libtool.m4:
	Improve macOS version detection to support macOS 11 and simplify
	legacy logic From Jeremy Huddleston Sequoia
	[f09b45ab460a]

	* logsrvd/sendlog.c:
	sudo_sendlog: send multiple I/O log records together if possible Try
	to fill the write buffer and then send to the server instead of
	sending records one at a time.
	[0b084cd75d64]

	* logsrvd/sendlog.c, logsrvd/sendlog.h:
	sudo_sendlog: support multiple write buffers like sudo_logsrvd
	[a46b88eff200]

	* configure, configure.ac, lib/util/Makefile.in:
	Always link libsudo_util.so with libcrypto.so if using OpenSSL. We
	may need to use RAND_bytes() in the getentropy() emulation.
	[9c805a008d76]

	* config.h.in, configure, configure.ac, lib/util/getentropy.c,
	plugins/sudoers/boottime.c:
	Add an explicit check for sys/sysctl.h. This test needs to be done
	after AC_LANG_WERROR to avoid including sys/sysctl.h on systems
	where it is marked as deprecated via a #warning directive.
	[d9f1f97b0f37]

	* config.h.in, configure, configure.ac, lib/util/arc4random.c:
	Use our own getentropy() by default on Linux. The glibc getentropy()
	emulation will fail on older kernels that don't support getrandom().
	Also use sudo_fatal() instead of sending SIGKILL on getentropy()
	failure. GitHub issue #117.
	[1ca9d10ff780]

	* lib/util/getentropy.c:
	Use the OpenSSL RAND_bytes() function if getrandom() fails.
	[5f82f6d2ea36]

	* lib/util/Makefile.in, lib/util/arc4random_buf.c, scripts/mkdep.pl:
	Fix compilation of standalone arc4random_buf(). Apparently this code
	was never compiled anywhere.
	[a66c68c3a976]

	* lib/util/uuid.c:
	sudo_uuid_create: no longer need a union for the uuid.
	[a9277bf0078c]

2021-10-19  Todd C. Miller

	* lib/eventlog/eventlog_free.c:
	eventlog_free: free signal_name too
	[1da686483f2a]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.dict:
	Add new log.json keywords
	[f4a30fc6c4ed]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c:
	fuzz_iolog_json: initialize exit_value to -1
	[bac9826b95a1]

	* logsrvd/logsrvd.c:
	Fix potential use-after-free when calling iolog_flush_all(). We need
	to call iolog_flush_all() _before_ scheduling the commit point. If
	we fail to schedule to commit point, the closure will be freed.
	Coverity CID 220557
	[364736f15a06]

	* logsrvd/sendlog.c:
	sendlog: use runargv from log.json if available
	[88a0f4d7bb94]

	* logsrvd/sendlog.c:
	sudo_sendlog: send exit data in eventlog if present
	[fdacc0f68c56]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
	No longer need to pass exit params to eventlog_exit(), use struct
	eventlog. Now that struct eventlog includes the exit parameters we
	can simplify how eventlog_exit() is called.
	[8580c0e8334d]

	* include/sudo_eventlog.h, lib/iolog/iolog_json.c,
	lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c:
	Read command run_time, signal and exit_value from I/O log log.json
	file.
	[05223c4cca0c]

	* logsrvd/logsrvd_local.c:
	Log the command run-time and exit status in the I/O log.
	[8b02b373f79b]

	* lib/eventlog/eventlog.c:
	format_json: fix pasto when setting dumped_core boolean
	[ca11285c088a]

2021-10-18  Todd C. Miller

	* lib/eventlog/eventlog.c, logsrvd/logsrvd_local.c:
	Handle a missing run_time in an ExitMessage. It is now possible to
	pass a NULL run_time to eventlog_exit().
	[f3e989682931]

2021-10-16  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	logsrvd/logsrvd.c:
	No need to flush logs before commit point if we flush after each
	write. Also document that logs are flushed before sending a commit
	point even when flushing is disabled.
	[50323241569d]

2021-10-15  Todd C. Miller

	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
	lib/iolog/iolog_conf.c, lib/iolog/iolog_flush.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Flush I/O logs before we send a commit point. The commit point
	message means we have written the data to disk so we should not be
	buffering it any longer. We do not currently fsync(2) the data after
	flushing, perhaps we should.
	[5233172b7531]

	* logsrvd/logsrv_util.c:
	Do not treat a resume point of [0, 0] as an error. If the connecton
	is interrupted before sudo sends back a commit_point message,
	resuming at [0, 0] is correct. Also add a warning on unexpected EOF
	parsing the timing file.
	[105f29878ad7]

2021-10-11  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Display a more helpful message if the user tries to run "sudo cd".
	Since "cd" is a shell built-in command it cannot be run directly via
	sudo. The user either needs to spawn a shell via "sudo -s" or use
	the -D option to run a command in a specific directory.
	[4d45797dfb11]

	* configure, configure.ac:
	Don't install sudoers.a when configured with --enable-static-
	sudoers. We already avoid installing it when --disable-shared-util
	is specified.
	[0d2022bc07cb]

2021-10-10  Todd C. Miller

	* scripts/mkpkg:
	mkpkg: preserve make exit value on exit Fixes a problem where the
	exit value from mkpkg was 0 even on error.
	[0d0f15bf10cf]

	* plugins/sudoers/cvtsudoers_csv.c:
	Fix typos in SELinux and Solaris priv support.
	[16b9a1459f1d]

	* MANIFEST, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c:
	cvtsudoers: initial support for CSV output For CSV output we double
	quotes strings that contain commas. For each literal double quote
	character present inside the string, two double quotes are output.
	[8f7763b74563]

	* lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	regenerate dependencies
	[09d11b5c7d41]

	* docker/README, etc/codespell.ignore:
	Fix typo and avoid a codespell false positive.
	[81a365b29c3c]

2021-10-08  Todd C. Miller

	* .circleci/config.yml:
	Add build-nointercept and test-nointercept
	[d39877327ccc]

2021-10-07  Todd C. Miller

	* .circleci/config.yml:
	circleci: test multiple build options We now do separate builds with
	LDAP/SSSD enabled, logsrv client/server disabled, and static-sudoers
	enabled.
	[4d8a9b45156c]

	* configure, configure.ac, plugins/sudoers/Makefile.in:
	Fix fuzzer build with when --enable-static-sudoers is used. This
	introduces a sudoers-specific version of LT_STATIC instead of
	appending the --tag=disable-shared to SUDOERS_LDFLAGS. I've also
	removed the -static flag as it should not be needed.
	[864a2fd4e3f7]

2021-10-05  Todd C. Miller

	* docker/README:
	Mention --security-opt=seccomp=unconfined workaround for bleeding
	edge. May be needed for Fedora rawhide and Ubuntu testing, among
	others.
	[a465fdb0a7de]

	* configure, configure.ac:
	Try to handle the case where libasan.so is a linker script. Fixes
	check_noexec with ASAN on Fedora where libasan.so just includes the
	actual library file.
	[f96d1d0cea53]

	* .circleci/config.yml, docker/README,
	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile:
	Enable address and undefined behavior sanitizers in CI builds. We
	need to disable leak sanitizer during "make check" because it uses
	ptrace which is not allowed for unprivileged containers.
	[9378e3856a60]

2021-10-04  Todd C. Miller

	* .circleci/config.yml:
	Switch to Ubuntu latest for circleci build.
	[1270ca1ba47d]

	* .circleci/config.yml, docker/debian/latest/Dockerfile,
	docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile,
	docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile,
	docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
	Add build user for circleci instead of running as root.
	[27dcb5218cb2]

	* .circleci/config.yml, MANIFEST, docker/README,
	docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
	docker/ubuntu/rolling/Dockerfile:
	Use circleci for continuous integegration. Build container
	descriptions are in the new docker directory.
	[d5b5b16b0624]

2021-10-03  Todd C. Miller

	* .gitignore, .hgignore:
	Update ignore file.
	[7fe8afa88e96]

2021-10-01  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	Sync "sudo -l" output with normal sudo log format. It now prints
	runchroot and runcwd (falling back on cwd). As a result, submithost
	is now printed first, matching sudo. Also avoid printing NULL
	pointers and skip entries that don't have at least command,
	submituser and runuser set.
	[0d6b96ec88a1]

	* lib/iolog/iolog_json.c:
	iolog_parse_json_object: optimize for large argv
	[5fa1929189a3]

2021-09-29  Todd C. Miller

	* configure, configure.ac:
	Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported.
	Can be disabled via --disable-hardening.
	[589507ecadf4]

	* configure, configure.ac:
	Add "-z now" to hardened link options if supported. Can be disabled
	via --disable-hardening.
	[11ff1d86440b]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/editor.c,
	plugins/sudoers/regress/editor/check_editor.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/visudo.c:
	find_editor: remove the env_error argument There is no case where we
	should fail to find an editor just because the values of EDITOR,
	VISUAL and SUDO_EDITOR are unavailable. Both sudoedit and the
	"env_editor" sudoers setting are documented as falling back on the
	hard-coded list of editors in the "editors" sudoers setting. Bug
	#1000
	[caa529a0cab6]

	* plugins/sudoers/check_aliases.c:
	Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr).
	Avoids extraneous output in the fuzzer.
	[981d3abd96c7]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Stub out sudo_printf() and avoid other use of stderr in fuzzers.
	This makes it possible to parse sudoers without using quiet mode,
	resulting in better coverage.
	[3215cad4174f]

2021-09-28  Todd C. Miller

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Use a consistent version of fuzz_conversation() with all fuzzers.
	Also undo a change to fuzz_sudoers.c that snuck in to the last
	commit.
	[8a94b06302b7]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Fuzzers should not produce output. Excessive output makes the fuzzer
	runs much less efficient.
	[b9c485009c0f]

	* logsrvd/logsrv_util.c:
	expand_buf: fix conditional for when we need to preserve existing
	data It is possible for the buffer offset to be zero when the length
	is non-zero. The proper value to use is the same as is used for the
	memcpy/memmove size. Fixes buffer corruption caused by a very long
	command line that usually results in a dropped connection.
	[59a4319b3463]

2021-09-27  Todd C. Miller

	* config.h.in, configure, configure.ac, lib/util/closefrom.c:
	Emulate closefrom() on macOS using proc_pidinfo(). This avoids
	relying on /dev/fd which may not exist in a chroot jail. Adapted
	from a change in OpenSSH by likan_999.student AT sina.com
	[2e86d4150ce5]

2021-09-26  Todd C. Miller

	* src/edit_open.c:
	Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure.
	FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
	This is only used to present the user with a more appropriate error
	message.
	[ca5499c8c40f]

2021-09-24  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c:
	Fix typo in last commit, use boolean AND not bitwise.
	[685bd5d9ce6f]

	* doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h:
	Add the ability to filter/match by command via the -m option. For
	example "cvtsudoers -m cmd=/bin/ls" would only display entries that
	would allow /bin/ls to be allowed or denied.
	[3534a0170c59]

2021-09-23  Todd C. Miller

	* doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers.h, plugins/sudoers/pwutil.c:
	Add --group-file and --passwd-file options to cvtsudoers. These are
	based on the code in testsudoers.
	[3286dd5dd0bf]

2021-09-22  Todd C. Miller

	* lib/util/mkdir_parents.c:
	Move cppcheck suppression annotation to where it needs to be.
	[17d601bc91f3]

	* lib/util/mksigname.c:
	format string fix: print signal number as unsigned. Quiets a
	cppcheck warning; mksiglist.c already has this fixed.
	[a28b72dceec4]

	* plugins/sudoers/ldap_util.c:
	Fix memory leak on error path if snprintf() overflows. Coverity CID
	188804
	[73872d2e2cd0]

2021-09-21  Todd C. Miller

	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c:
	Avoid reinitializing other auth methods.
	[af0495460943]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	expand_include: add bounds checking when expanding %h escape.
	[3c0ca1f0d4e5]

	* plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Check snprintf() return values even if we preallocated the correct
	amount. There are no remaining unchecked snprintf() that can
	actually overflow.
	[0eaf1d4daa84]

	* include/sudo_iolog.h, lib/iolog/iolog_nextid.c:
	iolog_nextid(): make iolog_dir argument const. We make a copy of the
	directory so there's no real reason that parameter can't be const.
	[f278847ca9aa]

	* plugins/sudoers/ldap_util.c:
	Amend truncation fix, the real problem was the size passed to
	snprintf(). sudo_rcstr_alloc() takes a length (not a size) parameter
	so when calling snprintf() we need to add one to the length.
	[92f8a8b86d20]

	* plugins/sudoers/ldap_util.c:
	Fix truncation of the last char of the sudoRole cn passed to
	append_default(). This string is primarily used for warning
	messages. Also check the snprintf() return value to avoid silent
	truncation. GitHub issue #115
	[22b8d7bc62f8]

2021-09-20  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.8p2
	[f29fdeb8ae5b]

	* etc/codespell.exclude:
	Standardize on "front-end" not "front end" in the man pages.
	[b0ad634852e7]

	* configure, configure.ac:
	fix typo
	[4d8738449daa]

	* logsrvd/logsrvd_journal.c:
	Reuse existing journal file for an accepted/rejected sub-command.
	Otherwise we end up with zero-length files in the incoming queue dir
	and may end up relaying one of those instead of the actual journal
	file.
	[545897a2761c]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Re-enable error output for the sudoers parser. It is only the alias
	and defaults warnings we need to suppress.
	[114bd7756a7c]

	* src/exec_intercept.c:
	Add intercept_cleanup() stub for when building w/o intercept
	support.
	[bd6f32a90787]

	* src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
	src/sudo_exec.h:
	Add intercept_cleanup() to free the closure used by
	intercept_accept_cb().
	[55f6aea8b517]

	* plugins/sudoers/auth/pam.c:
	Don't re-initialize PAM for sub-commands.
	[faa7aec4d145]

	* logsrvd/logsrvd_local.c:
	sudo_logsrvd: only send log ID for first command of a session There
	is no need to send the log ID for each sub-command.
	[625b18c5f821]

	* plugins/sudoers/log_client.c:
	Only store the first log id received from the server. Plugs a small
	memory leak in intercept mode if the log server sends the log ID
	again for sub-commands.
	[ca2ad5b219cd]

2021-09-19  Todd C. Miller

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	fuzz_sudoers: don't warn about unknown defaults entries Some fuzzing
	inputs cause a huge number of warnings and displaying them all can
	result in the fuzz run timing out. If we disable the warnings we can
	avoid the timeout.
	[4823ee305937]

	* plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/policy.c:
	Limit paths for command, cwd and chroot to PATH_MAX bytes. This
	helps prevent the fuzzer from going off the rails.
	[9550fa76a645]

	* plugins/sudoers/sudoers.c:
	sudo -i: missing NULL terminator when moving argv to make room for
	--login Fixes a potential crash for "sudo -i" when the target user
	has bash as the shell (which needs the --login option). Bug #998.
	[4b297f2ead15]

	* lib/eventlog/eventlog.c:
	Only append argv[] to the log line if argv[0] is not NULL. It should
	not be possible to reach this point with a command defined but
	argv[] empty but it doesn't hurt to check.
	[61f9cf744673]

2021-09-18  Todd C. Miller

	* plugins/sudoers/check_aliases.c:
	Only warn about an undefined alias or a cycle a single time. There's
	no point in warning about the same problem multiple times. This
	implementation assumes a small number of warnings and so just uses a
	simple listed link.
	[4461f65d1bad]

	* configure, configure.ac:
	Remove now-unused CHECK_INTERCEPT variable.
	[447dbf8bea48]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Quiet pvs-studio false positive: V557 Array overrun is possible.
	Make the zero length check explicit so as not to confuse static (or
	human) analyzers.
	[512ab29a9f28]

2021-09-17  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/testsudoers/test17.out.ok,
	plugins/sudoers/regress/testsudoers/test17.sh:
	Test that digest matching works with LDAP sudoCommand: ALL
	[f7ec49401d4f]

	* plugins/sudoers/ldap_util.c:
	Allow a digest to be specified with the "ALL" command for ldap/sssd
	back-ends. This has been possible with sudoers file entries since
	sudo 1.9.0 but no corresponding change was made for ldap/sssd.
	[89a30bbd7dac]

	* lib/eventlog/eventlog.c:
	Use localtime_r() not gmtime_r() when formatting the local time.
	This is consistent with how sudo formatted time stamps prior to the
	logging code being split off into libeventlog. We only need to use
	gmtime_r() for ISO 8601 time.
	[aee6e29ba9d6]

	* lib/eventlog/eventlog.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/timestr.c:
	Check strftime(3) return value in all cases. Old versions of
	strftime(3) didn't guarantee to NUL-terminate the buffer so we
	explicitly clear the last byte of the buffer and check it.
	[bc402e4bd4d2]

	* config.h.in, configure, configure.ac, logsrvd/tls_init.c:
	tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. Fixes a warning
	on OpenSSL 3.0 and plugs a memory leak of dhparams on config reload.
	[02027ea86d3b]

	* configure, configure.ac, lib/util/digest_openssl.c:
	Use the EVP digest routines instead of calling SHA2 functions
	directly. Avoids compiler warnings with OpenSSL 3.0.
	EVP_MD_CTX_new() is only available for OpenSSL 1.1 and higher--we
	will fall back to sudo's SHA2 code if necessary.
	[6fbac28175f9]

	* configure, configure.ac:
	When using pkg-config, don't assume the names of the ssl and crypto
	libs. On the HP-UX build machines these are named libssl_pic.a and
	libcrypto_pic.a to avoid conflicting with the system libs.
	[a8eb772b3a4d]

	* lib/util/sudo_debug.c:
	Store milliseconds in the debug file timestamp. Sometime second
	granularity is not enough.
	[1df3e75f1133]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/gmtime_r.c, lib/util/localtime_r.c:
	Add gmtime_r and localtime_r tests and compat if missing.
	[709671c493a3]

	* lib/eventlog/eventlog.c, lib/iolog/iolog_path.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
	plugins/sample_approval/sample_approval.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/gmtoff.c, plugins/sudoers/ldap.c,
	plugins/sudoers/parse.c, plugins/sudoers/timestr.c:
	Use gmtime_r() and localtime_r() instead of gmtime() and
	localtime().
	[5758514b25cb]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	Plugin lines are for approval and audit plugins too.
	[67bb7c0687f2]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
	doc/sudo.mdoc.in, doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
	doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in,
	doc/visudo.mdoc.in:
	Standardize on "front-end" not "front end" in the man pages.
	[68748f8cc8a6]

	* MANIFEST, plugins/sudoers/regress/testsudoers/test16.out.ok,
	plugins/sudoers/regress/testsudoers/test16.sh:
	Add a test to exercise Bug #994
	[eef2ece0e8d4]

	* scripts/mkpkg:
	mkpkg: limit the number of cores used to 16
	[5b8f2aa834b8]

2021-09-16  Todd C. Miller

	* NEWS:
	fix typo
	[120b1e7d2aca]

	* NEWS:
	Bug #994.
	[14ea3a741b25]

	* plugins/sudoers/ldap_util.c:
	Always allocate a struct sudo_command for the command, even for ALL.
	This was missed in the previous set of changes, resulting in a crash
	for LDAP and SSSD rules that give sudo "ALL" privileges. Bug #994.
	[91d0379b068a]

	* plugins/sudoers/Makefile.in:
	Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS Fixes a fuzzer link error when
	building with ldap if the ldap libs are not in the default library
	search path.
	[a450881f9763]

	* configure, configure.ac:
	Fix the OpenSSL link order for the non-pkg-config case. Since -lssl
	depends on -lcrypto, -lcrypto must be listed after -lssl. Fixes
	linking of non-dynamic OpenSSL libs.
	[787724ab6e87]

2021-09-15  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.8p1
	[fc8c69d55348]

	* src/sudo_intercept_common.c:
	sudo_interposer_init: verify message type from sudo We should only
	get a HelloResponse from sudo at this point.
	[a021319260b3]

	* include/intercept.pb-c.h, src/exec_intercept.c,
	src/intercept.pb-c.c, src/intercept.proto,
	src/sudo_intercept_common.c:
	Avoid symbol name clash to fix --enable-static-sudoers linking.
	[5cc5e415844f]

2021-09-14  Todd C. Miller

	* plugins/sudoers/defaults.c, plugins/sudoers/policy.c:
	append_defaults() should not be passed a value for boolean flags.
	The operation should simply be set to true/false. Also treat a NULL
	file as coming from the front-end. Bug #993.
	[86e69d358916]

2021-09-13  Todd C. Miller

	* configure, configure.ac, plugins/python/Makefile.in,
	scripts/mkdep.pl, src/Makefile.in:
	Teach mkdep.pl about --tag=disable-static in LTFLAGS. If static objs
	are disabled we need to add explicit dependencies for .o files. The
	OpenBSD libtool doesn't use a pic object file when linking
	executables so we need to build the non-pic objects too.
	[cdefeeb41a64]

	* configure, configure.ac:
	Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. The
	OpenSSL pkgconfig files only include -L paths, not -R paths. Using
	SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
	binaries will run (not just link).
	[29d051972287]

	* INSTALL, configure, configure.ac:
	Add --enable-openssl-pkgconfig-template option. This can be used to
	find the correct openssl pkg-config file if it is not named
	"openssl" (also libcrypto).
	[77cd3463cefa]

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
	Some POSIX yacc fixes for bison 3.8 yyerror() must be extern void
	declare tokens with type instead of using separate %type lines
	[c4e57f9e7df5]

2021-09-09  Todd C. Miller

	* .gitignore, .hgignore:
	Add src/intercept.exp to ignore files.
	[4eaa182a8808]

2021-09-08  Todd C. Miller

	* plugins/sudoers/po/cs.mo:
	regen
	[8c168099301b]

	* NEWS:
	Mention --enable-static-sudoers fix.
	[c93a42253fd0]

	* configure, configure.ac:
	Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to
	SUDOERS_LDFLAGS. Copy pasta is not always the best kind of pasta.
	[08188442f77b]

	* MANIFEST, configure, configure.ac, m4/sudo.m4, src/Makefile.in,
	src/intercept.exp, src/intercept.exp.in, src/sudo_intercept.c:
	sudo_intercept.so: only replace execvpe() if it is present.
	execvpe() is a GNU extension also found on *BSD (but not macOS).
	[26153ad9c6ca]

	* NEWS:
	We now intercept more than just execve().
	[33e453f035f8]

2021-09-07  Todd C. Miller

	* src/sudo_intercept.c:
	Implement simple PATH resolution for execvp(). We want to use PATH
	from the current value of the environment, not the initial value of
	PATH when the policy was opened. This is a little different from how
	real execvp() works since we use stat() instead of just execve().
	[fae58e1962cc]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c:
	Add support for execl, execle, execlp, execvp, and execvpe.
	Currently, PATH traversal is handled by sudoers which uses the
	original PATH, not the one updated by the shell.
	[59dfbbd39bf6]

2021-09-03  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y:
	Remove conditional include of alloca.h, we don't define
	HAVE_ALLOCA_H. The configure check for alloca() was removed long ago
	but this got missed.
	[4c64529df149]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Define RBAC and mention incompatibility with intercept/log_subcmds.
	[a44d8f96cad6]

2021-09-02  Todd C. Miller

	* src/exec_intercept.c:
	Fix computation of the token address when handling a partial read.
	We want to treat it as an array of bytes, not an array of tokens.
	Coverity CID 240011
	[0bb3fb3315ce]

	* plugins/sudoers/parse.c:
	Quiet a PVS-Studio format string warning.
	[4e445c646dc8]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Regen .pot files.
	[4cec17bc24da]

	* plugins/sudoers/po/cs.po:
	Updated translations from translationproject.org
	[62fdbab57411]

2021-09-01  Todd C. Miller

	* src/Makefile.in:
	regen
	[a2f37ca5473b]

	* configure, configure.ac, lib/util/sudo_conf.c, scripts/mkdep.pl,
	src/Makefile.in, src/exec_common.c, src/exec_intercept.c:
	Do not compile intercept code if --disable-intercept is specified.
	[9d31e2822c24]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	We now intercept execv() too.
	[f0eac891cb5c]

	* INSTALL:
	INSTALL: --disable-intercept will also disable "log_subcmds"
	[55ddfdae455d]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/parse.c:
	Can't use intercept or log_subcmds with SELinux RBAC. SELinux policy
	will prevent the inherited socket from sudo from being used and may
	also restrict the ability to connect back to the sudo process.
	[b73409172859]

	* m4/ax_prog_cc_for_build.m4:
	Fix typo in comment.
	[3259f09e6952]

	* po/cs.mo, po/cs.po:
	Updated translations from translationproject.org
	[7543d0d50ee2]

	* include/intercept.pb-c.h, src/exec_intercept.c,
	src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h,
	src/sudo_intercept_common.c:
	Switch to a 128-bit token instead of a 64-bit secret. Protobuf
	doesn't have a 128-bit type so use two u64s. We now support partial
	reads of the token.
	[e39ece25fb3b]

2021-08-31  Todd C. Miller

	* MANIFEST, lib/util/Makefile.in, lib/util/regress/uuid/uuid_test.c,
	lib/util/uuid.c:
	Fix random uuid generation, no need to convert between byte order.
	Also add regression test.
	[fd2940acffc2]

	* include/intercept.pb-c.h, src/exec_intercept.c,
	src/intercept.pb-c.c, src/intercept.proto,
	src/sudo_intercept_common.c:
	sudo_intercept.so: send the secret immediately after connecting.
	Sending the secret out of band, before the message size is read,
	should make it harder to mount a DoS attack.
	[4c8b6577bd8c]

	* src/sudo_intercept_common.c:
	Handle reading large messages that don't fit in a single recv(). We
	know the length of what we are receiving so just loop until we have
	it all, get EOF or an error.
	[1b8aa927ea83]

	* configure, configure.ac:
	Add checks for -fstack-clash-protection and -Wl,-z,noexecstack We
	use -Wc,-fstack-clash-protection as the linker flag to prevent
	libtool from removing it from the link line.
	[7cd701b5039e]

	* src/exec_intercept.c:
	Make the sudo side of the intercept socket non-blocking.
	[3fe7129ea1f2]

	* src/exec_intercept.c:
	Handle partial read/write by dropping back into the event loop.
	[fa216d963e18]

	* src/exec_intercept.c:
	intercept_check_policy: Fix double free introduced in last commit If
	the command is not accepted we don't rebuild command_info[] and must
	not free it. It will be freed by the policy instead.
	[8bbd2af0924b]

2021-08-27  Todd C. Miller

	* include/intercept.pb-c.h, src/exec_intercept.c,
	src/intercept.pb-c.c, src/intercept.proto,
	src/sudo_intercept_common.c:
	Update runcwd in command_info[] before passing it to the audit
	plugin. Since sudoers does rejected commands itself the runcwd will
	still not be correct for those.
	[5462a5e1d760]

	* src/exec_preload.c:
	Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var.
	[04d8d7750ff6]

2021-08-26  Todd C. Miller

	* src/exec_intercept.c:
	intercept_check_policy: fix potential NUL dereference on the error
	path.
	[4d1b3f39ccb1]

	* NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/policy.c, src/exec.c,
	src/exec_common.c, src/exec_nopty.c, src/exec_pty.c, src/sudo.c,
	src/sudo.h:
	Rename log_children -> log_subcmds
	[abd73fc939c3]

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo,
	po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ko.mo,
	po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo,
	po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[f948528780fb]

	* lib/util/sudo_debug.c:
	Add sudo_debug_register_v2() stub for fuzzing build.
	[ba522c0c2075]

	* src/exec_intercept.c:
	Fix use-after-free on error. Also remove useless free of a ptr that
	is always NULL on the error path.
	[75200535be80]

	* src/exec_common.c:
	No longer need to remap intercept fd but we do need to remap debug
	fd. The intercept fd is closed in the ctor but the debug fd will
	still be open.
	[b48125b884f3]

	* include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in,
	logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c,
	plugins/sample_approval/sample_approval.c,
	plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
	src/sesh.c, src/sudo.c, src/sudo_intercept_common.c:
	sudo_debug_register: add minfd argument to specify lowest fd number
	Use this in sudo_intercept.so to avoid allocating a low-numbered fd
	which the shell reserves for use by scripts.
	[50b23c4d0531]

	* src/exec_intercept.c:
	Fix command name of sub-command in logs when log_children is set.
	[c1b35686d8b4]

2021-08-25  Todd C. Miller

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	log_allowed: pass struct eventlog * instead of argv[] and envp[].
	This lets us log based on the command_info[] list passed in from the
	front-end. Previously, much of the struct eventlog was constructed
	from internal sudoers state instead.
	[4c4a7ddfeba3]

	* include/sudo_compat.h:
	sudo_compat.h: include unistd.h on HP-UX to safely redefine
	pread/pwrite HP-UX 11.31 defines static functions for pread() and
	pwrite() which will conflict with our macros.
	[2dd64cdc261f]

	* config.h.in, configure, configure.ac, include/intercept.pb-c.h,
	src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
	src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h,
	src/sudo_intercept_common.c:
	Change intercept IPC to use a localhost socket instead of inherited
	fd. This allows intercept mode to work with shells that close all
	open fds upon startup. The ctor in sudo_intercept.so requests the
	port number and secret over the socket inherited from the parent
	then closes it. For each policy request, a TCP connection is made to
	the sudo parent process to perform the policy check. Child processes
	re-use the TCP socket to request the port number and secret just
	like the initial process started by sudo does.
	[7e7e4a389f11]

	* src/exec_intercept.c:
	Add a state variable to intercept_closure, replaces policy_result.
	[60fae103a4cd]

	* plugins/sudoers/match_command.c:
	command_matches: avoid printf("%s") of NULL in debug for sudo ALL.
	[5c81c2c32b4c]

	* Merge pull request #111 from commodo/fix-cflags

	lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for
	mksig{name,list}
	[ee86d28da792]

2021-08-25  Alexandru Ardelean

	* lib/util/Makefile.in:
	lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for
	mksig{name,list}

	When cross-build support was added for mkig{name,list} was added,
	the CFLAGS and CPPFLAGS should have been updated to the
	HOSTCFLAGS/HOSTCPPFLAGS vars.

	In a cross-build scenario, some of these flags don't match what the
	compiler can understand (because they may be architecture specific)
	and may fail the build.

	Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
	Also the output binary works on the target.

	This is in continuation of
	- https://github.com/sudo-project/sudo/pull/104
	- https://github.com/sudo-project/sudo/pull/109

	Signed-off-by: Alexandru Ardelean <ardeleanalex@...>
	[f76870e1a6c5]

2021-08-24  Todd C. Miller

	* src/exec_intercept.c:
	Fold intercept_closure_reset() into intercept_close().
	[ff00ab240672]

	* src/exec_preload.c:
	Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD.
	[e4cd1043c7bb]

	* src/exec_preload.c:
	Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD
	vars.
	[9044d0dff708]

	* src/sudo_intercept.c:
	Fix typo in macOS execv change.
	[1c637d909382]

2021-08-21  Todd C. Miller

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c:
	Add execv(3) support to sudo_intercept.so. This allows intercept to
	work with csh which uses execv(3) not execve(2).
	[690ebf72b6f8]

2021-08-20  Todd C. Miller

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.mdoc.in:
	Sync the list of functions trapped by sudo_noexec.so.
	[b1f7799209ff]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	Add a Debug example for sudo_intercept.so Don't try to enumerate all
	the sudo programs that support debugging since all of them do.
	[9c1201eaaca2]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Update sudoers Debug example to match the debug changes from sudo
	1.8.12.
	[7c831aa9b6d5]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	sudo_intercept.so only intercepts execve(2) for now.
	[7314abc72fb9]

	* plugins/sudoers/parse.c:
	Fix formatting for bound defaults with multiple entries in the
	binding. The entries in the binding were separated with " ," instead
	of ", ".
	[14442701f793]

	* MANIFEST, src/Makefile.in, src/intercept.exp:
	Add exports file for sudo_intercept.so that only exports execve()
	[ac97417435ab]

	* src/Makefile.in, src/sudo_intercept.c, src/sudo_intercept_common.c:
	Add some debugging to the sudo_intercept.so.
	[2dee003b5cc7]

	* config.h.in, configure, configure.ac:
	Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). This
	will define _LARGEFILE_SOURCE, if needed, to make the prototype
	visible on older systems.
	[3f4314f6a795]

2021-08-19  Todd C. Miller

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	We still need the pread/pwrite hack for HP-UX 11.11 at least. This
	time around, avoid defining _LARGEFILE64_SOURCE and just declare
	pread64/pwrite64 ourselves.
	[66e01b14a10f]

	* include/sudo_compat.h:
	Fix prototypes for sudo_pread() and sudo_pwrite().
	[15acfc576a71]

	* src/exec_intercept.c:
	intercept_fd_cb: store the passed fd in newfd, not fd only affects
	the old BSD-style fd passing code, not POSIX-style.
	[4b13aa4593ba]

	* lib/util/Makefile.in:
	Fix mksiglist and mksigname dependencies.
	[31519cc5ec2b]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	set-user-ID and set-group-ID not set user-ID and set group-ID.
	[0ddf5fedc896]

	* NEWS:
	The fix for bug #989 will make sudo 1.9.8. Also mention
	intercept_authenticate and intercept_allow_setid.
	[fa8b7444486b]

	* plugins/sudoers/po/sudoers.pot:
	regen
	[c8993c070218]

	* .gitignore, .hgignore, MANIFEST, aclocal.m4, configure,
	configure.ac, lib/util/Makefile.in, lib/util/mksiglist.c,
	lib/util/mksiglist.h, lib/util/mksigname.c, lib/util/mksigname.h,
	lib/util/sys_siglist.h, lib/util/sys_signame.h,
	m4/ax_prog_cc_for_build.m4:
	Cross-build support for mksigname and mksiglist We must build these
	with the host C compiler but use the target preprocessor to generate
	the output.
	[bf2919b63fb9]

2021-08-19  a1346054

	* .clang-format, INSTALL, MANIFEST, autogen.sh, doc/LICENSE,
	etc/sudo.pp, examples/Makefile.in:
	Minor cleanup (#110)

	* fix trivial shell script issues
	* remove trailing whitespace
	[f9d4de3dee50]

2021-08-19  Todd C. Miller

	* logsrvd/logsrvd_conf.c, plugins/sudoers/check.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/exptilde.c,
	plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
	plugins/sudoers/mkdefaults, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/tsdump.c:
	Replace messages like "unknown foo: %s" with "unknown foo %s". The
	colon really doesn't belong there; we generally use a colon to
	separate a message from the warning detail.
	[a1b99c8821ae]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	log_server_peer_cert and log_server_peer_key are not required by
	default. They are only required if sudo_logsrvd has tls_checkpeer
	enabled.
	[0d9099ce5d74]

	* logsrvd/logsrvd_conf.c:
	Sync warning messages with sudoers/logging.c Avoids 3 translation
	strings that were effectively duplicated.
	[eb058a820998]

2021-08-18  Todd C. Miller

	* lib/protobuf-c/Makefile.in, src/Makefile.in:
	regen
	[ab9d4b22d7cb]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/match_command.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Add intercept_allow_setid sudoers option, disabled by default. With
	this change, a shell in intercept mode cannot run a setuid or setgid
	binary by default. On most systems, the dynamic loader will ignore
	LD_PRELOAD for setuid/setgid binaries such as sudo which would
	effectively disable intercept mode.
	[cdb876f62882]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/match.c:
	Always allocate a struct sudo_command for the command, even for ALL.
	Previously we special-cased handling of ALL but this complicates
	some upcoming changes.
	[d552109d739c]

2021-08-16  Todd C. Miller

	* etc/codespell.exclude:
	Update TAGS_CHANGED macro based on parse.h
	[261e4bad3f55]

	* doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.mdoc.in:
	Better document the limitations of intercept mode. Also mention
	log_children under "Preventing shell escapes"
	[0dfca8d0672d]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.8.
	[ed2582c37765]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Try to clarify log_server_peer_key and log_server_peer_cert. These
	are client-side not server-side.
	[ffa4ee3e2557]

	* logsrvd/logsrvd_conf.c:
	Print the section when warning about an illegal key in the conf
	file. This should make it easier to tell when a setting is present
	in the wrong section.
	[8150a7775155]

2021-08-14  Todd C. Miller

	* lib/eventlog/eventlog.c:
	new_logline: limit offset to two significant digits after the
	decimal Now instead of TSID=0001L3@5.168230749 we would log
	TSID=0001L3@5.16.
	[089f7a1285cb]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_journal.c:
	Set umask to be less restrictive before creating parent directories.
	Otherwise we could end up creating them with a more restrictive mode
	than indended. Coverity CID 221592
	[1bbb3621106a]

	* lib/eventlog/eventlog.c:
	new_logline: handle case where evlog is NULL
	[e14ded2179e8]

	* logsrvd/logsrvd_local.c:
	store_alert_local: fix memory leak on error path Coverity CID 238642
	[2a3c7fb50c38]

	* plugins/sudoers/audit.c:
	log_server_accept: fix memory leak of evlog when logging a sub-
	command. Coverity CID 238643
	[36a7325b3dc2]

	* src/exec_intercept.c:
	Fix memory leak when client requests secret. Move closure allocation
	closer to where it is used.
	[773ffe0cb216]

	* logsrvd/logsrvd_local.c:
	store_accept_local: fix return value on error
	[de0d06a1ade2]

2021-08-13  Todd C. Miller

	* lib/eventlog/eventlog.c:
	Cast iolog_offset.tv_sec to long long for %lld printf format. Quiets
	a compiler warning on systems where tv_sec in struct timeval is not
	long long.
	[54d757357a00]

	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	lib/iolog/iolog_timing.c, plugins/sudoers/sudoreplay.c:
	Add support for an optional offset when parsing the ID to replay.
	The offset is a suffix in the form of @sec[.nanosec]
	[f8cda41ea0ae]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
	For intercepted commands, log an offset into the current I/O log.
	This can be used with sudoreplay to jump to when a specific command
	was executed within a session log.
	[fd9431d7c878]

	* logsrvd/logsrvd_local.c:
	Don't overwrite closure->evlog for sub-commands.
	[925c97582b1d]

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	Older Solaris has getusershell() et al but does not declare it.
	[df4cd6a5e07f]

	* src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
	src/sudo_intercept_common.c:
	Add missing stdint.h and sudo_rand.h includes. Needed for
	arc4random() and uin64_t.
	[47fd965524fe]

	* include/intercept.pb-c.h, src/exec_intercept.c, src/exec_nopty.c,
	src/exec_pty.c, src/intercept.pb-c.c, src/intercept.proto,
	src/sudo_exec.h, src/sudo_intercept_common.c:
	Pass a secret value to sudo_intercept.so and verify after policy
	check. The goal is to make it harder for someone to have a fake
	policy checker. This will not stop a determined adversary since the
	secret is present in the address space of the running process.
	[7938c63384df]

2021-08-11  Todd C. Miller

	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_intercept.c:
	Split off intercept code into exec_intercept.c.
	[2c05715c4885]

	* scripts/mkpkg:
	Add trivial support for FreeBSD packages. The actual FreeBSD port
	supports multiple options but this is sufficient for testing
	purposes.
	[6bb8a1cdf26c]

	* scripts/pp:
	FreeBSD: Set default directory and file mode if not specified in
	%files Otherwise, a mode of 0 will be used, potentially rendering
	the system unusable.
	[a3be86a5f85f]

	* plugins/sudoers/logging.c:
	Use same check for intercepted commands as log_server_accept().
	Previously, log_server_reject() and log_server_alert() just checked
	whether client_closure has been set.
	[41177f7c32f4]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	plugins/sudoers/log_client.c:
	Call shutdown() on sockets before closing() if they are connected.
	This should ensure that the other side sees any queued data before
	the connection is dropped.
	[beaafc6c17cf]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	plugins/sudoers/log_client.c:
	If SSL_shutdown() returns 0 it needs to be called one more time.
	[52bb0acfb659]

	* plugins/sudoers/editor.c:
	resolve_editor: sudoers_gc_remove(editor) before freeing it.
	[534cc939264f]

2021-08-10  Todd C. Miller

	* lib/util/mksigname.h, lib/util/siglist.in:
	Sync siglist.in with the generated files. The change to prefer
	SIGSYS over SIGUNUSED wasn't made to siglist.in. Also, mksigname.c
	doesn't need to explicitly set sudo_sys_signame[0].
	[c331b05f8fc5]

	* plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
	plugins/sudoers/gc.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Add garbage collection to resolve_editor(). Fixes a leak when
	evaluating the policy multiple times if sudoedit is set.
	[ab011d864e87]

2021-08-09  Todd C. Miller

	* src/exec_common.c:
	Fix compilation when configure option --disable-shared is specified.
	[98687e01c8e4]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/check.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Add intercept_authenticate sudoers option, defaults to false. By
	default, sudoers will not require authentication of commands run via
	an intercepted session. To require authenticaton of subsequent
	commands, enable intercept_authenticate in sudoers.
	[b428c75da1ad]

	* config.h.in, configure, configure.ac, src/exec.c,
	src/sudo_intercept_common.c:
	If msg_control is not present in struct msghdr use msg_accrights
	instead. Fixes building on Solaris and probably others. It is
	possible to expose msg_control on Solaris but this requires a
	specific set of feature flag defines which can cause other
	complications.
	[6ee77b869a8c]

	* configure, configure.ac, src/exec_preload.c:
	Require that our dso be first in the list to make sure it takes
	effect. Otherwise, another dso could take precedence and ours would
	not be run.
	[58ba4086357c]

	* configure, configure.ac, pathnames.h.in, src/Makefile.in,
	src/exec_preload.c:
	If building with address sanitizer make sure its DSO is first.
	Address sanitizer requires that it be preloaded before any other DSO
	in LD_PRELOAD. This should not be required for clang, which links in
	asan statically by default.
	[a812062f42a8]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
	Plug some memory leaks when sudoers_policy_main is called multiple
	times. These would get cleaned up a policy close time but we don't
	want to bloat sudo's memory footprint when running a shell with
	multiple commands.
	[7fee001ffeae]

	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
	plugins/sudoers/logging.c:
	Fix logging intercepted commands to a log server in sudoers. Only
	available when the server supports the subcommands capability.
	[5975770561de]

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Use a separate uuid for intercepted commands. We use the uuid to
	match the command with its exit status.
	[467f0db6e2c6]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
	Avoid some double frees in the fuzzer Now that sudoers free old
	values of NewArgv and command_info the fuzzer needs to reset those
	values. Otherwise we end up with stashed values that have already
	been garbage collected.
	[2a1b5808d272]

	* NEWS, configure, configure.ac:
	Sudo 1.9.8
	[bc96c8f95abf]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/policy.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Add "intercept" Defaults setting to allow interception of sub-
	commands. This causes "intercept" to be set to true in
	command_info[] which the sudo front-end will use to determine
	whether or not to intercept attempts to run further commands, such
	as from a shell. Also add "log_children" which will use the same
	mechanism but only log (audit) further commands.
	[f42e11c0fde9]

	* INSTALL, configure, configure.ac, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, examples/sudo.conf.in, include/sudo_conf.h,
	lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in,
	src/Makefile.in, src/exec.c, src/exec_common.c, src/selinux.c,
	src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
	Add support for loading the sudo_intercept.so DSO.
	[47d84cc8a8ed]

	* include/sudo_compat.h, src/exec.c, src/exec_common.c,
	src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/selinux.c,
	src/sesh.c, src/sudo_exec.h:
	Allocate a socketpair to communicate with sudo_intercept.so over.
	This is used for the intercept and log_children options.
	[b40091760952]

	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/file.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Make it possible to call the sudoers policy check function multiple
	times. We need to reset the Defaults values to their original state.
	[3187e87d7fb6]

	* plugins/sudoers/set_perms.c:
	Allow set_perms(PERM_INITIAL) to be called more than once. If the
	perm stack depth is non-zero when set_perms(PERM_INITIAL) is called,
	rewind it first and re-initialize the stack depth to 0. Fixes a
	user-after-free bug if set_perms(PERM_INITIAL) is called multiple
	times.
	[fdf9a2e07eb1]

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Use run_argv and run_envp passed into the audit plugin for event
	logging. Previously we used NewArgv[] and env_get() but now that
	logging is performed via an audit plugin we should use the values
	passed in.
	[d8e031fc2389]

	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
	include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
	lib/logsrv/log_server.proto, logsrvd/logsrvd.c:
	Allow multiple accept/reject messages during a logsrv conversation.
	The log server now advertises a subcommands flag if it supports
	logging subcommands (e.g. commands run from a sudo-spawned program
	like a shell). The client should only log additional commands during
	a session if this flag is set in the ServerHello message.
	[5b88982604e8]

	* MANIFEST, Makefile.in, configure, configure.ac,
	lib/logsrv/Makefile.in, lib/logsrv/protobuf-c.c,
	lib/protobuf-c/Makefile.in, lib/protobuf-c/protobuf-c.c:
	Add separate convenience lib for protobuf-c We need to use it for
	sudo <-> sudo_intercept.so communication.
	[9529d7f9db18]

	* MANIFEST, include/intercept.pb-c.h, src/Makefile.in,
	src/intercept.pb-c.c, src/intercept.proto:
	Define protocol for sudo <-> sudo_intercept.so communication. Uses
	google protocol buffers.
	[139ba292e226]

	* src/exec.c, src/sudo.c, src/sudo.h:
	Implement the sudo side of the sudo_intercept.so communication.
	[4a7face9ed17]

	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
	src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c:
	Implement sudo_intercept.so. Uses protobuf to talk to main sudo
	process over a socketpair.
	[fc21ae0f663e]

	* src/sudo.c, src/sudo.h:
	Add return values for most of the plugin function wrappers that
	returned void. Previously, they would just exit if there was an
	error. Now the error is passed back up the stack so we can use them
	in sudo_intercept.so.
	[87cb4b0e7dff]

	* src/sudo.c:
	Reduce the number of function args passed to plugin wrappers. This
	makes sudo_settings, user_info, submit_argv, submit_envp and
	submit_optind global. This will be required for calling the wrapper
	from outside of sudo.c where we may not have access to those
	variables.
	[525bffcf911c]

	* src/exec.c, src/sudo.c, src/sudo.h:
	Call the approval plugin after the policy plugin accepts a command.
	Previously, for intercepted commands we only called the policy
	plugin.
	[4df18aaa8708]

	* src/exec.c:
	Take control of the tty and save its settings before doing a policy
	check. Otherwise the policy plugin won't be able to read the
	password.
	[6a422974d472]

	* MANIFEST, src/Makefile.in, src/exec_common.c, src/exec_preload.c,
	src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c:
	Move preload_dso() to its own file and rename to sudo_preload_dso().
	It now takes an intercept fd as an optional argument instead of a
	list of extra variables to add. This lets us check whether it is
	already set to the expected value (and add it if not).
	sudo_intercept.so now uses sudo_preload_dso() to make sure that
	LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing.
	[447e96378d01]

	* src/exec_preload.c, src/sudo_intercept_common.c:
	Add debug support to sudo_intercept.so
	[586ea125cebb]

	* src/exec.c, src/exec_nopty.c, src/exec_pty.c:
	Make the log_children option only log and not check policy.
	[0524c7e87174]

	* plugins/sudoers/prompt.c:
	expand_prompt: use correct strlcpy() size parameter The available
	size passed to strlcpy() was computed incorrectly. Switch to
	updating the length after writing to the new prompt instead of
	computing it each time. The actual buffer size is computed and
	allocated correctly so there is no real consequence to this bug.
	Found by Qualys.
	[c03f1c2f8f35]

2021-08-03  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf:
	The tls_verify setting only affects server behavior, not the client.
	Originally, there was a flag in the ServerHello message to indicate
	that the client should verify the server cert, but this was removed
	TLS was moved to a separate port. Client validation of the server
	certificate is now configured in the sudoers file instead.
	[344b51f3eee3]

2021-08-02  Todd C. Miller

	* scripts/mkpkg:
	On macOS, don't disable tty tickets and set password timeout to 0.
	This more closely matches the options used by the macOS version of
	sudo.
	[bd21c492921c]

	* plugins/sudoers/find_path.c:
	Add some debugging info to find_path()
	[dd7aebb432d6]

2021-07-30  Todd C. Miller

	* lib/iolog/iolog_mkdtemp.c:
	iolog_mkdtemp: umask must not be more restrictive than the file
	modes. We need this even though we will be calling mkdtemp() since
	the umask affects the mode of any parent directories.
	[c545b3369eae]

2021-07-29  Todd C. Miller

	* plugins/sudoers/visudo.c:
	Plug memory leak in error path when sudoers cannot be opened.
	[3df6b32149b8]

	* plugins/sudoers/defaults.c:
	Trying to use "+=" or "-=" operators on a non-list is an error.
	Previously, they were simply treated as "=" for non-lists.
	[3e0d47d0b4ea]

	* src/regress/net_ifs/check_net_ifs.c:
	Plug a memory leak in check_net_ifs found by address sanitizer.
	[bff1ad993476]

	* configure, configure.ac:
	Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS.
	Otherwise libtool may ignore the options when linking.
	[ed1120f3813d]

2021-07-27  Todd C. Miller

	* logsrvd/tls_init.c:
	Display the correct error message if X509_verify_cert() fails. We
	must use X509_STORE_CTX_get_error() and
	X509_verify_cert_error_string() instead of the generic OpenSSL error
	functions.
	[778bbbe68e28]

	* lib/eventlog/eventlog.c:
	In new_logline check for NULL args->reason for EVLOG_RAW. This can't
	happen in practice since we never set EVLOG_RAW without passing in a
	reason. Coverity CID 237142 237143
	[83f9038151db]

	* lib/eventlog/eventlog.c:
	format_json: don't dereference evlog if it is NULL. Also silence a
	PVS Studio false positive.
	[150039f65d26]

2021-07-26  Todd C. Miller

	* configure, configure.ac:
	Bump version to 1.9.7p2
	[388bf6af8434]

	* NEWS:
	Sudo 1.9.7p2
	[153a6c96a8ec]

	* config.h.in, configure, configure.ac, include/sudo_compat.h,
	logsrvd/tls_client.c, logsrvd/tls_init.c,
	plugins/sudoers/log_client.c:
	Use TLS_method() instead of TLS_client_method() throughout. OpenSSL
	returns an error for SSL_accept() if TLS_client_method() was used to
	generate the context (LibreSSL doesn't care).

	Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
	were used in the TLS client and server initialization code
	respectively. This was refactored in sudo 1.9.7 to allow the code to
	be shared. Bug #988
	[1ca00726b4d6]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Only replace getaddrinfo for
	FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue
	on SCO which uses inline functions in the header files which call
	the actual, versioned, library function.
	[64cbf884b7f9]

2021-07-26  MertsA

	* src/utmp.c:
	Rewind utmp file pointer after searching for entry (#108)

	getutline() advances the file pointer until it matches or reaches
	EOF. pututline() starts from the current position in utmp. This
	rewinds the file pointer to the beginning to avoid allocating
	additional spurious utmp entries.
	[142555f7a47e]

2021-07-25  Todd C. Miller

	* configure, configure.ac, m4/sudo.m4:
	Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where
	possible.
	[7b0fb8de8276]

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	Add configure check for va_copy instead of using #ifdef This
	prevents the va_copy compat #define from being used if sudo_compat.h
	is somehow included before stdarg.h.
	[fcfd53b859ac]

2021-07-23  Todd C. Miller

	* src/limits.c:
	Avoid using RLIM_INFINITY for the nofile soft limit to prevent
	closefrom_fallback() from closing too many file descriptors.
	[e807ca9bfb6a]

	* plugins/sudoers/logging.c:
	Include signal.h for SIG2STR_MAX and sig2str().
	[ad17a1be07e2]

2021-07-15  Todd C. Miller

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	logsrvd/iolog_writer.c, plugins/sudoers/logging.c,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
	Create a UUID and log it in the JSON version of the event log.
	[8a1ad98fac51]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
	Remove unused info_cb and info arguments from eventlog_exit()
	[c614ef1afa12]

2021-07-09  Todd C. Miller

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c:
	Add support for logging exit status events. For sudo-formatted logs,
	this is a record with "EXIT=number" and potentially "SIGNAL=name"
	after the command. For JSON-format logs, a new "exit" record is
	logged which contains an "exit_value" and potentially "signal" and
	"core_dumped". JSON-format logs now incude a UUID to associate the
	"exit" record with the "accept" record.
	[52e40ae4b79a]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Add log_exit_status sudoers option to log when a command exits. This
	option defaults to off.
	[cac3ca7ad193]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c:
	Add log_exit setting in the sudo_logsrvd.conf eventlog stanza This
	causes sudo_logsrvd to log a record with the exit status or
	terminating signal in response to an ExitMessage.
	[1a15f676974a]

2021-07-08  Todd C. Miller

	* plugins/python/python_plugin_common.c:
	Check that the python module we actually loaded is what we intended.
	This is intended to provide a more useful error message if the user
	defines a module which conflicts with a system python module. For
	example, a module called test.py would conflicts with the system
	python test module.
	[0676191e4741]

2021-07-02  Todd C. Miller

	* doc/CONTRIBUTORS:
	Mention that xkcd inspired the sandwich logo.
	[c7839328e21f]

	* doc/HISTORY:
	Mention log server and fuzzers under Quest contributions.
	[f4a081f75cd0]

2021-06-26  Todd C. Miller

	* src/sesh.c, src/sudo.c, src/sudo_edit.c:
	Don't assume that the number of groups returned by getgroups() is
	static. On systems where getgroups() returns results based on more
	than just the per-process group vector in the kernel it is possible
	for the number of groups to change in between invocations. Based on
	GitHub PR #106 from Pierre-Olivier Martel.
	[dbc7a173a7b8]

	* doc/Makefile.in:
	Use "mandoc -Tlint -Wwarning" instead of -Wstyle. The style checks
	now include "referenced manual not found" warnings which is not
	helpful.
	[251757f22498]

2021-06-22  Todd C. Miller

	* logsrvd/Makefile.in, src/Makefile.in:
	regen
	[c6a21b385d57]

2021-06-21  Todd C. Miller

	* lib/fuzzstub/fuzzstub.c:
	Change ms from size_t to long. Avoids a spurious test failure on
	Solaris 9
	[c26f8d233ea9]

	* plugins/sudoers/interfaces.c, src/net_ifs.c:
	Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes
	compilation on Solaris 9.
	[9da2276cf944]

2021-06-19  Todd C. Miller

	* logsrvd/logsrvd.c:
	Fix dead store found by clang analyzer.
	[5c85aeef651e]

	* logsrvd/logsrvd_conf.c:
	Fix prefix skipping when the prefix is embedded and not separate.
	This doesn't currently matter since the progname and the ": " are
	stored in separate messages. Found by clang analyzer.
	[321e90e1b347]

	* logsrvd/logsrvd_relay.c:
	Remove dead store found by clang analyzer.
	[5fd56f26e1ba]

2021-06-16  Todd C. Miller

	* plugins/audit_json/audit_json.c:
	Make sure we store an octal number (like umask) as a string. JSON
	doesn't (portably) support octal numbers with a leading zero.
	[3ac37bb42f1e]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Replace logsrvd_is_early() with logsrvd_warn_stderr(). This is now
	defined in logsrvd_conf.c which removes a dependency on another
	compilation unit for the fuzzer.
	[3594cf3ec397]

2021-06-15  Todd C. Miller

	* logsrvd/logsrvd_local.c:
	Silence a compiler warning on Solaris.
	[fd9ba461b601]

	* logsrvd/logsrvd.c:
	Reduce scope of errstr variable so it is only declared for OpenSSL.
	[eebe09a17f4b]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[05b8391c6d13]

	* logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
	logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_init.c:
	Use sudo_warnx?() instead of sudo_debug_printf for errors. We now
	hook the warn functions so the messages are logged. The messages
	still show up in the debug log too.
	[9e25dc71b4cc]

2021-06-14  Todd C. Miller

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/vsyslog.c,
	scripts/mkdep.pl:
	Remove vsyslog(3) emulation, it is no longer used.
	[7d1b78c2037a]

2021-06-13  Todd C. Miller

	* logsrvd/logsrvd_conf.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	If logsrvd_config not set fall back to using stderr for warnings.
	Also fix fuzz_logsrvd_conf link error.
	[eeaafe1b3e09]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	Add support for logging server warning/error messages. We can use
	sudo_warn_set_conversation() to set a conversation function that
	either writes to a log file or calls syslog().
	[5d8e13f053d0]

2021-06-11  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.7p1
	[29f478993ef3]

2021-06-09  Todd C. Miller

	* plugins/audit_json/audit_json.c:
	Check arrays that are passed in for NULL before using them.
	[925ba5b0f2cb]

	* configure, configure.ac:
	Disable nss_search()-based group lookups on HP-UX for now. There is
	a crash when "group: compat" is used in /etc/nsswitch.conf that I
	haven't been able to debug. Since HP-UX doesn't ship the appropriate
	headers it is likely that there is a mismatch between
	include/compat/nss_dbdefs.h and what HP actually uses.
	[28b00005c785]

2021-06-08  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Remove logsrvd closure ERROR state and use a boolean flag instead.
	Fixes a bug where we would not insert a journal file that failed to
	relay into the queue because its state was changed from CONNECTING
	to ERROR after failing to connect.
	[638285a4bedb]

	* include/compat/nss_dbdefs.h, lib/util/getgrouplist.c:
	Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. Add
	some function argument names. Also use struct nss_db_state * instead
	of void * in nss_db_root_t. We don't define struct nss_db_state but
	since it is a pointer all we need is a forward declaration.
	[bc848fb97671]

2021-06-07  Todd C. Miller

	* lib/fuzzstub/fuzzstub.c, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in:
	Make sure we link with libsudo_util *after* libfuzzstub. This only
	affects builds with a static libsudo_util. Also fix a warning on HP-
	UX about main not being public.
	[18ff1f108c4e]

	* MANIFEST, lib/util/Makefile.in,
	lib/util/regress/getgrouplist/getgids.c:
	Add getgids utility to simular "id -G" using sudo_getgrouplist2()
	[aed11065818d]

	* lib/util/getgrouplist.c:
	Make sure we don't read or write past the end of the group buffer.
	We need to leave room for the terminating NULL in gr_mem. It is
	possible for gbm->numgids > gbm->maxgids if we ran out of room.
	[25a3ee849fd4]

2021-06-04  Todd C. Miller

	* lib/util/getgrouplist.c:
	Add some debugging to sudo_getgrouplist2().
	[4d79e92c8ee8]

2021-06-02  Todd C. Miller

	* src/load_plugins.c:
	Fix some debug_decl typos and remove an unneeded cast.
	[fafa91ac3def]

	* plugins/sudoers/defaults.h:
	T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2.
	[66019af6d642]

2021-05-28  Todd C. Miller

	* src/load_plugins.c:
	sudo_stat_plugin(): set errno but do not warn if plugin path too
	long. The caller will display the warning (using errno) so there is
	no need to do it twice.
	[c8614b374a35]

2021-05-26  Todd C. Miller

	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
	sudoreplay does not parse sudoers to find the value of iolog_dir.
	The default value for the I/O log directory is set at build time.
	[3cf72612e992]

	* plugins/sudoers/policy.c:
	Fix group list ref leak in sudoers_policy_store_result() on error
	path.
	[34785448a275]

2021-05-24  Todd C. Miller

	* plugins/sudoers/policy.c:
	Update comment to match reality.
	[ec3e0a40d1ec]

2021-05-13  Todd C. Miller

	* configure, configure.ac, scripts/ltmain.sh, src/Makefile.in:
	Build sudo_noexec.so as a module on systems other then Darwin. On
	Darwin, shared modules and shared libraries are not interchangable
	and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
	must be a library, not a module. We must relax the requirement that
	libraries begin with a "lib" prefix to work around this difference.
	This does mean you must use sudo's libtool on Darwin (macOS) but
	that is already a requirement on other systems (notably HP-UX and
	SCO) due to a number of libtool patches we require that haven't be
	accepted upstream. This is a different fix for PR #102.
	[2e5454c56d3c]

	* configure, configure.ac:
	Use -Wno-deprecated-declarations on macOS This quiets warnings about
	LDAP and audit libraries being deprecated. We will use them until
	they are removed in a future version of macOS.
	[6fbdf644865c]

2021-05-12  Todd C. Miller

	* scripts/mkpkg:
	Use /usr/bin/cc on FreeBSD and macOS.
	[7d6bcea0e544]

	* plugins/sudoers/log_client.c:
	Don't include errno in "unable to connect to log server" message.
	There should be a more specific message, usually with an error
	string, displayed earlier.
	[e599f9b0fd1c]

	* src/ttyname.c:
	Fix compiler warning on FreeBSD.
	[2c6fc866fb5b]

	* lib/iolog/hostcheck.c:
	Explicitly include netinet/in.h for struct sockaddr_in and
	sockaddr+_in6. Fixes a compilation problem on FreeBSD.
	[2277c8f37c34]

2021-05-10  Todd C. Miller

	* plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po:
	Updated translations from translationproject.org
	[3d6d49097b98]

	* plugins/sudoers/log_client.c:
	Better warning when close function is passed a non-terminal signal.
	[8b8628249e4d]

	* logsrvd/logsrvd_local.c:
	Remove line causing store_suspend_local() to return false on
	success. This is something that should have been removed as part of
	the local I/O logging refactor.
	[e8ae1e61b8b2]

	* src/exec_pty.c:
	Don't set the command status in the closure when the command is
	suspended. This should only be set for signals that terminate the
	process. Fixes a bug where the sudo front-end could call the plugin
	close function with a non-terminal signal argument.
	[a95024bfb6e8]

2021-05-07  Todd C. Miller

	* plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c:
	Quiet -Wshadow warnings from gcc.
	[7ff2985ba650]

	* NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	The -g option may also be used with any group the target user
	belongs to. The description in the Runas_Spec section incorrectly
	stated that the -g option could not be used if no runas group was
	set. Bug #975.
	[67d1948d1aa8]

	* configure, configure.ac:
	Remove redundant "configuring Sudo version X.YY" line. We now
	display this along with the summary info at the end.
	[0d7c908f8d4c]

	* configure, configure.ac:
	Don't check for -Wl,-z,relro twice.
	[a30dce71fb26]

2021-05-06  Todd C. Miller

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
	Updated translations from translationproject.org
	[9303a20fe480]

	* scripts/mkpkg:
	Build python plugin for RHEL 6 as well.
	[edaa6ec0e255]

	* configure, configure.ac:
	Remove shell-style quotes in configure warning/error/notice
	messages. Square bracket quotes are used, no need for shell-style
	double quotes.
	[e6de284df511]

	* NEWS, configure, configure.ac:
	Summarize configure settings after all tests have run. This makes it
	a lot easier to see what features have been enabled.
	[12ea96affed5]

2021-05-04  Todd C. Miller

	* INSTALL, configure, configure.ac:
	Remove --with-efence option, there are better options available.
	[78fd5ceb2c52]

	* NEWS:
	Move misplaced changes into the 1.9.7 section where they belong.
	[1519f7a4669b]

	* lib/util/regress/sudo_conf/conf_test.c:
	Awful hack to pass on macOS where group_source=dynamic by default.
	[b038bfab8c34]

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/ca.mo,
	po/ca.po, po/it.mo, po/it.po, po/sr.mo, po/sr.po:
	Updated translations from translationproject.org
	[7b156da85d13]

	* NEWS:
	Document late stage 1.9.7 changes.
	[28756df7dcb4]

	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	sudo_sendlog: rename -m (max-time) to -s (stop-after).
	[4f016111b242]

	* logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c:
	Update closure->elapsed_time in journal_seek(). Otherwise the commit
	point messages won't be accurate when restarting.
	[6cd4db44b8ee]

	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	Add "-m elapsed" option to specify the max elapsed time of records
	to send. Useful for testing the ability of the server to handle
	restarted log transfers.
	[cd9c9235e320]

2021-05-03  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
	Disable reading from client or relay when sending error to client.
	We treat an error from the relay as fatal and must stop processing
	data from both client and relay to make sure we don't get out of
	sync.
	[258f9691b3d9]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c:
	Fix I/O log restart of locally-store logs. This got broken a while
	ago when evlog in struct connection_closure was changed to a
	pointer.
	[8b59122891f9]

	* scripts/pp:
	Fix detection of the volatile flag when other flags are present.
	Otherwise flags fields like "volatile,ignore-other" will be ignored
	by the Debian and BSD back ends.
	[0d120b9eab71]

	* src/limits.c:
	Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) fails.
	GitHub issue #101
	[7d266c174457]

	* logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
	logsrvd/tls_common.h, plugins/sudoers/log_client.c:
	Don't hard-code the TLS connect timeout, use normal connect timeout.
	For sudo_logsrvd, this is the relay connect_timeout setting. For
	sudoers, this is the log_server_timeout setting.
	[49e29f187f5a]

2021-05-02  Todd C. Miller

	* logsrvd/logsrvd_queue.c:
	Add missing closedir(3) in logsrvd_queue_scan(). Coverity CID 221591
	[e9745c64a721]

	* NEWS:
	Mention "log_server_verify" bug fix.
	[a70060c34e7a]

	* configure, configure.ac, doc/sudo_logsrvd.conf.man.in,
	doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf,
	m4/sudo.m4, pathnames.h.in:
	Rename logsrvd log dir to /var/log/sudo_logsrvd.
	[fb979be9927e]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_queue.c:
	Make the failed relay retry interval configurable. This is the
	amount of time to wait before trying to resend a journal to the
	relay server after a connection error.
	[cbc04201a63e]

2021-05-01  Todd C. Miller

	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_journal.c, logsrvd/logsrvd_queue.c,
	logsrvd/logsrvd_relay.c:
	Send outgoing messages to the relay server on startup. Also attempt
	to retry messages that could not be relayed periodically.
	[7ed12983af85]

	* lib/util/fatal.c:
	Avoid clobbering errno in warning().
	[3282a7db7f51]

	* logsrvd/logsrvd_relay.c:
	Set relay name string to NULL after dropping the reference.
	Otherwise it is possible to decrement the reference more than once.
	[245d4e60ea21]

2021-04-30  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Fix cut & pasto that prevented the verify_server option from being
	set. The "log_server_verify" setting passed from the policy plugin
	was applied to the "keepalive" option instead of "verify_server".
	From Krisztian Kovacs.
	[06f716981ad0]

2021-04-29  Todd C. Miller

	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
	logsrvd/logsrvd.c:
	Write client and server information to debug file on SIGUSR1 This
	can be used to debug client problems such as a connection not being
	closed as expected.
	[e6e3a4ba02f4]

	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in:
	Document journal file directories in store_first mode.
	[a08de0c20127]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c:
	Create journal files in an incoming directory, move to outgoing when
	complete. This will make it possible to process completed journal
	files periodically if the relay server is down.
	[5ced00c6eb7e]

	* logsrvd/logsrvd_relay.c:
	Add missing connection_close() call for relay-only connections. For
	an immediate relay we will close the connection when the client
	disconnects (or there is a timeout). However, for store-and-forward
	mode the client has already disconnected at the time we are
	relaying.
	[e51e98489c6d]

2021-04-27  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[4aa3f848b223]

	* logsrvd/logsrvd_conf.c:
	Replace non-ascii characters in warning string.
	[5e99ac170a15]

	* lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/tailq/hltq_test.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/editor/check_editor.c,
	plugins/sudoers/regress/exptilde/check_exptilde.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/regress/unescape/check_unesc.c:
	Quiet clang analyzer false positive in regress tests.
	[190ad1f287d8]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_local.c:
	Move local iolog log functions to logsrvd_local.c
	[e16e2a1d8209]

	* logsrvd/logsrvd_relay.c:
	Better client error reporting on relay server connection error. More
	detailed error messages may be found in the debug log.
	[d0807790327d]

	* logsrvd/logsrvd.c:
	Update debug pid string when sudo_logsrvd becomes a daemon.
	[33069e2da7d5]

2021-04-26  Todd C. Miller

	* logsrvd/logsrvd.c:
	Must call SSL_shutdown() before closing the underlying socket. This
	got broken by some code rearrangement when relay mode was added.
	[a3a8c4d10565]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
	Recover if the client or relay server closes the TLS connection
	uncleanly. The other end of the connection should perform a proper
	TLS shutdown but as long as we are in the correct state there is no
	need to treat this as a user-visible error.
	[90887bc2235f]

	* NEWS, aclocal.m4, configure, configure.ac:
	Sudo 1.9.7
	[c1ea457eca11]

	* MANIFEST, plugins/python/Makefile.in, plugins/python/lsan_suppr.txt:
	Add a suppression file for the libpython leaks. This is a big hammer
	but it seems like the best we can do for now. Allows "make check" to
	succeed when address sanitizer is used.
	[4500cd1e835e]

2021-04-25  Todd C. Miller

	* plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
	plugins/sudoers/regress/editor/check_editor.c:
	When spliting EDITOR check for escaped quote characters. Also add
	check_editor to sudoers "make check".
	[0d8001299358]

2021-04-24  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
	plugins/sudoers/regress/editor/check_editor.c:
	Treat a lone backslash at the end of a string as a literal
	backslash. GitHub issue #99
	[40a53e523003]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in:
	Fix typo.
	[614379733a17]

2021-04-23  Todd C. Miller

	* plugins/python/pyhelpers.c:
	Avoid a potential NULL dereference when mutating args_str. Coverit
	CID 221401
	[69f3c7f8e524]

	* logsrvd/logsrvd_journal.c:
	Avoid calling fread() with a NUL buffer if msg_len is 0. Coverity
	CID 221399
	[ed605b7a3186]

	* logsrvd/logsrvd.c:
	Set a restrictive umask so new files are only read/write by owner.
	Coverity CID 221402
	[595465e4baa2]

	* logsrvd/logsrvd.c:
	In connection_closure_free() only close sock if it is not -1. When
	relaying from a journal there will be no socket. Coverity CID 221403
	[fd4f27067c3f]

	* logsrvd/logsrvd.c:
	Avoid potential NULL dereference in get_free_buf(). Coverity CID
	221400
	[6cb5491bf812]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
	Remove some now-dead code in the error path. Coverity CID 221397 and
	221398
	[edc860f72f98]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_relay.c:
	Use function pointers for each client message type instead of
	conditionals. This separats out the message handler from the
	functions that store or relay the message contents.
	[f596480880fa]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
	Add enqueue_error_message() helper function. Formats and enqueues an
	error message and enables the write event.
	[122bd89fe5e3]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_relay.c:
	Forward the journaled entry after it has been stored locally.
	[a187d5a7ea28]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c:
	Stash the value of the store_first config setting in
	connection_closure. If the configuration changes it should not
	affect a connection that is already in progress.
	[6617c2b7ece5]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_journal.c, logsrvd/logsrvd_relay.c:
	Journal messages to disk when store_first is set in the relay
	section. Instead of forwarding messages immediately, they are
	journaled locally in wire format. This will be used to implement
	relay store-and-forward mode.
	[aa0c537258e7]

	* INSTALL, configure, configure.ac, doc/sudo_logsrvd.conf.man.in,
	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.mdoc.in,
	logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, m4/sudo.m4,
	pathnames.h.in:
	Add configuration for sudo_logsrvd store-and-forward mode. Adds
	"relay_dir" and "store_first" settings to sudo_logsrvd.conf in the
	[relay] section. Also adds a --with-relaydir configure argument to
	change the default value (usually /var/log/logsrvd-relay.
	[6f064ed6d20e]

	* src/signal.c:
	Make sure SIGCHLD is not ignored when sudo is executed. If SIGCHLD
	is ignored there is a race condition between when the process is
	executed and when the SIGCHLD handler is installed. This fixes the
	bug described by GitHub PR #98
	[b4c91a0f72e7]

2021-04-20  Todd C. Miller

	* config.h.in, configure, configure.ac:
	Remove the HP-UX 11.0 pread64() hack, it causes problems on modern
	HP-UX.
	[fea8ebd0b88d]

	* src/limits.c:
	Add minimum value to consider when overriding resource limits.
	Currently only used for RLIMIT_DATA and RLIMIT_AS.

	This works around a problem on HP-UX where setting RLIMIT_DATA
	changes the resource limits for both 32-bit and 64-bit processes.
	HP-UX processes start out with RLIMIT_DATA set based on the values
	of the maxdsiz and maxdsiz_64bit kernel tunables, depending on
	whether they are 32-bit or 64-bit. By default this limit is 1GB for
	32-bit processes and 4GB for 64-bit. However, once RLIMIT_DATA is
	changed, it does not appear to be possible to restore the old
	values. This can result in a 64-bit process that is executed by a
	32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit
	one. Bug #973
	[8778a27abfaf]

2021-04-19  Todd C. Miller

	* logsrvd/logsrvd_relay.c:
	Don't use msg_len as a length after converting it to network byte
	order.
	[3f2496be1130]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
	Use the packed message buffer when relaying if possible. There's no
	need to rebuild the message buffer for anything but RestartMessage
	and ClientHello.
	[903fa50f48c9]

2021-04-18  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
	Allocate the data buffer in get_free_buf() too. We always know the
	size of the data buffer we need at allocation time.
	[c02dc245aa40]

2021-04-17  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
	Relay ChangeWindowSize and CommandSuspend events too.
	[cb20a1de47e3]

2021-04-16  Todd C. Miller

	* plugins/python/pyhelpers.c, plugins/python/regress/testdata/check_ex
	ample_debugging_c_calls@diag.log, plugins/python/regress/testdata/ch
	eck_example_debugging_c_calls@info.log, plugins/python/regress/testd
	ata/check_example_group_plugin_is_able_to_debug.log:
	Regenerate test output with python 3.10a7 Also adjust debug tests so
	they pass on older python versions
	[03aeda971872]

	* configure, m4/python.m4:
	determine Python (3.10) version number correctly. from upstream
	automake
	[1f4136509aca]

	* MANIFEST, aclocal.m4, m4/python.m4, m4/runlog.m4:
	Move python.m4 and runlog.m4 to the m4 directory. Previously they
	were inline in aclocal.m4.
	[6ec4c92539a7]

2021-04-15  Todd C. Miller

	* configure, configure.ac:
	Add hiuxmpp where we have hpux for special cases. Also move the HP-
	UX 11.00 pread(2) workaround into the section where pread(2) is
	tested for, not before it.
	[f6cc1820e0fb]

	* etc/sudo-logsrvd.pp, etc/sudo-python.pp:
	Only replace the last instance of "sudo" in example and doc dir.
	Otherwise we end up with weird paths for a prefix like /opt/sudo.
	[113bdf79f00f]

2021-04-13  Todd C. Miller

	* doc/sudoers.ldap.mdoc.in:
	Fix lint warning.
	[aa4a4f0b0da1]

	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in:
	Mention relay mode and update TLS example.
	[a50a23542c05]

	* etc/sudo-logsrvd.pp, etc/sudo.pp:
	If libssl_dep was not passed in, use ldd to determine its value.
	Normally, mkpkg will figure this out, but if the user does "make
	package" outside of the mkpkg script, libssl_dep will not be set.
	[87329797daca]

2021-04-12  Todd C. Miller

	* INSTALL, configure, configure.ac, doc/UPGRADE:
	Enable the use of OpenSSL if log client/server not disabled. This
	adds a dependency on OpenSSL unless it is explicitly disabled
	(--disable-openssl) or the sudo log client and server are disabled
	(--disable-log-client and --disable-log-server).
	[618f504240d2]

2021-04-09  Todd C. Miller

	* etc/codespell.skip:
	configure aux scripts moved to the scripts directory
	[1cfcbfd128ed]

	* logsrvd/Makefile.in, logsrvd/logsrvd_conf.c:
	Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing
	it. Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd
	itself). Also fix linking fuzz_logsrvd_conf with OpenSSL.
	[ad78729467d4]

	* logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict:
	Update sudo_logsrvd.conf fuzzer to match configuration changes.
	[85ae32ce6f44]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf:
	Document relay configuration changes.
	[d66eb842a6ef]

2021-04-08  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_relay.c:
	Move relay configuration into its own section and add TLS options.
	TLS options in the relay section will be used if specified,
	otherwise the TLS options from the server section are used.
	[0695e9b9b067]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_relay.c:
	Add "server" and "relay" to getters/callbacks specific to server and
	relay.
	[618b4fa5325c]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_relay.c:
	Remove struct logsrvd_tls_config. Now that the SSL context is
	initialized in logsrvd_conf.c there's no need to export TLS
	configuration other than tls_check_peer.
	[4fb0fdc417e1]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_relay.c:
	No longer need struct logsrvd_tls_runtime, use SSL_CTX instead.
	[61e0bdf1499d]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
	Move allocation of the TLS context to logsrvd_conf_apply(). This way
	we get certificate errors at configuration time, not after. It also
	means that a change to the config file that renders the TLS settings
	invalid will no longer cause the server to exit. The new config will
	just be ignored as if there was a syntax error.
	[352ecb58618f]

	* logsrvd/tls_init.c:
	Only initialize the SSL library once.
	[e17215eec1d6]

2021-04-07  Todd C. Miller

	* plugins/sudoers/timestamp.c:
	Sanity check struct timespec in timestamp file. Coverity CID 220564
	[68dfceeb105e]

	* plugins/sudoers/timestamp.c:
	Check lseek(fd, 0, SEEK_CUR) for -1 return value. Not actually
	possible in practice. Coverity CID 220568.
	[27105922d3be]

	* src/net_ifs.c:
	Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops.
	[373961966099]

2021-04-07  Radovan Sroka

	* src/sudo_edit.c:
	Fixed bad condition for sesh args

	In selinux_edit_copy_tfiles() when there is only one file and the
	open() fails then number of arguments is lower than expected. Sudo
	should return error with or without "Defaults !sudoedit_checkdir"
	set.

	This was found with regression testing of CVE-2021-23240.

	Signed-off-by: Radovan Sroka <rsroka@...>
	[947ce862c0bf]

2021-04-06  Todd C. Miller

	* src/net_ifs.c:
	Plug memory leak on overflow; Coverity CID 220556
	[86b71e5dec5c]

	* logsrvd/logsrvd.c:
	In schedule_commit_point() do not free the closure on error. It is
	the caller's responsibility to free resources on error. Coverity CID
	220557
	[e6629496ab03]

	* plugins/sudoers/pwutil.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Cast NULL terminator argument to char * when calling sudo_mkgrent().
	Avoids a portability issue on systems where NULL is not a pointer.
	[cdb9cf0ad2ea]

	* logsrvd/tls_init.c:
	Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13
	[a5d7da05cf09]

	* logsrvd/tls_client.c:
	Include string.h for strerror(3) prototype.
	[57f5cfe43a89]

	* logsrvd/logsrvd_relay.c:
	Move connect_relay_tls() so we don't need a prototype for it. Fixes
	a warning when sudo is not configured to use OpenSSL.
	[0c73cfebf32b]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf:
	Document relay and connect_timeout server settings.
	[a101d54b451e]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrv_util.h,
	logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_client.c,
	logsrvd/tls_common.h:
	Move common TLS client code to tls_client.c and use it in sendlog.c.
	[5334b6c4bef8]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	Rename listen_address -> server_address and add reference counting.
	This will be used by the upcoming relay mode.
	[f8ef9c83c3c8]

	* logsrvd/logsrvd.c:
	Try to send an error message to client for some client_msg_cb()
	failures.
	[0805636e8114]

	* logsrvd/logsrvd.c:
	Split most of server_commit_cb() out into schedule_commit_point().
	This allows it to be used by the relay code too.
	[c985c2f9e5d5]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c:
	Add a relay mode to sudo_logsrvd where it forwards instead of
	stores. Relay hosts are be specified in the server section of
	sudo_logsrvd.conf.
	[071c231e76a9]

	* logsrvd/Makefile.in, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c,
	logsrvd/sendlog.c, logsrvd/tls_common.h:
	Add support for relaying to another sudo_logsrvd via TLS.
	[c47397ce4098]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/rcstr.c, lib/util/util.exp.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/alias.c, plugins/sudoers/check_aliases.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/rcstr.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/visudo.c:
	Move reference-counted string code from sudoers to libsudo_util. It
	will be used by sudo_logsrvd too.
	[d228aaf9b6fa]

	* logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c:
	Add sa_host to struct server_address as a ref counted string. Also
	convert sa_str to ref counted string.
	[4e8abb84c11d]

	* logsrvd/logsrvd_conf.c:
	Don't allow a wildcard address for the relay parameter.
	[4a80d18d025b]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	Add logsrvd_conf_cleanup() to free the conf data structures on exit.
	There is no longer a need to do anything in shutdown_cb() other than
	break out of the event loop.
	[9e4d7456fb7a]

	* src/tgetpass.c:
	Set user group list when executing the askpass helper. Under normal
	circumstances the existing group list will match the list fetched by
	sudo. However, if sudo is executed by a process that has changed the
	group list via setgroups(2) and "group_source" in sudo.conf is set
	to "dynamic" it is possible for them to be different.

	If group_source in sudo.conf is set to "dynamic" it is possible for
	the group list
	[2b1d4ffb9cf6]

	* logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Use a tailq of write buffers instead of a single one per connection.
	This allows us to queue up multiple messages for writing like the
	sudoers client supports. Currently, each connection has its own free
	list. In the future we may want a single free list with low and high
	water marks.
	[b5df1b4d79c7]

	* configure.ac:
	Increase autoconf minimum version to 2.70. Some of the macros
	deprecated in 2.70 are required by older versions. For example,
	AC_PROG_CC now does the work of AC_PROG_CC_STDC. Bug #972
	[223a584b6241]

	* MANIFEST, Makefile.in, config.guess, config.sub, configure,
	configure.ac, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, install-sh, lib/util/Makefile.in,
	lib/zlib/Makefile.in, logsrvd/Makefile.in, ltmain.sh,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, scripts/config.guess,
	scripts/config.sub, scripts/install-sh, scripts/ltmain.sh,
	src/Makefile.in:
	Move autoconf auxiliary files to the scripts directory.
	[5ea8182c11d9]

2021-04-05  Todd C. Miller

	* doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
	Document SUCCESS=return support in sudoers nsswitch.conf entries.
	Based on a patch from Dennis Filder. Bug #971.
	[1d631d1b6244]

2021-04-01  Todd C. Miller

	* plugins/sudoers/audit.c:
	Move log_server_accept() out from under the #ifdef
	SUDOERS_LOG_CLIENT Fixes a link error when sudo is configured with
	--disable-log-client.
	[1bb7efdbddd5]

2021-04-01  Radovan Sroka

	* src/selinux.c:
	Removed depricated security_context_t

	Signed-off-by: Radovan Sroka <rsroka@...>
	[14aba55909fc]

2021-03-31  Todd C. Miller

	* logsrvd/sendlog.c:
	Return NULL if init_tls_client_context() fails. Otherwise, we will
	call SSL_new with a freed SSL context. Bug #970
	[5fbadce88524]

2021-03-30  Todd C. Miller

	* src/parse_args.c:
	Use separate getopt config for sudoedit. Avoids a problem where the
	user gets an exclusive usage error message when using a sudo-
	specific option. GitHub issue #95
	[b6207568e50a]

	* src/parse_args.c, src/sudo_usage.h.in:
	Add -h and -V to sudoedit usage and customize help output for
	sudoedit. Also add missing -B option to usage strings.
	[0d8fa214f8c3]

	* src/parse_args.c:
	Don't report a usage error for "sudo -V". GitHub issue #95
	[a18573251751]

	* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	Do not include parent directories in rpm and deb files. Fixes a
	directory conflict with the AIX sudo rpm package. Other deb/rpm
	packages were not affected because parent dirs are omitted for a
	prefix of /usr.
	[f7d8db9670bb]

2021-03-29  Todd C. Miller

	* src/net_ifs.c:
	SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. On OpenServer,
	SIOCGIFNUM is the number of network interfaces, not the number of
	ifreq structs.
	[a992ea37b071]

2021-03-27  Todd C. Miller

	* src/net_ifs.c:
	Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. We need
	to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF only
	returns IPv6 addresses.
	[7a53304872b9]

2021-03-24  Todd C. Miller

	* src/net_ifs.c:
	Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN
	def.
	[15bb7bc0ecb8]

	* src/net_ifs.c:
	No longer need ifr_tmp variable, just reuse ifr. Now that we store
	the string version of the address before fetching the netmask we can
	just re-use ifr. This simplifies things and is safer since if there
	is space for the address there must also be space for the mask.
	[89ade84d0a6d]

	* src/net_ifs.c:
	SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. Gleaned from
	sendmail.
	[0616f2103f0b]

	* src/net_ifs.c:
	Use SIOCGSIZIFCONF or SIOCGIFNUM where available. Still falls back
	to a loop if not but now maxes out at 2048 interfaces instead of
	potentially looping forever.
	[f19cd2f827d5]

	* configure, configure.ac, src/net_ifs.c:
	Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. They
	were getting in the way of net_its.c simplification.
	[4e2b7ce2fb7b]

2021-03-22  Todd C. Miller

	* src/net_ifs.c:
	Use SIOCGLIFCONF to get interface list where supported (Solaris).
	HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
	return IPv6 addresses). Also add IPv6 support using SIOCGIFCONF
	(probably AIX only) and make sure ifr_tmpbuf[] is properly aligned.
	[d2eebba41618]

	* MANIFEST, src/Makefile.in, src/regress/net_ifs/check_net_ifs.c:
	Add simple regress check to display the network interfaces found.
	[6c1a5a50056e]

2021-03-19  Todd C. Miller

	* INSTALL:
	Suggest clang 11 or higher, some fuzzers may hang when used with
	clang 10.
	[abcf94949ca2]

2021-03-18  Todd C. Miller

	* MANIFEST, logsrvd/Makefile.in,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict:
	Add dictionary file for fuzz_logsrvd_conf.
	[f9e154751a5f]

	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Add a new "fuzz" target that executes the fuzzers for 8192 runs
	each. To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1
	fuzz"
	[5fd3d7e9430f]

	* MANIFEST, lib/iolog/Makefile.in,
	lib/iolog/regress/corpus/log_json/id.json,
	lib/iolog/regress/corpus/log_json/ls.json,
	lib/iolog/regress/corpus/log_json/mailq.json,
	lib/iolog/regress/corpus/log_json/make.json,
	lib/iolog/regress/corpus/log_json/pkg_add.json,
	lib/iolog/regress/corpus/log_json/pkg_delete.json,
	lib/iolog/regress/corpus/log_json/printenv.json,
	lib/iolog/regress/corpus/log_legacy/id.log,
	lib/iolog/regress/corpus/log_legacy/ls.log,
	lib/iolog/regress/corpus/log_legacy/mailq.log,
	lib/iolog/regress/corpus/log_legacy/make.log,
	lib/iolog/regress/corpus/log_legacy/pkg_add.log,
	lib/iolog/regress/corpus/log_legacy/pkg_delete.log,
	lib/iolog/regress/corpus/log_legacy/printenv.log,
	lib/iolog/regress/corpus/seed/log_json/id.json,
	lib/iolog/regress/corpus/seed/log_json/ls.json,
	lib/iolog/regress/corpus/seed/log_json/mailq.json,
	lib/iolog/regress/corpus/seed/log_json/make.json,
	lib/iolog/regress/corpus/seed/log_json/pkg_add.json,
	lib/iolog/regress/corpus/seed/log_json/pkg_delete.json,
	lib/iolog/regress/corpus/seed/log_json/printenv.json,
	lib/iolog/regress/corpus/seed/log_legacy/id.log,
	lib/iolog/regress/corpus/seed/log_legacy/ls.log,
	lib/iolog/regress/corpus/seed/log_legacy/mailq.log,
	lib/iolog/regress/corpus/seed/log_legacy/make.log,
	lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log,
	lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log,
	lib/iolog/regress/corpus/seed/log_legacy/printenv.log,
	lib/iolog/regress/corpus/seed/timing/timing.1,
	lib/iolog/regress/corpus/seed/timing/timing.2,
	lib/iolog/regress/corpus/seed/timing/timing.3,
	lib/iolog/regress/corpus/seed/timing/timing.4,
	lib/iolog/regress/corpus/timing/timing.1,
	lib/iolog/regress/corpus/timing/timing.2,
	lib/iolog/regress/corpus/timing/timing.3,
	lib/iolog/regress/corpus/timing/timing.4, lib/util/Makefile.in,
	lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1,
	lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2,
	lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3,
	lib/util/regress/corpus/sudo_conf/sudo.conf.1,
	lib/util/regress/corpus/sudo_conf/sudo.conf.2,
	lib/util/regress/corpus/sudo_conf/sudo.conf.3, logsrvd/Makefile.in,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6,
	plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/corpus/policy/policy.1,
	plugins/sudoers/regress/corpus/policy/policy.2,
	plugins/sudoers/regress/corpus/policy/policy.3,
	plugins/sudoers/regress/corpus/policy/policy.4,
	plugins/sudoers/regress/corpus/policy/policy.5,
	plugins/sudoers/regress/corpus/seed/policy/policy.1,
	plugins/sudoers/regress/corpus/seed/policy/policy.2,
	plugins/sudoers/regress/corpus/seed/policy/policy.3,
	plugins/sudoers/regress/corpus/seed/policy/policy.4,
	plugins/sudoers/regress/corpus/seed/policy/policy.5:
	Move corpus files to a seed subdirectory.
	[ba6dd7f30d22]

	* lib/fuzzstub/fuzzstub.c:
	We can now rely on LLVMFuzzerTestOneInput to flush stdout.
	[f20f353eeb87]

	* plugins/sudoers/Makefile.in:
	Fix fuzz_sudoers output comparison when fuzzing is enabled.
	libFuzzer outputs additional info to stderr that our stub doesn't.
	[49434e4eceaa]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Flush stdout before successful return from LLVMFuzzerTestOneInput().
	Fixes a problem with diag lines from libFuzzer being interspersed
	with test output.
	[f0b701120128]

	* configure, configure.ac:
	Use --allow-multiple-definition to work around an issue with ld.lld.
	For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
	a DNS timeout problem with name resolution and CIfuzz. However, this
	causes a link failure when sanitizers are enabled on systems that
	use ld.lld as their linker. Use a big hammer to avoid the link
	error.
	[2b9df5329c0e]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
	Do not redefine system group and passwd functions for testsudoers.
	Instead, prefix the replacements with "testsudoers_" and use a
	custom pwutil backend so they get used.
	[6bfd2f8d01c0]

	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Rename "fuzz" makefile target to "check-fuzzer". It's purpose is to
	run the fuzzers are part of a normal "make check" to avoid bit rot,
	not to perform a fuzzer run. The fuzz_logsrvd_conf fuzzer was not
	wired up to "make check" previously.
	[01c03ccfd3f0]

2021-03-15  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.6p1
	[93d95d3f23b1]

2021-03-15  Alexandru Ardelean

	* plugins/sudoers/policy.c:
	plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS

	Since this flag isn't set, the sudo_mode variable gets invalidated
	and running the 'sudo' command seems to error out with message
	'sudoers_policy_check: invalid mode flags from sudo front end:
	0x80001"'
	[b98b418f1997]

2021-03-13  Todd C. Miller

	* NEWS:
	fix typo
	[c7367647bd7c]

2021-03-10  Todd C. Miller

	* NEWS:
	Bug #968
	[e08853fca88e]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_common.h,
	logsrvd/tls_init.c:
	Move common TLS initialization code to tls_init.c.
	[118c7d41ad48]

	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/tr.mo,
	po/tr.po:
	Updated translations from translationproject.org
	[cbc05710d6ba]

	* plugins/sudoers/Makefile.in, plugins/sudoers/gram.c:
	Use HAVE_STDINT_H instead of trying to guess based on
	__STDC_VERSION__. Fixes compilation with pre-C99 headers when the
	compiler supports C99.
	[05ebf79d02c7]

	* include/sudo_compat.h, lib/util/secure_path.c:
	Remove compatibility defines for POSIX sys/stat.h macros. Modern
	systems have them and we no longer support pre-POSIX systems. This
	fixes potential redefinition of the macros if sys/stat.h is included
	after sudo_compat.h. Bug #968.
	[d10d0b9b60e1]

	* lib/eventlog/logwrap.c,
	plugins/python/python_plugin_approval_multi.inc,
	plugins/python/python_plugin_audit_multi.inc,
	plugins/python/python_plugin_io_multi.inc, src/get_pty.c:
	Quiet a few Solaris Studio compiler warnings.
	[1d82509f2e44]

	* configure, configure.ac:
	Add -Wno-unknown-pragmas along with -Wall. We don't want warnings
	about unknown pragmas in system headers.
	[ac15fa0e3d95]

	* scripts/pp:
	Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead.
	[97d8bb91cf02]

2021-03-08  Todd C. Miller

	* configure, configure.ac:
	Compare OS name against freebsd* and netbsd* not freebsd and netbsd.
	Fixes an issue on NetBSD where host_os starts with netbsdelf.
	[2e813d52a7d6]

	* plugins/sudoers/Makefile.in:
	Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD
	[38a7b3a9eb90]

	* lib/util/Makefile.in, plugins/python/Makefile.in, src/Makefile.in:
	Set locale for all "make check" targets.
	[1a80048486d4]

2021-03-07  Todd C. Miller

	* configure, configure.ac:
	AIX 6.1 may have a broken fmemopen(). We only use it for the fuzzers
	so ignore it for AIX < 7.1.
	[ad909c1479ff]

2021-03-06  Todd C. Miller

	* scripts/pp:
	Only put specific directories in the ROOT section of the AIX
	package. Previously, /usr and /opt were placed in USR and everything
	else went in ROOT. Now, only /dev, /etc, /sbin and /var go in ROOT.
	[6f1fbe8fea31]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
	po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo,
	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[53c17c8d56e9]

2021-03-05  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
	Remove unused tls parameter, we now use a per-address tls flag.
	[2be727a37b9c]

2021-03-03  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document double escaping of backslashes. Bug #961.
	[ae51e4899555]

	* NEWS, configure, configure.ac:
	No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. We
	now define _DARWIN_C_SOURCE which accomplishes the same thing.
	[c233df4c1ae4]

	* plugins/sudoers/auth/pam.c:
	Fix a potential use-after-free in conversation function. The prompt
	passed in to sudo_pam_verify() will be freed later by
	check_user_interactive() so we need to reset the stashed value. From
	Pavel Heimlich. Bug #967.
	[86bc6ee3c493]

	* plugins/sudoers/pwutil.c:
	No need to update cp after storing gr->gr_name, it is not used,
	Coverity CID 219314
	[27bace364dc9]

2021-03-02  Todd C. Miller

	* NEWS:
	Mention GitHub issue #56.
	[47b8b9fac52b]

	* plugins/sudoers/po/sudoers.pot:
	regen
	[923899bcc63d]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Log peer address in sudo_logsrvd JSON-format logs. The peer that
	connected to us might not be the same host where the log entry
	originated.
	[4e2488efaf97]

	* NEWS, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
	lib/util/sudo_conf.c:
	Make "group_source=dynamic" the default on macOS. Recent versions of
	macOS do not reliably return all of a user's non-local groups via
	getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug
	#946.
	[491720b06a68]

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on
	C. Works around a crash in leak sanitizer when the locale is set to
	C and TLS support is enabled.
	[4345912b9bd8]

2021-03-01  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Initialize the lbuf used by sudoers_trace_print() in init_lexer().
	Free the old buffer if there is one, otherwise it would never be
	freed.
	[1893ecc06718]

	* lib/util/lbuf.c:
	In sudo_lbuf_destroy(), reset error, len and size.
	[7a6f980c2215]

	* NEWS:
	Mention the integer overflow check in store_timespec().
	[f41519e1dae9]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	In find_path() stub only make a copy in outfile if returning FOUND.
	Fixed a recently-introduced memory leak in the fuzzer.
	[2045b1afc0b5]

2021-02-28  Todd C. Miller

	* lib/util/sudo_debug.c:
	Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION It
	will not be used and just confuses the coverage stats.
	[3307c855b77d]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Expand stub getaddrinfo() to resolve "localhost".
	[e1035616ad99]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Improve fuzz_policy coverage and set defaults in setdefs not parse.
	Now exercises session open/close and set additional defaults to
	exercise more code paths.
	[2843a0b930fd]

	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
	Improve SUDOERS_NAME_MATCH support. Now supports digests and
	performs better directory matching.
	[2f2d63596256]

	* plugins/sudoers/policy.c:
	Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command".
	[eff4cbe95d75]

2021-02-26  Todd C. Miller

	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
	lib/iolog/iolog_clearerr.c, lib/iolog/iolog_close.c,
	lib/iolog/iolog_eof.c, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_gets.c, lib/iolog/iolog_mkdirs.c,
	lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c,
	lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c,
	lib/iolog/iolog_openat.c, lib/iolog/iolog_read.c,
	lib/iolog/iolog_seek.c, lib/iolog/iolog_swapids.c,
	lib/iolog/iolog_util.c, lib/iolog/iolog_write.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c, logsrvd/iolog_writer.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Split iolog_fileio.c into multiple files.
	[9b7c4f1b781f]

	* plugins/sudoers/defaults.c:
	Correct the integer overflow check in store_timespec(). Fixes oss-
	fuzz issue #31463
	[3765d5c4ecd3]

	* plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok:
	Update file that was missed in test27 changes.
	[5824f54afa88]

	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
	lib/iolog/iolog_conf.c, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_loginfo.c:
	Break out I/O log config handling into iolog_conf.c.
	[546f503f9bb4]

	* lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
	regen Makefile.in
	[43c54f94e9c8]

	* examples/Makefile.in, lib/eventlog/Makefile.in,
	plugins/sudoers/Makefile.in:
	Add some missing files to the clean target
	[20754fec5ff1]

	* plugins/sudoers/regress/sudoers/test27.in,
	plugins/sudoers/regress/sudoers/test27.json.ok,
	plugins/sudoers/regress/sudoers/test27.ldif.ok,
	plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test27.out.ok,
	plugins/sudoers/regress/sudoers/test27.toke.ok:
	Add netgroup check to sudoers test27
	[1b45a6794b2d]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
	Sync with fuzz_sudoers changes.
	[1481cef048ad]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Fuzz with runuser and rungroup specified too.
	[2d8ceb465cea]

	* MANIFEST, plugins/sudoers/regress/sudoers/test27.in,
	plugins/sudoers/regress/sudoers/test27.json.ok,
	plugins/sudoers/regress/sudoers/test27.ldif.ok,
	plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test27.out.ok,
	plugins/sudoers/regress/sudoers/test27.toke.ok:
	Add test to exercise RunasSpec without a RunasUser.
	[ee22ac488aca]

	* MANIFEST, plugins/sudoers/regress/sudoers/test22.sudo.ok,
	plugins/sudoers/regress/sudoers/test23.sudo.ok,
	plugins/sudoers/regress/sudoers/test24.sudo.ok,
	plugins/sudoers/regress/sudoers/test26.sudo.ok:
	Remove unused regress files.
	[71d943734bb8]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Don't try to run getters if we failed to parse the config file.
	[734bb56c24ed]

2021-02-25  Todd C. Miller

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz.
	[5f725de1e3ad]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Fix runchroot, runcwd, tty_tickets. Add timestampowner.
	[d8a945bea98d]

	* plugins/sudoers/policy.c:
	Only add command_info to garbage collector on successful return.
	Otherwise it will be freed on failure.
	[c3d0461efaa1]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Add user millert to group sudo, which is often the exempt group.
	[fac833a2cf3b]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Add some defaults settings in sudo_file_parse(). We don't have a
	real policy file but we still want to exercise callbacks in
	sudoers.c.
	[9f3d3f668973]

	* plugins/sudoers/sudoers.c:
	Do not free sudo_user.iolog_{file,path} in sudo_user_free(). They
	are not dynamically allocated.
	[59c102ba67cf]

	* lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
	Remove unnecessary warnings, we want to fail silently.
	[4b1ee5dd2cb4]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	No longer need to stub out eventlog config functions.
	[08c40b6a63c9]

	* MANIFEST, logsrvd/Makefile.in,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Call public getters in logsrvd.conf fuzzer and add to corpus. Now
	exercises the syslog config erorr path.
	[0b314e4e0696]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Add more passes to policy fuzzer Now execises list, list other user
	and show_version.
	[21a1cc9665ec]

	* plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Implement sudoers_policy_deregister_hooks() Register/deregister
	hooks in fuzz_policy and also call show_version().
	[8849644a75de]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Add sudoers debug register/deregister.
	[5fba9b19c6fa]

	* plugins/sudoers/defaults.c:
	Remove unnecessary break statement.
	[aa18c2957f82]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok,
	plugins/sudoers/regress/sudoers/test14.in,
	plugins/sudoers/regress/sudoers/test14.json.ok,
	plugins/sudoers/regress/sudoers/test14.ldif.ok,
	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test14.out.ok,
	plugins/sudoers/regress/sudoers/test14.toke.ok:
	Include a sha384 digest in the test corpus.
	[6c405febff10]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Parse sudoers file in the C locale.
	[82d6afbe499b]

	* MANIFEST, plugins/sudoers/regress/sudoers/test26.in,
	plugins/sudoers/regress/sudoers/test26.json.ok,
	plugins/sudoers/regress/sudoers/test26.ldif.ok,
	plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test26.out.ok,
	plugins/sudoers/regress/sudoers/test26.sudo.ok,
	plugins/sudoers/regress/sudoers/test26.toke.ok:
	Add regress test with all current Defaults settings. Currently skips
	SELinux and Solaris privilege settings.
	[79e82a58ccde]

2021-02-24  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_hooks.c:
	Move env hooks into sudoers_hooks.c.
	[7296d05b9206]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	No need to call check_defaults() and check_aliases() in quiet mode.
	[0d0f93849388]

	* plugins/sudoers/gc.c:
	sudoers_gc_init() is not currently used
	[e74d2870ae25]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/fmtsudoers_cvt.c:
	Split fmtsudoers.c into the parts used by sudoers plugin and
	cvtsudoers. Only testsudoers and cvtsudoers use the full set of
	formatting functions.
	[8c57e80ae655]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Check defaults settings too.
	[7dc7d66f47e7]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_stubs.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Add fuzzer-specific stubs source file.
	[815c28958d42]

	* Makefile.in:
	Do not overwrite existing ChangeLog file if there is no hg/git dir.
	We don't want "make install" from a source tarball to nuke the
	ChangeLog.
	[f7aba6a01d85]

	* lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	Remove fuzzer targets in "make clean"
	[25b068bc254b]

	* .gitignore, .hgignore:
	Ignore fuzzer targets
	[d920254ce731]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Set program name in fuzzers so we get consisten warnings.
	[1ee4b5478d1c]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Use real eventlog config fuctions instead of stubs.
	[eed6fc4df1f6]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_loginfo.c:
	Move iolog info log writing to iolog_loginfo.c
	[292915dae440]

	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_loginfo.c,
	lib/iolog/iolog_timing.c, lib/iolog/iolog_util.c,
	lib/iolog/regress/iolog_timing/check_iolog_timing.c,
	lib/iolog/regress/iolog_util/check_iolog_util.c:
	Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. Also
	rename check_iolog_util -> check_iolog_timing.
	[5b5249e4aa96]

	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_legacy.c,
	lib/iolog/iolog_util.c:
	Move legacy I/O log info file parsing to iolog_legacy.c
	[94b767bb56c7]

	* MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
	lib/eventlog/eventlog.c, lib/eventlog/eventlog_conf.c:
	Move eventlog config code into eventlog_conf.c
	[656d65215e50]

	* MANIFEST, lib/eventlog/Makefile.in, lib/eventlog/eventlog.c,
	lib/eventlog/eventlog_free.c:
	Move eventlog_free() into its own file.
	[a5ff36ac0ebb]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Stub out eventlog and iolog configuration setters.
	[cc32ba7436cd]

	* MANIFEST, plugins/sudoers/defaults.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
	Update Defaults settings after parsing sudoers. Also stub out
	dump_defaults when fuzzing as it is not used.
	[fa1e7c7b42c2]

	* plugins/sudoers/Makefile.in, plugins/sudoers/b64_decode.c,
	plugins/sudoers/b64_encode.c, plugins/sudoers/base64.c:
	Split base64 encode/decode functions into separate source files.
	They are independent functions.
	[ab0904c5122c]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	fuzz_printf and fuzz_conversation can be stubs.
	[9b11c9a3f3c3]

2021-02-23  Todd C. Miller

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Exercise tilde expansion if used in runcwd or runchroot.
	[a6f0995c6a55]

	* plugins/sudoers/check_aliases.c:
	Move alias checking code out of visudo.c and into check_aliases.c.
	[5c0a91978441]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Check aliases in fuzz_sudoers if the policy parsed correctly.
	[b272e634f204]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/parse.h,
	plugins/sudoers/visudo.c:
	Move alias checking code out of visudo.c and into check_aliases.c.
	[b9c23c958935]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	We don't need to link fuzz_sudoers with file.c.
	[4fcd15e8cdcf]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.dict,
	lib/util/regress/fuzz/fuzz_sudo_conf.dict,
	plugins/sudoers/regress/fuzz/fuzz_policy.dict,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict:
	Strings in dictionary files need to be quoted.
	[8a95ea335d2d]

	* MANIFEST, lib/iolog/Makefile.in,
	lib/iolog/regress/fuzz/fuzz_iolog_json.dict, lib/util/Makefile.in,
	lib/util/regress/fuzz/fuzz_sudo_conf.dict,
	plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_policy.dict,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict:
	Add dictionary files for fuzzers where possible.
	[4d9147fd50fd]

2021-02-22  Todd C. Miller

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Also free safe_cmnd so it doesn't leak.
	[5071a1ffa5d0]

	* plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c:
	Return NOT_FOUND from the set_cmnd_path() stub since we don't set
	user_cmnd. The purpose of set_cmnd_path() is to reset user_cmnd
	based on a new runchroot. For the stub version we don't modify
	user_cmnd and so must not return a status of FOUND. Fixes oss-fuzz
	issue #31250 which only affected the fuzzer and not sudo.
	[36fe416668df]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
	Fix fuzz_sudoers output matching.
	[6cec1e5aa799]

	* lib/fuzzstub/fuzzstub.c:
	Print "running" and "executed" lines to stderr like libfuzzer does.
	[b76b7a4a6ff3]

	* plugins/sudoers/pwutil_impl.c:
	Support passing sudo_make_gidlist_item() an array of gids. The gids
	are formatted as strings, not gid_t.
	[d1608f63ae91]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
	Prime user/group cached and set the interface list. Also match
	parsed policy against multiple users.
	[ec19b5658a2a]

	* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h:
	Add sudo_mkgrent(), to be used to prime the group cache in
	tests/fuzzers.
	[333f0887abbc]

2021-02-21  Todd C. Miller

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Perform matching in fuzz_sudoers for inputs that parse correctly.
	The fuzzer now exercised the normal match code as well as the
	pseudo-command (list, validate, etc) match code. Privileges are also
	listed for well-formed sudoers file.
	[8caf505d7341]

	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
	plugins/sudoers/parse.h:
	Add back SUDOERS_NAME_MATCH and enable it when fuzzing. This avoids
	the test environment from influencing sudoers matching.
	[496b3a7184a8]

	* plugins/sudoers/match_command.c:
	Add missing globfree(3) in command_matches_glob() when matching a
	directory.
	[1d6d28d6eb61]

2021-02-19  Todd C. Miller

	* lib/util/sudo_dso.c:
	Add support on AIX for loading plugins that are .a (not .so) files.
	It is possible to specify the member name in parens after the path,
	e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit.
	If no member is specified in the path and dlopen() fails with
	ENOEXEC, try again with an explicit member, either shr.o or
	shr_64.o.
	[90d975989148]

	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Add clean rules to .PHONY target.
	[dea3468f3f7b]

2021-02-18  Todd C. Miller

	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Add install-fuzz Makefile target to install the fuzzers and seed
	corpus. The FUZZ_DESTDIR make variable needs to be set in the
	environment or on the command line.
	[89c4dc1e8cb0]

	* plugins/sudoers/Makefile.in:
	Only display fuzz_policy output if the fuzzer exits with an error.
	[c6927227be4a]

	* plugins/sudoers/regress/corpus/policy/policy.1,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Call list, validate and invalidate entry points too. We need a
	separate open/close for each one.
	[fbbc5bdb4541]

	* INSTALL, configure, configure.ac:
	Add --disable-ssp configure option. This allows for disabling
	-fstack-protector without turning off the other hardening options.
	[1d9ca18e4fa9]

	* lib/util/regress/getdelim/getdelim_test.c:
	Test the error case by closing the underlying fd. Note that we don't
	use ferror() here since our getdelim() has no way to set the error
	flag if there is a memory allocation error.
	[df0464968e2c]

	* lib/util/regress/getdelim/getdelim_test.c:
	Test the case where getdelim() must reallocate the buffer.
	Reproduces Bug #960.
	[df4dbc0830be]

	* lib/eventlog/eventlog.c:
	When logging JSON to syslog, wrap the contents in a "sudo" object.
	This makes it easier for log parsers to identify what is a sudo log
	entry.
	[2c96aeaabc8e]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Restore the check for sudoers_policy.close == NULL. The fuzzers run
	as part of "make check" too in which case NO_LEAKS won't be defined
	and the close function will be set to NULL.
	[8418ff5f6dfb]

	* lib/iolog/iolog_json.c:
	Use %td when printing the difference of two pointers.
	[608de9ab3902]

	* plugins/sudoers/parse.c:
	Don't print a NULL as a string if role/type/privs/limitprivs is not
	set. We can't rely on printf("%s", NULL) not crashing.
	[4a04efbcbff9]

	* plugins/sudoers/sudoers.c:
	Fix compilation error on Solaris introduced with sudo_user_free().
	[0ce4e0ac807e]

2021-02-17  Todd C. Miller

	* NEWS:
	Bug #960.
	[82303f217d8b]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Distinguish between EOF and error using feof(3), not ferror(3). Our
	getdelim(3) emulation won't set the error flag if the error is due
	to an allocation failure. This explains the premature EOF without
	error seen in Bug #960.
	[5a70875f92fa]

	* lib/util/getdelim.c:
	Reset end pointer when reallocing the line buffer in getdelim().
	Fixes excessive memory allocations for long lines. Bug #960.
	[d6dd6893b38a]

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	plugins/sudoers/Makefile.in:
	Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables.
	[2f7695aadad9]

	* lib/iolog/iolog_json.c:
	On parse error, display line and column instead of the offending
	line.
	[bbda04a5b05d]

	* logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
	regen
	[20e093fd76f0]

	* NEWS, configure, configure.ac:
	Sudo 1.9.6
	[1c76fe52426f]

2021-02-16  Todd C. Miller

	* lib/iolog/iolog_json.c, lib/iolog/iolog_util.c:
	Pass I/O log memory allocation errors up to the caller.
	[4777add71679]

	* INSTALL, config.h.in, configure, configure.ac, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, pathnames.h.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c:
	Add admin_flag sudoers option and make --enable-admin-flag take a
	path. It is now possible to disable the Ubuntu admin flag in sudoers
	or change its location. GitHub issue #56
	[d77c3876fa95]

	* plugins/sudoers/exptilde.c,
	plugins/sudoers/regress/exptilde/check_exptilde.c:
	Fix tilde expansion of paths with no user like ~/foo. The '/'
	separator was missing in the resulting path.
	[dbba61f76d6c]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, lib/util/sudo_conf.c,
	plugins/sudoers/policy.c:
	Limit max_groups in sudo.conf to 1024. The max_groups setting should
	no longer be needed anyway.
	[aee7843e0c7d]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
	In sudoers_policy_close() call sudoers_cleanup() instead of
	sudo_user_free(). If we didn't call sudoers_policy_main() due to an
	early error there may be more things to clean up.
	[683d69d84aa6]

	* plugins/sudoers/policy.c:
	Check for invalid flag combinations from front-end for all cases.
	The checks are now performed in the check_policy, list, validate and
	invalidate functions instead of as part of the open function. We
	can't perform the checks in open because we don't yet know what
	operation is going to be performed.
	[b09105b3bb42]

	* plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c:
	Always dynamically allocate user_cmnd, it is freed in
	sudo_user_free(). Instead of setting user_cmnd in the policy
	functions, always set argv. Calling sudoers_policy_main() with argc
	of 0 is no longer allowed.
	[820f1f4e5c44]

	* plugins/sudoers/policy.c:
	No need for sudoers_cleanup() in sudoers_policy_invalidate(). The
	sudoers close() function is now called even for "sudo -k". Also no
	need to set user_cmnd, it is not used in this code path.
	[c2c9832c32f4]

2021-02-15  Todd C. Miller

	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd_conf.c,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2,
	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Add simple fuzzer for sudo_logsrvd.conf parser.
	[8b5cd9e24656]

	* lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
	Fix unlinking of timing temp file.
	[8b0ce6d777c8]

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	plugins/python/Makefile.in, plugins/sudoers/Makefile.in:
	Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets.
	[47e8b85d1d9a]

	* MANIFEST, lib/util/Makefile.in,
	lib/util/regress/corpus/sudo_conf/sudo.conf.1,
	lib/util/regress/corpus/sudo_conf/sudo.conf.2,
	lib/util/regress/corpus/sudo_conf/sudo.conf.3,
	lib/util/regress/fuzz/fuzz_sudo_conf.c:
	Add simple fuzzer for sudo.conf parser.
	[8a530402f936]

	* plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Free struct sudo_user in sudoers_policy_close() and
	sudoers_cleanup(). Also, do not NULL out the close function if
	NO_LEAKS is defined.
	[f3fbf78e6e41]

	* MANIFEST, lib/iolog/Makefile.in,
	lib/iolog/regress/corpus/log_legacy/id,
	lib/iolog/regress/corpus/log_legacy/id.log,
	lib/iolog/regress/corpus/log_legacy/ls,
	lib/iolog/regress/corpus/log_legacy/ls.log,
	lib/iolog/regress/corpus/log_legacy/mailq,
	lib/iolog/regress/corpus/log_legacy/mailq.log,
	lib/iolog/regress/corpus/log_legacy/make,
	lib/iolog/regress/corpus/log_legacy/make.log,
	lib/iolog/regress/corpus/log_legacy/pkg_add,
	lib/iolog/regress/corpus/log_legacy/pkg_add.log,
	lib/iolog/regress/corpus/log_legacy/pkg_delete,
	lib/iolog/regress/corpus/log_legacy/pkg_delete.log,
	lib/iolog/regress/corpus/log_legacy/printenv,
	lib/iolog/regress/corpus/log_legacy/printenv.log,
	plugins/sudoers/Makefile.in:
	For "make fuzz" only fuzz the seed corpus. This way we avoid files
	generated by the fuzzer itself.
	[42ace1dec313]

2021-02-14  Todd C. Miller

	* plugins/sudoers/env.c, plugins/sudoers/gc.c,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Fix sudoers garbage collection and run it in policy fuzzer.
	[c0d572fd9921]

	* .github/workflows/main.yml:
	Rename master -> main
	[57000edd1aff]

	* plugins/sudoers/policy.c:
	Do not include errno string for invalid params from front-end.
	[2d0b55b3041f]

	* plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Always dynamically allocate user_role, user_type, user_privs,
	user_limitprivs
	[f5992824219d]

	* plugins/sudoers/policy.c:
	Remove dead code, front-end does not set runas_privs or
	runas_limitprivs
	[6ce3da323452]

	* plugins/sudoers/iolog.c:
	Plug memory leak if there are duplicate user_info or command_info
	entries.
	[21865246a4dc]

2021-02-13  Todd C. Miller

	* .github/workflows/main.yml:
	Add CIFuzz workflow to run fuzzers on push or PR.
	https://google.github.io/oss-fuzz/getting-started/continuous-
	integration/
	[47f1c8015ec5]

	* plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
	Move create_admin_success_flag() to timestamp.c.
	[0675f230288c]

	* configure, configure.ac:
	Error out if fuzzer/sanitizer enabled but not supported by the
	compiler.
	[289afba93f79]

	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
	The push() function was not updating the size after reallocating.
	[e089aaeee3b2]

	* plugins/sudoers/pwutil_impl.c, src/sudo.c:
	If sudo_getgrouplist2() returns -1, clamp ngroups based on
	max_groups. The ngroups parameter is an out parameter that is filled
	in with the actual number of groups, which may be less than the
	static number allocated when max_groups is set in sudo.conf. Fixes a
	potential out of bounds read found by LLVM libFuzzer.
	[a26461ccf891]

2021-02-12  Todd C. Miller

	* plugins/sudoers/policy.c:
	Reset sudoers path, owner and mode before parsing plugin arguments.
	This is only needed when calling sudoers_policy_deserialize_info()
	more than once, which is true for the policy fuzzer.
	[a25a6210f48c]

	* plugins/sudoers/sudoers.c:
	Cleanup sudoers sources on denial and error too.
	[454b7adcfa21]

	* plugins/sudoers/pwutil.c:
	Fix sudo_getgrgid reference count bug when gid doesn't exist. This
	one was missed when the other user/group lookup functions were
	fixed.
	[20e3fad6768b]

	* plugins/sudoers/policy.c:
	Plug memory leak if there are duplicate user_info entries.
	[b8ddcfa0a051]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/corpus/policy/policy.1,
	plugins/sudoers/regress/corpus/policy/policy.2,
	plugins/sudoers/regress/corpus/policy/policy.3,
	plugins/sudoers/regress/corpus/policy/policy.4,
	plugins/sudoers/regress/corpus/policy/policy.5,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c:
	Fuzz sudoers policy module API. Includes a test case to reproduce
	CVE-2021-3156.
	[576d065759cf]

	* lib/iolog/Makefile.in, plugins/sudoers/Makefile.in:
	Make fuzz targets depend on fuzzer stub library. We really want a
	dependency on $(LIB_FUZZING_ENGINE) but that could be a flag like
	"-fsanitize=fuzzer" instead of a path.
	[0963418f1cf9]

	* lib/util/Makefile.in:
	regen
	[dd872eceb19e]

	* MANIFEST, plugins/sudoers/Makefile.in:
	Move audit.c from libparsesudoers to the sudoers module itself. Now
	that audit.c contains the audit module it doesn't belong in
	libparsesudoers.
	[3df4f6e10f54]

	* configure, configure.ac:
	Do not pass AX_APPEND_FLAG more than a single flag. GitHub issue #92
	[ed9ccdd41231]

2021-02-10  Todd C. Miller

	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
	Fix up some .la file library dependencies. libsudo_iolog.la already
	depends on libsudo_util.la and libsudo_eventlog.la so we don't need
	to list those explicitly when libsudo_iolog.la is listed.
	[d8b55cf698b5]

	* lib/eventlog/eventlog.c, lib/util/Makefile.in, lib/util/progname.c,
	lib/util/regress/progname/progname_test.c, lib/util/sudo_conf.c,
	lib/util/util.exp.in, plugins/sudoers/audit.c,
	plugins/sudoers/find_path.c, plugins/sudoers/iolog.c,
	plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	src/sudo_edit.c, src/sudo_noexec.c:
	Use sudo_basename() instead of doing the equivalent manually.
	[67e2b5d68a73]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/basename.c, lib/util/util.exp.in:
	Add a GNU-compatible version of basename(3). Unlike POSIX
	basename(3), the GNU variant does not modify its argument. Note that
	basename of a path ending in "/" returns an empty string.
	[693e1d39718a]

2021-02-09  Todd C. Miller

	* lib/iolog/iolog_fileio.c:
	feof(3) returns non-zero at EOF, not necessarily 1. On Illumos at
	least it returns a value other than 1.
	[fc2242fe7c6e]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Portable workaround for getdelim(3) implementations modify buf on
	EOF. We should assume that the contents of buf are undefined when
	getdelim(3) returns -1. We now peek ahead one char and skip the
	getdelim(3) call if EOF is detected. This will preserve the original
	value of the last line.
	[1e353f05a0fa]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Some getdelim(3) implementations write a NUL to the buffer on EOF.
	AIX and Illumos appear to have this behavior. We now preserve the
	first character of the buffer on EOF to work around this. Fixes
	reporting of syntax errors on the last line of a file.
	[22611c14c1d1]

	* plugins/sudoers/Makefile.in:
	Fuzz the example sudoers file, not the default one. The default
	sudoers uses @includedir which can result in different output,
	depending on the permissions of /etc/sudoers.d.
	[1b325a1d0e0a]

	* configure, configure.ac:
	illumos has a broken fmemopen(3), don't use it.
	[d297ee0339e6]

2021-02-08  Todd C. Miller

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	Add configure check for SSIZE_MAX
	[ca7699154705]

	* lib/iolog/iolog_json.c:
	Suppress PVS Studio false positives.
	[6d8fcec047e5]

	* src/sesh.c:
	Silence a clang analyzer false positive.
	[8bc3e89f6fbb]

	* plugins/sudoers/toke_util.c:
	Silence a clang analyzer false positive.
	[2489166fc372]

	* lib/fuzzstub/fuzzstub.c:
	Fix CID 217123, size check always false on 64-bit systems.
	[3c018b5d43a8]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Make open_sudoers() always return NULL like fuzz_sudoers.c
	[042de90307ae]

	* plugins/sudoers/regress/sudoers/test4.toke.ok,
	plugins/sudoers/regress/sudoers/test5.toke.ok,
	plugins/sudoers/regress/sudoers/test7.toke.ok,
	plugins/sudoers/regress/sudoers/test8.toke.ok:
	Update *.toke.ok now that lexer doesn't call sudoerserror() itself.
	[d60c0d33b5b4]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
	plugins/sudoers/toke.h, plugins/sudoers/toke.l:
	The lexer now sets an error string before returning ERROR. The
	parser will use that when reporting on an ERROR state. This prevents
	the lexer from reporting errors about tokens that are not actually
	consumed by the parser and we don't have to worry about both the
	lexer and the parser reporting errors. It also means we only get one
	error per sudoers line.
	[7ffb0d28862f]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Go back to storing the last error file/line in sudoerserrorf(). This
	is still the best way to avoid displaying more than one error per
	line.
	[21da59d69c5f]

	* configure, configure.ac:
	Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just
	ASAN_CFLAGS.
	[d3c719c72d79]

	* MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/eventlog/Makefile.in,
	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add fuzz Makefile target and run fuzzer corpus in make check.
	[a66085f05dea]

2021-02-07  Todd C. Miller

	* MANIFEST, Makefile.in, configure, configure.ac,
	lib/fuzzstub/Makefile.in, lib/fuzzstub/fuzzstub.c,
	lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Add stub library that just feeds files to the fuzzing target. This
	will allow the fuzzers to be run as part of "make check".
	[aa8fda20c3f8]

	* scripts/mkpkg:
	Append to CFLAGS and LDFLAGS instead of overriding them when adding
	-m64.
	[d02cf3c28198]

	* config.h.in, configure, configure.ac,
	lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Fall back to a temp file if fmemopen() is not available().
	[87f804b98c18]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Add missing return statement when NO_LEAKS is not defined.
	[25b8e1041b62]

	* lib/eventlog/Makefile.in:
	Remove remnants of liblogsrv.
	[5030114bb12f]

	* INSTALL, configure, configure.ac, lib/iolog/Makefile.in,
	plugins/sudoers/Makefile.in:
	Add --enable-fuzzer-linker and --enable-fuzzer-engine options. These
	will allow the fuzzers to be built as part of oss-fuzz.
	[c3176bd8b95b]

2021-02-06  Todd C. Miller

	* .gitignore, .hgignore:
	Sync ignore files.
	[ddf136d412f7]

	* plugins/sudoers/Makefile.in:
	Fix linking of sudoers fuzzers with static libsudo_util.
	[86d07a5a671d]

	* INSTALL, configure, configure.ac, lib/iolog/Makefile.in,
	plugins/sudoers/Makefile.in:
	Add --enable-fuzzer option to use when building fuzzers
	[01e31362c2b0]

	* INSTALL, configure, configure.ac:
	Replace --enable-asan with --enable-sanitizer It is not possible to
	set the sanitizer flags at configure time.
	[115d869e1d55]

2021-02-06  Anton Bershanskiy

	* src/copy_file.c:
	Fix comment typo in src/copy_file.c
	[60dbf6da4712]

2021-02-06  Todd C. Miller

	* lib/iolog/Makefile.in, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Build (but don't run) fuzzers as part of "make check". Uses a stub
	to make it possible to link w/o libfuzzer. The goal is to ensure the
	fuzzers are always buildable and avoid bit rot.
	[9186e252b8bf]

	* lib/iolog/Makefile.in, plugins/sudoers/Makefile.in:
	Add libsudo_eventlog.la as a dependency of libsudo_iolog.la No
	longer need to link against libsudo_eventlog.la in sudoers.
	[508097f86035]

2021-02-05  Todd C. Miller

	* MANIFEST, lib/iolog/regress/corpus/log_json/id.json,
	lib/iolog/regress/corpus/log_json/ls.json,
	lib/iolog/regress/corpus/log_json/mailq.json,
	lib/iolog/regress/corpus/log_json/make.json,
	lib/iolog/regress/corpus/log_json/pkg_add.json,
	lib/iolog/regress/corpus/log_json/pkg_delete.json,
	lib/iolog/regress/corpus/log_json/printenv.json,
	lib/iolog/regress/corpus/log_legacy/id,
	lib/iolog/regress/corpus/log_legacy/ls,
	lib/iolog/regress/corpus/log_legacy/mailq,
	lib/iolog/regress/corpus/log_legacy/make,
	lib/iolog/regress/corpus/log_legacy/pkg_add,
	lib/iolog/regress/corpus/log_legacy/pkg_delete,
	lib/iolog/regress/corpus/log_legacy/printenv,
	lib/iolog/regress/corpus/timing/timing.1,
	lib/iolog/regress/corpus/timing/timing.2,
	lib/iolog/regress/corpus/timing/timing.3,
	lib/iolog/regress/corpus/timing/timing.4:
	Add more test files for fuzzers.
	[22256acfbe23]

2021-02-05  Daniel Milnes

	* doc/sudo.mdoc.in:
	Fix the typo in the mdoc
	[e0ad7f93e678]

	* doc/sudo.man.in:
	Fix a tiny typo in the Sudo manpage
	[d52c308677bf]

2021-02-04  Todd C. Miller

	* MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
	fuzzer for I/O log timing files
	[7b32f8eecfd6]

	* lib/iolog/iolog_json.c:
	In JSON, name/value pairs must be separated by a comma. Previously
	we didn't require the comma to be there.
	[bb70cecf6360]

	* lib/iolog/iolog_json.c:
	Detect integer overflow when converting JSON_ARRAY to string vector.
	Extremely unlikely to happen but better safe than sorry.
	[60a7a4d3a1d8]

2021-02-03  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Only strip double quotes from an include path if len >= 2. Found
	locally using libfuzzer/oss-fuzz.
	[274d0a05081b]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Don't allow the sudoers fuzzer to open include files. If we allow
	the fuzzer to choose include paths it will include random files in
	the file system. This leads to bug reports that cannot be
	reproduced.
	[b8ffce94f30a]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	If getdelim() returns a string with embedded NULs, truncate on first
	one. This should avoid some issues with the fuzzer.
	[e90e61d4bb0e]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Reallocate the buffer correctly when appending a newline. Fixes a
	potential buffer overflow introduced in the last commit.
	[50b0f77aed5f]

	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y:
	Don't free the alias name in alias_add() if the alias already
	exists. We need to be able to display it using alias_error(). Only
	free what we actually allocated in alias_add() on error and let the
	caller handle cleanup. Note that we cannot completely fill in the
	alias until it is inserted. Otherwise, we will have modified the
	file and members parameters even if there was an error. As a result,
	we have to remove those from the leak list after alias_add(), not
	before.
	[6a920646d7d1]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix NUL termination when parsing a sudoers file with no ending
	newline. oss-fuzz issue #30252
	[5c75d8e15966]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	sudoersrestart() does not reset state to INITIAL, do it in
	init_lexer(). Fixes spurious errors from fuzz_sudoers, which calls
	the parser multiple times.
	[bf2c1c3b82e6]

	* plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c:
	Push lexer leak tracking down into check_fill.c. This lets us track
	things correctly when buffers are realloc()d. Rewrote fill() and
	append() to be more readable.
	[a1e61a4a7aad]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
	Use sudoersrestart() in fuzz_sudoers.c Since we run the parser
	multiple times we need to restart it each time.
	[64792d363f62]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Parser needs user_shost for the %h escape in @include expansion.
	Fixes oss-fuzz issue #30238
	[b043e413be31]

	* INSTALL:
	The --disable-leaks option is not recommended for production use.
	[cb37a56f4e99]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Remove options from the leak list before freeing them. Should fix
	oss-fuzz issue #30236
	[1ee6dac8c027]

	* MANIFEST, include/sudo_iolog.h, lib/iolog/iolog_util.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c:
	Add fuzzer for legacy I/O log info file.
	[3f4ed83660ca]

	* doc/Makefile.in, plugins/sudoers/Makefile.in:
	Fix uninstall target; there were missing line continuation chars.
	GitHub issue #87
	[02cffb51c15c]

2021-02-02  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse_ldif.c:
	Don't close fp in sudoers_parse_ldif() The caller should be the one
	to handle this.
	[e8d830851379]

	* .gitignore, .hgignore:
	Update ignore files.
	[0c8245d8097c]

	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y:
	Got back to calling alias_free() on alias_add() failure. We now need
	to remove the name and members from the leak list
	*before* calling alias_add() since alias_add() will consume them for
	both success and failure.
	[65c95a84f8ca]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	close sudoersin, not fp, and reset it to be safe
	[f616d1c7c09a]

	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Add missing fclose(3) of fmemopen(3) stream; it does not modify the
	data.
	[9207901dcccd]

	* lib/iolog/iolog_json.c:
	Check for unexpected value after checking the name, not before.
	[6f973cc4378d]

	* lib/util/progname.c:
	Allow getprogname() to succeed as long as __progname is present.
	Also simplify the progname code so we only need a single
	implementation.
	[300a29bd117e]

	* lib/iolog/iolog_json.c:
	Fix potential leak of evlog->runuser. Also warn if we find an
	unexpected JSON type.
	[0ec615b3d4e0]

2021-02-01  Todd C. Miller

	* plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Parse into a local parse_tree and add missing cleanup. Since
	parsed_policy is for the sudoers parser we should declare our own.
	[c418d65e7bb4]

	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
	Call init_parser() after parsing to clean up completely.
	[2063d26ab401]

	* MANIFEST, plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/sudoers/test25.in,
	plugins/sudoers/regress/sudoers/test25.json.ok,
	plugins/sudoers/regress/sudoers/test25.ldif.ok,
	plugins/sudoers/regress/sudoers/test25.out.ok,
	plugins/sudoers/regress/sudoers/test25.toke.ok,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c:
	Plug a few more parser leaks.
	[c9478efdd65d]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Make parser_leak_remove(type, NULL) a no-op.
	[7699e99a028a]

	* MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
	Add initial fuzzers to be used by oss-fuzz. These are not yet hooked
	up to the sudo build.
	[5593a755f359]

	* plugins/sudoers/gc.c, plugins/sudoers/sudoers.h:
	Garbage collect unused gc_remove() function.
	[ff561edd846e]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/testsudoers/test11.sh,
	plugins/sudoers/regress/testsudoers/test12.sh,
	plugins/sudoers/regress/testsudoers/test13.sh,
	plugins/sudoers/regress/testsudoers/test4.sh,
	plugins/sudoers/regress/testsudoers/test5.sh:
	The parser should be leak free, re-enable leak detection in ASAN.
	[a89599540a5a]

	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
	Add garbage collection to the sudoers parser to clean up on error.
	This makes it possible to avoid memory leaks when there is a parse
	error.
	[ef739da324bb]

2021-01-31  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_ldap.h:
	Move new_member_all to ldap_util.c, it is only used by ldap/sssd.
	[9df2efb6956a]

2021-01-30  Todd C. Miller

	* lib/iolog/iolog_json.c:
	Fix crashes trying to parse invalid JSON. Found locally using
	libfuzzer/oss-fuzz.
	[b74c8c260d60]

	* lib/iolog/iolog_json.c:
	Plug memory leak if a key is listed more than once in the log.json
	file.
	[764ef247f13e]

	* lib/iolog/regress/iolog_json/check_iolog_json.c:
	Fix crash when file does not exist.
	[55a46b75e6ed]

	* plugins/sudoers/gentime.c:
	Strict tz offset parsing. Fixes an out of bounds read found locally
	using libfuzzer/oss-fuzz.
	[72266f1af75d]

	* plugins/sudoers/ldap_util.c:
	Don't leak memory for duplicate command options. The last option
	wins but we also now warn about the duplicate. Found locally using
	libfuzzer/oss-fuzz.
	[f1cd342e62f7]

	* plugins/sudoers/ldap_util.c:
	Copy command options when converting a sudoRole with multiple
	sudoCommands. A sudoRole with multiple sudoCommands is converted to
	a privilege with multiple cmndspecs. However, we were not copying
	some of the command options to subsequent cmndspecs in the list.
	[d8309574a756]

	* plugins/sudoers/parse_ldif.c:
	Fix memory leak if the last line is folded. Fixes issue 30080 by
	ClusterFuzz-External
	[404f38aa19a6]

	* INSTALL, configure, configure.ac:
	Add --disable-leaks configure option. This enables the extra freeing
	of memory before exit also enabled by --enable-asan. To be used by
	oss-fuzz.
	[faddd42273a4]

	* plugins/sudoers/gentime.c:
	Stricter parsing of generalized time. Fixes potential out of bounds
	read found by libfuzzer/oss-fuzz.
	[4548e29ea5e0]

2021-01-29  Todd C. Miller

	* plugins/sudoers/parse_ldif.c:
	Don't bother calling ldif_to_sudoers() if there are no roles to
	convert.
	[242394d46fb1]

	* lib/iolog/iolog_json.c:
	In json_stack_push() treat stack exhaustion like memory allocation
	failure. Return NULL instead of treating as a fatal error. This
	should make life a little easier for oss-fuzz.
	[84c7c3b7971a]

	* plugins/sudoers/sudoers.c:
	Update comment about return values for resolve_host().
	[0e92fe582db1]

	* plugins/sudoers/logging.c, plugins/sudoers/policy.c:
	Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4.
	init_eventlog_config() is called immediately after initializing the
	Defaults settings, which is before struct sudo_user is setup. This
	adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
	after the invoking user is determined. Reported by Roman Fiedler.
	[e0d4f196ba02]

2021-01-28  Todd C. Miller

	* MANIFEST:
	Add plugins/sudoers/strvec_join.c
	[1dfeb8ab9fdb]

	* plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.c:
	Fix compilation on systems without a native strlcpy() function.
	[7b28feb4350a]

	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Break up the long help string into multiple printf() statements. AIX
	xlc compiler doesn't like cpp directives in between strings. Also
	fixes a complaint from cppcheck and makes translation easier.
	[e55b4061f598]

	* plugins/sudoers/regress/unescape/check_unesc.c,
	plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.h:
	strvec_join: free result on error and actually use separator char
	[801546807a8a]

2021-01-27  Todd C. Miller

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/unescape/check_unesc.c:
	Test strvec_join() using strlcpy_unesc(). Emulates an overflow like:
	sudoedit -s '\' `perl -e 'print "A" x 65536'`
	[8d9a063adde5]

	* plugins/sudoers/Makefile.in, plugins/sudoers/strvec_join.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Refactor code to flatten an argument vector into a string. This is
	used when building up the user_args string.
	[a6ae655d91a1]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/unescape/check_unesc.c,
	plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Add strlcpy_unescape() function to undo escaping from front-end.
	Includes unit test.
	[abfaa390d275]

	* plugins/sudoers/parse_ldif.c:
	Add missing check for reallocarray() failure. Found by OSS-Fuzz.
	[fcda06966ed7]

2021-01-26  Todd C. Miller

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
	plugins/python/python_convmessage.c,
	plugins/python/sudo_python_module.c:
	Remove Py_SSIZE2SIZE to quiet cppcheck warnings. Tuple size cannot
	be negative and we already handle the case where it is zero.
	[d6ec5e558a0e]

	* src/parse_args.c:
	The program name may now only be "sudo" or "sudoedit". We no longer
	need to check for any string that ends in "edit".
	[caed524c6ba0]

2021-01-23  Todd C. Miller

	* plugins/sudoers/timestamp.c:
	Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL.
	We want to zero the struct starting at flags, not type (which was
	just set). Found by Qualys.
	[09f98816fc89]

	* src/parse_args.c:
	Don't assume that argv is allocated as a single flat buffer. While
	this is how the kernel behaves it is not a portable assumption. The
	assumption may also be violated if getopt_long(3) permutes
	arguments. Found by Qualys.
	[c125fbe68783]

	* NEWS, configure, configure.ac:
	Sudo 1.9.5p2
	[89a357d8da4e]

	* src/parse_args.c:
	Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. This is
	consistent with how the -e option is handled. Also reject -H and -P
	flags for sudoedit as was done in sudo 1.7. Found by Qualys, this is
	part of the fix for CVE-2021-3156.
	[9b97f1787804]

	* plugins/sudoers/policy.c:
	Add sudoedit flag checks in plugin that are consistent with front-
	end. Don't assume the sudo front-end is sending reasonable mode
	flags. These checks need to be kept consistent between the sudo
	front-end and the sudoers plugin.
	[a97dc92eae6b]

	* plugins/sudoers/sudoers.c:
	Fix potential buffer overflow when unescaping backslashes in
	user_args. Also, do not try to unescaping backslashes unless in run
	mode *and* we are running the command via a shell. Found by Qualys,
	this fixes CVE-2021-3156.
	[049ad90590be]

2021-01-22  Fabrice Fontaine

	* lib/eventlog/Makefile.in:
	lib/eventlog/Makefile.in: fix static build without closefrom

	Since version 1.9.4 and https://github.com/sudo-
	project/sudo/commit/bd1ca79cca827a92e904f022e49df121931d4ff5, when
	closefrom is not available, libsudo_eventlog.a depends on
	libsudo_util.a. So reflect this dependency in the libtool file to
	avoid the following static build failure of logsrvd:

	/bin/bash ../libtool --tag=disable-static --mode=link
	/home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
	linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o
	logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro
	../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la
	../lib/logsrv/liblogsrv.la /bin/bash ../libtool --tag=disable-static
	--mode=link
	/home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
	linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,--
	enable-new-dtags -Wl,-z,relro ../lib/iolog/libsudo_iolog.la
	../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
	libtool: link:
	/home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
	linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o
	logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro
	../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instanc
	e-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a
	-lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a
	../lib/logsrv/.libs/liblogsrv.a
	/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-
	toolchain/bin/../lib/gcc/powerpc-buildroot-linux-
	uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld:
	../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function
	`send_mail.constprop.1': eventlog.c:(.text+0x149c): undefined
	reference to `sudo_closefrom' collect2: error: ld returned 1 exit
	status

	Fixes:
	 - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f
	4dc10eb3b54

	Signed-off-by: Fabrice Fontaine <fontaine.fabrice@...>
	[4e42d276c336]

2021-01-21  Todd C. Miller

	* plugins/sudoers/log_client.c:
	Do not add an unfinished write buffer to the queue if it is already
	present. In client_msg_cb() we only remove a buffer from the queue
	when it is finished. Inserting the buf again can cause a cycle in
	the queue.
	[b398dcc0933d]

2021-01-20  Todd C. Miller

	* plugins/sudoers/log_client.c:
	Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can
	happen when the socket cannot be written to immediately. We need to
	set the read_instead_of_write flag in that case, _not_
	write_instead_of_read. Also sync comments with sendlog.c. Bug #954
	[e4239bb932aa]

2021-01-18  Pavel Březina

	* plugins/sudoers/auth/pam.c:
	pam: pass KRB5CCNAME to pam_authenticate environment if available

	If a PAM module wants to authenticate user using GSSAPI, the
	authentication is broken if non-default ccache name is used in
	KRB5CCNAME environment variable.

	One way to mitigate this would be to add this to env_keep, but this
	also makes the variable available in the executed command which may
	not be always desirable.

	This patch sets KRB5CCNAME for pam_authenticate only, if it is
	available and not yet set.
	[90aba6ba6e03]

2021-01-15  Todd C. Miller

	* lib/util/progname.c:
	Fix setprogname() emulation on systems without it. For fully-
	qualified paths, store the string starting after the last slash, not
	at the slash itself.
	[111fde52d116]

2021-01-11  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.5p1
	[2dbbab94d4b6]

	* src/sudo_edit.c:
	Run the editor with the user's real and effective uid and gid. Fixes
	a bug introduced in sudo 1.9.5 where the editor was run setuid root
	unless SELinux RBAC was in use.
	[30fe53c07aa7]

	* NEWS:
	fix typo
	[52e7767881ba]

	* src/copy_file.c, src/edit_open.c:
	Add casts to quiet two warnings on Solaris.
	[f76126f6d68d]

2021-01-09  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.5.
	[49dae07bda23]

2021-01-08  Todd C. Miller

	* NEWS, configure, configure.ac, doc/LICENSE, etc/sudo-logsrvd.pp,
	etc/sudo-python.pp, etc/sudo.pp:
	Sudo 1.9.5
	[3a0e500981a8]

	* doc/sudoers.man.in, doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/policy.c:
	Allow SELinux support to be disabled via the sudoers file. Defaults
	to true if sudo is built with SELinux support and SELinux is not
	disabled on the system.
	[c457eaae8692]

2021-01-06  Todd C. Miller

	* plugins/python/python_importblocker.c:
	Add a comment to verify_import() to clarify its purpose.
	[30ef680f4104]

	* lib/eventlog/eventlog.c, lib/util/arc4random.c,
	lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
	plugins/python/python_convmessage.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
	src/exec_common.c, src/sesh.c, src/sudo.c, src/sudo_edit.c:
	Suppress PVS Studio false positives.
	[077f46549351]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Plug a memory leak in sudoerserrorf().
	[a3c14cf0283e]

	* plugins/sudoers/editor.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap_util.c, plugins/sudoers/parse.h,
	plugins/sudoers/starttime.c, plugins/sudoers/tsgetgrpw.c,
	src/ttyname.c:
	Quiet a few harmless cppcheck warnings.
	[ab123790b3fd]

	* src/copy_file.c, src/sudo_edit.c:
	In sudoedit, use sudo_check_temp_file() for non-SELinux too.
	[b5d5bd506487]

	* MANIFEST, src/Makefile.in, src/edit_open.c, src/sesh.c,
	src/sudo_edit.c, src/sudo_edit.h, src/sudo_exec.h:
	Move safe open code out of sudo_edit.c and into edit_open.c.
	[108fcca05798]

	* src/Makefile.in, src/edit_open.c, src/sesh.c, src/sudo_edit.c,
	src/sudo_edit.h:
	Add directory writability checks for SELinux RBAC sudoedit. These
	were never added to the SELinux RBAC path.
	[0d4f28b5a8e2]

	* src/edit_open.c, src/exec.c, src/exec_pty.c, src/sesh.c, src/sudo.c,
	src/sudo.h, src/sudo_edit.c, src/sudo_edit.h, src/tgetpass.c:
	Add struct sudo_cred to hold the invoking or runas user credentials.
	We can use this when we need to pass around credential info instead
	of the user_details and command_details structs.
	[20594f3f00c1]

	* src/edit_open.c, src/sesh.c, src/sudo_edit.c, src/sudo_edit.h:
	Rename run_cred -> cur_cred and stash existing creds in
	set_tmpdir(). For sudo_edit_open() et al what we need is a copy of
	the current cred to restore after dir_is_writable() changes to the
	user cred.
	[dcfce8a11282]

	* configure, configure.ac, include/sudo_compat.h, lib/util/progname.c:
	Add setprogname(3) for those without it.
	[e2f1d1ecedb0]

	* src/sesh.c, src/sudo_edit.c:
	Split up sesh_sudoedit() so it is organized more like sudo_edit.c.
	The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles()
	functions are analogous to sudo_edit_create_tfiles() and
	sudo_edit_copy_tfiles(). Also use "sudoedit" in the warning/error
	messages from sesh_sudoedit(). Otherwise, the user gets a mix of
	messages from sudoedit and sesh.
	[5510be4b2129]

	* Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Remove the --force option from the cppcheck args, it causes errors.
	[57f2ad72e874]

	* include/sudo_util.h, lib/util/progname.c, lib/util/util.exp.in,
	src/sudo.c:
	For sudo, only allow "sudo" or "sudoedit" as the program name. The
	program name is also used when matching Debug lines in sudo.conf. We
	don't want the user to be able to influence sudo.conf Debug
	matching. The string "sudoedit" is treated the same as "sudo" in
	sudo.conf. Problem reported by Matthias Gerstner of SUSE.
	[1d32c53859f9]

	* lib/iolog/iolog_fileio.c, lib/util/sudo_debug.c,
	plugins/group_file/getgrent.c, plugins/sudoers/linux_audit.c,
	plugins/sudoers/tsgetgrpw.c:
	Check the return value of fcntl() when setting FD_CLOEXEC. This
	should never fail unless the fd is invalid. Problem reported by
	Matthias Gerstner of SUSE.
	[f1ca39a0d870]

	* src/sudo_edit.c:
	Fix potential directory existing info leak in sudoedit. When
	creating a new file, sudoedit checks to make sure the parent
	directory exists so it can provide the user with a sensible error
	message. However, this could be used to test for the existence of
	directories not normally accessible to the user by pointing to them
	with a symbolic link when the parent directory is controlled by the
	user. Problem reported by Matthias Gerstner of SUSE.
	[ea19d0073c02]

	* src/copy_file.c, src/sesh.c, src/sudo_edit.c, src/sudo_exec.h:
	Add security checks before using temp files for SELinux RBAC
	sudoedit. Otherwise, it may be possible for the user running
	sudoedit to replace the newly-created temporary files with a
	symbolic link and have sudoedit set the owner of an arbitrary file.
	Problem reported by Matthias Gerstner of SUSE.
	[8fcb36ef422a]

	* plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ko.mo,
	po/ko.po, po/sr.mo, po/sr.po, po/sv.mo, po/sv.po:
	Updated translations from translationproject.org
	[e68c92c767f1]

2021-01-04  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Use debug_return_int() not debug_return_bool() to return -1. Found
	by PVS Studio.
	[f1f67ca51aeb]

	* plugins/sudoers/logging.c:
	Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown
	user.
	[d1a3f0f4d0f9]

2021-01-03  Todd C. Miller

	* plugins/sudoers/check.c:
	Make sure lecture file is a regular file before reading it.
	[c9c68eff1e45]

2021-01-02  Todd C. Miller

	* Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
	lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/group_file/plugin_test.c, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/parse.h,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Minor fixes pointed out by cppcheck. Also add
	compareBoolExpressionWithInt to suppression list.
	[52316819700e]

	* logsrvd/logsrvd.c:
	Avoid potential use after free with eventlog-only connections.
	Coverity CID 215884.
	[cca5cffabe42]

	* src/exec.c:
	Cannot do direct exec of a command when SELinux RBAC is enabled.
	[2706b0fc1451]

	* MANIFEST, configure, configure.ac, include/sudo_compat.h,
	lib/util/Makefile.in, lib/util/pread.c, lib/util/pwrite.c,
	scripts/mkdep.pl:
	Add emulation of pread(3) and pwrite(3) for systems without them.
	This makes it possible to remove some ugly #ifdefs and only affects
	very old systems.
	[1c2a31bda598]

	* lib/iolog/iolog_fileio.c, plugins/sudoers/match_command.c,
	plugins/sudoers/timestamp.c:
	Remove #ifdefs around code using pread(3) and pwrite(3).
	[3830fdf650df]

	* plugins/sudoers/Makefile.in:
	Regen now that ldap.c and sssd.c no longer need gram.h
	[5cc4e107f301]

2020-12-30  Todd C. Miller

	* lib/util/fatal.c:
	Fix deregistration of a callback that is not at the head of the
	list. The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought
	it did. Just store our own prev pointer and use that instead.
	[04c290fe1fcb]

2020-12-21  Todd C. Miller

	* src/net_ifs.c:
	Fix the buffer size parameter when serializing the interface list.
	Problem reported by Matthias Gerstner of SUSE.
	[b0cae3ac8e46]

2020-12-20  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.4p2
	[8bb8ec358990]

	* plugins/sudoers/sudoers.c:
	The runas user must be set before applying runas-based Defaults.
	This effectively backs out changeset f738f5ac5350, which made it
	possible to log the command when an invalid user was specified. The
	policy plugin API doesn't supply the command until the check
	function, at which point we've already denied the command due to the
	invalid user. Bug #951.
	[8a415f555cf9]

2020-12-18  Todd C. Miller

	* etc/uncrustify-small.cfg, etc/uncrustify.cfg:
	Don't enable mod_remove_empty_return We like to use an empty return
	for stub functions.
	[018ef129dc24]

2020-12-16  Todd C. Miller

	* plugins/sudoers/policy.c:
	The lower bounds for the "closefrom" option is 3, not 4. This is a
	regression introduced in sudo 1.8.9 with the strtonum() conversion.
	Bug #950.
	[fb06603b9a12]

2020-12-15  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.4p1
	[59c37ec1a128]

2020-12-11  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Direct execution of a command is incompatible with using a log
	server.
	[91afbbde217a]

	* plugins/sudoers/audit.c:
	Set sudoers_audit.close to NULL if not using a log server.
	[231abb92a3b2]

2020-12-08  Todd C. Miller

	* config.guess, config.h.in, config.sub, configure, configure.ac:
	Regenerate configure script with autoconf 2.71. Also fix some
	warnings from the new version.
	[cd1c7615e861]

2020-12-07  Todd C. Miller

	* config.h.in, configure, configure.ac, src/sudo.c:
	Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups.
	On macOS 10.6 and above, getgroups(2) can return more than
	NGROUPS_MAX if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is
	defined. Bug #946
	[2e7d3c3cf18b]

2020-12-05  Todd C. Miller

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
	Comment out the default plugin lines in the example sudo.conf. Fixes
	a problem when there are multiple versions of sudo installed and not
	all suport the audit plugin, such as on macOS. GitHub issue #75
	[aaed5d7a3471]

	* plugins/sudoers/logging.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Store the user-provided runas user and group name in struct
	sudo_user. This makes it available for event logging in case the
	name doesn't resolve.
	[98d70ba8a2a6]

	* plugins/sudoers/logging.c:
	Log submit group to event log.
	[3e7ace99f7f8]

	* plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Store iolog_path in struct sudo_user for use in the event log.
	[35bc39ec8ad5]

2020-12-04  Todd C. Miller

	* plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
	Defer lookup of runas user until sudoers_main() for better logging.
	The log message now includes user info and the command attempted.
	[f738f5ac5350]

	* lib/eventlog/eventlog.c:
	Don't assume that just because command is non-NULL, argv is non-
	NULL.
	[4fac4ae88e4e]

	* plugins/sudoers/logging.c:
	Fix a crash introduced in 1.9.4 when running command as an unknown
	user. Bug #948
	[8b24c140ec7c]

2020-12-03  Todd C. Miller

	* logsrvd/logsrvd.c:
	When shutting down the server, close non-I/O log connections
	immediately. Avoids a timeout during server shutdown while the
	server waits for active connections to close.
	[26bfda2c8f67]

	* src/sudo.c:
	Audit errors from policy_init_session(), audit_accept(), and
	audit_reject().
	[638e583754ac]

	* src/sudo.c:
	Do not run the command if the audit accept function fails. Also add
	warnings if the audit reject or error functions fail.
	[ca94ef438961]

	* plugins/sudoers/log_client.c:
	Reduce the number of error messages when we can't connect to the
	audit server. Add the error string to "unable to connect to log
	server" instead of using an extra error message for the connect(2)
	failure.
	[25ac7ac5bfdf]

	* plugins/sudoers/log_client.c:
	Use correct error message when the TLS connection is dropped. Was:
	"recv: Unknown error 0", now: "lost connection to log server".
	[5c3f319b1f75]

2020-12-02  Todd C. Miller

	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h:
	Change alias_add() to return bool and set errno on failure. This
	fixes a localization problem where the error message could have been
	reported in the wrong locale.
	[1859fe3da40c]

2020-11-30  Todd C. Miller

	* lib/eventlog/eventlog.c:
	Fix build when configured using --without-sendmail Bug #947
	[41db1aad85bb]

2020-11-29  Todd C. Miller

	* plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/hr.mo,
	po/hr.po:
	Updated translations from translationproject.org
	[96a5cfe3c66b]

2020-11-24  Todd C. Miller

	* NEWS:
	sudo_logsrvd.conf pid_file change.
	[fdc0276c7e0e]

	* logsrvd/logsrvd.c:
	Don't try to unlink a NULL pointer.
	[95babad9636a]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
	If pid_file is set to an empty value, disable the use of a pid file.
	[d4462105ab4b]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	logsrvd/logsrvd.c:
	Don't overwrite sudo_logsrvd.pid if it is a symbolic link.
	[d79f97a0a533]

	* INSTALL, configure, configure.ac, etc/codespell.exclude,
	plugins/sudoers/env.c:
	Fix typo detected by codespell 2.0.0 Also avoid some new false
	positives
	[d973f44e2396]

2020-11-23  Todd C. Miller

	* etc/uncrustify-small.cfg, etc/uncrustify.cfg,
	plugins/python/regress/testhelpers.h, plugins/sudoers/env.c,
	plugins/sudoers/sudo_ldap_conf.h:
	Set pp_ignore_define_body=false in uncrustify config. Need to work
	around a bug that produces closed brace errors, see
	https://github.com/uncrustify/uncrustify/issues/2569
	[5e4692fca707]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo,
	po/hr.po, po/it.mo, po/it.po:
	Updated translations from translationproject.org
	[156162e6e07e]

2020-11-18  Todd C. Miller

	* lib/util/sudo_conf.c:
	Fix calling sudo_conf_read() multiple times with different
	conf_types. The change to reinitialize the configuration data when
	sudo_conf_read() is called again didn't take into account that sudo
	calls sudo_conf_read() twice--once for the debug info and once for
	everything else.
	[b6869b7da3c2]

2020-11-17  Todd C. Miller

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
	Don't free the private copy of the environment until the close
	function. We may need to use it when logging from the audit reject
	function.
	[5118eb5797fb]

	* plugins/sudoers/log_client.c:
	It is possible for evlog->argv or evlog->envp to be NULL.
	[798ff96301bf]

	* src/exec_pty.c, src/sudo.c, src/sudo.h:
	Pass command_info[] to audit plugin on I/O log plugin reject or
	error. The audit plugin should cope with a NULL command_info but
	there's no reason not to pass the info when we have it.
	[e361897d0192]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	plugins/sudoers/audit.c:
	For the audit plugin, command_info may be NULL. Fixes a NULL
	dereference in sudoers_audit when an I/O logging plugin rejects
	input/output or returns an error.
	[9abee774e7e1]

	* plugins/sudoers/defaults.c:
	Add missing initialization of def_log_format to sudo.
	[8c824f6dcfdd]

2020-11-16  Todd C. Miller

	* config.h.in, configure, configure.ac:
	Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled.
	Add a check for the function declaration in openssl/ssl.h.
	[d6d0665572ec]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Event log data is sent to sudo_logsrvd even when not I/O logging.
	[d720f4ad3d40]

2020-11-14  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	Regenerate sudoers.pot for 1.9.4
	[127283726e97]

	* NEWS, configure, configure.ac:
	Update for sudo 1.9.4.
	[2cb747911aef]

	* plugins/sudoers/audit.c:
	Update struct eventlog based on command_info[] from front-end. The
	I/O log path is not known until the I/O log plugins have run and
	other plugins may alter the execution environment.
	[3ad14a88052e]

	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/logging.h,
	plugins/sudoers/regress/testsudoers/test13.out.ok,
	plugins/sudoers/toke.h:
	Add sudoerserrorf(), a printf-style yyerror() function. Use this to
	display a better error message when using a reserved work in an
	alias definition.
	[1bb3915f61b6]

2020-11-13  Todd C. Miller

	* scripts/mkpkg:
	Build universal binaries on macOS 11.0 and higher. The resulting
	package should work on Macs based on Apple Silicon.
	[91cdeda79e66]

2020-11-12  Todd C. Miller

	* plugins/sudoers/editor.c:
	Support EDITOR environment variable that includes quotes. Quote
	support is limited to the beginning of a word. Also handles
	characters escaped with a backslash.
	[ebb7f3c6240c]

2020-11-11  Todd C. Miller

	* plugins/python/Makefile.in, plugins/python/pyhelpers.c,
	plugins/python/python_plugin_common.c,
	plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
	check_example_debugging_c_calls@diag.log, plugins/python/regress/tes
	tdata/check_example_debugging_c_calls@info.log, plugins/python/regre
	ss/testdata/check_example_debugging_plugin@info.log, plugins/python/
	regress/testdata/check_example_debugging_py_calls@diag.log, plugins/
	python/regress/testdata/check_example_debugging_py_calls@info.log, p
	lugins/python/regress/testdata/check_example_group_plugin_is_able_to
	_debug.log, plugins/python/regress/testdata/check_example_io_plugin_
	command_log.stored, plugins/python/regress/testdata/check_example_io
	_plugin_command_log_multiple1.stored, plugins/python/regress/testdat
	a/check_example_io_plugin_command_log_multiple2.stored, plugins/pyth
	on/regress/testdata/check_example_io_plugin_failed_to_start_command.
	stored, plugins/python/regress/testdata/check_example_io_plugin_fail
	s_with_python_backtrace.stderr, plugins/python/regress/testdata/chec
	k_example_policy_plugin_validate_invalidate.log, plugins/python/regr
	ess/testdata/check_loading_fails_not_owned_by_root.stderr, plugins/p
	ython/regress/testdata/check_loading_fails_wrong_classname.stderr, p
	lugins/python/regress/testdata/check_loading_fails_wrong_path.stderr
	, plugins/python/regress/testdata/check_multiple_approval_plugin_and
	_arguments.stdout, plugins/python/regress/testdata/check_python_plug
	ins_do_not_affect_each_other.stdout,
	plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h:
	Back out regex use in python tests, filter the output instead. This
	makes it possible to regenerate the test output again. Also adds an
	update_test_data target to the Makefile.
	[3837f51a8072]

	* plugins/sudoers/ldap.c:
	Ignore sudoNotBefore and sudoNotAfter unless ldap.conf contains
	SUDOERS_TIMED This is consistent with the pre-1.8.24 behavior. Bug
	#945
	[d1e1bb5a6cc1]

	* src/sudo.c:
	Stay setuid until just before executing the command. Fixes a problem
	with pam_xauth which checks effective and real uids to get the real
	identity of the user.
	[2c6fef0107c8]

2020-11-10  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
	Introduce new_member_all() for code that doesn't include gram.h. The
	ldap and sssd back-ends no longer require gram.h which fixes a
	compilation issue with IBM LDAP.
	[1729532cda27]

	* lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c:
	On SIGHUP, deregister the old debug instance before registering a
	new one. Otherwise, if debugging is enabled we will get an extra log
	instance each time sudo_logsrvd reeives SIGHUP which results in
	duplicate lines in the debug log.
	[538633994d8a]

2020-11-09  Todd C. Miller

	* plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
	Refactor code to format the client message after the hello.
	[12d29d129166]

	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
	include/log_server.pb-c.h, lib/eventlog/eventlog.c,
	lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c,
	plugins/sudoers/log_client.c:
	Add info_msgs to AlertMessage and populate it. This lets us log
	eventlog info along with the alert if it is available.
	[493a047a4463]

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Use sudoers_to_eventlog() and init_log_details() in
	sudoers_audit_accept(). log_deserialize_info() can be private to
	iolog.c again.
	[0b4e03904f3d]

	* plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
	plugins/sudoers/iolog.c, plugins/sudoers/log_client.c,
	plugins/sudoers/log_client.h, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Log reject and alert messages to the log server if one is defined.
	[087cf87d10af]

	* plugins/sudoers/logging.c:
	Treat an authentication failure as a reject, not an alert. This
	matters when logging via sudo_logsrvd. It also lets us remove a
	special case in vlog_warning().
	[ae489d3f20a8]

	* MANIFEST, config.h.in, configure, configure.ac,
	plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h, plugins/sudoers/log_client.c,
	plugins/sudoers/sudoers.c:
	Rename iolog_client -> log_client. The logsrvd client code is now
	used for more than just I/O logging.
	[ea47ce43bbee]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_plugin.h,
	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
	Rename iolog_plugin.h to log_client.h. It is no longer I/O log
	specific and is used by sudoers_audit too.
	[cde784a59490]

	* configure, configure.ac:
	Remove hack to define YYTOKENTYPE, it breaks newer bison.
	[8b919ef33db7]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h:
	Regenerate with bison 3.7.3
	[9fb81b933c43]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c:
	Use struct eventlog *evlog, not struct eventlog *details.
	[a9b5f3c2902f]

2020-11-06  Todd C. Miller

	* lib/eventlog/eventlog.c:
	For logsrvd AlertMessages, evlog will be NULL.
	[d048f7b429d5]

	* lib/eventlog/eventlog.c:
	Append errstr to reason for alert and reject events if specified.
	Previously, we logged the error string separately but this is not
	consistent with how it is logged in other formats.
	[68c76e530248]

	* plugins/sudoers/logging.c:
	Fix cut & pasto in debug subsystem.
	[c39dd60b6d2d]

2020-11-04  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Refactor code to format InfoMesage array into fmt_info_messages().
	Add free_info_messages() to free the array.
	[e6223d325c77]

	* plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Log accept messages in sudoers_audit if not I/O logging.
	[cdb5c443c97d]

	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Refactor sudoers_io_open_remote() into log_server_open(). Also
	rename client_close() to log_server_close(). This keeps more of the
	client code details out of iolog.c and will be used when logging
	accept messages from the audit plugin.
	[e3f6ba6768b8]

	* plugins/sudoers/iolog.c:
	Move argv and envp setting into iolog_deserialize_info().
	[613b97f1d7bc]

	* logsrvd/logsrvd.c:
	Avoid early return in handle_accept() if expect_iobufs not set.
	[918adc8234f0]

2020-11-02  Todd C. Miller

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
	e_approval_plugin_and_arguments.stdout, src/exec.c,
	src/load_plugins.c:
	Add event_alloc to the audit plugin API. The sudoers audit plugin
	will use this to communicate with sudo_logsrvd.
	[c2fc2911476b]

	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
	Set server_name before initiating TLS connection so verify function
	works. Fixes a crash in the SSL_VERIFY_PEER callback. Also call
	inet_ntop(3) with addr pointer, not sockaddr pointer so we get the
	correct IP address.
	[7a7dcebbe889]

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/sudoers/test18.toke.ok,
	plugins/sudoers/regress/sudoers/test2.ldif.ok,
	plugins/sudoers/regress/sudoers/test3.ldif.ok,
	plugins/sudoers/regress/sudoers/test6.ldif.ok,
	plugins/sudoers/regress/visudo/test2.err.ok,
	plugins/sudoers/regress/visudo/test3.err.ok,
	plugins/sudoers/visudo.c:
	Store column number for aliases, defaults and userspecs too. This is
	used to provided the column number along with the line number in
	error messages. For aliases we store the column of the alias name,
	not the value since that is what visudo generally needs.
	[1c9d86b88517]

2020-11-01  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/regress/testsudoers/test12.out.ok,
	plugins/sudoers/regress/testsudoers/test13.out.ok:
	Display column number in parse error messages too. Bug #841
	[0aea28dec8f2]

	* plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
	Move tls initialized flag into client_closure. We may call
	tls_init() from multiple places in the future so a static
	initialized flag will cause problems.
	[00b2b02c24c5]

	* plugins/sudoers/cvtsudoers_json.c:
	Fix -Wshadow warnings caused by json enum member.
	[ea336980bb6a]

2020-10-30  Todd C. Miller

	* ABOUT-NLS, INSTALL, NEWS, configure.ac, doc/UPGRADE,
	doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/visudo.man.in, doc/visudo.mdoc.in, examples/sudo.conf.in,
	include/compat/getaddrinfo.h, install-sh, lib/util/getaddrinfo.c,
	lib/util/getentropy.c, lib/util/regress/sudo_conf/test1.in,
	lib/util/regress/sudo_parseln/test1.in,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/strtoid.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
	m4/sudo.m4, plugins/group_file/group_file.c,
	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
	plugins/sudoers/editor.c, plugins/sudoers/env.c,
	plugins/sudoers/find_path.c, plugins/sudoers/gram.y,
	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c, src/load_plugins.c, src/sudo.c,
	src/sudo_noexec.c, src/tgetpass.c:
	Apply Google inclusive language guidelines. Also replace backwards
	with backward.
	[678fbce6054f]

2020-10-29  Todd C. Miller

	* doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
	Refernce IBM LDAP libs, not Tivoli since that is how it is packaged.
	We still use Tivoli when talking about the server itself but refer
	to it as the "IBM Tivoli Directory Server".
	[9f97a7e6b67a]

	* doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
	Add a newline before "This option is ..."
	[853f819f0241]

	* doc/sudoers.man.in:
	regen
	[8b29097f2cd1]

2020-10-28  Todd C. Miller

	* lib/eventlog/regress/logwrap/check_wrap.c,
	lib/eventlog/regress/logwrap/check_wrap.in,
	lib/eventlog/regress/logwrap/check_wrap.out.ok:
	Test eventlog_writeln() when word wrap is disabled.
	[73acb7fbef59]

	* configure, configure.ac:
	Bison generates an extra enum containing the parser tokens. This
	conflicts with the IBM ldap.h at least. Prevent it from being
	exposed by defining YYTOKENTYPE.
	[f3445ad76687]

	* configure, configure.ac:
	IBM LDAP packages use a lib64 directory for 64-bit libraries. We
	need to add this to LDFLAGS so the linker is able to find the
	correct libs when building 64-bit binaries.
	[701b83f6cd13]

	* config.h.in, configure, configure.ac, plugins/sudoers/ldap.c:
	Use ssl_err2string() in message on ldap_ssl_client_init() failure.
	Displaying SSL reason code directly is not user-friendly.
	[aaf272403f3e]

2020-10-27  Todd C. Miller

	* lib/eventlog/eventlog.c:
	For JSON logs, write the most important log elements first. This is
	important for syslog where the record could be truncated.
	[58fc957c41bb]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
	Add log_format sudoers setting to select sudo or json format logs.
	Defaults to sudo-format logs.
	[2936d2750af0]

	* include/sudo_json.h, lib/eventlog/eventlog.c, lib/util/json.c:
	Support "minimal" JSON which skips all non-essention whitespace.
	This replaces the old "compact" mode which is only used for syslog.
	[be07bca67019]

	* plugins/sudoers/logging.c:
	Don't warn about log failure more than once.
	[b4dc59a58d1d]

2020-10-26  Todd C. Miller

	* lib/eventlog/eventlog.c:
	Check for fdopen(3) failure in send_mail().
	[e08b17bf26ce]

	* MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
	lib/eventlog/eventlog.c, lib/eventlog/logwrap.c,
	lib/eventlog/regress/logwrap/check_wrap.c,
	lib/eventlog/regress/logwrap/check_wrap.in,
	lib/eventlog/regress/logwrap/check_wrap.out.ok,
	plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h, plugins/sudoers/logwrap.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/logging/check_wrap.in,
	plugins/sudoers/regress/logging/check_wrap.out.ok,
	plugins/sudoers/sudoers.c:
	Add support for file log line wrapping in libeventlog.
	[935c30cf7633]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c:
	Use real setters for the eventlog config. This makes it possible to
	have a base config that the callers can modify instead of replacing
	the config wholesale.
	[2ca1e7d376c2]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
	plugins/sudoers/defaults.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/policy.c, plugins/sudoers/stubs.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
	Use libeventlog in sudoers instead of doing our own logging.
	[d8306755201a]

	* lib/eventlog/eventlog.c, plugins/sudoers/logging.c:
	Log the short version of the tty in sudoers-format logs. This is
	consistent with historical practice.
	[69440e4659a8]

	* lib/eventlog/eventlog.c:
	Add default values in eventlog_setconf().
	[582d359a8ec0]

	* include/sudo_eventlog.h, lib/eventlog/Makefile.in,
	lib/eventlog/eventlog.c, logsrvd/logsrvd.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c,
	plugins/sudoers/logging.h:
	Add support for mailing eventlog entries and for logging raw
	messages. These will be used by the sudoers plugin.
	[acab8209ddd0]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	lib/iolog/iolog_fileio.c:
	If no JSON callback is provided, store the contents of struct
	eventlog. This moves the JSON formatting of struct eventlog out of
	libsudo_iolog and into libsudo_eventlog where it belongs.
	[260a7ec65485]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c:
	struct eventlog contains submit_time, no need to pass it in
	directly.
	[a3ac404e6a59]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c:
	Add an errstr argument to eventlog_alert().
	[e2afd2f1c092]

	* plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
	Make a copy of the strings stored in iolog_details and struct
	eventlog. Previously, we just made the strings const and relied on
	the front-end not changing them. Now the sudoers I/O log plugin
	behavior is consistent with the policy plugin.
	[406632298bd5]

	* plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
	Use struct eventlog in iolog_details.
	[c22e05f420fe]

	* include/sudo_eventlog.h, include/sudo_iolog.h,
	lib/eventlog/eventlog.c, lib/iolog/Makefile.in,
	lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
	lib/iolog/iolog_util.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
	logsrvd/sendlog.h, plugins/sudoers/Makefile.in,
	plugins/sudoers/iolog.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoreplay.c:
	Use struct eventlog in place of struct iolog_info.
	[9fef7a5f077b]

	* logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	No longer need eventlog-related getters in logsrvd.c
	[e3ab80a9a892]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	Use libeventlog in sudo_logsrvd.
	[3dd22be50c30]

	* MANIFEST, Makefile.in, configure, configure.ac,
	include/sudo_eventlog.h, lib/eventlog/Makefile.in,
	lib/eventlog/eventlog.c, logsrvd/logsrvd.h:
	Refactor eventlog code into a library
	[2e02c25be009]

2020-10-20  Todd C. Miller

	* lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
	logsrvd/Makefile.in, plugins/python/Makefile.in,
	plugins/sudoers/Makefile.in, src/Makefile.in:
	regen Makefiles
	[d9064a0c53ae]

	* scripts/mkpkg:
	Build 64-bit binaries on HP-UX ia64
	[3f8b599e7d7f]

2020-10-16  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	Explicitly set umask when running tests. Some tests create files
	that must not be world-writable.
	[9186ea1d2696]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	sudoers_policy_store() -> sudoers_policy_store_result()
	[3dad5322916b]

2020-10-14  Todd C. Miller

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). It is
	called even when there is no command to execute. Also pass in status
	of whether or not the command was accepted.
	[a0ded23e81c4]

2020-10-10  Todd C. Miller

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/cvtsudoers/test1.sh,
	plugins/sudoers/regress/cvtsudoers/test10.sh,
	plugins/sudoers/regress/cvtsudoers/test11.sh,
	plugins/sudoers/regress/cvtsudoers/test12.sh,
	plugins/sudoers/regress/cvtsudoers/test13.sh,
	plugins/sudoers/regress/cvtsudoers/test14.sh,
	plugins/sudoers/regress/cvtsudoers/test15.sh,
	plugins/sudoers/regress/cvtsudoers/test16.sh,
	plugins/sudoers/regress/cvtsudoers/test17.sh,
	plugins/sudoers/regress/cvtsudoers/test18.sh,
	plugins/sudoers/regress/cvtsudoers/test19.sh,
	plugins/sudoers/regress/cvtsudoers/test2.sh,
	plugins/sudoers/regress/cvtsudoers/test20.sh,
	plugins/sudoers/regress/cvtsudoers/test21.sh,
	plugins/sudoers/regress/cvtsudoers/test22.sh,
	plugins/sudoers/regress/cvtsudoers/test23.sh,
	plugins/sudoers/regress/cvtsudoers/test24.sh,
	plugins/sudoers/regress/cvtsudoers/test25.sh,
	plugins/sudoers/regress/cvtsudoers/test26.sh,
	plugins/sudoers/regress/cvtsudoers/test27.sh,
	plugins/sudoers/regress/cvtsudoers/test28.sh,
	plugins/sudoers/regress/cvtsudoers/test29.sh,
	plugins/sudoers/regress/cvtsudoers/test3.sh,
	plugins/sudoers/regress/cvtsudoers/test30.sh,
	plugins/sudoers/regress/cvtsudoers/test31.sh,
	plugins/sudoers/regress/cvtsudoers/test32.sh,
	plugins/sudoers/regress/cvtsudoers/test33.sh,
	plugins/sudoers/regress/cvtsudoers/test4.sh,
	plugins/sudoers/regress/cvtsudoers/test5.sh,
	plugins/sudoers/regress/cvtsudoers/test6.sh,
	plugins/sudoers/regress/cvtsudoers/test7.sh,
	plugins/sudoers/regress/cvtsudoers/test8.sh,
	plugins/sudoers/regress/cvtsudoers/test9.sh,
	plugins/sudoers/regress/testsudoers/test1.sh,
	plugins/sudoers/regress/testsudoers/test10.sh,
	plugins/sudoers/regress/testsudoers/test11.sh,
	plugins/sudoers/regress/testsudoers/test12.sh,
	plugins/sudoers/regress/testsudoers/test13.sh,
	plugins/sudoers/regress/testsudoers/test14.sh,
	plugins/sudoers/regress/testsudoers/test15.sh,
	plugins/sudoers/regress/testsudoers/test2.sh,
	plugins/sudoers/regress/testsudoers/test3.sh,
	plugins/sudoers/regress/testsudoers/test4.sh,
	plugins/sudoers/regress/testsudoers/test5.sh,
	plugins/sudoers/regress/testsudoers/test6.sh,
	plugins/sudoers/regress/testsudoers/test7.sh,
	plugins/sudoers/regress/testsudoers/test8.sh,
	plugins/sudoers/regress/testsudoers/test9.sh,
	plugins/sudoers/regress/visudo/test1.sh,
	plugins/sudoers/regress/visudo/test10.sh,
	plugins/sudoers/regress/visudo/test2.sh,
	plugins/sudoers/regress/visudo/test3.sh,
	plugins/sudoers/regress/visudo/test4.sh,
	plugins/sudoers/regress/visudo/test5.sh,
	plugins/sudoers/regress/visudo/test6.sh,
	plugins/sudoers/regress/visudo/test7.sh,
	plugins/sudoers/regress/visudo/test8.sh,
	plugins/sudoers/regress/visudo/test9.sh:
	Pass path to testsudoers, visudo or cvtsudoers in the environment.
	Falls back on the unqualified command if the environment variable is
	not set.
	[a7b8c413b66d]

2020-10-09  Todd C. Miller

	* plugins/sudoers/sssd.c:
	Init cmnds to NULL in rule_to_priv() so we don't free a bogus
	pointer. In the sssd backend, the rule_to_priv() cleanup code
	assumes cmnds can be passed to fn_free_values(), which was not the
	case if we receive an error getting values for "sudoCommand". This
	is a regression introduced in sudo 1.9.1. Fix from Ron Bowes. GitHub
	issue #67.
	[a3fe4615f039]

2020-10-06  Todd C. Miller

	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
	plugins/sudoers/parse.h:
	Pass runchroot to match_digest() too. We use the open fd for the
	actual I/O but having runchroot makes it possible to report the
	correct file name in error messages.
	[2e1d142e2fe5]

2020-10-04  Todd C. Miller

	* NEWS:
	GitHub issue #61 was fixed in sudo 1.9.3.
	[55e54b3111f0]

2020-09-29  Todd C. Miller

	* plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
	Fix indentation of enum def_tuple.
	[237db08cc1a3]

2020-09-28  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Remove special case EOF handling; lines now always end in a newline.
	Previously we needed to emulate some of the state transitions that
	happen at end-of-line at end-of-file as well. Those are no longer
	needed now that we are guaranteed to always have a newline at the
	end.
	[4c0c21b081f7]

2020-09-27  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Increment sudolinebuf.size after realloc().
	[b871905c3442]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y,
	plugins/sudoers/regress/sudoers/test13.toke.ok,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Add a newline at end of line if one is missing. This is simpler than
	having to support entries that end at EOF too.
	[cb335acb1064]

	* MANIFEST, plugins/sudoers/regress/testsudoers/test14.out.ok,
	plugins/sudoers/regress/testsudoers/test14.sh,
	plugins/sudoers/regress/testsudoers/test15.out.ok,
	plugins/sudoers/regress/testsudoers/test15.sh:
	Add tests for entries without a newline.
	[98a50d8301a8]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix handling of a command spec without a newline at the end. For
	include files, we may need to inject a newline token now that the
	grammar requires lines to end with a newline or EOF. There is no END
	(EOF) token processed after popping off an include file since
	everything is just treated as one big file.
	[3e6c62ea7237]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Mark sudoerserror() messages for translation.
	[d6a173cea48b]

	* plugins/sudoers/regress/sudoers/test8.toke.ok,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix line number accounting when a string contains a newline. Strings
	are not allowed to span multiple lines without a continuation
	character. Also provide a better error message if we are in the
	middle of a string and hit EOF.
	[cf34b0a3beba]

2020-09-26  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Use sudoerschar (yychar) instead of last_token. The parser already
	provides a way to examing the last token processed, we don't need to
	add our own.
	[ba35fe36bd56]

2020-09-25  Todd C. Miller

	* lib/util/closefrom.c, lib/util/getentropy.c, lib/util/pipe2.c,
	lib/util/term.c, lib/util/ttyname_dev.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/env.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/gmtoff.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.h, plugins/sudoers/policy.c,
	plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	plugins/system_group/system_group.c, src/load_plugins.c, src/sudo.c,
	src/sudo_plugin_int.h, src/tgetpass.c, src/ttyname.c:
	Fix -Wshadow warnings.
	[5480e97a1160]

	* configure, configure.ac:
	Add -Wshadow to warning flags if the compiler supports it.
	[6f29b5ebc2b8]

	* MANIFEST, plugins/sudoers/regress/testsudoers/test13.out.ok,
	plugins/sudoers/regress/testsudoers/test13.sh:
	Add test for syntax error when defining an alias using a reserved
	word.
	[4c90b3952ed1]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Fix pasto, TIMEOUT not CMND_TIMEOUT.
	[842ad3a578f2]

	* NEWS, doc/UPGRADE, doc/sudoers.man.in, doc/sudoers.man.in.sed,
	doc/sudoers.mdoc.in:
	Document reserved words that cannot be used as alias names. Bug #941
	[4b37a2174cd2]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/sudoers_version.h:
	Detect when a reserved word is used when declaring an alias. Now
	instead of "syntax error, unexpected CHROOT, expecting ALIAS" the
	message is "syntax error, reserved word used as an alias name" Bug
	#941
	[dfc55de5526c]

2020-09-23  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Fix potential NULL deref in debug code.
	[c6b8910ac7dc]

	* plugins/sudoers/getspwuid.c:
	Close the passwd db before calling getpwnam_shadow(3). Otherwise, we
	will get the non-shadow passwd entry ("*") since we called
	setpassent(3) earlier to keep the passwd db open.
	[71ee5e16e4c5]

	* configure, configure.ac:
	Fix configure test for crypt(3) when it is present in libc. Fixes a
	regression introduced in sudo 1.9.3.
	[0d77733de667]

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
	Add SLOG_AUDIT flag for log_warningx() to also audit the message.
	This lets us combine audit_failure() and log_warningx() calls with
	the same message.
	[23a8a5eab2ff]

	* plugins/sudoers/sudoers.c:
	Log when user-specified command line options are rejected by
	sudoers. We already audit those but in some cases they were not
	logged as well.
	[30d991993763]

	* NEWS, configure, configure.ac:
	Update for sudo 1.9.3p1
	[0cbbb7608c3f]

2020-09-20  Todd C. Miller

	* configure, configure.ac:
	Move warning about plaintext password to the end of configure. It is
	unlikely to be noticed at the beginning of the output.
	[b3b5abcedc73]

2020-09-19  Todd C. Miller

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo,
	po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po:
	Updated translations from translationproject.org
	[54b5484b2756]

2020-09-18  Todd C. Miller

	* config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c:
	Use a simple string compare on systems without crypt(3). This is
	only used on systems without PAM, BSD authentication or AIX
	authentication. Bug #940.
	[aed39197f364]

	* src/utmp.c:
	Fix typo in last commit.
	[30a77a50f7b2]

2020-09-17  Todd C. Miller

	* src/sudo_edit.c:
	Only use faccessat(3) if AT_EACCESS is defined. Apparently Android
	(bionic) has faccessat() but not AT_EACCESS. Bug #940.
	[18604919a023]

	* src/utmp.c:
	Guard use of ttyslot() with HAVE_TTYSLOT, fix guard for
	utmp_setid(). This should make it easier to compile sudo on Android
	which doesn't provide a way to write to the utmp file. Bug #940.
	[69fe5b8426cd]

2020-09-16  Todd C. Miller

	* po/zh_CN.mo, po/zh_CN.po:
	Updated translations from translationproject.org
	[ef72535d71a5]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo,
	po/it.po, po/ja.mo, po/ja.po, po/pl.mo, po/pl.po, po/pt.mo,
	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, po/sr.po, po/tr.mo,
	po/tr.po, po/uk.mo, po/uk.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[48fdb293a803]

	* configure, configure.ac, plugins/sudoers/po/sudoers.pot:
	Back out sudo 1.9.3b1 version change.
	[70cee88da8b1]

2020-09-14  Todd C. Miller

	* NEWS, configure, configure.ac, plugins/sudoers/defaults.c,
	plugins/sudoers/po/sudoers.pot:
	Fix typo in warning for T_CHPATH, list '~' not '*' twice. Bug #938
	[d516bebe9644]

2020-09-12  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.3.
	[47cedd231dd6]

2020-09-10  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Add missing check for strdup() failure. Coverity CID 214243
	[86cf4da0cd81]

	* examples/sudoers:
	Sync example sudoers with manual page.
	[1ccf32907f11]

2020-09-09  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add simple runchroot and runcwd examples. Also document the
	limitation of command-based Defaults settings.
	[6a610884670c]

	* plugins/sudoers/sudoers.c:
	Add callback for runchroot Defaults and require password -D/-R
	checks. Using a command-based Default for runchroot will still only
	work for paths that exist both in and outside the chroot.
	[a50148e16b89]

	* plugins/sudoers/defaults.c, plugins/sudoers/match.c,
	plugins/sudoers/match_command.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c:
	Pass a struct to the match functions to track the resolved command.
	This makes it possible to update user_cmnd and cmnd_status modified
	by per-rule CHROOT settings.
	[c71faa1f5ea1]

	* plugins/sudoers/defaults.c, plugins/sudoers/editor.c,
	plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/match.c, plugins/sudoers/match_command.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
	Take the chroot into account when search for the command. This could
	a a user-specific chroot via the -R option, a runchroot Defaults
	value, or a per-command CHROOT spec in the sudoers rule.
	[d8765611b48c]

2020-09-06  Todd C. Miller

	* configure, configure.ac:
	Remove closefrom_fallback() from lib/util/util.exp. It is a static
	function and should not be exported.
	[dc09dc563197]

2020-09-06  Evan Anderson

	* configure, m4/sudo.m4:
	configure: Fix runstatedir handling for distros that do not support
	it

	runstatedir was added in yet-to-be released autoconf 2.70. Some
	distros are shipping this addition in their autoconf packages, but
	others, such as Fedora, are not. This causes the rundir variable to
	be set incorrectly if the configure script is regenerated with an
	unpatched autoconf since the runstatedir variable set is deleted
	after regeneration. This change works around that problem by
	checking that runstatedir is non-empty before potentially using it
	to set the rundir variable
	[35c1eb25dd9d]

2020-09-05  Todd C. Miller

	* lib/util/Makefile.in:
	We need to link with NET_LIBS for gai_strerror() on some systems.
	From Tim Rice
	[b10aeb7ec2ed]

	* ltmain.sh:
	Fix sco library versioning; fallout from frebsd-elf reorg. From Tim
	Rice
	[072a37c2d3cb]

	* configure, configure.ac:
	SVR4/5 fixes and long password support for OpenServer 6 & 5. From
	Tim Rice
	[8622970c77c3]

	* lib/logsrv/protobuf-c.c:
	Use config.h to handle systems without inline function support.
	[1ba5301de713]

	* configure, configure.ac:
	Prefer dlopen() over shl_load() on HP-UX 11.11 and higher.
	[065316970f79]

	* include/sudo_fatal.h, lib/util/fatal.c:
	Define sudo_warn_setlocale_t and use sudo_conv_t in sudo_fatal.h.
	Works around a bug in older versions of the HP ANSI C compiler and
	results in more readable code.
	[0e53ec783100]

	* configure, configure.ac:
	HP-UX cc may not allow __declspec(dllexport) to be used in
	conjunction with "#pragma HP_DEFINED_EXTERNAL" when redefining
	standard libc functions.
	[7190082c3a09]

2020-09-04  Todd C. Miller

	* configure, configure.ac:
	Fix check for hiding unexported symbols on HP-UX. We need to pass
	the -b option to the compiler, not just the linker, so it will
	choose the PIC C runtime.
	[bc1b9351cbce]

	* src/regress/ttyname/check_ttyname.c:
	Check that the files are character devices before comparing st_rdev.
	[d9f8b730d131]

	* src/regress/ttyname/check_ttyname.c:
	Fix regress when ttyname(3) returns the same device under a
	different name. On systems that have both new and old pty names we
	can end up with a name mismatch even though the underlying device is
	the same.
	[3760f44d81d4]

	* plugins/sudoers/regress/testsudoers/test3.sh:
	Use the same pattern of redefining TESTDIR as test10.sh. Adapted
	from a diff from Tim Rice.
	[378590625bfd]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	Rename sa_len -> sa_size to avoid a conflict on UnixWare and others.
	On some systems, sa_len is a #define for 4.4BSD compatibility.
	[a369d15175dd]

	* plugins/sudoers/pwutil.c:
	Include strings.h for strcasecmp(3). From Tim Rice
	[27be3ee47426]

	* lib/util/getentropy.c:
	Add missing #ifdef HAVE_CLOCK_GETTIME in getentropy_fallback() From
	Tim Rice
	[4bdcf1048196]

	* plugins/sudoers/Makefile.in:
	Regen for check_exptilde.o
	[b3e2a87b5144]

	* lib/util/Makefile.in, scripts/mkdep.pl:
	Add missing dependency info for cfmakeraw.lo in lib/util/Makefile.in
	From Tim Rice
	[18d953844745]

	* plugins/sudoers/auth/pam.c:
	Be consistent and use __hpux not __hpux__ like the rest of sudo.
	[dd5ef59dc980]

	* lib/logsrv/protobuf-c.c:
	Replace "static inline" with "static __inline" for older compilers.
	[a09412277d0f]

	* MANIFEST, include/log_server.pb-c.h, lib/logsrv/Makefile.in,
	lib/logsrv/log_server.pb-c.c, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/sudoers/iolog_client.c, scripts/unanon:
	Post-process protoc-c files to avoid depending on anonymous unions.
	Based on a patch from Michael Osipov. GitHub issue #60
	[13ab1ec22477]

	* src/preload.c:
	Add sudoers_audit to sudo_sudoers_plugin_symbols[] array. Fixes
	loading of sudoers_audit when configured with --enable-static-
	sudoers. GitHub issue #61
	[f0bd4b5cd7b3]

2020-09-03  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Fix copy and paste error; Coverity CID 214191
	[49044d66dffc]

	* plugins/sudoers/visudo.c:
	Fix memory leak on error found by the clang 10.01 analyzer.
	[12de4dd014eb]

	* src/limits.c:
	Use correct size for curlim and maxlim.
	[1fc6aea5ece0]

	* configure, configure.ac, doc/Makefile.in:
	Only install man pages for logsrvd and python plugin if we build
	them. GitHub issue #58
	[e92799dd4886]

	* Makefile.in, configure, configure.ac, doc/Makefile.in:
	Remove obsolete mansrcdir variable, add _SRC suffix to LOGSRV and
	LOGSRVD
	[aa9c0f8cb227]

2020-09-02  Todd C. Miller

	* logsrvd/eventlog.c, plugins/sudoers/logging.c:
	If the command was run in a chroot, add it to the log.
	[0cda78f7ed40]

	* MANIFEST, plugins/sudoers/regress/testsudoers/test12.out.ok,
	plugins/sudoers/regress/testsudoers/test12.sh:
	Add test of multiple syntax errors. Where possible, the portion of
	the line before the error should be still be interpreted.
	[3af61a54586f]

	* logsrvd/eventlog.c, logsrvd/iolog_writer.c,
	plugins/sudoers/logging.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Log the runcwd not submitcwd in the sudo-style log file. The log
	entry should reflect the working directory the command actually ran
	in.
	[a477dee74683]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Fix error recovery in a privilege after a ':' separator.
	[02c4b5872a38]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Initialize runchroot and runcwd in init_options()
	[13bebf71955d]

	* MANIFEST:
	Fix path to check_exptilde.c
	[7dc831cbd59d]

	* include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h,
	lib/logsrv/protobuf-c.c:
	Update to protobuf-c 1.3.3
	[22a88bccb611]

2020-09-01  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h:
	Regenerate the parser with "bison -y" for verbose syntax error
	messages.
	[e1530c5b8960]

	* NEWS:
	Add chroot/chdir changes.
	[9367855da7d1]

	* doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in:
	Support "*" for CWD/CHROOT to allow user to specify cwd or chroot.
	Adds two new command line options, -D (--chdir) and -R (--chroot)
	that can only be used when sudoers sets runcwd or runchroot to "*".
	[afeb73867b66]

	* MANIFEST, lib/util/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/exptilde.c,
	plugins/sudoers/regress/exptilde/check_exptilde.c:
	Unit test for exptilde
	[f0d7b0031fea]

	* MANIFEST, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c,
	plugins/sudoers/regress/sudoers/test24.in,
	plugins/sudoers/regress/sudoers/test24.json.ok,
	plugins/sudoers/regress/sudoers/test24.ldif.ok,
	plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test24.out.ok,
	plugins/sudoers/regress/sudoers/test24.sudo.ok,
	plugins/sudoers/regress/sudoers/test24.toke.ok:
	Add support for runchroot and runcwd to "sudo -l" and cvtsudoers.
	[9f5ecd22d822]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_json.c, lib/iolog/iolog_util.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.h, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
	Read/write runchroot and runcwd entries in the JSON event log.
	[3edb8305abe9]

	* MANIFEST, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/exptilde.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/sudoers/test1.toke.ok,
	plugins/sudoers/regress/sudoers/test11.toke.ok,
	plugins/sudoers/regress/sudoers/test12.toke.ok,
	plugins/sudoers/regress/sudoers/test13.toke.ok,
	plugins/sudoers/regress/sudoers/test14.toke.ok,
	plugins/sudoers/regress/sudoers/test15.toke.ok,
	plugins/sudoers/regress/sudoers/test16.toke.ok,
	plugins/sudoers/regress/sudoers/test17.toke.ok,
	plugins/sudoers/regress/sudoers/test18.toke.ok,
	plugins/sudoers/regress/sudoers/test19.toke.ok,
	plugins/sudoers/regress/sudoers/test22.toke.ok,
	plugins/sudoers/regress/sudoers/test3.toke.ok,
	plugins/sudoers/regress/sudoers/test4.toke.ok,
	plugins/sudoers/regress/sudoers/test6.toke.ok,
	plugins/sudoers/regress/sudoers/test8.toke.ok,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_version.h,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Add CHROOT and CWD sudoers options. Also matching runchroot and
	runcwd Defaults settings.
	[2f0aca92c360]

2020-08-31  Todd C. Miller

	* NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
	e_approval_plugin_and_arguments.stdout, src/exec.c, src/limits.c,
	src/sudo.c, src/sudo.h:
	Pass resource limits values to the plugin in user_info[] Sudo resets
	the resource limits early in its execution so the plugin cannot tell
	what the original limits were itself.
	[64957c5875f3]

	* doc/Makefile.in, doc/sudo_logsrvd.man.in,
	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
	lib/logsrv/Makefile.in, lib/util/cfmakeraw.c, lib/util/fchmodat.c,
	lib/util/fstatat.c, lib/util/getdelim.c, lib/util/getusershell.c,
	lib/util/openat.c, lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/strsig/strsig_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c,
	lib/util/strtoid.c, lib/util/strtonum.c, lib/util/term.c,
	lib/util/unlinkat.c, logsrvd/Makefile.in, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
	plugins/python/Makefile.in, plugins/python/pyhelpers.c,
	plugins/python/pyhelpers.h, plugins/python/python_baseplugin.c,
	plugins/python/python_convmessage.c,
	plugins/python/python_importblocker.c,
	plugins/python/python_loghandler.c,
	plugins/python/python_plugin_approval.c,
	plugins/python/python_plugin_audit.c,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_group.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c,
	plugins/python/sudo_python_debug.c,
	plugins/python/sudo_python_module.c,
	plugins/python/sudo_python_module.h, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/group_plugin.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/starttime.c,
	plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c,
	src/limits.c, src/ttyname.c:
	Update copyright year on some files where it was out of date.
	[2086262cd012]

2020-08-27  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in,
	doc/visudo.mdoc.in:
	Refer to "syntax error" instead of "parse error". This is the term
	the parser uses when there is an actual error.
	[7134b6869432]

	* plugins/sudoers/visudo.c:
	Remove superfluous "parse error in sudoers near line N" message. The
	sudoers parser now produces better syntax error messages so we don't
	need visudo to print its own.
	[9c32131fb6ac]

	* plugins/sudoers/visudo.c:
	Don't override errorfile and errorlineno set by check_aliases(). Now
	that alias parsing stores the file and line number, visudo can use
	that information to go to the line with an error when re-editing.
	[896d1f73ca02]

2020-08-25  Todd C. Miller

	* config.h.in, configure, configure.ac, lib/util/sig2str.c,
	lib/util/str2sig.c:
	Use sigabbrev_np(3) to access signal abbreviations if supported.
	glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3)
	instead.
	[e30482f26924]

2020-08-17  Todd C. Miller

	* NEWS:
	Briefly describe how to restore historical parse error behavior.
	[1ede927d99b3]

	* NEWS, doc/UPGRADE:
	Mention eof-of-line terminator and plugin argument changes.
	[96cd7a3477fa]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, src/load_plugins.c:
	Fix sudoers_policy plugin options when sudoers_audit is not listed.
	As of sudo 1.9.1 the sudoers file is opened by the audit plugin, not
	the policy plugin. As a result, plugin options set for
	sudoers_policy have no effect. If sudoers_policy has plugin options
	in sudo.conf and sudoers_audit is not listed, move the options to
	sudoers_audit so they will have an effect.
	[839a9a9c0cc3]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/file.c,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
	sudoers error recovery can be configured via an "error_recovery"
	setting. This setting is an argument to the sudoers plugin, similar
	to how sudoers_file, sudoers_mode, sudoers_uid, etc. are
	implemented. The default value is true.
	[86f7059f9e45]

	* plugins/sudoers/regress/testsudoers/test11.sh:
	Make this test pass with bison's verbose error messages.
	[a2a8e4ca3f63]

2020-08-16  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Recover from a syntax error after the ':' in a privilege spec. For
	compound privilege specs, don't throw away the entire thing if we
	have a syntax error, only the part after the error is encountered.
	[d6ef4e6ca624]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/sudoers/test5.toke.ok:
	Add explicit end-of-line matching in the parser for better error
	messages. A valid line in sudoers must end in a newline or EOF.
	Previously, it was possible (though not documented) to have multiple
	user specs on a single line. Now, each must be on its own line.
	[9f513e9b10ee]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Add NOMATCH token and use it in the lexer for an unmatched pattern.
	The ERROR token is now only used for errors detected by the lexer
	and for which we've already printed an error. This lets us remove
	the hack in sudoerserror() and just check last_token to determine
	whether or not to display the error.
	[0ca11ad5b7f3]

2020-08-15  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Enable error recovery for syntax erorrs that don't end with a
	newline. A syntax error on the last line of a sudoers file with no
	trailing newline is now recoverable.
	[020f76d7f369]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/testsudoers/test11.out.ok:
	Add error recovery for unexpected tokens after include/includedir.
	[1aedd819916d]

	* NEWS:
	Sudo 1.9.3 changes so far.
	[bc6c6321a065]

	* configure, configure.ac:
	sudo 1.9.3
	[432950d9f778]

2020-08-14  Todd C. Miller

	* scripts/pp:
	Format the macOS minor version number with two digits. This way we
	get consistent 4-digit version numbers even for macOS verions like
	10.3 or 11.0 where the minor number is a single digit. For example.
	10.3 will be formatted as 1003 and 11.0 will be 1100.
	[7f48e10be9ae]

2020-08-13  Todd C. Miller

	* lib/zlib/infback.c, lib/zlib/inflate.c:
	Add missing ZFALLTHROUGH and use spaces not tabs.
	[4b1c71cfb8a9]

	* scripts/pp:
	Fix probe for macOS Big Sur "sw_vers -productName" now returns
	"macOS", not "Mac OS X"
	[4caad8ca5b0c]

2020-08-12  Todd C. Miller

	* plugins/python/pyhelpers.c, plugins/python/python_plugin_common.h,
	plugins/python/sudo_python_module.c, src/parse_args.c,
	src/selinux.c:
	Fix some warnings from pvs-studio
	[fa83bb619209]

	* Makefile.in, lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
	lib/util/aix.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c,
	logsrvd/sendlog.c, plugins/audit_json/audit_json.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/bsm_audit.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/env.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	src/copy_file.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
	src/exec_nopty.c, src/exec_pty.c, src/load_plugins.c,
	src/parse_args.c, src/selinux.c, src/sesh.c, src/solaris.c,
	src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
	Fix some warnings from pvs-studio
	[164a51c446da]

	* plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sssd.c:
	Use angle quotes when including gram.h and def_data.c. Otherwise, we
	can include the wrong file when doing an out-of-source build when
	configured using --with-devel.
	[105e52a86e22]

	* lib/util/fatal.c, lib/util/regress/fnmatch/fnm_test.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/logging.c, plugins/sudoers/match.c,
	plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
	src/parse_args.c:
	Move inclusion of compat headers up with the system headers. Now
	that sudo_dso_public is defined in config.h we don't need
	sudo_compat.h before including the compat headers.
	[da2103ee7ba8]

	* config.h.in, configure.ac, include/compat/fnmatch.h,
	include/compat/getaddrinfo.h, include/compat/getopt.h,
	include/compat/glob.h, include/compat/sha2.h, include/sudo_compat.h,
	include/sudo_conf.h, include/sudo_debug.h, include/sudo_digest.h,
	include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h,
	include/sudo_json.h, include/sudo_lbuf.h, include/sudo_rand.h,
	include/sudo_util.h, lib/iolog/regress/host_port/host_port_test.c,
	lib/iolog/regress/iolog_json/check_iolog_json.c,
	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_util/check_iolog_util.c,
	lib/util/mksiglist.c, lib/util/mksigname.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/mktemp/mktemp_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsig/strsig_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/term.c,
	logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/audit_json/audit_json.c, plugins/group_file/group_file.c,
	plugins/group_file/plugin_test.c,
	plugins/python/python_plugin_approval.c,
	plugins/python/python_plugin_audit.c,
	plugins/python/python_plugin_group.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c,
	plugins/sample/sample_plugin.c,
	plugins/sample_approval/sample_approval.c, plugins/sudoers/audit.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog.c,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/visudo.c, plugins/system_group/system_group.c,
	src/env_hooks.c, src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.c,
	src/sudo_noexec.c:
	Rename __dso_public -> sudo_dso_public and move to config.h.
	[12550ec04e3a]

	* lib/iolog/host_port.c, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_json.c, lib/iolog/iolog_path.c,
	lib/iolog/iolog_util.c, lib/util/ttyname_dev.c, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
	plugins/audit_json/audit_json.c, plugins/sample/sample_plugin.c,
	plugins/sample_approval/sample_approval.c, plugins/sudoers/locale.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
	src/net_ifs.c, src/sesh.c, src/sudo.h:
	We no longer need to include sudo_gettext.h before sudo_compat.h
	[660770ab7e7b]

	* .gitignore, .hgignore:
	Add *.map to the ignore file.
	[e96b46d418db]

2020-08-11  Todd C. Miller

	* etc/uncrustify.cfg:
	Update to uncrustify 0.71.0
	[dabd7b24c0d9]

	* doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.mdoc.in:
	Mention visudo in sudo(8) and document sudoers error recovery.
	[44acd34811fb]

2020-08-10  Todd C. Miller

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, lib/util/freezero.c,
	lib/util/getentropy.c, plugins/sudoers/auth/aix_auth.c,
	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	scripts/mkdep.pl, src/conversation.c:
	Use OpenBSD-compatible freezero() in place of explicit_bzero() +
	free()
	[af0a9ed1e259]

	* MANIFEST, config.h.in, configure, configure.ac,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_compat.h, include/sudo_plugin.h, lib/util/Makefile.in,
	lib/util/arc4random.c, lib/util/explicit_bzero.c,
	lib/util/getentropy.c, lib/util/memset_s.c, lib/util/sha2.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c, scripts/mkdep.pl,
	src/conversation.c:
	Switch from memset_s() -> explicit_bzero(). memset_s() (and all of
	Annex K) is likely to be removed from the a future version of the
	standard.
	[c0f81ef1ee3c]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' This
	results in better error messages when there is a parse error
	[7ba896f285a9]

	* plugins/sudoers/mkdefaults:
	Some minor cleanup. Use ntuples instead of tuple_last Strip leading
	and trailing double quotes using a single gsub() ntuples will never
	be zero so don't bother checking No need to explicitly close files
	in END
	[b841147900df]

2020-08-07  Todd C. Miller

	* lib/util/event.c, plugins/sudoers/cvtsudoers_pwutil.c,
	plugins/sudoers/defaults.c, plugins/sudoers/linux_audit.c,
	plugins/sudoers/logging.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil_impl.c, src/selinux.c:
	Quiet some clang 10 analyzer warnings.
	[4147311f6278]

	* logsrvd/sendlog.c:
	Refactor freeing of InfoMessage list into free_info_messages(). Also
	fixes a false positive from the clang analyzer.
	[25a6f0035a33]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/regress/testsudoers/test11.sh:
	Require that a @include line end with a newline or EOF. We now parse
	the entire line before reading the include file. This is less
	surprising behavior and results in better error messages.
	[ad6a2c991db6]

	* plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
	plugins/sudoers/regress/sudoers/test1.out.ok,
	plugins/sudoers/regress/sudoers/test10.out.ok,
	plugins/sudoers/regress/sudoers/test11.out.ok,
	plugins/sudoers/regress/sudoers/test12.out.ok,
	plugins/sudoers/regress/sudoers/test13.out.ok,
	plugins/sudoers/regress/sudoers/test14.out.ok,
	plugins/sudoers/regress/sudoers/test15.out.ok,
	plugins/sudoers/regress/sudoers/test16.out.ok,
	plugins/sudoers/regress/sudoers/test17.out.ok,
	plugins/sudoers/regress/sudoers/test18.out.ok,
	plugins/sudoers/regress/sudoers/test18.toke.ok,
	plugins/sudoers/regress/sudoers/test19.out.ok,
	plugins/sudoers/regress/sudoers/test2.out.ok,
	plugins/sudoers/regress/sudoers/test20.out.ok,
	plugins/sudoers/regress/sudoers/test21.out.ok,
	plugins/sudoers/regress/sudoers/test22.out.ok,
	plugins/sudoers/regress/sudoers/test23.out.ok,
	plugins/sudoers/regress/sudoers/test3.out.ok,
	plugins/sudoers/regress/sudoers/test4.out.ok,
	plugins/sudoers/regress/sudoers/test4.toke.ok,
	plugins/sudoers/regress/sudoers/test5.out.ok,
	plugins/sudoers/regress/sudoers/test5.toke.ok,
	plugins/sudoers/regress/sudoers/test6.out.ok,
	plugins/sudoers/regress/sudoers/test7.out.ok,
	plugins/sudoers/regress/sudoers/test7.toke.ok,
	plugins/sudoers/regress/sudoers/test8.out.ok,
	plugins/sudoers/regress/sudoers/test8.toke.ok,
	plugins/sudoers/regress/sudoers/test9.out.ok,
	plugins/sudoers/regress/testsudoers/test1.out.ok,
	plugins/sudoers/regress/testsudoers/test10.out.ok,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/regress/testsudoers/test2.out.ok,
	plugins/sudoers/regress/testsudoers/test3.out.ok,
	plugins/sudoers/regress/testsudoers/test4.out.ok,
	plugins/sudoers/regress/testsudoers/test5.out.ok,
	plugins/sudoers/regress/testsudoers/test6.out.ok,
	plugins/sudoers/regress/testsudoers/test7.out.ok,
	plugins/sudoers/regress/testsudoers/test8.out.ok,
	plugins/sudoers/regress/testsudoers/test9.out.ok,
	plugins/sudoers/regress/visudo/test2.err.ok,
	plugins/sudoers/regress/visudo/test3.err.ok,
	plugins/sudoers/regress/visudo/test8.err.ok,
	plugins/sudoers/regress/visudo/test8.sh,
	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
	Display more specific parser error messages when possible.
	[91dd5d67bb83]

	* plugins/sudoers/file.c:
	Let the sudoers parser recover after a parse error. We currently
	just discard the line with the error.
	[712537665215]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
	plugins/sudoers/toke.l:
	Keep track of the position of the current token for error messages.
	[a5f6bd38267e]

2020-08-06  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	regen
	[28026a042255]

	* plugins/sample_approval/sample_approval.exp:
	Sync sample_approval.exp with sample_approval.c
	[e810da8a6772]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
	plugins/sudoers/toke.l:
	Store the current line in our own buffer for better error messages.
	[33b2042e0028]

2020-08-05  Todd C. Miller

	* etc/sudo-logsrvd.pp, etc/sudo.pp, scripts/mkpkg:
	Fix libssl dependency on Debian-based systems. Older systems may
	still have libssl1.0.0, not libssl1.1.
	[0de802ec595a]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Add workaround for yyless() not resetting yy_at_bol.
	[5defcd893f6a]

2020-08-03  Todd C. Miller

	* configure, configure.ac:
	Always use a linker script to hide symbols if it is supported. We
	use this even if the compiler has symbol visibility support so we
	will notice mismatches between the exports file and __dso_public
	annotations in the source code.
	[1679ac3124b1]

	* MANIFEST, configure, configure.ac, plugins/python/python_plugin.exp,
	plugins/python/python_plugin.exp.in:
	Rename python_plugin.exp.in -> python_plugin.exp There is nothing
	dynamic in this file.
	[f34cc08c026c]

	* MANIFEST, configure, configure.ac,
	plugins/python/python_plugin.exp.in,
	plugins/python/python_plugin_approval_multi.inc,
	plugins/python/python_plugin_audit_multi.inc:
	Add missing python_plugin.exp.in file and remove unneeded
	__dso_public This fixes building the python plugin on systems where
	the compiler doesn't support symbol hiding (but wherethe linker
	does).
	[e0305faf8282]

2020-08-02  Todd C. Miller

	* plugins/sudoers/mkdefaults:
	Use "foo in bar" syntax for testing existence of a key.
	[0807ae0db0a7]

	* plugins/sudoers/Makefile.in, plugins/sudoers/toke.c:
	Replace /*FALLTHROUGH*/ in generated code.
	[a7590ec10b16]

2020-08-01  Todd C. Miller

	* lib/zlib/infback.c, lib/zlib/inflate.c, lib/zlib/zconf.h.in:
	Add ZFALLTHROUGH macro to use instead of /* FALLTHROUGH */ comments.
	[92ec8a466095]

	* config.h.in, configure, configure.ac, include/sudo_compat.h,
	lib/util/arc4random_buf.c, lib/util/glob.c, lib/util/snprintf.c,
	lib/util/strtonum.c, logsrvd/sendlog.c, plugins/python/pyhelpers.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/check.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/match.c, plugins/sudoers/parse_ldif.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_printf.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c, src/conversation.c, src/exec_monitor.c,
	src/exec_pty.c, src/parse_args.c, src/regress/noexec/check_noexec.c,
	src/tgetpass.c:
	Use the fallthrough attribute instead of /* FALLTHROUGH */ comments.
	[ce33e87ddfd6]

2020-07-30  Todd C. Miller

	* plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
	Rewrite mkdefaults in awk.
	[f069ca4eae59]

2020-07-22  Todd C. Miller

	* doc/CONTRIBUTORS:
	Update translators.
	[5252e2d1a61a]

	* doc/sudo.man.in, doc/sudo.mdoc.in, src/copy_file.c:
	Prompt user before truncating a file to zero bytes. Bug #922.
	[8bfaa57d5bd4]

2020-07-21  kuberlog

	* config.h.in, configure.ac:
	configure.ac: fix documentation about lecture
	[382c2809eda1]

2020-07-19  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/ja.mo,
	po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo,
	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/ro.mo, po/ro.po, po/tr.mo,
	po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo,
	po/zh_TW.po:
	Updated translations from translationproject.org
	[74fbf2ca39e1]

2020-07-16  Todd C. Miller

	* configure, configure.ac:
	Handle openssl where there is no separate libcrypto pkgconfig file.
	In this case, just use the full openssl libs to get the sha2
	functions.
	[f724510bb416]

	* INSTALL, configure, configure.ac:
	Ignore --enable-gcrypt if --enable-openssl is also specified.
	[39d493d7e549]

2020-07-15  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.2
	[9af764b239c2]

	* config.h.in, configure, configure.ac:
	Fix some warnings displayed by autoconf 2.69b This fixes the missing
	HAVE_GSSAPI_GSSAPI_H define in config.h.in. TODO: replace
	shadow_funcs variable in function checks with literals
	[9d8f67e1f8fe]

2020-07-12  Todd C. Miller

	* plugins/sudoers/audit.c:
	Initialize sudo_conv and sudo_printf in sudoers_audit_open(). We
	will need them if there is an error parsing sudoers and leaving them
	unset can result in NULL deref. Also set the text domain to
	"sudoers" like we do for the policy and I/O logging open functions.
	Bug #934.
	[e88919ff4900]

2020-07-11  Todd C. Miller

	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, po/it.mo,
	po/it.po, po/ko.mo, po/ko.po, po/ro.mo, po/ro.po:
	Updated translations from translationproject.org
	[2488a1479208]

2020-07-06  Todd C. Miller

	* plugins/sudoers/sudoers.exp:
	Export sudoers_audit symbol for compilers without symbol visibility.
	[081f6729cb38]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the contents of the log.json file.
	[b1ea749fffc2]

	* lib/iolog/iolog_fileio.c:
	Fix typo, runas_uid should be runas_gid.
	[7b2c0fd84a60]

	* examples/sudo.conf.in:
	Add sudoers_audit line for completeness, matching the documentation.
	When sudoers is loaded as a policy plugin, it will be loaded
	automatically as an audit plugin. Listing it explicitly in the
	default sudo.conf file helps bring attention to the fact that
	sudoers now supports the audit plugin type.
	[7145a02ed280]

	* plugins/sudoers/defaults.c:
	Add some debugging statements around Defaults lookup.
	[b95e2a9b6555]

	* plugins/sudoers/sudoers.in:
	Replace #includedir with @includedir in default sudoers file.
	[d18945ec728e]

2020-06-26  Todd C. Miller

	* configure, m4/libtool.m4:
	Allow HP-UX share libs and modules to link against static libs.
	hppa64 and ia64 use PIC by default
	[0553c60b922a]

2020-06-25  Todd C. Miller

	* configure, configure.ac:
	Use pkg-config to find the openssl cflags and libs if possible. We
	support linking against static openssl libs too.
	[55442f4fea5e]

2020-06-24  Todd C. Miller

	* scripts/pp:
	Fix parsing of /etc/redhat-release on RHEL 8. RedHat dropped the
	word "server" from the release name in redhat-release which results
	in the awk script printing the wrong field. Instead of using awk,
	just use sed to pull out the version number immediately following
	the word "release".
	[a283acb4622a]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen without `scare quotes'
	[31f021892137]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
	src/parse_args.c, src/sudo.c:
	Replace or remove use of `scare quotes' These don't translate well
	and look odd in many fonts.
	[3c7fa8f93543]

2020-06-20  Todd C. Miller

	* lib/zlib/infback.c, lib/zlib/inflate.c:
	Add FALLTHROUGH comments to quiet -Wimplicit-fallthrough
	[f724957b7cae]

	* src/solaris.c:
	Fix implicit fallthrough warning and add break to default cases.
	[74d8c68eb160]

	* configure, configure.ac, m4/ax_func_snprintf.m4, m4/sudo.m4:
	Fix some warnings from configure test programs.
	[6cff0cdb066a]

	* configure, configure.ac:
	Add -Wimplicit-fallthrough to --enable-warnings if available. Note
	that clang 10 has support for -Wimplicit-fallthrough in C code but
	doesn't recognize lint-style FALLTHROUGH comments like gcc does so
	we can't use it.
	[cf70a1ab3ea9]

	* configure, configure.ac:
	Drop old test for -lcposix for ISC Unix.
	[1bfd474c8819]

2020-06-19  Todd C. Miller

	* README:
	Mention sudo-blog announce list.
	[526dc0cc1e83]

	* NEWS:
	Bugs #860 and #917 were fixed in 1.9.0.
	[51a347785dbf]

2020-06-18  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen to fix a typo
	[9755e76fcd8b]

	* MANIFEST, lib/iolog/Makefile.in,
	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c:
	Add regress test to catch swapids() bug when called by
	iolog_mkdtemp()
	[deff1dc2f144]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, po/ro.mo,
	po/ro.po:
	Updated translations from translationproject.org
	[9007c89029ea]

2020-06-16  Todd C. Miller

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	Document the order in which the plugin open/close functions are
	called.
	[48ec66882e1a]

	* NEWS, lib/iolog/iolog_fileio.c:
	Fix a typo that prevented swapids() from restoring the original gid.
	This led to a regression when the iolog_file setting ends in six or
	more X's or when the I/O logs are stored on NFS.
	[522d8ec470cb]

2020-06-15  Todd C. Miller

	* src/exec_monitor.c, src/exec_pty.c, src/get_pty.c, src/sudo.h,
	src/sudo_exec.h:
	Replace master/slave in code with leader/follower.
	[230f5343d961]

	* NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudoers,
	plugins/sudoers/regress/cvtsudoers/sudoers,
	plugins/sudoers/regress/cvtsudoers/sudoers.defs,
	plugins/sudoers/regress/cvtsudoers/test13.out.ok,
	plugins/sudoers/regress/cvtsudoers/test19.out.ok,
	plugins/sudoers/regress/visudo/test6.sh:
	Replace terms master and blacklist in docs and examples.
	[2908ac6c0fe0]

	* NEWS:
	Bug #929
	[c1f5a01d1af6]

2020-06-14  Todd C. Miller

	* src/sudo_edit.c:
	Clean up temporary sudoedit files on success; Bug #929 This is a
	regression introduced in sudo 1.9.0.
	[2bc4822b7382]

2020-06-12  Todd C. Miller

	* NEWS:
	New Romanian translation
	[fd753dfa0a84]

2020-06-11  Todd C. Miller

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/pl.mo,
	po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo,
	po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[570aacc81015]

	* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ro.mo,
	plugins/sudoers/po/ro.po, po/ro.mo, po/ro.po:
	Romanian translation from translationproject.org.
	[1e277907378e]

	* NEWS:
	Add missing entry for the LDAP/SSSD sudoHost regression. Also add
	new Romanian translation
	[624eb5e8e612]

2020-06-07  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Fix a typo in the audit string when "sudo -E" is not allowed.
	[85bcb3b1f7d8]

2020-06-06  Todd C. Miller

	* plugins/python/regress/testhelpers.c:
	Check asprintf() return value.
	[456bb2d7c37f]

	* scripts/mkpkg:
	Prefer the python3 in /usr/bin on Solaris. The /opt/csw version, if
	it exists, may be a 32-bit version which we can't link with. Also
	handle the case where the /usr/bin/python3 link is missing.
	[2ed7715e6b2e]

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	Declare getdelim(3) if it exists in libc but is not prototyped in
	stdio.h. This can happen on systems with a gcc packages that was
	built on and older versions of the OS where getdelim(3) was not
	present.
	[e78803280641]

	* aclocal.m4, configure, configure.ac:
	For python3-config, only use -I and -L/-l from --cflags and
	--ldflags output. Otherwise we may get other flags used to build
	python that conflict with what sudo uses.
	[7a8d3c5fd2ae]

	* scripts/mkpkg:
	Build 64-bit binaries and the python package on Solaris 11 and
	above. No longer prefer the Solaris Studio C compiler over gcc, it
	causes issues with the Python plugin.
	[a92f9641bd07]

	* logsrvd/sendlog.c:
	Fix memory leak on error in fmt_info_messages().
	[511ac9ba6819]

	* NEWS:
	Update for 1.9.1b1
	[562b0add8e04]

2020-06-05  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen for sudo 1.9.1
	[8960aceb2519]

2020-06-04  Todd C. Miller

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Add basic support for reject and error audit events to sudoers. This
	is only used when logging events from plugins other than sudoers,
	such as an approval plugin. With this change, if an approval plugin
	rejects the command the denial will be logged in the sudoers log
	file using the message from the approval plugin.
	[c7abc39b0e37]

	* plugins/sudoers/bsm_audit.c, plugins/sudoers/solaris_audit.c,
	scripts/mkpkg:
	Fix Solaris and BSM audit warnings. Use BSM audit on Illumos, which
	lacks Solaris audit.
	[3844e8a24f59]

	* plugins/sudoers/policy.c:
	Track whether the session was opened in sudoers. In
	sudoers_policy_close() only warn about being unable to run the
	command if we actually opened the session (and thus passed all
	approval plugins).
	[f99b434d121b]

	* src/sudo.c:
	Only display an error in the built-in policy close if command is
	set. If a policy or approval plugin denies the command,
	command_details will not have been filled out.
	[245024004df2]

	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/sssd.c:
	Avoid passing NULL to printf in match debug code for LDAP/SSSD. The
	file name in struct userspec was not set for the LDAP and SSSD
	backends. There is no actual file in this case so set the name to
	LDAP/SSSD. Also add a guard to make sure we don't try to print NULL
	in sudoers_lookup_check() if name is left unset.
	[240efcda496e]

2020-06-03  Todd C. Miller

	* plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h:
	Add missing const to linux_audit_command()'s argv function argument.
	[cb219f1ccb6e]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	When converting LDAP to sudoers, ignore entries with no sudoHost
	attribute. Otherwise, sudo_ldap_role_to_priv() will treat a NULL
	host list as as the "ALL" wildcard. This regression was introduced
	in sudo 1.8.23, which was the first version to convert LDAP sudoRole
	objects to sudoers internal data structures. Thanks to Andreas
	Mueller for reporting and debugging this problem.
	[484d0d3b892e]

2020-06-02  Todd C. Miller

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, src/load_plugins.c:
	Load the sudoers module as an audit plugin if loaded as a policy
	plugin. Now that logging of successful commands is performed by
	sudoers as an audit plugin we need to load sudoers_audit if
	sudoers_policy is also loaded. Otherwise, accpted commands will not
	be logged.
	[f20bee20f4c7]

	* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/policy.c, plugins/sudoers/solaris_audit.c,
	plugins/sudoers/solaris_audit.h, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Defer logging of the successful command until approval plugins have
	run. This adds audit plugin support to the sudoers module, currently
	only used for accept events. As a result, the sudoers file is now
	initially parsed as an audit plugin.
	[552c13bd0287]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
	include/sudo_plugin.h, plugins/audit_json/audit_json.c,
	plugins/python/sudo_python_module.c, src/sudo.c:
	Add support for "accept" audit events sent by the sudo front-end.
	With this change, the sudo front-end will send an "accept" audit
	event to the audit plugins after all the I/O logging plugins have
	been initialized. This can be used by an audit plugin that does not
	care about the result of the individual policy and approval plugins
	and only wants to receive a single "accept" event if all policy and
	approval plugins have succeeded. The plugin_type argument for events
	sent by the front-end is SUDO_FRONT_END (0).
	[6b3cb94fedb9]

	* src/exec_pty.c:
	If event loop fails due to ENXIO, remove /dev/tty events and
	recover. This fixes an issue on Solaris 11.4 (and probably others)
	with "sudo reboot" when I/O logging is enabled. Previously, sudo
	would kill the command if it was still running after the event loop
	terminated, leaving the system in a half-dead state.
	[e12e3040b067]

2020-06-01  Todd C. Miller

	* src/exec_pty.c:
	Don't try to suspend sudo if the user's tty has gone away. Fixes a
	problem on Solaris 11.4 (and possibly others) where sudo continually
	tries to put itself in the background after the user's terminal has
	been revoked.
	[92f172b46b9c]

	* src/exec_pty.c:
	Back out WIP code that was mistakenly committed.
	[41f57239b2c4]

	* scripts/mkpkg:
	Don't enable BSM audit on Solaris 10, it is missing AUE_sudo
	[3b32087b1ed3]

	* src/exec_pty.c, src/get_pty.c:
	On Solaris 11.4 the openpty(3) prototype lives in termios.h.
	[d6e353e8b9df]

	* plugins/sudoers/solaris_audit.c:
	Add missing stdlib.h include and fix solaris_audit_failure() error
	return.
	[5748d8fd24c4]

	* scripts/mkpkg:
	Use Solaris audit for Solaris 11, not BSM audit. BSM audit is no
	longer supported in Solaris 11.4.
	[01f2189f439d]

2020-05-26  Todd C. Miller

	* src/exec.c:
	Check audit plugins for a close function too before execing command
	directly. We cannot exec the command directly if any of the policy
	or audit plugins use a close function.
	[5aa6db56ce32]

2020-05-22  Todd C. Miller

	* NEWS:
	Mention Bug #927.
	[0fd9e757d80b]

2020-05-20  Todd C. Miller

	* configure, configure.ac, m4/sudo.m4:
	Add basic support for --runstatedir If the user specifies
	--runstatedir but not --with-rundir, use runstatdir as the parent
	directory of the sudo rundir.

	In the future we may deprecate --with-rundir in favor of
	--runstatedir but that will require changes for systems with no
	/var/run directory.
	[14879831fe6e]

	* MANIFEST, NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y,
	plugins/sudoers/regress/testsudoers/test10.out.ok,
	plugins/sudoers/regress/testsudoers/test10.sh,
	plugins/sudoers/regress/testsudoers/test11.out.ok,
	plugins/sudoers/regress/testsudoers/test11.sh,
	plugins/sudoers/regress/testsudoers/test2.out.ok,
	plugins/sudoers/regress/testsudoers/test2.sh,
	plugins/sudoers/regress/testsudoers/test3.out.ok,
	plugins/sudoers/regress/testsudoers/test3.sh,
	plugins/sudoers/regress/testsudoers/test4.sh,
	plugins/sudoers/regress/testsudoers/test5.sh,
	plugins/sudoers/regress/testsudoers/test8.out.ok,
	plugins/sudoers/regress/testsudoers/test8.sh,
	plugins/sudoers/regress/testsudoers/test9.out.ok,
	plugins/sudoers/regress/testsudoers/test9.sh,
	plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
	plugins/sudoers/toke.l:
	Add support for @include and @includedir These are less confusing
	than #include and #includedir when the hash character is also the
	comment character.

	This commit also adds real parsing of include directives as opposed
	to the pure lexer approach used previously. As a result, it is now
	possible to include files with spaces by either using a double-
	quoted string or escaping the space characters with a backslash.
	[c422a5c8ea5d]

2020-05-19  Todd C. Miller

	* lib/iolog/iolog_fileio.c:
	In iolog_openat() enable the write bit on pre-existing files if
	needed. This prevents problems caused by the change to strip the
	write bit from the timing file when it is finished.
	[a6b0da3f7b94]

	* plugins/sudoers/visudo.c:
	In visudo check that an include file is regular file before using
	it. Avoids a generic "input in flex scanner failed" error message.
	[287d90d359a6]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix a memory leak on error when including a file or directory.
	[02db03f7b565]

2020-05-18  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.9.1
	[57a1a5f05500]

	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	plugins/sudoers/sudoreplay.c:
	Add a follow option (-F) to support replaying a live session. By
	default, sudoreplay will exit when it reaches the end of the timing
	file. With the -F option, it will keep going until the timing file
	is finished and its write bit is cleared.
	[12ab27768cad]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c:
	Add iolog_clearerr() that acts like clearerr(3). Works for both
	compressed and uncompressed I/O logs.
	[c83b88285c2c]

	* plugins/sudoers/iolog.c:
	Clear the write bit from the I/O log timing file when it is
	complete. This matches the behavior of sudo_logsrvd.
	[0bc8a012db26]

	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Use PACKAGE_VERSION instead of 0.1 as the client and server version.
	[d1e3ac049cf7]

	* lib/util/Makefile.in, lib/util/aix.c, lib/util/fatal.c,
	lib/util/getusershell.c, lib/util/gidlist.c, lib/util/json.c,
	lib/util/mkdir_parents.c, lib/util/strsignal.c, lib/util/strtoid.c,
	lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
	lib/util/sudo_debug.c:
	Set DEFAULT_TEXT_DOMAIN in lib/util's Makefile not individual .c
	files. We no longer need to include sudo_gettext.h before
	sudo_compat.h
	[ead9b6a434b8]

	* lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
	lib/iolog/iolog_path.c, lib/iolog/iolog_util.c,
	lib/iolog/regress/host_port/host_port_test.c,
	lib/iolog/regress/iolog_json/check_iolog_json.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_util/check_iolog_util.c,
	lib/util/digest_gcrypt.c, lib/util/event.c, lib/util/event_select.c,
	lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c,
	lib/util/getdelim.c, lib/util/getgrouplist.c,
	lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c,
	lib/util/json.c, lib/util/key_val.c, lib/util/lbuf.c,
	lib/util/locking.c, lib/util/mkdir_parents.c, lib/util/mktemp.c,
	lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/mktemp/mktemp_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
	lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c,
	lib/util/str2sig.c, lib/util/strndup.c, lib/util/strtobool.c,
	lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
	lib/util/term.c, lib/util/ttyname_dev.c, lib/util/vsyslog.c,
	plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c,
	plugins/group_file/group_file.c, plugins/python/sudo_python_debug.c,
	plugins/sample/sample_plugin.c,
	plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
	plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/editor.c, plugins/sudoers/env.c,
	plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gentime.c, plugins/sudoers/getdate.c,
	plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/locale.c, plugins/sudoers/logging.c,
	plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
	plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
	plugins/sudoers/match_digest.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
	plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
	plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
	plugins/system_group/system_group.c, src/conversation.c,
	src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
	src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
	src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
	src/preserve_fds.c, src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/signal.c, src/sudo.c,
	src/sudo_edit.c, src/sudo_noexec.c, src/tcsetpgrp_nobg.c,
	src/tgetpass.c, src/ttyname.c, src/utmp.c:
	Include string.h unconditionally and only use strings.h for
	strn?casecmp() In the pre-POSIX days BSD had strings.h, not
	string.h. Now strings.h is only used for non-ANSI string functions.
	[f7f633de570a]

	* lib/iolog/host_port.c, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_json.c, lib/iolog/iolog_path.c,
	lib/iolog/iolog_util.c,
	lib/iolog/regress/host_port/host_port_test.c,
	lib/iolog/regress/iolog_json/check_iolog_json.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_util/check_iolog_util.c, lib/util/aix.c,
	lib/util/arc4random.c, lib/util/arc4random_buf.c,
	lib/util/arc4random_uniform.c, lib/util/cfmakeraw.c,
	lib/util/closefrom.c, lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event_poll.c,
	lib/util/event_select.c, lib/util/fatal.c, lib/util/fchmodat.c,
	lib/util/fnmatch.c, lib/util/fstatat.c, lib/util/getaddrinfo.c,
	lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getgrouplist.c,
	lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c,
	lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c,
	lib/util/isblank.c, lib/util/json.c, lib/util/key_val.c,
	lib/util/lbuf.c, lib/util/locking.c, lib/util/logfac.c,
	lib/util/logpri.c, lib/util/memset_s.c, lib/util/mkdir_parents.c,
	lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
	lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c,
	lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/mktemp/mktemp_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsig/strsig_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c,
	lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c,
	lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c,
	lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
	lib/util/strsignal.c, lib/util/strsplit.c, lib/util/strtobool.c,
	lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c,
	lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
	lib/util/term.c, lib/util/ttysize.c, lib/util/unlinkat.c,
	lib/util/utimens.c, lib/util/uuid.c,
	plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c,
	plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
	plugins/python/regress/testhelpers.h,
	plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c,
	plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
	plugins/sudoers/audit.c, plugins/sudoers/base64.c,
	plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
	plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
	plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
	plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c,
	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
	plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
	plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
	plugins/sudoers/match.c, plugins/sudoers/match_command.c,
	plugins/sudoers/match_digest.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/prompt.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
	plugins/sudoers/sssd.c, plugins/sudoers/strlist.c,
	plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
	plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
	plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
	plugins/system_group/system_group.c, src/conversation.c,
	src/copy_file.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
	src/exec_nopty.c, src/get_pty.c, src/hooks.c, src/limits.c,
	src/load_plugins.c, src/openbsd.c, src/parse_args.c, src/preload.c,
	src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c,
	src/solaris.c, src/sudo_edit.c, src/tcsetpgrp_nobg.c,
	src/tgetpass.c, src/utmp.c:
	We no longer need to include headers we don't use for sudo*.h files.
	Previously we needed to include headers required by the various
	sudo*h files. Now those files are more self-sufficient and we should
	only include headers needed by code in the various .c files.
	[72cbeae218e7]

	* include/sudo_compat.h, include/sudo_conf.h, include/sudo_debug.h,
	include/sudo_iolog.h, include/sudo_json.h, include/sudo_util.h,
	plugins/sudoers/sudoers.h:
	Add dependent system includes to make sudo_*.h more standalone. In
	the past we've relied on the various .c files to include the system
	headers that define types that the sudo_*.h headers require. This is
	fragile and can cause issues when includes get re-ordered.
	[a9fb765c0fba]

	* plugins/sudoers/env.c:
	Fix typo in PERLIO_DEBUG (trailing whitespace). This has no effect
	unless env_reset is disabled. From Allan Wirth
	[bdf9c9e7f455]

2020-05-17  Sebastian Rasmussen

	* plugins/sudoers/visudo.c:
	Fix typo in warning message.
	[01b8fab9fdf5]

2020-05-15  Todd C. Miller

	* lib/util/mksiglist.h, lib/util/mksigname.h:
	Prefer SIGSYS if SIGUNUSED is defined to the same value. Fixes a
	regress failure on musl libc where SIGSYS and SIGUNUSED share the
	same value.
	[e030acf8a670]

	* plugins/python/regress/testhelpers.h:
	Add missing sys/wait.h include; fixes a compilation problem on musl
	libc.
	[9a6a09e74a14]

	* lib/iolog/hostcheck.c:
	Add missing sys/types.h include; fixes a compilation problem on musl
	libc.
	[7c8ea831203b]

	* include/sudo_compat.h:
	Only define WCONTINUED and WIFCONTINUED if neither are already
	defined. Fixes a warning on musl libc where WIFCONTINUED is defined
	in stdlib.h for some reason.
	[9f55ae24b479]

2020-05-16  Dan Robertson

	* include/sudo_debug.h:
	Fix includes when building with musl

	Include sys/types.h for mode_t and id_t in sudo_debug.h
	[15abb56a1edf]

2020-05-15  Todd C. Miller

	* scripts/mkpkg:
	Enable OpenSSL on RHEL 6 too. The version of OpenSSL in RHEL 6 is
	new enough for the log server to use.
	[853fd8a74207]

	* logsrvd/logsrvd_conf.c:
	Don't print errno for the "TLS not supported" message.
	[c94540d3d632]

2020-05-14  Todd C. Miller

	* etc/sudo-logsrvd.pp, etc/sudo-python.pp:
	Fix macOS bundle IDs for sudo-logsrvd and sudo-python packages
	[a9f6aea56e40]

2020-05-13  Todd C. Miller

	* logsrvd/eventlog.c:
	Add iolog_path to the JSON-format event log
	[924d8836ead0]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Rename FLUSHED state to FINISHED This makes more sense when
	receiving event-only logs.
	[9e2736246e0d]

2020-05-12  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Fix handling of connections without associated I/O logs. This fixes
	reject events as well as accept events without the expect_iobufs
	flag set.
	[3ddb52ae0af4]

	* logsrvd/sendlog.c:
	Fix handling of accept and reject messages without an I/O log. Only
	set expect_iobufs in AcceptMessage if sending I/O logs. Set state to
	FINISHED immediately after sending a RejectMessage.
	[767e75944d4f]

	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	Add -A and -R options to test logging of accept and reject events.
	If -A is specified, no I/O will be sent, only the accept event. For
	-R, a reject event with the specified reason is sent.
	[90db0e6f9b68]

	* configure, configure.ac:
	cfmakeraw(3) is broken on AIX, don't use it there The cfmakeraw(3)
	function exists but does not set VMIN to 1 or VTIME to 0 in c_cc[]
	in struct termios, which makes it useless. The AIX version also
	doesn't clear the CSIZE and PARENB flags from c_cflag.
	[bbdcae2c5fb5]

	* NEWS:
	fix pastos
	[cbf517081e74]

2020-05-11  Todd C. Miller

	* MANIFEST, include/sudo_iolog.h, include/sudo_util.h,
	lib/iolog/Makefile.in, lib/iolog/host_port.c,
	lib/iolog/regress/host_port/host_port_test.c, lib/util/Makefile.in,
	lib/util/host_port.c, lib/util/regress/host_port/host_port_test.c,
	lib/util/util.exp.in, logsrvd/logsrvd_conf.c,
	plugins/sudoers/iolog_client.c:
	Rename sudo_parse_host_port -> iolog_parse_host_port and mv to
	lib/iolog It is not used outside of the I/O log client and server
	and the host:port syntax may change in the future.
	[706d726a2f8e] [SUDO_1_9_0]

	* plugins/sudoers/sudoreplay.c:
	Remove duplicate inclusion of time.h
	[f560858325d5]

2020-05-08  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
	plugins/sudoers/iolog_client.c:
	Only enable TLS listener by default if we have a cert for it. We
	want the log server to work with the default configuration. If the
	default certificate path exists, it will be used with the default
	listener. If the user explicitly enabled a TLS listener we always
	attempt to use it. If TLS was specified but no cert file was set,
	the default location will be used (and an error will occur if the
	cert cannot be loaded).
	[16ade34c38ee]

2020-05-07  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen for 1.9.0 final
	[99e507035253]

	* logsrvd/Makefile.in:
	regen
	[555d817825b0]

	* doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
	The --preserve-env=list option may be specified more than once.
	[8066a9d1b04b]

	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Quiet some warnings from igor.
	[4df4fd274023]

	* MANIFEST, Makefile.in, etc/codespell.exclude, etc/codespell.ignore,
	etc/codespell.skip:
	Plumb in codespell with a "make spell" target.
	[4b1de7ee8648]

	* configure, configure.ac, install-sh:
	Fix a few more typos.
	[d22a8c46c743]

2020-05-06  Todd C. Miller

	* NEWS, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
	Don't allow duplicate values for command line options that take an
	argument. Previously, if multiple instances of the same command line
	option were specified, the last one would be used. This meant that,
	for example, "sudo -u someuser -u otheruser id" would run the
	command as "otheruser". This has the potential to cause problems for
	programs that run sudo with a user-specified command that do not use
	the "--" option to indicate that no more options should be
	processed. While this is a bug in the calling program, there is
	little downside to erroring out when multiple options of the same
	type are specified on the command line. Bug #924
	[66e2612e7672]

	* NEWS:
	Debian bug #734752
	[d3285c45ac4b]

	* src/sudo.c, src/sudo.h:
	Look up runas user by name, not euid, where possible. Fixes a
	problem when there are multiple users with the same user-ID where
	the PAM session modules could be called with the wrong user name.
	Debian bug #734752
	[b45608f29a02]

	* src/sesh.c:
	Fix ironic typo in spelling fixes. Bug #925
	[73de90df6ff9]

	* scripts/pp:
	Sync PolyPkg from upstream.
	[ac5e4b830177]

	* NEWS, TODO, config.h.in, configure.ac,
	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
	etc/sudo.pp, include/compat/getaddrinfo.h, include/sudo_event.h,
	include/sudo_util.h, lib/util/fnmatch.c, lib/util/getaddrinfo.c,
	lib/util/regress/vsyslog/vsyslog_test.c, logsrvd/logsrvd.c,
	plugins/audit_json/audit_json.c,
	plugins/python/example_debugging.py,
	plugins/python/regress/check_python_examples.c,
	plugins/python/regress/testhelpers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c, plugins/sudoers/parse.h,
	plugins/sudoers/pwutil.h,
	plugins/sudoers/regress/cvtsudoers/test30.sh, scripts/mkdep.pl,
	src/exec.c, src/exec_monitor.c, src/exec_pty.c, src/sesh.c:
	Apply spelling fixes. Fixes from PR #30 (ka7) and Bug #925
	(fossies.org codespell)
	[1fb13dc3991b]

2020-05-05  Todd C. Miller

	* Makefile.in, etc/sudo-python.pp:
	Use the proper python version in the libpython dependency on Debian.
	The configure script already detects the python version, we just
	need to use it.
	[4e49c53f206f]

	* plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ja.mo,
	po/ja.po, po/sv.mo, po/sv.po:
	Updated translations from translationproject.org
	[abdb2d6fe7cb]

	* NEWS:
	Bug #922 and Bug #923
	[7a77f74c436f]

2020-05-04  Todd C. Miller

	* etc/sudo.pp:
	Fix Debian ldap dependency broken in last commit.
	[4980b1b653ef]

	* etc/sudo.pp:
	Fix "make package" on Debian when linux_audit is not set.
	[a00d7dec5821]

	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
	include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
	lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/sudoers/iolog_client.c:
	Add a ClientHello message that client sends to the server. This
	makes it easier to detect a plaintext client sending to a TLS port.
	Without this, the TLS server will be silent as it waits for the
	client to initiate the TLS connection.
	[22c033bcf456]

	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
	Better error messages when there is a problem with the TLS
	connection. If SSL_read, SSL_write or SSL_connect fails we can use
	the reason string to let the user know what the problem is.
	[92f603e37e40]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	logsrvd/logsrvd_conf.c:
	Make the default certificate and key paths match the example file.
	[f642836bfcf0]

	* logsrvd/logsrvd.c, plugins/sudoers/iolog_client.c:
	Warn about tls errors during startup so the user has a clue. We
	write messages to stderr until we become a daemon.
	[25ad61aa7dab]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, include/log_server.pb-c.h,
	lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
	logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Remove the tls parameter from the ServerHello message. The TLS
	connection is now initiated before ServerHello is received.
	[9d8b76f14cda]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h,
	plugins/sudoers/policy.c:
	Adapt sudoers iolog client to log server dual port changes. The TLS
	handshake now occurs before the ServerHello message is read. This
	fixes potential man-in-the-middle attacks and works better with TLS
	1.3.
	[8137b029a3fe]

	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
	doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf, logsrvd/logsrv_util.h,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/sendlog.c:
	Use port 30343 for plaintext and port 30344 for TLS. For TLS
	connections we now do the TLS handshake immediately before the
	ServerHello message. This lets the client recieve an alert from the
	server is there is a handshake error after the TLS connect has
	succeeded. It also means that the contents of the ServerHello are
	protected from a man-in-the-middle attack.
	[bb4d8b57b3dd]

	* include/sudo_util.h, lib/util/host_port.c,
	lib/util/regress/host_port/host_port_test.c, logsrvd/logsrvd_conf.c,
	plugins/sudoers/iolog_client.c:
	Add support for a tls flag in sudo_parse_host_port(). If the string
	"(tls)" appears at the end, the tls flag is set to true and the
	default tls port is used if necessary.
	[f0d9a225cd75]

	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
	Plug memory leaks in sudo_sendlog
	[886254bcae6a]

	* lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
	Handle EAGAIN like we do ENOMEM from poll() and select(). On some
	systems, poll() and select() can return EAGAIN instead of ENOMEM if
	there is a kernel resource shortage. In this case we just re-enter
	the event loop and retry.
	[048df2548dcc]

2020-05-03  Todd C. Miller

	* configure, configure.ac:
	Use the --embed when running "python3-config --ldflags" if
	supported. Newer versions of python3-config only include libpython
	in the output when the --embed is used. Otherwise, "python3-config
	--libs" and "python3-config --ldflags" only list the libraries
	python is dependent on and not the python library itself.
	[d90dc892c726]

2020-04-30  Todd C. Miller

	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
	On error, remove the connection with an error without freeing the
	closure. Fixes the final message at the end when there is a network
	error.
	[0e1952eb707b]

	* lib/util/event_poll.c:
	Do not call poll(2) or ppoll(2) with nfds > RLIMIT_NOFILE. Both
	poll(2) and ppoll(2) will return EINVAL if the nfds function
	argument is larger than the max files per process resource limit.
	Prevent this by limiting the max number entries in the pfds[] array
	to the RLIMIT_NOFILE soft limit.
	[ab0f798bb024]

2020-04-29  Todd C. Miller

	* include/sudo_event.h, lib/util/event.c:
	The timeout parameter of sudo_ev_add() should be const.
	[de85c8897aad]

2020-04-28  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Don't free TLS on error in tls_init(), it is freed in
	client_closure_free(). Fixes a double free on error introduced with
	the TLS state cleanup in client_closure_free().
	[f1b478f2ec13]

	* logsrvd/logsrvd.c:
	Check for tls_config->dhparams_path being non-NULL before using it.
	[09348a25bfd2]

2020-04-23  Todd C. Miller

	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in:
	Document the TLS and test options.
	[e5f6b6c46c25]

	* logsrvd/sendlog.c:
	Allow -t option even without OpenSSL Also add -t to the usage
	message
	[d874c9a67ed6]

	* logsrvd/sendlog.c:
	Use sudo_strtonum() instead of relying on strtoll(). Older, pre-C99,
	systems may not include strtoll() in their C library.
	[a1a610bbe022]

	* include/protobuf-c/protobuf-c.h:
	Allow this to build on systems without stdint.h by using config.h.
	Old, pre-C99, systems may have inttypes.h but not stdint.h.
	[72e603875b82]

2020-04-22  Todd C. Miller

	* etc/sudo-logsrvd.pp, scripts/pp:
	Fix support for pp_systemd_disabled and check for systemd existence.
	On our build schroots we don't have systemctl installed but do have
	the /etc/systemd and /lib/systemd (or /usr/lib/systemd) directories.
	[93917f4130b0]

	* etc/sudo-logsrvd.pp:
	Set pp_macos_service_id instead of
	pp_macos_default_service_id_prefix. It is only effective to set
	pp_macos_default_service_id_prefix in the indivisual %service
	sections (and not %set) so we may was well use pp_macos_service_id
	which includes the service name.
	[84ccf13e7076]

	* etc/sudo-logsrvd.pp:
	Set launchd service id prefix to "ws.sudo." The default value in
	PolyPkg is "com.quest.rc."
	[eb581d74573e]

	* scripts/pp:
	Fix macOS package creation.
	[556c0051c0fc]

2020-04-21  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Shut down the TLS connection cleanly in client_closure_free(). Also
	free the SSL data which is part of the client closure.
	[258ec8832cbd]

	* src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
	src/sudo.h, src/sudo_edit.c, src/sudo_exec.h:
	Fix sudoedit when running with SELinux RBAC mode. We can't use
	run_command() to run sesh, that will use the sudo event loop (and
	might run it in a pty!). There's no need to relabel the tty when
	copying files. Get the path to sesh from sudo.conf.

	Currently, for SELinux RBAC, the editor runs with the target user's
	security context. This defeats the purpose of sudoedit. Fixing that
	requires passing file descriptors between the main sudo process
	(running with the invoking user's security context) and sesh
	(runnning with the target user's security context).
	[81c9ec600894]

	* MANIFEST, src/Makefile.in, src/copy_file.c, src/sesh.c,
	src/sudo_edit.c, src/sudo_exec.h:
	Refactor the sudoedit code to copy files so it can be shared. The
	SELinux sudoedit code now extends the destination file the same way
	the non-SELinux version does.
	[82c44299309e]

	* src/sudo_edit.c:
	Do not remove sudoedit temporary files if we cannot overwrite the
	real file. The warning message says the files were preserved but
	they actually got removed.
	[685f2de6bb2e]

	* include/compat/glob.h, lib/util/glob.c:
	Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match
	POSIX.
	[c3586082d3ea]

	* scripts/pp:
	Only remove the systemd unit service file if we copied it manually.
	If the service file was installed as part of the package it will be
	removed automatically when the package is uninstalled.
	[e98e1493c5bf]

2020-04-20  Todd C. Miller

	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in:
	Document TLS settings in ServerHello
	[22ae16f41585]

2020-04-17  Todd C. Miller

	* src/sudo_edit.c:
	Extend the original file before to the new size before updating it.
	Instead of opening the original file for writing w/ tuncation, we
	first extend the file with zeroes (by writing, not seeking), then
	overwrite it. This should allow sudo to fail early if the disk is
	out of space before it overwrites the original file.
	[aef4db03e9e1]

	* src/sudo.c:
	I/O log plugins should be closed *before* the policy plugin, not
	after.
	[dec6fccf63d4]

	* plugins/sudoers/set_perms.c:
	Fix typo
	[82b0efbb6c26]

	* plugins/sudoers/iolog.c:
	Only display error string once on I/O error. We already include the
	error string in the format so no need to use errno too.
	[59795855d6a2]

	* plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
	Free passwd and group caches in I/O plugin after log_warning(), not
	before. The logging functions may try to use the cache via
	set_perms(PERM_ROOT).
	[652b925b9658]

2020-04-17  Laszlo Orban

	* logsrvd/logsrvd.c:
	add missing shudown of TLS connection
	[14b25a0f4f6b]

2020-04-16  Todd C. Miller

	* etc/sudo-logsrvd.pp, scripts/pp:
	Disable systemd support on Linux systems that don't use it.
	[3c01c91dbfb2]

2020-04-14  Todd C. Miller

	* configure, configure.ac:
	1.9.0 final
	[acf3b4592384]

	* etc/sudo-logsrvd.pp, scripts/pp:
	Update PolyPkg from my branch with systemd support.
	[a7a487496209]

2020-04-09  Todd C. Miller

	* plugins/python/example_conversation.py,
	plugins/python/example_io_plugin.py, plugins/python/regress/testdata
	/check_example_io_plugin_fails_with_python_backtrace.stdout:
	If the signal.Signals enum is not present, search the dictionary.
	The Signals enum was added in Python 3.5. If it is not present we
	need to iterate over the dictionary items, looking for signal name
	to number mappings. Fixes the signal tests with Python 3.4.
	[22811794ed46]

	* plugins/python/regress/check_python_examples.c,
	plugins/python/sudo_python_module.c:
	Python dictionaries are sparse so we cannot use pos as an index.
	When converting sudo options from a dictionary to a tuple we need to
	track the current index into the tuple separately from the position
	of the dictionary entry.
	[07cb8a0c7f21]

2020-04-08  Todd C. Miller

	* etc/sudo-logsrvd.pp:
	Fix handling of /etc/sudo_logsrvd.conf in the sudo-logsrvd package.
	For rpm and deb we include the file directly and mark it volatile.
	For all others we copy it in the postinstall script from the example
	dir if the file doesn't already exist.
	[83264a96b923]

	* scripts/mkpkg:
	Check for the Sun Studio C compiler on Solaris under /opt. Also
	intialize with_python to false.
	[52e28d55f9a6]

	* po/sudo.pot:
	regen
	[faaacb7777d4]

	* lib/util/parseln.c:
	Explicitly include stdio.h for getdelim(3)
	[3b0bff3ef388]

	* logsrvd/logsrvd.c:
	Reload sudo.conf upon SIGUP This makes it possible to update the
	Debug settings in sudo.conf and have them take effect on reload.
	[9fb7baf9a3ad]

	* logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/sudoers/iolog_client.c:
	Store the result of ERR_get_error() so we can use it for both warn
	and debug. Otherwise, only the debug framework gets the actual error
	and the user won't see the problem.
	[039565f16d13]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	Disable IPv4-mapped IPv6 addresses in the listener. Also store the
	host + port string and use it in error messages.
	[3fbac477ef6b]

	* configure, configure.ac, examples/Makefile.in:
	Install the example sudo_logsrvd.conf unless one already exists
	[89c41b936c44]

2020-04-07  Todd C. Miller

	* examples/sudo_logsrvd.conf:
	Make the path to logsrvd_cert.pem match the documentation.
	[b2a45e7c9cdb]

	* etc/sudo-logsrvd.pp, logsrvd/logsrvd.c:
	Create the pid file parent directory if it doesn't already exist.
	Also package the run directory in the sudo_logsrvd PolyPkg file.
	[ac8b573e8545]

	* configure, configure.ac:
	Sudo 1.9.0rc1
	[7d437646afc2]

	* MANIFEST:
	Include all python plugin files in MANIFEST, not the directory
	itself.
	[4aa09dd70b9e]

	* plugins/python/example_approval_plugin.py,
	plugins/python/example_audit_plugin.py,
	plugins/python/example_group_plugin.py,
	plugins/python/example_io_plugin.py,
	plugins/python/example_policy_plugin.py, plugins/python/regress/test
	data/check_example_io_plugin_fails_with_python_backtrace.stdout:
	Avoid using typing annotations so tests run with Python 3.4.
	[88b7048bc4a6]

	* plugins/python/python_plugin_common.c, plugins/python/regress/testda
	ta/check_loading_fails_missing_classname.stderr:
	Sort the list of possible plugins before printing it. This gives
	more reproducible error messages for the tests.
	[ea33f4970268]

	* plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
	check_example_group_plugin_is_able_to_debug.log, plugins/python/regr
	ess/testdata/check_example_io_plugin_command_log.stored, plugins/pyt
	hon/regress/testdata/check_example_io_plugin_command_log_multiple1.s
	tored, plugins/python/regress/testdata/check_example_io_plugin_comma
	nd_log_multiple2.stored, plugins/python/regress/testdata/check_examp
	le_io_plugin_failed_to_start_command.stored, plugins/python/regress/
	testdata/check_example_io_plugin_fails_with_python_backtrace.stderr,
	plugins/python/regress/testdata/check_loading_fails_wrong_path.stder
	r, plugins/python/regress/testdata/check_multiple_approval_plugin_an
	d_arguments.stdout, plugins/python/regress/testdata/check_python_plu
	gins_do_not_affect_each_other.stdout,
	plugins/python/regress/testhelpers.h:
	Use regular expressions when matching expected and actual text.
	[f2562728481a]

	* plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
	check_example_debugging_c_calls@info.log, plugins/python/regress/tes
	tdata/check_example_debugging_plugin@info.log,
	plugins/python/regress/testhelpers.c:
	Use regex to match __init__.py instead of hacking it in
	verify_log_lines()
	[8bf71289e585]

	* plugins/python/pyhelpers.c, plugins/python/python_plugin_common.c,
	plugins/python/regress/check_python_examples.c,
	plugins/python/regress/iohelpers.c,
	plugins/python/regress/plugin_approval_test.py, plugins/python/regre
	ss/testdata/check_example_debugging_c_calls@diag.log, plugins/python
	/regress/testdata/check_example_debugging_c_calls@info.log, plugins/
	python/regress/testdata/check_example_debugging_py_calls@diag.log, p
	lugins/python/regress/testdata/check_example_debugging_py_calls@info
	.log, plugins/python/regress/testdata/check_example_policy_plugin_va
	lidate_invalidate.log, plugins/python/regress/testdata/check_loading
	_fails_wrong_classname.stderr, plugins/python/regress/testdata/check
	_multiple_approval_plugin_and_arguments.stdout,
	plugins/python/regress/testhelpers.h:
	Make most python tests pass with Python 3.4 Dictionary order is not
	stable in Python < 3.6 so we need to sort by key to have consistent
	results. The LogHandler output is also different on older Python
	versions. Also, don't stop running python tests after the first
	error.
	[aaa06cb5fac1]

	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Increase the maximum delay again for slower systems. Otherwise we
	may get a spurious test failure.
	[6660908aa93d]

	* plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
	scripts/mkdep.pl:
	Handle dependencies for .h files in the same directory as the
	source. Fixes missing header dependencies for the sudoers and python
	plugins.
	[3109dd5cf61e]

	* etc/sudo.pp:
	Remove bits for Tru64 kit-style packages
	[0e9a9580d76c]

	* MANIFEST, Makefile.in, configure, configure.ac, etc/sudo-logsrvd.pp,
	etc/sudo-python.pp, etc/sudo.pp:
	Split sudo_logsrvd and the python plugin into their own packages.
	[9aee8247f0ba]

	* scripts/mkpkg:
	Build python packages where possible.
	[7a2b993bb8ac]

2020-04-06  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Don't pass a NULL submitcwd or ttyname value to the server. It is
	possible for the cwd and/or tty to be missing. If we send a NULL
	pointer to the server where it expects a string the AcceptMessage
	will fail to parse.
	[4f96d1c6e41c]

	* include/sudo_plugin.h:
	Disable -Wstrict-prototypes for sudo_hook_fn_t typedef.
	[15d2a1332865]

	* plugins/python/python_plugin_common.c:
	Fall back to using Py_Finalize() for Python version < 3.6
	[e7ad63e57c79]

2020-04-06  Robert Manner

	* logsrvd/eventlog.c:
	logsrvd/eventlog.c: add a newline after each log message for logfile
	output
	[457f77b8f3be]

	* lib/iolog/iolog_fileio.c:
	lib/iolog/iolog_fileio.c: do not call fchown on invalid fd

	Fixes the warning in the log: iolog_write_info_file_json: unable to
	fchown 0:0 /var/log/...: Bad file descriptor
	[bccdaf007db8]

	* logsrvd/iolog_writer.c:
	logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually
	==root)
	[5a7c447e9619]

2020-04-05  Todd C. Miller

	* po/eo.mo, po/eo.po, po/sr.mo, po/sr.po:
	Updated translations from translationproject.org
	[6e47dbfdba2c]

2020-04-03  Todd C. Miller

	* examples/Makefile.in:
	Install example sudo_logsrvd.conf file
	[c1c6f4c8119d]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Make it clear in the sudoers grammar that sudoedit needs file args.
	Debian bug #571621
	[b6358b602623]

2020-04-02  Todd C. Miller

	* NEWS:
	Fixed Debian bugs #571621, #596631 and #669687
	[6058c1c46739]

	* doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/env.c:
	Truncate the command args at 4096 chars when formatting
	SUDO_COMMAND. We have to limit the length of SUDO_COMMAND to avoid
	getting E2BIG from execve(2) for very long argument vectors. The
	command's environment also counts against the ARG_MAX limit. Debian
	bug #596631
	[ff1fa8e3377f]

	* plugins/sudoers/auth/pam.c:
	Do not try to delete creds we did not set. If pam_setcred() fails
	when opening the PAM session, we don't want to call it with
	PAM_DELETE_CRED when closing the session.
	[c31039431c46]

2020-04-01  Todd C. Miller

	* plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c,
	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
	plugins/sudoers/sudoers.h:
	Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
	This is used for PAM authentication to make sure pam_end() is called
	via sudo_auth_cleanup() when the user authenticates successfully but
	sudoers denies the command. Debian bug #669687
	[98cb9d98f547]

	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Increase the maximum delay for slower systems. Otherwise we may get
	a spurious test failure.
	[e4c1fffd427c]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	Document when cwd_optional was added.
	[165447e1d7fa]

2020-03-31  Todd C. Miller

	* NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	plugins/sudoers/policy.c, src/exec.c, src/sudo.c, src/sudo.h:
	Add cwd_optional to command details and enable it in the sudoers
	plugin. If cwd_optional is set to true, a failure to set the cwd
	will be a warning, not an error, and the command will still run.
	Debian bug #598519
	[a6694704d92f]

	* doc/sudo.man.in, doc/sudo.mdoc.in:
	The policy close function is responsible for closing the PAM
	session.
	[db4af211ff75]

	* .clang-format:
	Config file for clang-format 8.x and higher based on webkit style.
	This approximates what I want the sudo coding style to look like.
	Only deviations from webkit style are included.
	[d3ec3a8401cf]

	* src/exec_pty.c:
	Don't kill the command just because the loop exited unexpectedly. We
	currently have no good way to distinguish between an error executing
	the command and an error while the command is running.

	In the future, we should have additional status codes so we can tell
	what type of condition caused the loop to exit.

	For now, only kill the command if cstat is left uninitialized.
	[9492d60783fe]

2020-03-29  Todd C. Miller

	* logsrvd/logsrvd.c:
	Write process ID as an unsigned int (with a cast). On Solaris, pid_t
	may be typedef'd as a long but the actual range is 32 bits at most.
	[b9a818d77142]

	* doc/LICENSE:
	Add license info for a few other files. These are all ISC licensed
	but it is still best to have them all listed in one place.
	[dd37dc484ea5]

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/ca.mo,
	po/ca.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, po/eo.mo,
	po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/hr.mo,
	po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo,
	po/ko.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt.mo,
	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo,
	po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[58d62352abff]

	* lib/util/getusershell.c, lib/util/host_port.c, lib/util/roundup.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
	logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, logsrvd/sendlog.h,
	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
	Some new source files got created with my old email address.
	[ede435f55f5c]

	* .gitignore, .hgignore:
	Ignore __pycache__ directories.
	[5901cfb35a74]

	* include/sudo_iolog.h, lib/iolog/iolog_util.c, logsrvd/sendlog.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoreplay.c:
	iolog_parse_loginfo() now opens the log file itself.
	[bf03f505fc94]

	* include/sudo_iolog.h, lib/iolog/Makefile.in,
	lib/iolog/iolog_fileio.c, lib/iolog/iolog_util.c,
	logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/iolog.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoreplay.c:
	Write an extended I/O info log in JSON format. This will be used by
	sudoreplay if it exists to get more information about the command
	being replayed.
	[5fc89148c214]

	* MANIFEST, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	include/sudo_iolog.h, lib/iolog/Makefile.in, lib/iolog/iolog_json.c,
	lib/iolog/iolog_util.c, plugins/sudoers/sudoreplay.c:
	Parse I/O JSON info file in JSON if present. The JSON version
	includes more information than the original "log" file in the I/O
	log dir.
	[269ae210ea34]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.h:
	Store runenv in the I/O log info file too.
	[15f90fb3748f]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Create files for check_iolog_plugin in the build dir, not src dir.
	[bdaea95b47fc]

	* include/sudo_json.h, lib/iolog/iolog_fileio.c, lib/util/json.c,
	logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
	plugins/audit_json/audit_json.c:
	Do not use JSON_ARRAY with sudo_json_add_value()
	[c74b75adb90f]

	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_json.c,
	lib/iolog/iolog_json.h,
	lib/iolog/regress/iolog_json/check_iolog_json.c,
	lib/iolog/regress/iolog_json/test1.in,
	lib/iolog/regress/iolog_json/test2.in,
	lib/iolog/regress/iolog_json/test2.out.ok,
	lib/iolog/regress/iolog_json/test3.in, lib/util/json.c:
	Add tests for the simple json parser.
	[9ede5000f4c7]

	* lib/iolog/iolog_json.c:
	Simply the JSON parsing code a bit. We can use a single stack for
	nested objects and arrays. There is also no need to track the
	current object and array separately. This allows us to remove the
	array special case when assigning a value.
	[4a34e528d9f0]

	* NEWS:
	Update NEWS for 1.9.0b5 changes
	[bf8db62788d3]

	* logsrvd/logsrvd.c:
	sudo_logsrvd now exits with an error if it cannot open any listen
	sockets.
	[47a22f71e286]

	* configure, doc/sudo_logsrvd.conf.man.in,
	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
	doc/sudo_logsrvd.mdoc.in, examples/sudo_logsrvd.conf,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	m4/sudo.m4, pathnames.h.in:
	Create a pidfile for sudo_logsrvd when not run with the -n flag.
	[9f1b8edff6cc]

	* etc/sudo.pp:
	Add sudo_logsrvd as a service so it gets started at boot.
	[d2ac9eb87dbf]

	* plugins/sudoers/po/sudoers.pot:
	Update sudoers.pot with json parser warnings.
	[2b277f799d2e]

2020-03-19  Todd C. Miller

	* scripts/mkpkg:
	Enable OpenSSL on systems that can support it.
	[976370b9d9db]

2020-03-17  Todd C. Miller

	* config.h.in, configure, configure.ac, logsrvd/logsrvd.c:
	Add configure check for SSL_CTX_get0_certificate(). Dummy out
	verify_server_cert() if it is not present to allow building on older
	OpenSSL versions. Rewriting this to work with old OpenSSL is not
	worth the trouble.
	[61349d2533fe]

	* lib/iolog/hostcheck.c:
	Include stdlib.h for malloc(3) prototype. We shouldn't rely on it to
	be implicitly included via OpenSSL headers.
	[9f4f7d3d3662]

2020-03-16  Todd C. Miller

	* plugins/sudoers/policy.c:
	Only set errstr for plugin API version 1.15 and above.
	[780722091e9f]

2020-03-14  Todd C. Miller

	* NEWS:
	Sudo 1.8.31p1
	[40629e6fd692]

	* src/limits.c:
	Ignore a failure to restore the RLIMIT_CORE resource limit. Linux
	containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
	if we set the limit to zero, even for root. This is not a problem
	outside the container.
	[1064b906ca68]

2020-03-12  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[72ca06a294b4]

	* include/sudo_event.h, lib/util/event.c:
	Add SUDO_EV_MASK to mask off invalid event values. Now used by
	sudo_ev_init() to avoid bogus events.
	[10a5d1afa1c9]

2020-03-11  Todd C. Miller

	* plugins/python/regress/iohelpers.c,
	plugins/python/regress/testhelpers.c:
	Avoid using sprintf(), vsprintf(), strcat(), and strncat(). It is
	less error-prone to use functions with a return value that indicates
	when truncation ocurred.
	[21938a3b1548]

	* plugins/sudoers/match_digest.c:
	Work around two Coverity false positives; CID 208813 208815
	[389bf3749ed2]

	* logsrvd/logsrvd.c:
	Fix potential use-after-free; Coverity CID 208814
	[e575532efe35]

	* plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
	check_example_debugging_c_calls@info.log, plugins/python/regress/tes
	tdata/check_example_debugging_plugin@info.log,
	plugins/python/regress/testhelpers.c:
	Don't hard-code path to logging/__init__.py or line numbers. Allows
	python plugin tests to success on versions other than 3.7.
	[659d3d3fcb8b]

	* doc/LICENSE:
	Add copyright for the Python bindings.
	[cc64df1f85f2]

	* plugins/sudoers/match_command.c:
	Fix typo introduced on systems with O_PATH or O_EXEC
	[e8fea3eabf99]

	* NEWS:
	Update for sudo 1.9.0
	[39158cb4af26]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/match.c, plugins/sudoers/match_command.c,
	plugins/sudoers/regress/sudoers/test14.in,
	plugins/sudoers/regress/sudoers/test14.json.ok,
	plugins/sudoers/regress/sudoers/test14.ldif.ok,
	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test14.out.ok,
	plugins/sudoers/regress/sudoers/test14.toke.ok,
	plugins/sudoers/sudoers_version.h:
	Allow the ALL keyword to be specified with a digest list.
	[9856ed3cde7f]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
	plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
	plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test14.in,
	plugins/sudoers/regress/sudoers/test14.json.ok,
	plugins/sudoers/regress/sudoers/test14.ldif.ok,
	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test14.out.ok,
	plugins/sudoers/regress/sudoers/test14.toke.ok,
	plugins/sudoers/sudo_ldap.h:
	Allow a list of digests to be specified for a command.
	[e0e9ecee870b]

	* plugins/sudoers/ldap_util.c, plugins/sudoers/parse_ldif.c:
	A struct member of type ALL should have its name field set to NULL.
	[484b9af004af]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Allow Cmd_Alias in addition to Cmnd_Alias. Some people find using
	Cmd_Alias more natural.
	[55edb5057091]

2020-03-01  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
	Add pam_ruser and pam_rhost sudoers flags.
	[b1d494440004]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
	logsrvd/sendlog.h:
	Store the event base in the client closure. Explicitly passing the
	event base removes the need to set a default base.
	[0e4ae8d810f8]

	* plugins/sudoers/iolog.c:
	Revert change to initialize io_operations earlier. Instead, check
	io_operations.open for NULL which is the case for "sudo -V". Also
	move the early return in sudoers_io_open() for "sudo -V" until after
	we have initialized debugging.
	[0e9e7a99725d]

2020-02-28  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Initialize io_operations earlier.
	[ab235d88f8ae]

2020-02-27  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Mark up some remaining TODOs
	[847c9328a7b5]

	* src/conversation.c:
	Sudo's -S option should override the SUDO_CONV_PREFER_TTY flag.
	[f5737b68c0bf]

	* plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c,
	plugins/python/sudo_python_module.c:
	Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__
	[db4f5d7c200e]

2020-02-27  Robert Manner

	* plugins/python/example_debugging.py, plugins/python/regress/testdata
	/check_example_debugging_c_calls@diag.log, plugins/python/regress/te
	stdata/check_example_debugging_c_calls@info.log, plugins/python/regr
	ess/testdata/check_example_debugging_plugin@err.log, plugins/python/
	regress/testdata/check_example_debugging_plugin@info.log:
	plugins/python/regress: add a test and example of using the python
	logger
	[ed23b3ba375f]

	* MANIFEST, doc/sudo_plugin_python.man.in,
	doc/sudo_plugin_python.mdoc.in, plugins/python/Makefile.in,
	plugins/python/python_baseplugin.c,
	plugins/python/python_convmessage.c,
	plugins/python/python_importblocker.c,
	plugins/python/python_loghandler.c,
	plugins/python/python_plugin_common.c,
	plugins/python/sudo_python_module.c,
	plugins/python/sudo_python_module.h:
	plugins/python/sudo_module: add sudo.LogHandler

	so python log system can be used with sudo logsystem. Loggers use it
	by default (the handler is set on the root logger). If that is not
	the intent, it can be overridden explicitly.
	[45b8902ce188]

2020-02-26  Todd C. Miller

	* INSTALL, Makefile.in, config.h.in, configure, configure.ac,
	lib/iolog/iolog_fileio.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h, plugins/sudoers/sudoers.c:
	Add --disable-log-server and --disable-log-client configure options.
	These can be used to optionally disable building sudo_logsrvd and
	support for remote I/O logging in the sudoers plugin respectively.
	[bc802e022f22]

2020-02-26  Robert Manner

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
	plugins/python/python_plugin_common.c,
	plugins/python/regress/check_python_examples.c, plugins/python/regre
	ss/testdata/check_loading_fails_missing_classname.stderr, plugins/py
	thon/regress/testdata/check_loading_succeeds_with_missing_classname.
	stdout:
	plugins/python: autodetect ClassName field

	If "ClassName" is not specified, load the one and only sudo.Plugin
	from the module (if so), otherwise display which plugins are
	available from which the system admin can choose.
	[b9dbbf1b6e97]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
	plugins/python/Makefile.in, plugins/python/python_plugin_common.c:
	plugins/python/plugin_common: add a default search path for python
	plugins

	If the ModulePath is relative, assume it is under
	"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in
	a "python" subdirectory.
	[5f75db882754]

	* plugins/python/regress/check_python_examples.c, plugins/python/regre
	ss/testdata/check_example_audit_plugin_version_display.stdout, plugi
	ns/python/regress/testdata/check_example_debugging_py_calls@info.log
	, plugins/python/regress/testdata/check_example_io_plugin_version_di
	splay_full.stdout, plugins/python/regress/testdata/check_example_pol
	icy_plugin_version_display_full.stdout, plugins/python/regress/testd
	ata/check_multiple_approval_plugin_and_arguments.stdout:
	plugins/python/regress: update tests for show_version changes

	- plugin->show_version is not marked NULL any more.
	- if verbose, it also displays which python class was loaded from
	which file
	[e30a1e43e3c2]

	* plugins/python/python_plugin_approval.c,
	plugins/python/python_plugin_audit.c,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python: make show_version display the plugin in verbose mode

	Before it only displayed the plugin version, now it also displays
	which python plugin is loaded to be more useful.
	[8c94175ead70]

	* plugins/python/python_plugin_approval.c,
	plugins/python/python_plugin_common.c:
	plugins/python/approval: fix show_version crash when it is not
	implemented

	For approval plugins show_version is not optional.
	[61f6b4679d6b]

2020-02-24  Todd C. Miller

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
	Avoid calling sudoers_policy_exec_setup() on error. We only want to
	pass the execution environment back for commands that are accepted
	or rejected. Also avoid potentially freeing the wrong pointer when
	garbage collection is enabled.
	[a3a202e89951]

2020-02-22  Todd C. Miller

	* logsrvd/eventlog.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	Open event log at config time instead of open/close for each entry.
	If logging via syslog, do the openlog() at config time instead. We
	still lock the log file prior to writing to it but unlock
	immediately after.
	[3236bd001160]

	* lib/util/locking.c:
	Fix unlocking of an entire file with lockf(). Since lockf() uses the
	files's current offset, we need to seek to the start of the file to
	unlock the entire file.
	[e415af1de6ca]

2020-02-21  Robert Manner

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: add approval plugin to supported plugins
	[5034917e6902]

2020-02-20  Todd C. Miller

	* lib/util/util.exp.in:
	Add sudo_json_free_v1 to symbol exports file too.
	[0a91a2986952]

	* lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	Regenerate dependencies to match the recent JSON changes.
	[5da86c77629c]

	* plugins/python/python_convmessage.c:
	Add missing check for calloc(3) failure.
	[589c32ff2cf1]

2020-02-19  Robert Manner

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: document approval plugin and PluginReject
	[9e61203dcb8d]

	* plugins/python/sudo_python_module.c:
	plugins/python/sudo_python_module.c: remove unused declaration

	We do not use structsequence any more.
	[a5570ba5ad8b]

2020-02-18  Todd C. Miller

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Re-register listeners on SIGHUP. Previously, a config reload would
	refresh the listener address list but the changes had no effect on
	the actual addresses being listened on.
	[c1c0ada6c594]

	* logsrvd/logsrvd.c:
	Fix compilation error when not built with OpenSSL support. Adds a
	missing #ifdef HAVE_OPENSSL and reorders code to avoid the need for
	a static init_tls_server_context() prototype.
	[976c469eeb57]

2020-02-18  Robert Manner

	* plugins/python/python_plugin_common.c:
	plugins/python: restore the original python inittab after
	interpreter deinit
	[b78a5d995de9]

2020-02-17  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	include/sudo_json.h, lib/util/json.c, logsrvd/eventlog.c:
	Add support for JSON structured logging using syslog. Note that
	depending on the system, the default syslog buffer may not be large
	enough to store all the logging data.
	[15a6667b1198]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	examples/sudo_logsrvd.conf, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	Add support for JSON logging in sudo_logsrvd.
	[8b013b899e3b]

	* include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in,
	plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/regress/sudoers/test10.json.ok,
	plugins/sudoers/regress/sudoers/test9.json.ok:
	Rework the JSON API to write to a memory buffer, not a stdio stream.
	[ec4e4053e95e]

	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
	Fix support for reloading the config in sudo_logsrvd. We need to re-
	initialize the TLS server context. Also fix a memory leak of the TLS
	parameters on reload.
	[c4ca45502f3e]

2020-02-17  Robert Manner

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
	plugins/python/python_plugin_common.c,
	plugins/python/regress/check_python_examples.c, plugins/python/regre
	ss/testdata/check_example_debugging_load@diag.log,
	plugins/python/regress/testhelpers.c:
	plugins/python: only deinit interpreters when sudo unlinks the
	plugin

	This only happens when sudo unloads the last python plugin. The
	reason doing so is because there are some python modules which does
	not support importing them again after destroying the interpreter
	which has imported them previously.

	Another solution would be to just leak the interpreters (let the
	kernel free up), but then there might be some python resources like
	open files would not get cleaned up correctly if the plugin is badly
	written.

	Tests are meant to test the scenario sudo does, so I have modified
	them to generally do not unlink but only a few times (~per plugin
	type) so it does not use 48 interpreters (one gets started on every
	plugin->open) and it is visible at least which type of plugin fails
	deinit if there is an error.
	[13cdead652aa]

	* plugins/python/python_plugin_common.c,
	plugins/python/sudo_python_debug.c:
	plugins/python/debug: adapt debug refcount solution of sudoers
	plugin
	[dc815e383c39]

2020-02-16  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	The environment in the accept message is runenv not submitenv. The
	I/O logging plugin is passed the environment the command will run
	with, not the user's original environment.
	[b3e1ee513001]

2020-02-15  Todd C. Miller

	* include/sudo_compat.h, lib/iolog/iolog_fileio.c,
	plugins/audit_json/audit_json.c, src/utmp.c:
	Add compatibility define for fseeko(3). This is better than
	cluttering up the code with #ifdefs for obsolete systems.
	[a9123f768fe0]

2020-02-14  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/testsudoers/test8.out.ok,
	plugins/sudoers/regress/testsudoers/test8.sh:
	Add test for #include directive without a trailing newline.
	[dfcfad5c7c41]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Don't require a newline at the end of include or includedir
	directives.
	[3d6aa5531609]

2020-02-14  Robert Manner

	* plugins/python/regress/testhelpers.c:
	plugins/python/regress/testhelpers.c: replace fromisoformat

	fromisoformat is only supported from python >=3.7
	[86bf6de82376]

2020-02-13  Robert Manner

	* plugins/python/python_plugin_common.h,
	plugins/python/sudo_python_module.c:
	plugins/python: add missing annotations to help cpychecker
	[fd66659bd681]

	* plugins/python/python_plugin_common.c:
	plugins/python/python_plugin_common.c: release py_args in close

	even if the arguments are not used (eg. when there is no "close"
	call in the plugin).

	It was not really a memleak, because interpreter is deinitialized
	anyway, which frees the object.
	[5de8c111d40d]

	* plugins/python/python_plugin_approval.c:
	plugins/python/python_plugin_approval: fix negative ref count

	The python_plugin_api_rc_call function already decrements the
	refcount of py_args. Python avoids the double free, but the error
	gets shown if using python debug build.
	[4370af5b9092]

2020-02-12  Robert Manner

	* plugins/python/regress/check_python_examples.c:
	plugins/python/regress: still some memleak fix
	[c60050b79a5e]

	* plugins/python/python_plugin_audit.c,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python: make storing errstr more explicit

	The error is always stored in plugin_ctx, but it is only set into
	errstr if the API version is enough. (Previously it worked the
	opposite: we only stored the error if API level was enough.)
	[5b4fa733c876]

	* plugins/python/regress/check_python_examples.c:
	plugins/python/regress: strengthen errstr verification

	Tests did not catch the issue where errstr was not set correctly,
	but its pointer contained the expected data, because the memory
	allocator reused the same space for storing the string.

	Now it is either verified to be NULL, or reset to NULL.
	[973e52ed3f68]

	* plugins/python/regress/check_python_examples.c:
	plugins/python/regress: simplify plugin option creation
	[628142f39c63]

2020-02-11  Todd C. Miller

	* include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in,
	plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c,
	plugins/sample_approval/sample_approval.c,
	plugins/sudoers/sudoers_debug.c:
	Move duplicated code to parse plugin debug flags to libsudo_util.
	There's no need for four copies of sudo_debug_parse_flags().
	[cfd9d624d8b1]

2020-02-11  Robert Manner

	* plugins/python/python_plugin_common.c,
	plugins/python/sudo_python_module.c,
	plugins/python/sudo_python_module.h:
	plugins/python/sudo_module: let a reject also supply error message

	Same as sudo.PluginError exception, have a sudo.PluginReject
	exception as well. Added common base exception as well.
	[e2e36f4778d4]

	* plugins/python/regress/check_python_examples.c,
	plugins/python/regress/plugin_approval_test.py, plugins/python/regre
	ss/testdata/check_multiple_approval_plugin_and_arguments.stderr, plu
	gins/python/regress/testdata/check_multiple_approval_plugin_and_argu
	ments.stdout, plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h:
	plugins/python/regress: add tests for approval plugin
	[31bd830a36fa]

	* MANIFEST, plugins/python/Makefile.in,
	plugins/python/python_plugin_approval.c,
	plugins/python/python_plugin_approval_multi.inc,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/sudo_python_module.c:
	plugins/python: add python approval plugin wrapper
	[489ef35ac957]

	* MANIFEST, plugins/python/Makefile.in,
	plugins/python/example_approval_plugin.py:
	plugins/python: add python approval plugin example
	[4ed865e04c0a]

2020-02-10  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/sudoers/test23.in,
	plugins/sudoers/regress/sudoers/test23.json.ok,
	plugins/sudoers/regress/sudoers/test23.ldif.ok,
	plugins/sudoers/regress/sudoers/test23.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test23.out.ok,
	plugins/sudoers/regress/sudoers/test23.sudo.ok,
	plugins/sudoers/regress/sudoers/test23.toke.ok:
	Add regress test for parsing Defaults lists. Currently only
	env_check, env_delete, env_keep and log_servers are lists.
	[dfda2dec37d3]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	Clarify that approval close happens after auditing. Also fix a few
	typos.
	[8f9fb2f0b5a7]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, plugins/sample_approval/sample_approval.c,
	src/sudo.c:
	Add open and close functions to the approval plugin API. We need a
	close function to be able to to free memory allocated for errstr.
	Unlike the other plugins, the close function is called immediately
	after the plugin's check or show_version function. The plugin does
	not remain open until the command completes.
	[6611bafc8ace]

	* plugins/audit_json/audit_json.c:
	Use unique function names to avoid confusion with front-end
	functions. Also add a missing sudo_debug_enter() after debug
	registration.
	[b127b0997ecb]

	* scripts/log2cl.pl:
	Use Text::Wrap instead of perl's built-in format function. This
	still breaks log filename incorrectly but is a step in the right
	direction.
	[2184fe794ecb]

	* Makefile.in, scripts/log2cl.pl:
	Avoid changing directory when generating the ChangeLog file.
	Instead, pass the repo path to either hg or log2cl.pl
	[736e90c9fe6d]

2020-02-10  Robert Manner

	* src/sudo.c:
	src/sudo.c: call audit plugin close when result is a wait status
	[0bfe6bc588a3]

	* Makefile.in:
	Makefile.in: fix install target for out of source build

	The scriptdir contained a path relative to where the target was
	started. The scripts are called like "$scriptdir/script_name" which
	is fine with relative path as well, until the current directory is
	not changed. But things like cd $srcdir && $scriptdir/script_name
	fails (if building in separate build directory).
	[7c0958b47925]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: document python audit plugin support
	[2a2f6227bae0]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: document returning error string
	[cf32faa3805f]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: update python manual for constant -> enum
	changes
	[e2cd8737978c]

2020-02-08  Todd C. Miller

	* lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/util/mksiglist.c, lib/util/mksigname.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c, logsrvd/logsrvd.c,
	logsrvd/sendlog.c, plugins/group_file/plugin_test.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/logging.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/tsdump.c, plugins/sudoers/visudo.c, src/exec.c,
	src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
	src/parse_args.c, src/regress/noexec/check_noexec.c:
	Use EXIT_SUCCESS and EXIT_FAILURE more consistently.
	[1b78154a35f3]

	* src/parse_args.c, src/sudo.c, src/sudo.h:
	Mark main sudo usage() function __noreturn__. This splits the usage
	printing out into display_usage().
	[400d23c2a6f1]

	* include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in,
	plugins/sudoers/cvtsudoers_json.c:
	Use json functions from libsudo_util in cvtsudoers.
	[c4316ce76fe6]

2020-02-07  Todd C. Miller

	* plugins/sample_approval/sample_approval.c:
	Check localtime() return value; coverity CID 208156
	[e2697b46f7e2]

	* plugins/audit_json/audit_json.c:
	Check fseeko() return value; coverity CID 207993
	[3abd610ae63b]

	* logsrvd/sendlog.c, logsrvd/sendlog.h:
	Make restart and elapsed members of the closure structs not
	pointers. Fixes coverity CID 207992
	[2dbace19cb6a]

	* lib/iolog/iolog_fileio.c:
	Check return value of sudo_lock_file(); coverity CID 207991
	[e2862d70dea8]

	* logsrvd/logsrvd.c:
	Only keepalive if accept() succeeded; coverity CID 207990
	[0c35e46495a2]

2020-02-06  Todd C. Miller

	* MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in,
	generate_test_coverage.sh, include/Makefile.in,
	lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
	lib/zlib/Makefile.in, log2cl.pl, logsrvd/Makefile.in, mkdep.pl,
	mkinstalldirs, mkpkg, plugins/audit_json/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in, pp,
	scripts/generate_test_coverage.sh, scripts/log2cl.pl,
	scripts/mkdep.pl, scripts/mkinstalldirs, scripts/mkpkg, scripts/pp,
	src/Makefile.in:
	Move some scripts from the top level src dir to a scripts dir.
	[0be8e958cbc2]

	* MANIFEST, plugins/sample_approval/Makefile.in,
	plugins/sample_approval/sample_approval.c,
	plugins/sample_approval/sample_approval.exp:
	Add sample approval plugin that simply tests for "business hours"
	[8005b14fd0c7]

	* Makefile.in, configure, configure.ac:
	Add sample approval plugin that simply tests for "business hours"
	[9d7370fea2c3]

	* src/load_plugins.c:
	Refactor code to alloc and insert a new plugin_container. The only
	outlier is the policy plugin which is not part of a list since there
	can only be a single policy plugin.
	[610c6e01eb0b]

	* plugins/audit_json/audit_json.c:
	Tech audit_json about approval plugin accept/reject
	[b1e568bacd87]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
	src/sudo_plugin_int.h:
	Add an approval plugin type that runs after the policy plugin. The
	basic idea is that the approval plugin adds an additional layer of
	policy. There can be multiple approval plugins.
	[2b57fac1ad0b]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	plugin documentation fixes: o whitespace cleanup o show_version
	doesn't have an errstr argument o document runas_user and
	runas_group in command_info[] o add missing .El at before start of
	audit section
	[73cb9ca71ef7]

2020-02-06  Robert Manner

	* plugins/python/sudo_python_module.c:
	plugins/python/sudo_python_module.c: fix options_as_dict if no equal
	sign

	The intented behaviour was that those get skipped, but the
	PyList_GetItem sets the interpreter into error state, so python has
	raised exception.
	[4f99dd186eb9]

	* plugins/python/regress/check_python_examples.c, plugins/python/regre
	ss/testdata/check_example_audit_plugin_receives_accept.stdout, plugi
	ns/python/regress/testdata/check_example_audit_plugin_receives_error
	.stdout, plugins/python/regress/testdata/check_example_audit_plugin_
	receives_reject.stdout, plugins/python/regress/testdata/check_exampl
	e_audit_plugin_version_display.stdout, plugins/python/regress/testda
	ta/check_example_audit_plugin_workflow_multiple.stderr, plugins/pyth
	on/regress/testdata/check_example_audit_plugin_workflow_multiple.std
	out:
	plugins/python/regress/check_python_examples: add audit_plugin tests
	[fcc483a569ff]

	* plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python/python_plugin_common: close can get custom arguments

	For the audit plugin. Ensure we do not fail if
	plugin_ctx->py_instance is NULL (because plugin init has failed).
	[dd1c0be3d8e7]

	* plugins/python/example_group_plugin.py,
	plugins/python/example_io_plugin.py,
	plugins/python/example_policy_plugin.py, plugins/python/regress/test
	data/check_example_io_plugin_fails_with_python_backtrace.stdout:
	plugins/python/example_*.py: document returning error string
	[ee55ef4a3cb6]

	* plugins/python/example_conversation.py,
	plugins/python/example_debugging.py,
	plugins/python/example_group_plugin.py,
	plugins/python/example_io_plugin.py,
	plugins/python/example_policy_plugin.py, plugins/python/regress/test
	data/check_example_debugging_c_calls@info.log, plugins/python/regres
	s/testdata/check_example_debugging_plugin@info.log, plugins/python/r
	egress/testdata/check_example_io_plugin_fails_with_python_backtrace.
	stdout:
	plugins/python/example*.py: pep8 fixes (mainly line too long)
	[56b15859cc9a]

2020-02-05  Todd C. Miller

	* plugins/audit_json/audit_json.exp:
	Exported symbol is audit_json
	[a39e9cc1047b]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	Silence lint warning.
	[fbba7f8dc3ef]

	* plugins/sudoers/policy.c:
	Add runas_user and runas_group (if set) to command_info for audit
	plugin. Otherwise, the audit plugin has to look up the runas name
	and group by user or group ID.
	[711731384693]

	* src/tgetpass.c:
	Only enable pwfeedback when reading password from /dev/tty. This
	effectively disables pwfeedback when the -S or -A options are used.
	[71da469aab20]

2020-02-05  Robert Manner

	* plugins/python/regress/check_python_examples.c:
	plugins/python/regress: load/unload module for each testcase

	so they can start from clean state. (My problem was optional
	argument tests has destroyed the callbacks.)
	[ab90adbb9328]

	* plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_group.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c,
	plugins/python/sudo_python_module.c,
	plugins/python/sudo_python_module.h:
	plugins/python: add support for callback errstr arguments

	Plugins can raise a sudo.PluginError exception to add context
	message for the failure.

	The callback's errstr gets filled up with the specified message.
	But, as sudo expects a string constant (will not free the string),
	we store it in the plugin context at least until next callback
	invocation.
	[240bf4c627f0]

	* plugins/python/regress/check_python_examples.c,
	plugins/python/regress/plugin_errorstr.py:
	plugins/python/regress: add test for callback error msg return
	[44a71a20f94c]

	* plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python_plugin_io,policy: fix version display in verbose mode

	Unfortunately the test did not catch this mistake, because it only
	searches that "Python policy plugin API version" string is present
	and does not check the version.
	[7da28d01063f]

2020-02-04  Robert Manner

	* plugins/python/example_conversation.py,
	plugins/python/example_debugging.py,
	plugins/python/example_group_plugin.py,
	plugins/python/example_io_plugin.py,
	plugins/python/example_policy_plugin.py, plugins/python/pyhelpers.c,
	plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c, p
	lugins/python/regress/testdata/check_example_debugging_c_calls@diag.
	log, plugins/python/regress/testdata/check_example_debugging_c_calls
	@info.log, plugins/python/regress/testdata/check_example_group_plugi
	n_is_able_to_debug.log, plugins/python/sudo_python_module.c:
	plugins/python/sudo_python_module.c: use IntEnums instead of
	constants

	It is a bit more code, but it is more "pythonic" and easier to debug
	as the enum values also know their names.

	It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as
	sudo.RC will be the "type" of the enum, but I guess that is
	acceptable before the initial release.
	[2a0845428e2b]

2020-02-03  Robert Manner

	* plugins/python/python_plugin_policy.c:
	plugins/python/python_plugin_policy: add missing debug return
	[2bf4cc35de9c]

2020-02-03  Laszlo Orban

	* logsrvd/sendlog.c:
	fixed compiler error when sudo is configured without --enable-
	openssl
	[fb19fb96c41d]

2020-02-03  Robert Manner

	* MANIFEST, plugins/python/Makefile.in,
	plugins/python/python_plugin_audit.c,
	plugins/python/python_plugin_audit_multi.inc,
	plugins/python/sudo_python_module.c:
	plugins/python: add python audit plugin wrapper
	[92bf3ccbd35d]

	* MANIFEST, plugins/python/Makefile.in,
	plugins/python/example_audit_plugin.py:
	plugins/python: add example python audit plugin
	[15abd19f6fdb]

2020-02-02  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_plugin.man.in:
	Regenerate .man.in files from .mdoc.in
	[6d04628b3bbb]

	* doc/sudo_plugin.mdoc.in:
	Update documentation for setbase when the given base is NULL.
	[03054c46d322]

	* plugins/sudoers/iolog_client.c, src/sudo.c:
	For plugin events, set the sudo event base for setbase(NULL). This
	makes it possible for a plugin to change the event base to a local
	one and then reset it back to its original value.
	[f95ab1a5fd5a]

2020-02-01  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Don't display "error in event loop" on loop break reading
	ServerHello. We should already have displayed a more useful error
	message. Otherwise, we can get two "error in event loop" warnings if
	the TLS handshake fails (in addition to other error messages).
	[c42b8158ab36]

2020-01-31  Todd C. Miller

	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Read ServerHello message synchronously before the command is
	executed. Otherwise, the command could be run before the TLS
	handshake completes.
	[4dab1676ae41]

2020-01-31  Robert Manner

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
	plugins/python/python_convmessage.c:
	plugins/python/pyhelpers: add helpers for attribute handling

	to simplify code a bit.
	[c3eb52c88a04]

2020-01-30  Todd C. Miller

	* doc/sudo_plugin.mdoc.in:
	Document audit plugin in the sudo_plugin manual.
	[e2aab376bae1]

	* include/sudo_plugin.h, plugins/audit_json/audit_json.c, src/sudo.c:
	Change audit close arguments to a type and value. That way we can
	distinguish between different error types.
	[37abbe9f39b5]

	* MANIFEST, Makefile.in, configure, configure.ac, m4/sudo.m4,
	pathnames.h.in, plugins/audit_json/Makefile.in,
	plugins/audit_json/audit_json.c, plugins/audit_json/audit_json.exp:
	Example audit plugin that writes JSON output to a log file.
	[295d9d1a1209]

	* plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_io_multi.inc,
	plugins/python/python_plugin_policy.c,
	plugins/python/regress/check_python_examples.c:
	Adapt python plugin to new plugin API changes
	[974e76db3a3a]

	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Pass back a failure or error string to the front end. The
	audit_failure() function now stores the failure string. This will
	allow an audit plugin to log the reason if the user's request is a
	rejected.
	[5bb4e000a7ec]

	* doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c,
	src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
	src/sudo_plugin_int.h:
	Define a new plugin type that receives accept and reject messages.
	This can be used to implement logging-only plugins. The plugin
	functions now take an errstr argument that can be used to return an
	error string to be logged on failure or error.
	[361aab49325f]

	* MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h,
	lib/util/arc4random.c, lib/util/arc4random_buf.c:
	Add tests for arc4random_buf() and an implementation for those
	without.
	[e89dabfd5a41]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/util.exp.in, lib/util/uuid.c:
	Add code to generate universally unique identifiers. We create type
	4, variant 1 uuids (random).
	[22aff362662e]

	* MANIFEST, include/sudo_json.h, lib/util/Makefile.in,
	lib/util/json.c, lib/util/util.exp.in:
	Add a simple API for writing JSON records. To be used by the
	upcoming JSON audit module.
	[734b29194a82]

2020-01-29  Todd C. Miller

	* NEWS:
	Sudo 1.8.31 changes.
	[3d12f4cb4d9f]

	* src/tgetpass.c:
	Fix a buffer overflow when pwfeedback is enabled and input is a not
	a tty. In getln() if the user enters ^U (erase line) and the
	write(2) fails, the remaining buffer size is reset but the current
	pointer is not. While here, fix an incorrect break for erase when
	write(2) fails. Also disable pwfeedback when input is not a tty as
	it cannot work. CVE-2019-18634 Credit: Joe Vennix from Apple
	Information Security.
	[4830bdf1a683]

2020-01-28  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Fix warning about unresolved host name with "sudo -l -h hostname".
	The resolve_host() function returns 0 on success, not bool.
	[9af5bb6e4036]

	* configure, configure.ac:
	Check for presence of fseeko() regardless of utmp type.
	[d0c254ba8311]

	* plugins/python/regress/check_python_examples.c:
	Fix typo in a test: python_policy->close not python_io->close
	[34d8631cc501]

	* lib/util/getentropy.c:
	Allow getentropy.c to compile when MAP_ANON is unavailable.
	[d707e07f1a9c]

	* MANIFEST, lib/util/Makefile.in, lib/util/arc4random.c,
	lib/util/arc4random.h:
	Remove multi-thread support from arc4random. Sudo is not multi-
	threaded so we don't need the added complexity.
	[77c1795e0aaa]

2020-01-28  Robert Manner

	* plugins/python/sudo_python_module.c:
	plugins/sudo_python_module: Fix double free in sudo.options_as_dict
	function

	PyArg_ParseTuple sets the py_config_tuple pointer, but it does not
	increment the reference count, so by decrementing, we end up freeing
	the argument passed in.
	[511aeb75a905]

	* plugins/python/example_io_plugin.py, plugins/python/regress/testdata
	/check_example_io_plugin_fails_with_python_backtrace.stdout:
	plugins/python/example_io_plugin: close the file at destroy

	to avoid warning of debug python build.
	[6730352ab2d8]

2020-01-28  Todd C. Miller

	* lib/util/arc4random.h, lib/util/getentropy.c:
	Backed out changeset 9dce3ebb2c37 MAP_SGI_ANYADDR cannot be used in
	place of MAP_ANON
	[b261d200435a]

2020-01-28  Robert Manner

	* plugins/python/Makefile.in,
	plugins/python/regress/check_python_examples.c,
	plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h:
	plugins/python: memleak fixes in test

	The main problem was that string array objects were constructed
	differently:
	- if constructed by the test, then the elements were constant
	- if constructed by the plugin, then the elements were allocated

	Modified it so that now each array contains allocated strings so
	they can be handled similarly. For freeing, I have used the
	str_array_free function from the plugin, so I have linked its object
	into the test runner.

	Happy path is now free of "definitely lost" memleaks, so the test
	can be used for valgrind.
	[657ffd948be5]

2020-01-28  Laszlo Orban

	* logsrvd/sendlog.c, logsrvd/sendlog.h:
	Refactor sudo_sendlog in order to be able to send one I/O log
	multiple times in parallel (for testing purposes)
	[c9afea455ab6]

2020-01-27  Todd C. Miller

	* lib/util/arc4random.h, lib/util/getentropy.c:
	Fix compilation on IRIX; Bug #915 IRIX lacks MAP_ANON (and
	MAP_ANONYMOUS) but we can use the IRIX-specific flag MAP_SGI_ANYADDR
	instead. From Kazuo Kuroi
	[9dce3ebb2c37]

2020-01-24  Todd C. Miller

	* plugins/sudoers/check.c:
	Fix crash in sudo 1.8.30 when suspending sudo at the password
	prompt. The closure pointer in sudo_conv_callback was being filled
	in with a struct getpass_closure ** instead of a struct
	getpass_closure *. The bug was introduced in the fix for Bug #910;
	previously the closure variable was a struct getpass_closure, not a
	pointer. Fix from Michael Norton; Bug #914.
	[011b6a7663ef]

2020-01-24  Robert Manner

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_group.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python: use separate python interpreter for each plugin

	On each plugin initialization we create a separate python
	interpreter which gets stored in the plugin_ctx. The main
	interpreter is stored in py_ctx and is used for creating more
	interpreters (if more plugins get loaded) and final python
	deinitialization.

	The "traceback" module import and the ImportBlocker initialization
	was moved, because it has to happen inside the plugin specific
	interpreters.
	[eb9308e5eacb]

	* plugins/python/regress/check_python_examples.c,
	plugins/python/regress/plugin_conflict.py, plugins/python/regress/te
	stdata/check_python_plugins_do_not_affect_each_other.stdout:
	plugins/python/regress: add a failing textcase about python plugins
	affect each other

	Since python plugins are run inside the same interpreter, they
	affect each other's state, which would be better to avoid.
	[1628425d608c]

2020-01-23  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in:
	Document new tls_verify setting.
	[3e4bc6e4d301]

	* config.h.in, configure, configure.ac:
	Use AC_CHECK_DECLS when checking for SSL_CTX_set_min_proto_version
	Also use AC_CHECK_FUNCS to check for the other OpenSSL functions
	[f3e36090a31e]

2020-01-23  Robert Manner

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: update doc about the multiple I/O plugin
	loading
	[08e7c479954b]

	* plugins/python/Makefile.in:
	plugins/python/Makefile.in: update autogenerated header dependencies
	[54c0c7f11046]

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
	plugins/python/python_plugin_common.c,
	plugins/python/regress/check_python_examples.c, plugins/python/regre
	ss/testdata/check_example_io_plugin_command_log_multiple.stderr,
	plugins/python/sudo_python_module.c:
	plugins/python/pyhelpers: have a default sudo_printf function

	Adapted the default sudo_printf from sudoers plugin to be able to
	print errors before plugin open() gets called. (This is used by the
	multiple io plugin loading to display error for too much plugin
	load.)

	Since this makes us always have a sudo_log, I have removed the logic
	about whether it is available or not.
	[fdd4842b3ba2]

	* src/load_plugins.c:
	src/load_plugins.c: plugins can supply a clone function

	if they want to support getting loaded multiple times.
	[33ff0027f686]

2020-01-23  Laszlo Orban

	* examples/sudo_logsrvd.conf, include/log_server.pb-c.h,
	lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	plugins/sudoers/iolog_client.c:
	logserver option to disable certificate verification on server side
	and server authentication on client side
	[9b171f3af727]

2020-01-22  Todd C. Miller

	* src/load_plugins.c:
	Refactor code to allocate and fill struct plugin_container. This
	will help avoid duplicate code in the audit and approval plugins.
	[8ad9ba987131]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudo_logsrvd.conf:
	Document TCP keepalive options in the manual pages.
	[7afe9293b503]

	* doc/CONTRIBUTORS:
	Add proper diacritical to Róbert's name.
	[9ca9ea59cdd4]

2020-01-22  Robert Manner

	* plugins/python/regress/check_python_examples.c, plugins/python/regre
	ss/testdata/check_example_io_plugin_command_log_multiple.stderr, plu
	gins/python/regress/testdata/check_example_io_plugin_command_log_mul
	tiple.stdout, plugins/python/regress/testdata/check_example_io_plugi
	n_command_log_multiple1.stored, plugins/python/regress/testdata/chec
	k_example_io_plugin_command_log_multiple2.stored,
	plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h:
	plugins/python/regress: add a testcase for multiple io plugin
	loading

	to verify 2 python plugins can work next to each other.
	[916dd4f44bcf]

2020-01-22  Laszlo Orban

	* include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
	lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/sudoers/iolog_client.c:
	Rename tls_checkpeer to tls_reqcert in ServerHello message
	[b69630f1f5b4]

2020-01-22  Robert Manner

	* plugins/python/python_baseplugin.c,
	plugins/python/python_convmessage.c:
	plugins/python: fix return value typo for the error case
	[a7088391d8fb]

2020-01-21  Todd C. Miller

	* etc/sudo.pp, examples/Makefile.in, examples/sudo.conf.in:
	Install a default sudo.conf file.
	[e2b4613cced9]

	* aclocal.m4, autogen.sh, config.h.in, configure, configure.ac,
	include/sudo_compat.h, logsrvd/logsrvd.c, logsrvd/sendlog.c,
	plugins/sudoers/iolog_client.c:
	Add support for building on OpenSSL 1.0.2. This adds compatibility
	defines for some OpenSSL 1.1.x functions.
	[17e50378c8ee]

2020-01-21  Robert Manner

	* plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_io_multi.inc:
	plugins/python/plugin_io: enable loading of multiple io plugins

	Separate sudo io plugin symbols are created which stores wrapper
	functions adding the context of which python plugin the callback is
	about.

	These sudo io plugin "slots" get generated with macros by the
	preprocessor.

	This makes sudo support loading multiple python IO plugins like
	this: (note the differences in the symbol names)

	Plugin python_io python_plugin.so ModulePath=...
	ClassName=SudoIOPlugin1 Plugin python_io1 python_plugin.so
	ModulePath=... ClassName=SudoIOPlugin2 Plugin python_io2
	python_plugin.so ModulePath=... ClassName=SudoIOPlugin3
	[cb45052d227a]

2020-01-21  Laszlo Orban

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h, plugins/sudoers/policy.c:
	sudoers: disable SO_KEEPALIVE socket option based on
	log_server_disable_keepalive flag in sudoers
	[ad48ee6fbcb7]

	* examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	logserver: enable/disable SO_KEEPALIVE socket option based on
	tcp_keepalive configuration option in sudo_logsrvd.conf
	[c0d919468e95]

2020-01-20  Todd C. Miller

	* include/hostcheck.h:
	No need to export the validate_hostname() symbol. We don't export
	symbols in convenience libraries, only installed DSOs.
	[f26897793700]

	* lib/iolog/hostcheck.c:
	Fix a few pointer signedness warnings on Linux.
	[6a4f68430e69]

	* include/sudo_compat.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h, src/net_ifs.c:
	Store the server host name and IP in client_closure_fill(). Also
	check for getpeername() and inet_ntop() failure.
	[22df6ff5fcaf]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
	logsrvd/sendlog.h, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Fix handling of SSL_ERROR_WANT_{READ,WRITE} during normal I/O. If we
	get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume the
	SSL_read(), not call SSL_write() as we were doing. Likewise for
	SSL_ERROR_WANT_READ received from SSL_write(). This introduces a
	flag so we call the proper callback even when the I/O direction
	doesn't match the read/write calls.
	[7162125ad7b7]

	* lib/util/Makefile.in:
	Add siglist.c and signame.c as dependencies for depend target. Fixes
	running "make depend" in lib/util dir when siglist.c or signame.c
	are not already present.
	[9d7aa4107136]

	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/iolog/Makefile.in, lib/logsrv/Makefile.in,
	lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add abs_top_srcdir and abs_top_builddir and use them. Configure
	provides absolution versions of srcdir, builddir, top_srcdir and
	top_builddir. We can use these instead of calling pwd.
	[597ba26af997]

2020-01-20  Robert Manner

	* plugins/python/Makefile.in:
	plugins/python/Makefile.in: remove path prefix from examples to make
	install target work
	[ba31bde08e17]

2020-01-19  Todd C. Miller

	* lib/iolog/Makefile.in:
	Rebuild dependencies after hostcheck.c include changes.
	[3a4e808e5038]

2020-01-18  Todd C. Miller

	* include/hostcheck.h, lib/iolog/hostcheck.c, logsrvd/logsrvd.c,
	plugins/sudoers/iolog_client.c:
	Add debugging statements to certificate checks.
	[81f813c8c1f1]

	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/hostcheck.c,
	plugins/sudoers/iolog.c:
	Portability fixes and correct path to hostcheck.h in MANIFEST.
	Include sys/socket.h for getpeername(). Link with -lnsl on Solaris
	to get inet_pton().
	[060371a21669]

	* lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
	lib/zlib/Makefile.in, logsrvd/Makefile.in,
	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Using "libtool --clean" to remove regular files is slow. We only
	need to use libtool's clean mode to remove files created by libtool.
	[510af2b052c6]

2020-01-17  Todd C. Miller

	* .gitignore, .hgignore:
	Add examples/sudo.conf to ignore files.
	[9eb86d1b8661]

	* doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
	Remove whitespace at the end of the line in example sudo.conf
	[88b0ae1f8a18]

	* doc/sudo_plugin_python.mdoc.in:
	Fix mdoc lint warnings by removing .Pp before and after .Ss.
	[e59218682d7f]

2020-01-17  Robert Manner

	* plugins/python/regress/check_python_examples.c,
	plugins/python/regress/iohelpers.c,
	plugins/python/regress/iohelpers.h,
	plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h:
	plugins/python/regress: add missing license texts
	[b0e4b41b2834]

2020-01-16  Todd C. Miller

	* logsrvd/logsrvd.c:
	Fix TLS accept when SSL_accept() returns SSL_ERROR_WANT_WRITE. We
	need to switch from SUDO_EV_READ to SUDO_EV_WRITE for this case.
	[71ada9bfa056]

	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Fix TLS connect when SSL_connect returns SSL_ERROR_WANT_READ. We
	need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
	Also make the tls connect events private to tls_timed_connect() with
	their own closure. There is no need to store them in the client
	closure.
	[afda37d1dd26]

	* logsrvd/iolog_writer.c:
	Store submit time in struct iolog_info. Fixes missing time stamp in
	remote I/O log info file.
	[dcd1dfa00646]

	* src/sudo_edit.c:
	Treat EROFS (like EACCES) as a non-fatal error in dir_is_writable().
	Fixes sudoedit on macOS 10.15 and above where the root file system
	is mounted read-only. See https://support.apple.com/en-us/HT210650.
	From Dan Villiom Podlaski Christiansen. Bug #913
	[cc636a1af1b6]

2020-01-15  Todd C. Miller

	* lib/util/event.c, plugins/sudoers/iolog_client.c:
	Really fix flushing of data in client_close(). Now that we call
	fmt_exit_message() from client_close() we do not need to try to
	determine whether the read or write events were pending in the old
	base.

	We can't tell anyway because the active flag in the event was
	cleared when the old sudo event base was destroyed. It is correct to
	enable both the read and write events after formatting the
	ExitMessage.
	[c59e77060c37]

	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_path_escapes.c:
	Use SUDOERS_DEBUG_* not SUDO_DEBUG_* in debug_decl() for the sudoers
	plugin.
	[2d0c049e689e]

	* src/sudo.c, src/sudo_plugin_int.h:
	Wrap calls to plugin event callbacks to use the plugin's debug
	instance. Otherwise, the debug output in a plugin's event callback
	will go to the sudo debug file, not sudoers.
	[02e227cfc715]

	* lib/util/regress/strsig/strsig_test.c:
	FreeBSD is missing SIGLWP (aka SIGTHR) in sys_signame[]. Don't test
	SIGLWP on FreeBSD where it is reserved for the thread library and is
	not listed in sys_signame[].
	[95cbafc79b4d]

	* configure, configure.ac:
	We want to use DT_RUNPATH in preference to DT_RPATH in ELF binaries.
	Otherwise, LD_LIBRARY_PATH does not work when running the tests. The
	GNU linker's --enable-new-dtags can be used to do this. We don't do
	this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
	[2c6c9a348d81]

2020-01-15  Laszlo Orban

	* plugins/sudoers/Makefile.in, plugins/sudoers/iolog_client.c:
	do server identity validation in iolog plugin
	[b1bec55bbed6]

	* logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	do client identity validation in logserver
	[e415409dfe0b]

	* MANIFEST, include/hostcheck.h, lib/iolog/Makefile.in,
	lib/iolog/hostcheck.c:
	implement host validation for the audit server SSL certificates
	[7f48e57bece2]

2020-01-14  Todd C. Miller

	* plugins/sudoers/sudoers_debug.c:
	Fix reference counting when both sudoers policy and I/O log are
	loaded. If both sudoers policy and I/O log plugins are loaded,
	debug_files will be empty when the I/O plugin is initialized. This
	changes the logic to always increase the reference count if the
	instance is valid.
	[18adfeb3727b]

	* src/load_plugins.c:
	Fix handling of duplicate policy and I/O plugins. The warning
	message said the later I/O plugin was ignored but it actually
	overwrote the existing one instead. The first registered plugin of
	the same name now is used, as was intended. Specifying more than one
	policy plugin is no longer a fatal error; this allows the admin to
	fix the situation.
	[dde476072346]

2020-01-14  Robert Manner

	* aclocal.m4, configure, configure.ac,
	plugins/python/regress/check_python_examples.c,
	plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h,
	plugins/python/sudo_python_debug.h:
	plugins/python: various portability improvements
	[d6aa5e2585ef]

	* plugins/python/example_conversation.py,
	plugins/python/example_io_plugin.py, plugins/python/regress/testdata
	/check_example_conversation_plugin_reason_log_with_suspend.stdout, p
	lugins/python/regress/testdata/check_example_io_plugin_command_log.s
	tored, plugins/python/regress/testdata/check_example_io_plugin_fails
	_with_python_backtrace.stdout:
	plugins/python/example_{io,conversation}: avoid printing signal
	number

	They are platform dependant, so their test would fail on some
	platforms. While we could create separate plugin for the tests, I
	like the idea that the examples are ensured to be working.

	I believe this is a good compromise for being able to auto update
	the test cases.
	[7b46d305e7d9]

	* plugins/python/Makefile.in,
	plugins/python/regress/check_python_examples.c:
	plugins/python/regress: load the python plugin dynamically

	instead of linking with it.
	[084c61e7d565]

2020-01-11  Todd C. Miller

	* src/sudo_edit.c:
	For sudoedit_checkdir consider a user-owner directory to be
	writable. The non-faccessat() code already did this so this just
	brings the faccessat() path into alignment. Bug #912
	[91a1a9c0ba40]

2020-01-10  Todd C. Miller

	* doc/CONTRIBUTORS:
	Add newline before list of artwork authors.
	[1be0fe5f7d7a]

	* doc/LICENSE:
	Update copyright year.
	[f4ef4c1990af]

2020-01-10  Robert Manner

	* plugins/python/example_policy_plugin.py:
	plugins/python/example_policy_plugin.py: extend user env changing
	example

	Make the demonstration extend the environment with a new variable.
	Easier to read, and makes the testing able to check for that it is
	working.
	[77c09cc38298]

	* generate_test_coverage.sh:
	generate_test_coverage.sh: example script to ease test coverage
	generation

	Uses lcov and genhtml to generate test coverage. It is meant to be
	run in a clean directory. Extra configure options can be added as
	script arguments.

	Example execution:

	mkdir build cd build ../generate_test_coverage.sh --enable-python
	[a52c480639aa]

2020-01-09  Todd C. Miller

	* plugins/sudoers/logging.c:
	Remove MAXSYSLOGTRIES, it is no longer used.
	[dbd274fd8330]

2020-01-09  Robert Manner

	* plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_policy.c:
	plugins/python/python_plugin_policy: fix validate() call

	When calling validate() python function, TypeError exception was
	thrown ("argument list must be a tuple"), because the call does not
	have arguments, and python does not accept empty tuple for
	execution. NULL must be used instead, which was handled as argument
	construction failure previously.
	[5ac3c2acee9b]

	* plugins/python/example_policy_plugin.py:
	plugins/python/example_policy_plugin.py: make allowed_commands
	ordered

	Storing them as "tuple" instead of "set", so they have a fix order.
	This makes the output of the list() example stable. ("set" is
	printed out in random order)
	[470ccf46a088]

	* plugins/python/example_io_plugin.py,
	plugins/python/example_policy_plugin.py,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python: fix confusing version display

	IO/Group/Policy Python API version is displayed instead of sudo
	version, because that is not very meaningful in this context.

	They are only displayed in verbose mode.

	Example plugins express it more concrete that they are displaying
	their version, not the API version.
	[af9d969231a9]

2020-01-08  Robert Manner

	* plugins/python/example_conversation.py:
	plugins/python/example_conversation.py: make log path configurable

	Similarly to IO plugin example. (It is easier to test it this way.)
	[6526a842ee21]

2020-01-07  Todd C. Miller

	* src/sudo.c:
	Iterate over io_plugins list in the iolog_* wrappers. Moving the
	iteration into the wrapper functions simplifies the calling code.
	[1e803fb8fd1f]

	* src/sudo.c:
	policy_plugin is global, no need to pass it to policy_* functions.
	[676c85f87b3c]

	* configure, configure.ac:
	If --enable-openssl or --enable-gcrypt is given a path, append to
	LDFLAGS. Previously we appended the path to SUDOERS_LDFLAGS but now
	that we use OpenSSL in the log server, LDFLAGS is the correct one to
	use.
	[8b30cffe500f]

	* doc/CONTRIBUTORS:
	Add Robert Manner
	[fe8bb27dcff3]

2020-01-07  Robert Manner

	* plugins/python/example_io_plugin.py:
	plugins/python/example_io_plugin.py: fix backtrace during destructor

	If the plugin fails to open the file for writing, constructor will
	raise an exception and exit before creating the "_log" member
	variable. So the destructor will also raise a backtrace. (Which
	python ignores, but dumps out to stderr.)
	[09cfa2edb38c]

	* plugins/python/python_plugin_common.c:
	plugins/python/python_plugin_common: raise debug level for module
	import
	[b261d22e3c2e]

	* plugins/python/regress/testdata/check_example_conversation_plugin_re
	ason_log_with_suspend.conversation, plugins/python/regress/testdata/
	check_example_conversation_plugin_reason_log_with_suspend.stderr, pl
	ugins/python/regress/testdata/check_example_conversation_plugin_reas
	on_log_with_suspend.stdout, plugins/python/regress/testdata/check_ex
	ample_conversation_plugin_reason_log_with_suspend.stored, plugins/py
	thon/regress/testdata/check_example_conversation_plugin_reason_log_w
	ithout_suspend.conversation, plugins/python/regress/testdata/check_e
	xample_conversation_plugin_reason_log_without_suspend.stderr, plugin
	s/python/regress/testdata/check_example_conversation_plugin_reason_l
	og_without_suspend.stdout, plugins/python/regress/testdata/check_exa
	mple_conversation_plugin_reason_log_without_suspend.stored, plugins/
	python/regress/testdata/check_example_conversation_plugin_user_inter
	rupts.conv, plugins/python/regress/testdata/check_example_conversati
	on_plugin_user_interrupts.conversation, plugins/python/regress/testd
	ata/check_example_conversation_plugin_user_interrupts.stderr, plugin
	s/python/regress/testdata/check_example_conversation_plugin_user_int
	errupts.stdout, plugins/python/regress/testdata/check_example_debugg
	ing_c_calls@diag.log, plugins/python/regress/testdata/check_example_
	debugging_c_calls@info.log, plugins/python/regress/testdata/check_ex
	ample_debugging_load@diag.log, plugins/python/regress/testdata/check
	_example_debugging_plugin@err.log, plugins/python/regress/testdata/c
	heck_example_debugging_plugin@info.log, plugins/python/regress/testd
	ata/check_example_debugging_py_calls@diag.log, plugins/python/regres
	s/testdata/check_example_debugging_py_calls@info.log, plugins/python
	/regress/testdata/check_example_debugging_sudo_cb@info.log, plugins/
	python/regress/testdata/check_example_group_plugin_is_able_to_debug.
	log, plugins/python/regress/testdata/check_example_io_plugin_command
	_log.stderr, plugins/python/regress/testdata/check_example_io_plugin
	_command_log.stdout, plugins/python/regress/testdata/check_example_i
	o_plugin_command_log.stored, plugins/python/regress/testdata/check_e
	xample_io_plugin_failed_to_start_command.stderr, plugins/python/regr
	ess/testdata/check_example_io_plugin_failed_to_start_command.stdout,
	plugins/python/regress/testdata/check_example_io_plugin_failed_to_st
	art_command.stored, plugins/python/regress/testdata/check_example_io
	_plugin_fails_with_python_backtrace.stderr, plugins/python/regress/t
	estdata/check_example_io_plugin_fails_with_python_backtrace.stdout,
	p
	lugins/python/regress/testdata/check_example_io_plugin_version_displ
	ay.stderr, plugins/python/regress/testdata/check_example_io_plugin_v
	ersion_display.stdout, plugins/python/regress/testdata/check_example
	_io_plugin_version_display.stored, plugins/python/regress/testdata/c
	heck_example_policy_plugin_accepted_execution.stderr, plugins/python
	/regress/testdata/check_example_policy_plugin_accepted_execution.std
	out, plugins/python/regress/testdata/check_example_policy_plugin_den
	ied_execution.stderr, plugins/python/regress/testdata/check_example_
	policy_plugin_denied_execution.stdout, plugins/python/regress/testda
	ta/check_example_policy_plugin_failed_execution.stderr, plugins/pyth
	on/regress/testdata/check_example_policy_plugin_failed_execution.std
	out, plugins/python/regress/testdata/check_example_policy_plugin_lis
	t.stderr, plugins/python/regress/testdata/check_example_policy_plugi
	n_list.stdout, plugins/python/regress/testdata/check_example_policy_
	plugin_validate_invalidate.log, plugins/python/regress/testdata/chec
	k_example_policy_plugin_version_display.stderr, plugins/python/regre
	ss/testdata/check_example_policy_plugin_version_display.stdout, plug
	ins/python/regress/testdata/check_loading_fails_missing_classname.st
	derr, plugins/python/regress/testdata/check_loading_fails_missing_cl
	assname.stdout, plugins/python/regress/testdata/check_loading_fails_
	missing_path.stderr, plugins/python/regress/testdata/check_loading_f
	ails_missing_path.stdout, plugins/python/regress/testdata/check_load
	ing_fails_not_owned_by_root.stderr, plugins/python/regress/testdata/
	check_loading_fails_not_owned_by_root.stdout, plugins/python/regress
	/testdata/check_loading_fails_wrong_classname.stderr, plugins/python
	/regress/testdata/check_loading_fails_wrong_classname.stdout, plugin
	s/python/regress/testdata/check_loading_fails_wrong_path.stderr, plu
	gins/python/regress/testdata/check_loading_fails_wrong_path.stdout:
	plugins/python/regress/testdata: generated data for the pyplugin
	tests
	[cec6c9036644]

	* plugins/python/example_debugging.py:
	plugins/python/example_debugging: fix typo in comment
	[38de8ea0b0e9]

2020-01-06  Laszlo Orban

	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	save a pointer to the currently connected audit server in the
	closure object
	[f1c14c43ab40]

2020-01-05  Todd C. Miller

	* plugins/sudoers/timestamp.c:
	Sanity check size when converting the first record to TS_LOCKEXCL
	Coverity CID 206591
	[5b94873c4051]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c:
	Fix coverity CID 206586. Potential use after free calling
	gzstrerror() after gzclose().
	[4bcba58004c8]

	* plugins/sudoers/cvtsudoers.c:
	Use canonical pattern when freeing a tail queue. Avoids some
	coverity false positives when using TAILQ_FOREACH_SAFE to free the
	tail queue.
	[9019d7ad9958]

2020-01-03  Robert Manner

	* MANIFEST, plugins/python/Makefile.in,
	plugins/python/regress/check_python_examples.c,
	plugins/python/regress/iohelpers.c,
	plugins/python/regress/iohelpers.h,
	plugins/python/regress/testdata/sudo.conf.developer_mode,
	plugins/python/regress/testdata/sudo.conf.normal_mode,
	plugins/python/regress/testhelpers.c,
	plugins/python/regress/testhelpers.h:
	plugins/python/regress: adds tests for python plugin feature and
	examples
	[7ab4daed9558]

2020-01-03  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Avoid potential NULL deref in tls_timed_connect() error path.
	Coverity CID 206396
	[730687307b24]

	* logsrvd/sendlog.c:
	Check for sudo_ev_add() failure; Coverity CID 206395 206397
	[7008560eac95]

2020-01-02  Todd C. Miller

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
	Update sample sudo.conf with all supported settings. The deprecated
	"max_groups" setting is not documented.
	[e17f7bf95578]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in,
	lib/util/regress/sudo_conf/test1.in,
	lib/util/regress/sudo_parseln/test1.in:
	Remove POD-style C<> markup (typewriter font) from sudo.conf
	[b69d4743c860]

	* MANIFEST, configure, configure.ac, examples/Makefile.in,
	examples/sudo.conf, examples/sudo.conf.in:
	Substitute plugin dir into examples/sudo.conf
	[8c481a21c098]

2020-01-02  Robert Manner

	* plugins/sudoers/sudoers_debug.c:
	plugins/sudoers/sudoers_debug.c: fix harmless debug deregistration
	warning

	If the debug sudoers subsystem is not registered, because it does
	not get any file names to deal with (TAILQ_EMPTY(debug_files)),
	deregistration of the subsystem outputs a warning:

	 sudo: sudo_debug_deregister_v1: invalid instance ID -1, max -1

	This patch prevents that by only increasing the refcount if the
	debug_instance was registered successfully.
	[939042599498]

	* plugins/python/Makefile.in:
	plugins/python/Makefile.in: fix the install path of examples

	Examples are installed by default to "docdir", which refers to
	PACKAGE_TARNAME variable which was empty for the python plugin
	Makefile.in

	So the examples were installed to '.../share/doc/examples' instead
	of '.../share/doc/sudo/examples'. This also made them be skipped
	from the package.

	Also the install target now depends on install-doc so the examples
	gets installed also (similarly as other examples).
	[e4c07404a3fc]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	doc/sudo_plugin_python: indent code examples for easier readability
	[c91ee22bfc83]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	doc/sudo.conf: document developer_mode option
	[127215dca183]

2019-12-31  Todd C. Miller

	* doc/UPGRADE:
	fix typo in previous
	[3031418fba2b]

	* Makefile.in:
	In update-pot match *.c not *c.
	[77a1139fef99]

	* NEWS, doc/UPGRADE:
	Changes in sudo 1.8.30
	[dfaac62074f4]

2019-12-26  Todd C. Miller

	* Makefile.in:
	Add check for up to date def_data.[ch] in check-dist target.
	[ffaf150e76a5]

2019-12-25  Todd C. Miller

	* src/limits.c:
	Use 64-bit resource limits on AIX.
	[b8b76c47c8a7]

	* src/limits.c:
	When restoring old resource limits, try to recover if we receive
	EINVAL. On NetBSD, setrlimit(2) can return EINVAL if the new soft
	limit is lower than the current resource usage. This can be a
	problem when restoring the old stack limit if sudo has raised it.
	[50bdbdbea1b7]

	* src/limits.c:
	Sudo doesn't require such a large stack.
	[f93eb9e0c105]

	* plugins/sudoers/Makefile.in:
	Restore check for readable /etc/sudoers in pre-install target. If
	there is no installed sudoers there is nothing to check...
	[99e65bc54052]

	* config.h.in, configure, configure.ac:
	Enable OpenBSD extensions on NetBSD to get reallocarray(3)
	prototype.
	[e303dca0c1cb]

	* include/sudo_event.h:
	Add forward declaration of struct timeval for deprecated APIs.
	[e41bdbbbc067]

	* lib/util/sig2str.c, lib/util/str2sig.c:
	Fix compilation on systems with SIGRTMIN/SIGRTMAX but not
	_SC_RTSIG_MAX.
	[8e40c62e00f8]

	* include/sudo_compat.h:
	Older systems may not support WCONTINUED.
	[730bede52ff0]

	* plugins/sudoers/logging.c:
	Support systems that have nl_langinfo(3) but not the CODESET define.
	Fixes compilation on old NetBSD versions.
	[03e7cff93172]

	* plugins/sudoers/starttime.c:
	Fix a typo; HAVE_KINFO_PROC2_NETBSD not HAVE_KINFO_PROC2_NETBSD2
	[0c46a062f888]

2019-12-23  Todd C. Miller

	* MANIFEST, Makefile.in, configure, configure.ac,
	etc/init.d/aix.sh.in, etc/init.d/hpux.sh.in,
	etc/init.d/sudo.conf.in, etc/sudo.pp, init.d/aix.sh.in,
	init.d/hpux.sh.in, init.d/sudo.conf.in, src/Makefile.in, sudo.pp:
	Move init.d and sudo.pp to the etc dir.
	[81c9cbbc8ea9]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/cfmakeraw.c:
	Add cfmakeraw() for systems without it.
	[48f48eaf2a68]

	* MANIFEST:
	Remove indent.pro from MANIFEST
	[2b6a24282b8c]

	* .gitignore, .hgignore:
	Add uncrustify.files to ignore file.
	[056b0df738a9]

	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	Substitute @prefix@ in for the example paths. We can't use
	@exampledir@ here since it contains Makefile variables.
	[1744e2bcc813]

2019-12-22  Todd C. Miller

	* include/sudo_debug.h, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_path.c, lib/iolog/iolog_util.c, lib/util/aix.c,
	lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
	lib/util/event_select.c, lib/util/gettime.c,
	lib/util/getusershell.c, lib/util/gidlist.c, lib/util/host_port.c,
	lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
	lib/util/logfac.c, lib/util/logpri.c, lib/util/mkdir_parents.c,
	lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c,
	lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c,
	lib/util/strtomode.c, lib/util/sudo_conf.c, lib/util/term.c,
	lib/util/ttyname_dev.c, lib/util/ttysize.c, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
	plugins/python/python_plugin_common.c,
	plugins/python/sudo_python_debug.c, plugins/sudoers/alias.c,
	plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
	plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
	plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
	plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
	plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c,
	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
	plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
	plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c,
	plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
	plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
	plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
	src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
	src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
	src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c,
	src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
	src/ttyname.c, src/utmp.c:
	debug_decl and debug_decl_vars now require a semicolon at the end.
	[c05890653007]

2019-12-21  Todd C. Miller

	* MANIFEST, doc/Makefile.in, doc/sudo_plugin_python.man.in,
	doc/sudo_plugin_python.mdoc.in:
	Add sudo_plugin_python manual page. Based on markdown docs from
	Robert Manner.
	[65f2af21832d]

2019-12-18  Todd C. Miller

	* plugins/sudoers/sudoers.c, src/limits.c:
	Output the name of the limit when warning about setrlimit or
	getrlimit. From Kimmo Suominen.
	[92ed66b5cc1f]

2019-12-14  Todd C. Miller

	* aclocal.m4, config.h.in, configure:
	regen
	[81961af46679]

	* MANIFEST:
	Add python module files to MANIFEST
	[f223a19117bb]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	Update SUDO_CONV_REPL_MAX in docs.
	[120970879b36]

	* Makefile.in:
	Remove uncrustify.files in clean target
	[ba843b8f2e80]

2019-12-13  Todd C. Miller

	* Makefile.in, etc/uncrustify-small.cfg, etc/uncrustify.cfg,
	indent.pro:
	Add uncrustify config file for new sudo code style.
	[7c3b3f733134]

	* include/sudo_plugin.h:
	Bump SUDO_CONV_REPL_MAX from 255 to 1023
	[9127fb27eb55]

	* lib/util/digest_gcrypt.c, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/auth/secureware.c:
	Minor style cleanups. Remove extraneous break after return
	statement. Convert two old K&R function declarations.
	[19f8b7a3d2d1]

2019-12-11  Todd C. Miller

	* src/selinux.c:
	Save/restore the raw form of the file context in case mctrans is not
	available.
	[786a04ba33ab]

2019-12-10  Robert Manner

	* plugins/python/python_plugin_common.c:
	plugins/python: make group plugin able to debug

	It does not get the debug settings, so it looks them up through
	sudo_conf.
	[fe4dbf8345b6]

	* include/sudo_conf.h, lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_conf/test1.in,
	lib/util/regress/sudo_conf/test1.out.ok,
	lib/util/regress/sudo_conf/test2.out.ok,
	lib/util/regress/sudo_conf/test3.out.ok,
	lib/util/regress/sudo_conf/test4.out.ok,
	lib/util/regress/sudo_conf/test5.out.ok,
	lib/util/regress/sudo_conf/test6.out.ok,
	lib/util/regress/sudo_conf/test7.out.ok,
	lib/util/regress/sudo_conf/test8.err.ok,
	lib/util/regress/sudo_conf/test8.in,
	lib/util/regress/sudo_conf/test8.out.ok, lib/util/sudo_conf.c,
	lib/util/util.exp.in, plugins/sudoers/group_plugin.c,
	src/load_plugins.c:
	src/load_plugins, plugins/sudoers: added developer_mode sudo.conf
	option

	It can be used to disable the enforcement that a plugin (shared
	object or an imported python module) must be owned by root and not
	modifiable by others. This can make plugin development easier.
	[a9f86943d30c]

2019-12-09  Todd C. Miller

	* MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in,
	lib/util/getusershell.c, mkdep.pl, plugins/sudoers/check.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Add runas_check_shell flag to require a runas user to have a valid
	shell. Not enabled by default.
	[9e7936e0ccfe]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
	Add a new flag "allow_unknown_runas_id" to control matching of
	unknown IDs. Previous, sudo would always allow unknown user or group
	IDs if the sudoers entry permitted it. This included the "ALL"
	alias. With this change, the admin must explicitly enable support
	for unknown IDs.
	[ebdbb5c7f60b]

2019-12-07  Todd C. Miller

	* lib/util/term.c:
	Use cfmakeraw() in sudo_term_raw() instead of doing it manually.
	[b8ff5f81399f]

	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Fix event loop called via I/O log close function. We need to set
	events that were pending in the old base in the new one. Fixes
	sending the final I/O log data and the ExitMessage to the server.
	[dcba4ce2196c]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, src/sudo.c:
	Replace timeleft with pending in sudo plugin event API.
	[5f49af23af38]

	* plugins/sudoers/sudoreplay.c:
	Use sudo_ev_pending() instead of the deprecated sudo_ev_timeleft().
	[c6cce5275f1e]

	* include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in:
	Add sudo_ev_pending(), used to check whether an event is pending.
	[edcea66bda32]

	* plugins/sudoers/Makefile.in:
	Add TLS libs when linking check_iolog_plugin
	[d84a5f5c6bc1]

2019-12-06  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Remove extraneous newlines in some sudo_warnx() calls.
	[d3dbf0f93372]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document log_server_cabundle, log_server_peer_cert and
	log_server_peer_key
	[edea4d048221]

	* Merge pull request #16 from laczau/master

	Proper handling of certificate chain file
	[44939e511321]

2019-12-06  Laszlo Orban

	* logsrvd/logsrvd.c:
	cert files can contain the full chain of trust, so load all certs in
	every case for verification
	[ca26bb970ef5]

2019-12-05  Todd C. Miller

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	Sync init_session() prototype with sudo_plugin.h and fix a typo.
	[1501cdfa8e76]

2019-12-05  Robert Manner

	* plugins/python/example_conversation.py,
	plugins/python/example_debugging.py:
	plugins/python: example plugin demonstrating conversation and debug
	API
	[e487d2240607]

	* include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in:
	lib/util/sudo_debug.c: add a function for querying if debugging is
	needed

	for a level. Rationale: this way we can avoid computing details for
	the log which will not happen at all if the computation is slow.
	[d636c26d192d]

2019-12-04  Todd C. Miller

	* plugins/sudoers/check.c:
	Only update the time stamp entry after the approval function has
	succeeded. Bug #910
	[9b2022e6f11d]

2019-12-04  Robert Manner

	* plugins/python/sudo_python_debug.c,
	plugins/python/sudo_python_debug.h:
	plugins/python: add sudo debug helpers
	[1d48021e86ad]

2019-12-04  Todd C. Miller

	* Merge pull request #14 from sudo-project/tls-config-default-values

	Audit Server - add default values for cert paths
	[f30a48f8b5d5]

2019-12-04  Laszlo Orban

	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
	add default values for cert paths
	[a76ca8a3ca9f]

2019-12-03  Todd C. Miller

	* lib/util/sudo_debug.c:
	Add reference counting to debug register/deregister. Fixes a
	potential problem when an instance is re-registered.
	[270e739fd0b3]

	* plugins/sudoers/sudoers_debug.c:
	Only deregister the sudoers debug instance on last close. Reference
	count calls to sudoers_debug_register and only deregister
	sudoers_debug_instance when refcnt reaches 0. Fixes a problem where
	the debug system was deregistered when the sudoers policy is closed
	even though the iolog plugin is active.
	[2b73f3e9fc32]

2019-12-02  Robert Manner

	* plugins/python/python_importblocker.c:
	plugins/python: add ImportBlocker which forbids loading unsafe
	python modules

	If non root can alter any imported python modules, he is able to run
	anything he would like to as root user. This class is a helper to
	avoid such situation.

	This feature can be disabled with 'DeveloperMode=1' plugin option.
	[26be6228724f]

2019-11-28  Laszlo Orban

	* plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
	implement tls layer in iolog plugin
	[c25837909952]

	* plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
	process tls config options
	[510fdfd39d71]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in:
	add audit server tls related configuration options to sudoers
	[f4135025ff1d]

	* plugins/sudoers/Makefile.in:
	optionally link sudoers with openssl libs
	[750f87200eab]

2019-11-27  Laszlo Orban

	* logsrvd/logsrvd.c:
	Merge pull request #11 from sudo-project/audit-server-tls-async

	Sudo audit Server - TLS protocol update
	[923f6d914ec5]

2019-11-26  Laszlo Orban

	* logsrvd/logsrvd.c:
	disable timeout for the reader after ServerHello message
	[e579450aafa1]

2019-11-25  Todd C. Miller

	* logsrvd/logsrvd.c:
	Exit if the first call to logsrvd_conf_read() fails. It is not fatal
	if subsequent calls fail (due to SIGHUP) since we keep a copy of the
	old config before installing the new one.
	[c20866ea9d03]

	* Makefile.in, plugins/sudoers/Makefile.in:
	Add some missing files to "make clean" and "make distclean"
	[d1b559e9e1ab]

	* .gitignore, .hgignore:
	Update .hgignore and convert to .gitignore
	[c8b92b55e74a]

2019-11-22  Laszlo Orban

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	use event timeout instead of socket timeout
	[5c72d1d18aec]

	* logsrvd/sendlog.c, logsrvd/sendlog.h:
	adapt sudo sendlog (async communication, unencrypted ServerHello
	message)
	[0269d852f6c6]

	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	ServerHello message is now unencrypted, TLS communication has been
	refactored to full async
	[d138cbe2253e]

	* include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
	lib/logsrv/log_server.proto, logsrvd/logsrvd.c:
	extend ServerHello message with two fields (tls, tls_checkpeer)
	[6d7965d29cd4]

2019-11-21  Robert Manner

	* Makefile.in:
	Makefile.in: fix calling log2cl when doing out of source build

	If doing build out of source and not calling configure by absolute
	path, $(top_srcdir) variable will contain a path relative to the
	directory we stand in. So, after changing the current directory "cd
	$(srcdir)", this path will point to somewhere else making the
	install step fail.
	[58a22fce613f]

	* plugins/python/python_baseplugin.c,
	plugins/python/python_convmessage.c,
	plugins/python/sudo_python_module.c,
	plugins/python/sudo_python_module.h:
	plugins/python: add a sudo python module
	[c512c48170ae]

2019-11-20  Todd C. Miller

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	plugins/sudoers/policy.c, src/sudo.c:
	For plugin API 1.15 and up, always call the plugin close function.
	Previously, it was only called when a command was run (including
	sudoedit). Now, plugin operations list, validate, invalidate, and
	show_version are also closed.
	[6cdcb5624908]

2019-11-19  Todd C. Miller

	* plugins/sudoers/iolog_client.c:
	Avoid NULL deref on an error path if calloc() fails. Coverity CID
	205873
	[bad732813149]

	* src/conversation.c:
	Fix potential fd leak when converting trailing newline to cr + nl.
	Coverity CID 205872
	[4597abb8ee1f]

	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
	examples/sudo_logsrvd.conf:
	Document the process of creating self-signed certificates for
	sudo_logsrvd. Based on a document from Laszlo Orban.
	[0be730e58f17]

	* plugins/group_file/plugin_test.c:
	Sync with argument handling in group_plugin.c
	[937475aa2c3f]

	* plugins/sudoers/group_plugin.c:
	If a group plugin has optional arguments, NULL terminate the vector.
	Otherwise, the plugin cannot determine the end of arguments. The
	behavior now matches the plugin documentation.
	[51e02f75a447]

2019-11-19  Robert Manner

	* plugins/python/example_group_plugin.py:
	plugins/python: add example python group plugin
	[9f9d7cc2d5db]

	* plugins/python/example_policy_plugin.py:
	plugins/python: add example python policy plugin
	[6cc0d47edae0]

	* plugins/python/example_io_plugin.py:
	plugins/python: add example io python plugin
	[d22532c34748]

2019-11-18  Todd C. Miller

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, src/sudo.c:
	If there is no session or terminal group ID, pass the plugin a value
	of 0. This behavior already matches what is documented in the
	sudo_plugin manual for "sid" but the "tcpgid" entry needed to be
	updated.
	[2d720153c4cf]

	* plugins/sudoers/sudoers.c:
	Don't touch the local iolog sequence file if we are logging remotely
	[3c5dc60a9d11]

	* plugins/sudoers/iolog_client.c:
	Plug a memory leak found by leak sanitizer
	[13aac57d0506]

	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
	plugins/sudoers/iolog_plugin.h:
	Make a shallow copy of user_env in I/O plugin in case it is
	reallocated. The policy plugin's session init function may
	reallocate the user environment pointer. Fixes a use after free when
	PAM is used.
	[3eb35dac2743]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/policy.c:
	Rename "log_server" in sudoers to "log_servers" to match I/O plugin.
	[1dbe79c18760]

2019-11-17  Todd C. Miller

	* logsrvd/logsrvd.c:
	Check closure->ssl for non-NULL instead of
	logsrvd_conf_get_tls_opt(). It's a little more obvious this way and
	ssl is only non-NULL when the tls option is enabled anyway.
	[3436430c064b]

	* logsrvd/logsrvd.c:
	Init iolog_dir_fd and sock in connection_closure before adding to
	list. Otherwise we could close the wrong fds in the error path.
	[1643211f8b46]

	* doc/CONTRIBUTORS:
	Add Laszlo Orban
	[2836214cd4b8]

2019-11-16  Todd C. Miller

	* doc/sudo_logsrvd.conf.man.in:
	regen
	[4a44bfc42b4b]

	* doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf:
	Change TLS example file locations to be under /etc/ssl/sudo.
	[f4c302a3bcb9]

	* doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf:
	Document sudo_logsrvd TLS configuration.
	[97260e6acfaf]

2019-11-15  Todd C. Miller

	* include/sudo_event.h:
	Include time.h for struct timespec.
	[8bd80773d0fa]

	* lib/util/util.exp.in:
	Add sudo_ev_set_v1 to the exports file.
	[fd6b66378e5d]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the log_server and log_server_timeout options
	[7d7429b73d25]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h,
	plugins/sudoers/policy.c, src/exec_nopty.c, src/exec_pty.c,
	src/sudo.c:
	Add support for logging to the log server
	[158a8e80faab]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_event.h, include/sudo_plugin.h, lib/util/event.c,
	plugins/sudoers/iolog.c, plugins/sudoers/policy.c, src/Makefile.in,
	src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
	src/load_plugins.c, src/preload.c, src/sudo.c, src/sudo.h,
	src/sudo_plugin_int.h:
	Add a plugin interface to sudo main event loop.
	[123662f454da]

	* MANIFEST, Makefile.in, configure, configure.ac,
	include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h,
	lib/logsrv/Makefile.in, lib/logsrv/log_server.pb-c.c,
	lib/logsrv/log_server.proto, lib/logsrv/protobuf-c.c,
	logsrvd/Makefile.in, logsrvd/log_server.pb-c.c,
	logsrvd/log_server.pb-c.h, logsrvd/log_server.proto,
	logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h:
	Move protobuf-c.c, log_server.proto, log_server.pb-c.[ch] to
	lib/logsrv
	[6772a775471f]

	* lib/util/event.c:
	When freeing an event base, reset ev->base to NULL for associated
	events.
	[7199d3967059]

	* logsrvd/logsrvd_conf.c:
	Move cb_timeout() out from under the HAVE_OPENSSL ifdef.
	[c7fc294ce21a]

	* INSTALL, config.h.in, configure, configure.ac, logsrvd/Makefile.in,
	logsrvd/logsrvd.c:
	LibreSSL and older OpenSSL don't support SSL_CTX_set_ciphersuites().
	Add a configure test and skip TLS 1.3 setup if it is missing. We
	still accept the tls_ciphers13 config setting but it will be
	ignored.
	[06d478442971]

	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Minor style nits that I missed during review.
	[7209ccc5a3cf]

	* logsrvd/sendlog.c:
	Avoid calling SSL_CTX_free() on an uninitialized pointer in an error
	path.
	[2df423e30773]

	* Merge pull request #9 from sudo-project/audit-server-tls-support

	Audit server tls support
	[0aded6c1deec]

2019-11-13  Laszlo Orban

	* logsrvd/Makefile.in, logsrvd/sendlog.c:
	update sudo_sendlog to support openssl tls
	[ab4be8367862]

2019-11-12  Todd C. Miller

	* src/limits.c:
	Simplify resource limit fallback logic a bit.
	[cdab60b50079]

2019-11-11  Todd C. Miller

	* doc/CONTRIBUTORS:
	Add sudo logo designers
	[94c841c8bc28]

	* src/limits.c:
	Don't set the RLIMIT_STACK soft/hard limits to unlimited. Use 8Mb
	for soft and 64Mb for hard. Works around issues on macOS and docker.
	See also Bug #908
	[1d7f52c32360]

	* src/tgetpass.c:
	Restore resource limits before executing the askpass program. Linux
	with docker seems to have issues executing a program when the stack
	size is unlimited. Bug #908
	[28cb58a5ac94]

	* src/conversation.c:
	Check for replies pointer being NULL just in case.
	[7c0c4c6b001e]

2019-11-11  Laszlo Orban

	* examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	set timeout value for the socket
	[e884292ab6c9]

2019-11-09  Todd C. Miller

	* src/conversation.c:
	Convert trailing newline to carriage return + newline for tty. Does
	not currently handle embedded newlines.
	[ad195e045150]

2019-11-08  Todd C. Miller

	* lib/util/fatal.c:
	Only write a carriage return if output is to a tty.
	[f605335649ea]

	* lib/util/fatal.c:
	Include a carriage return when printing warning messages. Otherwise,
	if the command is running in a pty the output is stair-stepped.
	[f23d4f0ed902]

2019-11-08  Laszlo Orban

	* configure, logsrvd/Makefile.in, logsrvd/logsrvd.c,
	logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	make audit server openssl dependency optional; tls layer is compiled
	only if sudo is built with --enable-openssl feature switch
	[c360a34c89c0]

2019-11-07  Todd C. Miller

	* lib/util/util.exp.in:
	Add sudo_parse_host_port_v1 and sudo_pow2_roundup_v1 to exports
	file.
	[e8b529115871]

2019-11-07  Laszlo Orban

	* logsrvd/logsrvd.c:
	fixed segfault when connection_closure_free() tries to remove a non-
	existent connection object from the list
	[4d6dd38d59f6]

2019-11-06  Todd C. Miller

	* lib/util/closefrom.c:
	Fix typo in closefrom emulation.
	[b23a6c512d4a]

	* plugins/sudoers/env.c:
	Do not warn about a missing /etc/environment file on Linux without
	PAM. Bug #907
	[f85ff5ee2caf]

2019-11-05  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/toke_util.c,
	plugins/sudoers/visudo.c:
	Transparently handle the "sudo sudoedit" problem. Some admin are
	confused about how to give users sudoedit permission and many users
	try to run sudoedit via sudo instead of directly. If the user runs
	"sudo sudoedit" sudo will now treat it as plain "sudoedit" after
	issuing a warning. If the admin has specified a fully-qualified path
	for sudoedit in sudoers, sudo will treat it as just "sudoedit" and
	match accordingly. In visudo (but not sudo), a fully-qualified path
	for sudoedit is now treated as an error.
	[5cdcfd9a6c33]

	* logsrvd/iolog_writer.c, logsrvd/sendlog.c:
	Rename cwd -> submitcwd to match man page.
	[bc9ea396055a]

2019-11-05  Laszlo Orban

	* logsrvd/logsrvd.c:
	verify server/client certs with CA certificate chain file
	[a177af7d7bbf]

2019-11-05  Todd C. Miller

	* MANIFEST, lib/util/Makefile.in, lib/util/host_port.c,
	lib/util/regress/host_port/host_port_test.c:
	Add unit test for parse_host_port and make an empty port an error.
	[b6b895cdc010]

2019-11-04  Todd C. Miller

	* lib/util/host_port.c:
	Fill in host and port pointers on success.
	[794368ebd367]

2019-11-04  Laszlo Orban

	* logsrvd/logsrvd.c:
	fix copy-paste mistake
	[2fe897c77485]

2019-11-02  Todd C. Miller

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/host_port.c, logsrvd/logsrvd_conf.c:
	Split out code to parse host:port into a utility function.
	[d8331e72394d]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/roundup.c, logsrvd/logsrv_util.c, logsrvd/logsrv_util.h,
	logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Move bufsize_roundup() -> sudo_pow2_roundup() in libsudo_util.
	[791f5c353ef1]

	* lib/iolog/Makefile.in, logsrvd/Makefile.in:
	Add missing depend target
	[75107bcfff3d]

	* lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	We haven't needed -I$(top_srcdir) for a long time.
	[6974ea4a6c8c]

	* lib/util/closefrom.c:
	In closefrom_fallback() use the interval [OPEN_MAX, INT_MAX]. We
	want to try closing at least OPEN_MAX fds but no more than INT_MAX.
	On 64-bit systems it is possible for sysconf(_SC_OPEN_MAX) to return
	a value larger than INT_MAX when the number of open files is
	unlimited.
	[08d6fea1c894]

	* plugins/sudoers/logging.c, src/exec_monitor.c, src/selinux.c,
	src/tgetpass.c:
	Use dup3() instead of dup2(). This is less error prone since dup3()
	returns an error if old == new. Sudo guarantees that fds 0-2 are
	already open.
	[a9ffaa8a8a55]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, lib/util/dup3.c,
	mkdep.pl:
	Add dup3() emulation.
	[7bd8864dee7e]

	* plugins/sudoers/logging.c, src/exec_monitor.c, src/exec_pty.c,
	src/tgetpass.c:
	Open all pipes using pipe2() with O_CLOEXEC. We no longer depend on
	calling closefrom() before exec.
	[176ae5cf1d94]

	* src/exec.c, src/tgetpass.c:
	Call closefrom() before we change to a non-root UID. This prevents
	another process from changing the NOFILE resource limit of the child
	process and defeating the closefrom() call. Reported by Joe Vennix
	from Apple Information Security.
	[f93d52b24976]

	* MANIFEST, logsrvd/Makefile.in:
	Regenerate Makefile and sort MANIFEST
	[24664d6c9d47]

2019-11-01  Todd C. Miller

	* doc/sudo.man.in, doc/sudo.mdoc.in:
	Reference timestamp_type and timestamp_timeout in sudoers. This
	should help users find details on how time stamp files work.
	[d5aa7c0b404c]

2019-10-31  Laszlo Orban

	* logsrvd/logsrvd.c:
	process tls config params in the audit server and establish TLS
	connection accordingly
	[33ce32c140af]

2019-10-29  Todd C. Miller

	* src/limits.c:
	macOS does not allow rlim_cur to be set to RLIM_INFINITY for
	RLIMIT_NOFILE. We need to use OPEN_MAX instead as per the macOS
	setrlimit manual. Bug #904
	[2a00e62eaeb0]

2019-10-28  Todd C. Miller

	* Makefile.in:
	Fix ChangeLog generation on a branch.
	[69409e5b1179]

2019-10-27  Todd C. Miller

	* logsrvd/sendlog.c:
	Remove unused copy of iolog_seekto().
	[1d730d414cd9]

2019-10-25  Laszlo Orban

	* examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	add configuration options for TLS
	[291a9986d6e9]

2019-10-24  Todd C. Miller

	* MANIFEST, doc/Makefile.in, doc/sudo_logsrv.proto.man.in,
	doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in,
	doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf,
	logsrvd/iolog_writer.c:
	Document the sudo log server protocol
	[46de0934987c]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c:
	Read logsrvd.conf in two steps: first read, then apply if OK. This
	fixes a problem where when logsrvd.conf was reloaded while running
	(due to SIGHUP) and there was an error we could end up with a
	partial config.
	[d3244c318c5b]

	* include/sudo_iolog.h, lib/iolog/iolog_util.c,
	lib/iolog/regress/iolog_util/check_iolog_util.c,
	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/sendlog.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoreplay.c:
	Add iolog_ prefix to exported functions in iolog_util.c
	[62027c8e1abd]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	logsrvd/logsrvd_conf.c, plugins/sudoers/iolog.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Simplify iolog_set_user and iolog_set_group
	[e82c5078b02c]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, lib/util/fchmodat.c,
	lib/util/fstatat.c, mkdep.pl:
	Add fchmodat() and fstatat() emulation. Note that fchmodat()
	emulation does not support AT_SYMLINK_NOFOLLOW
	[8232c22e71c7]

	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c:
	Clear the write bit on the timing file for completed logs. This
	allows us to tell whether or not a log can be restarted.
	[b2180b6ef53b]

	* logsrvd/logsrvd.c:
	Redirect std{in,out,err} to /dev/null even when given the -n option.
	[376186a8d9cc]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_path.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_path/data, logsrvd/iolog_writer.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path_escapes.c,
	plugins/sudoers/sudoers.c:
	Simplify expand_iolog_path()
	[4f0f85f659d1]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[e268d56da49c]

	* examples/sudo_logsrvd.conf, include/sudo_iolog.h,
	lib/iolog/iolog_fileio.c, logsrvd/Makefile.in, logsrvd/logsrvd.c,
	logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
	Make the logsrvd port and list address configurable.
	[69d73358888d]

	* Makefile.in, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c:
	Mark logsrvd and sendlog strings for translation in the sudoers
	domain
	[24b1fd6250fb]

	* logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Add long option support to logsrvd and sendlog.
	[ecb2fae83abb]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
	Return an error to the client on error instead of dropping the
	connection.
	[2e40ca902100]

	* examples/sudo_logsrvd.conf, logsrvd/logsrvd_conf.c:
	Convert sudo_logsrvd.conf to ini file format
	[91dff03d0795]

	* MANIFEST, examples/sudo_logsrvd.conf, include/sudo_util.h,
	lib/util/Makefile.in, lib/util/logfac.c, lib/util/logpri.c,
	lib/util/util.exp.in, logsrvd/Makefile.in, logsrvd/eventlog.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c:
	Add basic support for event logging using a sudo-style log format.
	[eb6aa3672e6f]

	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Add OpenBSD malloc options.
	[a0d79af0c430]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/buffer.c, logsrvd/buffer.h,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	Allow messages up to 2Mb in size.
	[af79754aaf53]

	* MANIFEST, configure, configure.ac, doc/Makefile.in,
	doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
	doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
	doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
	examples/sudo_logsrvd.conf, m4/sudo.m4:
	Add manual pages for logsrvd and sendlog.
	[f437259d81ae]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c:
	Add restart support for compresses I/O logs.
	[1191fac5ff52]

	* logsrvd/sendlog.c, logsrvd/sendlog.h:
	Fix client side of restart. Seek to the target point there too so we
	start sending from the right place.
	[403bf22a6dad]

	* include/sudo_iolog.h, lib/iolog/iolog_util.c,
	logsrvd/iolog_writer.c, logsrvd/sendlog.c,
	plugins/sudoers/sudoreplay.c:
	Move read_timing_record() into libsudo_iolog
	[65a984f7fa7a]

	* MANIFEST, lib/iolog/iolog_fileio.c, logsrvd/Makefile.in,
	logsrvd/buffer.c, logsrvd/buffer.h, logsrvd/iolog_writer.c,
	logsrvd/logsrv_util.c, logsrvd/logsrv_util.h, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	Rename buffer.c -> logsrv_util.c and add iolog_seekto()
	[0ff1a6fdaecd]

	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Fix some warnings from the clang static analyzer.
	[95de486cfb65]

	* logsrvd/sendlog.c:
	Fix Coverity CID 204353, fd leak on error path.
	[3519d910c777]

	* logsrvd/logsrvd_conf.c:
	Fix Coverity CID 204355, resource leak on error path.
	[c5c50c6bae16]

	* lib/iolog/iolog_fileio.c:
	Avoid TOCTOU in iolog_mkdirs; Coverity CID 204356
	[0c8679a731f5]

	* lib/util/mkdir_parents.c:
	Avoid TOCTOU in sudo_mkdir_parents; Coverity CID 204357
	[e9eeae60dff2]

	* logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h,
	logsrvd/log_server.proto:
	Add NumberList to InfoMessage. Also make comments fit in 80 columns
	when formatted as a man page.
	[fd7af0bb2477]

	* configure, configure.ac, include/sudo_rand.h, logsrvd/Makefile.in,
	logsrvd/logsrvd.c:
	Command line option processing for logsrvd
	[0f2248532960]

	* MANIFEST, examples/sudo_logsrvd.conf, logsrvd/Makefile.in,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, pathnames.h.in:
	Add config file support for logsrvd
	[4e643a95c88b]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/mkdir_parents.c, lib/util/util.exp.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/mkdir_parents.c,
	plugins/sudoers/sudoers.h:
	Move mkdir_parents to libsudo_util.
	[3f540eb94282]

	* MANIFEST, Makefile.in, configure, configure.ac,
	include/sudo_iolog.h, include/sudo_util.h, lib/iolog/Makefile.in,
	lib/iolog/iolog_fileio.c, lib/iolog/iolog_path.c,
	lib/iolog/iolog_util.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_path/data,
	lib/iolog/regress/iolog_util/check_iolog_util.c,
	lib/util/sudo_conf.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/sendlog.c, logsrvd/sendlog.h,
	plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog.h, plugins/sudoers/iolog_files.h,
	plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_path_escapes.c,
	plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/iolog_path/data,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c, src/sudo.h:
	Refactor code in sudoers that creates I/O log files to share with
	logsrvd.
	[3aa1fa95650d]

	* Makefile.in, include/sudo_iolog.h, lib/iolog/iolog_path.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	logsrvd/iolog_writer.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/sudoers.c:
	Enable sudo_logsrvd.conf settings.
	[8e7b37d1d2a9]

	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
	lib/iolog/iolog_util.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, plugins/sudoers/iolog.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoreplay.c:
	Use openat(2) when opening files in the I/O log directory.
	[1ab2e278e1d9]

	* logsrvd/Makefile.in, sudo.pp:
	Add sudo_ prefix to logsrvd and sendlog.
	[acbaed157ae5]

	* logsrvd/iolog_writer.c, logsrvd/log_server.pb-c.c,
	logsrvd/log_server.pb-c.h, logsrvd/log_server.proto,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
	logsrvd/sendlog.h:
	Rename ExecMessage -> AcceptMessage and add RejectMessage
	[a080c4eb7c4b]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/openat.c, lib/util/unlinkat.c,
	src/sudo_edit.c:
	Move openat() emulation to lib/util and at unlinkat() emulation.
	[756ace7fdf38]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c:
	Add debugging for logsrvd and sendlog
	[4c86dbceb611]

	* MANIFEST, doc/LICENSE, logsrvd/Makefile.in,
	logsrvd/protobuf-c/protobuf-c.c, logsrvd/protobuf-c/protobuf-c.h:
	Import protobuf-c source since to avoid an external dependency. The
	files generated with protoc-c are not standalone. We need to include
	protobuf-c.c and protobuf-c.h from the protobuf-c distribution too.
	Building protoc-c requires a relative recent version of gcc which
	limits its portability.
	[0ea50a59cab7]

	* logsrvd/Makefile.in, logsrvd/iolog_writer.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd.h, logsrvd/sendlog.c, logsrvd/sendlog.h:
	Add support for restarting I/O log transfers.
	[748e8f4f7fec]

	* MANIFEST, Makefile.in, configure, configure.ac, logsrvd/Makefile.in,
	logsrvd/iolog.h, logsrvd/iolog_reader.c, logsrvd/iolog_writer.c,
	logsrvd/log_server.pb-c.c, logsrvd/log_server.pb-c.h,
	logsrvd/log_server.proto, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, logsrvd/sendlog.h, sudo.pp:
	Import proof of concept sudo log server.
	[a0687ba66feb]

	* MANIFEST, logsrvd/Makefile.in, logsrvd/iolog.h,
	logsrvd/iolog_reader.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
	logsrvd/sendlog.c, logsrvd/sendlog.h, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/iolog.h,
	plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/sudoreplay.c:
	Refactor I/O log code so it can be shared between sudoers and
	logsrvd
	[b6608769ba8a]

	* lib/util/strtonum.c:
	Avoid invalid read when minval > maxval
	[7f1a6f992e4f]

2019-10-23  Todd C. Miller

	* NEWS, plugins/sudoers/policy.c, src/sudo.c:
	Don't pass an invalid session or process group ID to the plugin.
	Fixes a regression in 1.8.28 when there is no terminal session
	leader.
	[d9c626167b3c]

2019-10-22  Robert Manner

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
	plugins/python/pyhelpers_cpychecker.h,
	plugins/python/python_plugin_common.c,
	plugins/python/python_plugin_common.h,
	plugins/python/python_plugin_group.c,
	plugins/python/python_plugin_io.c,
	plugins/python/python_plugin_policy.c:
	plugins/python: a plugin which can load policy/io plugin written in
	python
	[2c7620c8052f]

	* Makefile.in, configure.ac, plugins/python/Makefile.in:
	Makefile.in, configure.ac: add python plugin build
	[09b305e2cd54]

2019-10-21  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[70f4543f177c]

	* src/limits.c:
	Not all systems support RLIMIT_NPROC and RLIMIT_RSS
	[26b8e2afe755]

	* doc/Makefile.in, examples/Makefile.in, include/Makefile.in,
	lib/util/Makefile.in, lib/zlib/Makefile.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Add depend target to all Makefile.in files.
	[0a22d80ef716]

	* NEWS, configure, configure.ac, doc/UPGRADE:
	Sudo 1.8.29
	[736c9a5c3720]

	* MANIFEST, lib/util/Makefile.in, src/Makefile.in, src/exec.c,
	src/limits.c, src/sudo.c, src/sudo.h:
	Set resource limits in the sudo process to unlimited. We don't want
	sudo to be limited by the caller's resource limits. The original
	resource limits are restore before session setup.
	[6c3bf214caf0]

2019-10-20  Todd C. Miller

	* plugins/sudoers/starttime.c, src/ttyname.c:
	Older FreeBSD needs sys/param.h included before sys/user.h. From
	Darren Tucker
	[88c060df0439]

	* include/sudo_util.h, lib/util/getgrouplist.c, lib/util/gidlist.c,
	lib/util/regress/strtofoo/strtoid_test.c, lib/util/strtoid.c,
	lib/util/util.exp.in, plugins/group_file/getgrent.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/iolog.c,
	plugins/sudoers/match.c, plugins/sudoers/policy.c,
	plugins/sudoers/pwutil.c,
	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
	plugins/system_group/system_group.c, src/sudo.c:
	Rename sudo_strtoid() to sudo_strtoidx() and add simplified
	sudo_strtoid()
	[94a418cdbae6]

2019-10-19  Todd C. Miller

	* doc/UPGRADE, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
	doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/visudo.man.in, doc/visudo.mdoc.in,
	plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/iolog.c,
	plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c,
	plugins/sudoers/testsudoers.c, src/exec.c:
	Refer to user-ID and group-ID instead of "user ID" and "group ID"
	[36d7bd4ab52d]

2019-10-18  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	sudoedit doesn't create a new PAM session so PAM umask does not
	apply.
	[8ae167d0ae7c]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, include/sudo_plugin.h,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, src/exec.c, src/sudo.c, src/sudo.h:
	Change how the umask is handled with PAM and login.conf. If the
	umask is explicitly set in sudoers, use that value regardless of
	what is in PAM or login.conf. If using the default umask from
	sudoers, allow PAM or login.conf to override it. Bug #900
	[7c0a835ac512]

2019-10-17  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/audit.c,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/logging.c:
	Add log_allowed and log_denied sudoers flags, defaulting to true.
	[fb1e188a3d05]

	* lib/util/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
	Enable security auditing malloc options for "make check".
	[333632dd3134]

2019-10-16  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Be more consistent with how we talk about sudoers Defaults settings.
	Use "flag" not "option" when referring to boolean flags. Use
	"setting" in place of "Defaults setting" in most places. Use "the
	foo option" instead of "sudo's foo option" for command line options.
	[8058378c4b35]

	* plugins/sudoers/Makefile.in:
	No need to check existing sudoers file when installing to DESTDIR
	This check can cause problems on systems where /etc/sudoers.d is not
	readable.
	[2ec01e9fe408]

	* lib/util/str2sig.c:
	Inclue sudo_util.h to get sudo_strtonum() prototype.
	[8b0b4ee28d5f]

	* lib/util/str2sig.c:
	strtonum -> sudo_strtonum
	[4d2363678583]

	* MANIFEST:
	Add split out strtofoo tests.
	[0cc598502faf]

	* lib/util/strtonum.c:
	Make sure we don't go past the end of the string when out of range.
	[2b89961c524a]

	* lib/util/regress/strtofoo/strtonum_test.c, lib/util/strtonum.c:
	Fix stronum() regress test and the errno value for out of range
	numbers.
	[3547d022bead]

	* lib/util/Makefile.in, lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c:
	Split atofoo.c regress into multiple tests.
	[75b7547e33bd]

	* NEWS, configure, configure.ac:
	Sudo 1.8.28p1
	[09ceaddc94f9]

2019-10-15  Todd C. Miller

	* plugins/sudoers/parse.c:
	The fix for bug #869 broke "sudo -v" when verifypw=all (the default)
	[aac35bcd8584]

2019-10-14  Todd C. Miller

	* include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/closefrom.c, lib/util/getaddrinfo.c, lib/util/strtonum.c,
	lib/util/sudo_conf.c, lib/util/ttysize.c,
	plugins/sudoers/boottime.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	src/parse_args.c, src/sesh.c, src/sudo.c, src/ttyname.c:
	Use sudo_strtonum() explicitly instead of via a macro.
	[f75f786eddd5]

	* config.h.in, configure, configure.ac, include/sudo_compat.h,
	lib/util/Makefile.in, lib/util/strtoid.c, lib/util/strtonum.c,
	lib/util/util.exp.in, mkdep.pl:
	Always use our own strtonum and implement sudo_strtoid in terms of
	it.
	[94b1114ef79d]

	* plugins/sudoers/pwutil.c:
	Use errno in warning when sudo_make_*_item() fails. Previously we
	always said "out of memory" if not ENOENT.
	[68e5a208c242]

	* plugins/sudoers/Makefile.in, plugins/sudoers/parse_ldif.c,
	plugins/sudoers/regress/cvtsudoers/test26.err.ok,
	plugins/sudoers/regress/cvtsudoers/test26.sh:
	Reject non-LDIF input when converting from LDIF to sudoers or JSON.
	[2d08d4aa0e01]

2019-10-10  Todd C. Miller

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/da.mo,
	plugins/sudoers/po/el.mo, plugins/sudoers/po/eu.mo,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fur.mo,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hu.mo,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/lt.mo,
	plugins/sudoers/po/nl.mo, plugins/sudoers/po/ru.mo,
	plugins/sudoers/po/sk.mo, plugins/sudoers/po/sl.mo,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/tr.mo,
	plugins/sudoers/po/zh_CN.mo, po/ast.mo, po/ca.mo, po/es.mo,
	po/eu.mo, po/fi.mo, po/fur.mo, po/gl.mo, po/hr.mo, po/hu.mo,
	po/ko.mo, po/nl.mo, po/nn.mo, po/ru.mo, po/sk.mo, po/sl.mo,
	po/sr.mo, po/sudo.pot, po/vi.mo, po/zh_CN.mo:
	regen
	[362645d256b7]

	* NEWS, lib/util/strtoid.c:
	Treat an ID of -1 as invalid since that means "no change". Fixes
	CVE-2019-14287. Found by Joe Vennix from Apple Information Security.
	[83db8dba09e7]

	* lib/util/regress/atofoo/atofoo_test.c,
	plugins/sudoers/regress/testsudoers/test5.out.ok,
	plugins/sudoers/regress/testsudoers/test5.sh:
	Add sudo_strtoid() tests for -1 and range errors. Also adjust
	testsudoers/test5 which relied upon gid -1 parsing.
	[db06a8336c09]

2019-10-06  Todd C. Miller

	* INSTALL, configure, configure.ac:
	Back out compiler override for now.
	[f03f7fd7ff8b]

	* configure, configure.ac:
	Only prefer clang over gcc on BSD systems.
	[2309baa23a00]

2019-10-05  Todd C. Miller

	* Makefile.in:
	Fix "make pvs-studio" run in a build dir
	[a49635de3777]

2019-09-27  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[430d45f3b461]

	* NEWS:
	Bug #898
	[3d07895888e8]

	* src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
	src/selinux.c, src/sudo.c, src/sudo.h:
	Fix restoring the file context of the user's tty with SELinux. Also
	fix broken tty labeling when running a command in a pty. Includes a
	fix for a typo introduced in the last change set.
	[eb3f547b08f8]

	* lib/util/arc4random.c:
	_rs_random_buf is currently unused
	[e384fc3625e8]

	* src/selinux.c:
	Add some debugging around context setting and tty labeling Also be
	more extact with error return values
	[ed66480282c7]

2019-09-21  Todd C. Miller

	* lib/util/sudo_debug.c:
	Better error message when debug log file cannot be opened.
	[09e0cdff0c49]

2019-09-20  Todd C. Miller

	* .hgignore:
	Ignore in-tree build directory.
	[66577c63f097]

	* configure, configure.ac:
	Set CC before AC_USE_SYSTEM_EXTENSIONS to get our preferred
	compiler.
	[6a318eeffb30]

2019-09-19  Todd C. Miller

	* pp:
	Update Polypkg to the latest version from git.
	[68bbecc25007]

	* configure, configure.ac:
	If no mandoc or nroff is present, install mdoc format manuals. If
	there is no installed nroff/mandoc they will need to install groff
	or heirloom doctools to format the manual pages.
	[6dd386c1a378]

2019-09-18  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h:
	Refer to number of terminal lines, not rows, for consistency.
	[566e3e38058f]

2019-09-17  Todd C. Miller

	* INSTALL, configure, configure.ac:
	Prefer clang over gcc. We want to use clang on systems where clang
	is the system compiler. It is less common to have clang installed on
	systems where gcc is the system compiler.
	[d29d764a4938]

	* INSTALL:
	No longer need bypass_last_login on HP-UX, warnings work with clang.
	Also add deb package names for pam and ldap devel on Linux.
	[6aff480b1f4b]

	* src/parse_args.c:
	Silence a warning from clang about string concatenation.
	[cadba1a4d86d]

2019-09-14  Todd C. Miller

	* NEWS, doc/UPGRADE:
	sudoedit umask fix
	[4bfc0e393e2a]

2019-09-13  Todd C. Miller

	* lib/util/event.c:
	Fix sorting of the time-based event queue.
	[f12e5a877c8a]

	* lib/util/event.c:
	Support default base in got_exit, got_break, loopexit, loopbreak,
	loopcontinue
	[da02194b5ba9]

2019-09-11  Todd C. Miller

	* src/sudo_edit.c:
	Create new files with the umask specified in sudoers.
	[4d0b6152834b]

2019-09-05  Todd C. Miller

	* plugins/sudoers/parse_ldif.c:
	More case-insensitive compare for LDAP attributes and string lists.
	Only the ALL keyword should be compared case-sensitive.
	[87cd688b2648]

2019-08-30  Todd C. Miller

	* src/sudo.h:
	Enable asserts for Coverity too.
	[b830f200a8bd]

	* src/parse_args.c, src/sudo.h:
	Add asserts() to avoid static analyzer false positives.
	[860aca50028d]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Plug memory leak on malloc failure.
	[1b35743703d4]

	* plugins/sudoers/ldap_util.c:
	Plug memory leak on malloc failure.
	[c2257637d659]

2019-08-29  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Add sudo_pam_strerror(), like pam_strerror() but never returns NULL.
	It also uses strerror(errno) for PAM_SYSTEM_ERR.
	[b070d1702112]

	* plugins/sudoers/auth/pam.c:
	If pam_start() fails, display the PAM error using pam_strerror(). It
	is legal to pass pam_strerror() a NULL handle.
	[6403fa1479d8]

2019-08-27  Todd C. Miller

	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	plugins/sudoers/sudoreplay.c:
	If the sudoreplay ID option is a fully-qualified path, use it
	directly. Previously, one had to use the -d option to override the
	I/O log directory.
	[9fddb3ffc760]

	* plugins/sudoers/Makefile.in:
	regen
	[f70579d2972b]

	* MANIFEST, doc/sudo.conf.man.in.sed:
	Add conditional for sesh path in sudo.conf manual.
	[93b5c6fcf8f4]

2019-08-26  Todd C. Miller

	* NEWS:
	Bug #895
	[d69984bccd0e]

	* plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/dce.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/check.c, plugins/sudoers/sudo_printf.c,
	src/conversation.c:
	Use the SUDO_CONV_PREFER_TTY flag during authentication. This
	prevents the password and PAM prompts from being redirected. Bug
	#895
	[546082c674b7]

2019-08-23  Todd C. Miller

	* mkpkg:
	Fix typo that prevented a missing linux audit lib from being
	detected.
	[b9412151615d]

2019-08-20  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	Use fputs(), not printf() for plain strings.
	[b102ae1cb6da]

	* NEWS:
	Recent fixes.
	[8249e98a05c8]

	* plugins/sudoers/ldap.c:
	Add user ID to the search filter when matching sudoUser. We already
	support group IDs but the user ID was missing. From
	sudo-1.8.23-ldapsearchuidfix.patch in RHEL 7.
	[3da7b9f990be]

	* plugins/sudoers/regress/sudoers/test2.json.ok,
	plugins/sudoers/regress/sudoers/test2.toke.ok,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix parsing of double-quoted Defaults bindings that start with % or
	+. From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-
	values.patch in RHEL 7.
	[df613e67ef45]

	* src/exec.c:
	Restore core dump resource limit before the PAM session module is
	run. Otherwise, we may override the limits set by PAM. Bug #894
	[f35441098234]

2019-08-19  Todd C. Miller

	* lib/util/sig2str.c, lib/util/str2sig.c:
	sys_signame on macOS contains lower-cases names
	[d7af71311b3d]

	* MANIFEST, configure, configure.ac, lib/util/Makefile.in,
	lib/util/regress/strsig/strsig_test.c:
	Add regress tests for str2sig() and sig2str().
	[fb73303699fb]

	* lib/util/str2sig.c:
	SIGIOT and SIGABRT are aliases on BSD systems.
	[d35f75aba04a]

	* lib/util/sig2str.c, lib/util/str2sig.c:
	Fix handling of real-time signals.
	[39066a5eabcb]

2019-08-16  Todd C. Miller

	* NEWS:
	ipa_hostname fix
	[54245ed09830]

2019-08-15  Todd C. Miller

	* plugins/sudoers/file.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
	plugins/sudoers/match.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c:
	Fix special handling of ipa_hostname that was lost in sudo 1.8.24.
	We now include the long and short hostname in sudo parser container.
	[b4f31dbe3109]

2019-08-14  Todd C. Miller

	* plugins/sudoers/iolog_event.h:
	Remove unused include file.
	[0731078e72b1]

2019-08-05  Todd C. Miller

	* NEWS, doc/UPGRADE:
	Mention I/O log signal change in NEWS and UPGRADE files.
	[ac7969640146]

	* MANIFEST, NEWS, plugins/sudoers/po/ast.mo,
	plugins/sudoers/po/ast.po:
	Asturian translation for sudoers from translationproject.org.
	[4f011f10129e]

	* mkdep.pl:
	Check source dir if source file is not listed in MANIFEST.
	Previously, we just used the file name without $(srcdir).
	[cd17ca929217]

	* MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, include/sudo_compat.h, lib/util/Makefile.in,
	lib/util/str2sig.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_util.c:
	Store signal name, not number in I/O log timing file. The "SIG"
	prefix is not used so, e.g. SIGTERM -> "TERM". This makes the I/O
	log files portable from one system to another. Older I/O log files
	with signal numbers can still be replayed.
	[5652f831b715]

2019-07-30  Todd C. Miller

	* src/utmp.c:
	Disable stringop-truncation false positive warnings on gcc 8.
	Strings in struct utmp/utmpx are not guaranteed to be NUL-
	terminated.
	[644b97bba318]

	* plugins/group_file/plugin_test.c, src/net_ifs.c:
	Replace non-essential strncpy() calls.
	[2377cad6e155]

2019-07-26  Todd C. Miller

	* configure, configure.ac:
	Revert version back to 1.8.28
	[4e2deb0b4925]

	* lib/util/Makefile.in:
	Link util functions being tested directly with the test harness.
	Otherwise we may get the version from the installed libsudo_util.so.
	[46c833080d13]

2019-07-23  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_TW.mo,
	plugins/sudoers/po/zh_TW.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po,
	po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po,
	po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po,
	po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po,
	po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po,
	po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[a5aa41ab05cb]

2019-07-19  Todd C. Miller

	* configure, configure.ac, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/parse.c:
	Use strftime(3) instead of formatting struct tm by hand. Fixes a
	warning on newer versions of gcc.
	[4a2fdb51bbe5]

	* doc/sudo.man.in, doc/sudo.mdoc.in:
	Update error message when the password cannot be read from the
	terminal.
	[9b329f92e8a0]

	* NEWS:
	Fix for Bug #888
	[d64fc43adfdd]

	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
	If the command in sudoers does not exist on the file system, match
	by name. We still want to match the command even if it doesn't exist
	so that the NOPASSWD flag on sudoers entries with non-existant paths
	works as expected. Bug #888.
	[0879054870be]

	* NEWS, doc/TROUBLESHOOTING, po/sudo.pot, src/tgetpass.c:
	More verbose error message when a password is required and no
	terminal is present. Bug #828.
	[f15ffeffff32]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[8e0fdf8e4cd5]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that PAM session modules are now run with the silent flag.
	[b67b769a0532]

2019-07-14  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Simpler change to retry sudo_secure_file() as root as needed.
	[feb0c2309366]

	* plugins/sudoers/sudoers.c:
	If we are unable to stat() sudoers as non-root, try again as root.
	By default, sudo relies soley on group permissions to read sudoers
	to make it possible to store sudoers on NFS. However, if
	/etc/sudoers is not accessible to non-root uids for some reason,
	sudo will fail. Bug #880.
	[6a50adb25f2e]

2019-07-12  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Clarify that ttyin contains raw terminal input.
	[eea9d33f85bd]

2019-07-11  Todd C. Miller

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Expand the description of the I/O log files.
	[f15cefc9bbd8]

	* doc/sudo.conf.mdoc.in:
	Remove trailing whitespace.
	[421e9f481c1d]

2019-07-03  Todd C. Miller

	* configure, configure.ac, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in:
	Rename PLUGINDIR -> plugindir
	[75cc43534ee1]

	* configure, configure.ac:
	Use $libexecdir in default settings used by the documentation. The
	web and pdf pages will substitute /usr/local/libexec for
	$noexec_file. Also do substitution of variables using exec_prefix
	even if we don't use them in the Makefile since the documentation
	may reference them.
	[b7a37b03b6db]

	* doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	Add conditional for sesh path in sudo.conf manual.
	[ec1f8f559bad]

	* configure, configure.ac:
	Update plugindir even when --disable-shared is specified. Otherwise,
	the default value is substituted into the Makefiles and
	documentation which may not match --prefix. Bug #886
	[0f6c9a4af739]

2019-06-25  Todd C. Miller

	* include/sudo_util.h, lib/util/fatal.c, lib/util/inet_ntop.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sudo_debug.c,
	plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/logging.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/timestamp.c, src/load_plugins.c, src/net_ifs.c,
	src/sudo.c:
	Add ssizeof macro that returns ssize_t. We can use this instead of
	casting the result of size_t to int. Also change checks for
	snprintf() returning <=0 to <0.
	[da4a95a5d8ec]

2019-06-21  Todd C. Miller

	* doc/TROUBLESHOOTING, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	sudoedit should be used for editing files instead of "sudo editor"
	That way the user's editor config files are used by the editor.
	[24bb1e6326ee]

	* doc/TROUBLESHOOTING:
	Move the section on HOME to be after the environment section. Also
	strongly discourage the disabling of env_reset.
	[7a41bddf5fde]

2019-06-20  Todd C. Miller

	* doc/TROUBLESHOOTING:
	Remove the Solaris last login question, add one about HOME. The PAM
	session is opened with PAM_SILENT so last login info is not printed.
	It is dangerous to preserve HOME from the user's environment.
	[99be2cd98556]

	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Use the term pseudo-terminal more consistently.
	[129a0d2e5a33]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document why HOME should not be preserved from the user's
	environment. Text was adapted from what is already present in the
	UPGRADE file. Also mark set_home and always_set_home as obsolete.
	[3cddca2f78de]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
	Refer to command line options, not flags.
	[5caa383e1f9b]

	* NEWS:
	sync
	[fd7e952e3e43]

	* doc/TROUBLESHOOTING:
	sudo will now prompt for a password as long as /dev/tty is
	available.
	[a4241d432e63]

	* MANIFEST, configure, configure.ac, doc/Makefile.in,
	doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat,
	doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat:
	Remove .cat pages, there is no need for them in the modern world.
	Sudo only shipped .cat pages for Irix, which lacked nroff. Irix is
	long dead and there are multiple open source nroff options.
	[b7a48dc22bdb]

	* INSTALL, configure.ac, doc/sudoers.cat, doc/visudo.cat:
	Make env_editor the default. It is already the default in the
	package script.
	[a4f0c46ef5d6]

	* INSTALL, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
	Don't describe env_editor as a security hole. Users that are able to
	edit sudoers can grant themselves permissions so the fact that
	visudo runs the editor as root is not a security issue.
	[627f0a96ccc9]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
	Fix details of how EDITOR, VISUAL and SUDO_EDITOR are (or are not)
	preserved. The description in the editor option was incorrect and
	didn't mention env_keep. Reported by Sander Bos
	[1b498d610672]

	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
	Modern visudo locks the actual sudoers file, not the sudoers.tmp
	file. Refer to sudoers.tmp as a temporary file, not a lock file.
	Reported by Sander Bos
	[3a449f316304]

2019-06-19  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	In tty_present(), check for /dev/tty if sudo was unable to get the
	tty name. For requiretty it is enough to check that /dev/tty is
	available. If sudo can't get the tty from the kernel (missing
	/proc?) that is OK.
	[2102ffa0fa7e]

	* src/tgetpass.c:
	Don't refuse to use the tty unless /dev/tty is unavailable. We don't
	care whether sudo was able to get the tty name from the kernel. All
	that really matters is whether we are able to disable echo as
	needed.
	[a3376277883f]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Use of "they" was ambiguous.
	[a39f42aa21ca]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Better description of secure_path. The secure_path option affects
	the resolution of unqualified commands as well as the environment
	that commands run with.
	[e0534efa8271]

	* doc/CONTRIBUTORS:
	Add Sander Bos
	[75f6f90c2f24]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Fix a few typos and awkward wording. Use the singular "they" instead
	of he/she. Add back missing text in description of variables
	starting with (). Based on changes from Sander Bos.
	[d6b5068ae2ca]

2019-06-15  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Clarify which environment variables are set based on the target
	user.
	[1e6ac7e5ef32]

2019-06-10  Todd C. Miller

	* lib/util/Makefile.in:
	libsudo_util depends on LT_DEP_LIBS even when building a static lib
	[232370d6af88]

	* aclocal.m4, config.h.in, configure, configure.ac,
	lib/util/arc4random.c:
	Solaris getentropy() requires that sys/random.h be included.
	[f1ec0a7290a6]

2019-05-29  Todd C. Miller

	* plugins/sudoers/parse.c:
	Use the runhost for "User foo is not allowed to run sudo on bar."
	Otherwise, if the -h option is specified sudo will print the local
	host name instead of the host specified via -h.
	[8e6836ff952c]

2019-05-28  Todd C. Miller

	* doc/TROUBLESHOOTING:
	Document that "no tty present and no askpass program specified" may
	happen when /proc is not accessible.
	[b551c47e55aa]

2019-05-27  Todd C. Miller

	* doc/CONTRIBUTORS:
	Add Sangamesh Mallayya and Michael Spradling
	[73b3acddc973]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c,
	src/sudo.h, src/tgetpass.c:
	Add -B option to ring the bell before the password prompt.
	[b2181b069809]

	* plugins/sudoers/auth/aix_auth.c:
	Allow the user to change their password if expired on AIX. Bug #883
	[b1def2572198]

2019-05-26  Todd C. Miller

	* plugins/sudoers/auth/aix_auth.c:
	When using AIX auth, don't display the AIX password incorrect
	message. Avoids a "3004-300 You entered an invalid login name or
	password" message in addition to sudo's own "Sorry, try again"
	message.
	[ee606cfc3c8c]

2019-05-24  Todd C. Miller

	* mkpkg:
	AIX packages were not being build with optimization enabled.
	[41563464b897]

2019-05-22  Todd C. Miller

	* plugins/sudoers/parse.c, plugins/sudoers/parse.h:
	Fix a typo.
	[6cd3fdc40b13]

	* mkpkg:
	Support using macOS SDKs from
	/Library/Developer/CommandLineTools/SDKs
	[98399af73e06]

2019-05-16  Todd C. Miller

	* lib/util/term.c:
	It is safe to assume _POSIX_VDISABLE is defined. The old compat
	defines were to support pre-termios systems.
	[82153896cede]

2019-05-06  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Remove second catopen() which is never called.
	[8a3db9d71297]

2019-05-01  Todd C. Miller

	* doc/TROUBLESHOOTING:
	Sudo's conversation functions now filters out the last login
	information.
	[ac21b18ba6bf]

2019-04-29  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c:
	Add pam_acct_mgmt setting to enable/disable PAM account validation.
	[ec657af6eeb8]

	* doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat,
	doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat:
	regen
	[d39b0636806f]

	* NEWS, configure, configure.ac:
	Sudo 1.8.28
	[dd02af1b71e1]

	* Makefile.in, configure.ac, doc/Makefile.in, doc/cvtsudoers.man.in,
	doc/cvtsudoers.mdoc.in, doc/fixman.sh, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
	doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in,
	include/compat/charclass.h, include/compat/endian.h,
	include/compat/fnmatch.h, include/compat/getopt.h,
	include/compat/glob.h, include/compat/nss_dbdefs.h,
	include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h,
	include/sudo_debug.h, include/sudo_digest.h, include/sudo_dso.h,
	include/sudo_event.h, include/sudo_fatal.h, include/sudo_gettext.h,
	include/sudo_lbuf.h, include/sudo_plugin.h, include/sudo_queue.h,
	include/sudo_rand.h, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/aix.c, lib/util/arc4random.c, lib/util/arc4random.h,
	lib/util/arc4random_uniform.c, lib/util/closefrom.c,
	lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
	lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c,
	lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getentropy.c,
	lib/util/getgrouplist.c, lib/util/gethostname.c,
	lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c,
	lib/util/glob.c, lib/util/inet_ntop.c, lib/util/inet_pton.c,
	lib/util/isblank.c, lib/util/key_val.c, lib/util/lbuf.c,
	lib/util/locking.c, lib/util/memrchr.c, lib/util/memset_s.c,
	lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
	lib/util/nanosleep.c, lib/util/parseln.c, lib/util/pipe2.c,
	lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
	lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
	lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
	lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c,
	lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c,
	lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c,
	lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
	lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c,
	lib/util/ttyname_dev.c, lib/util/ttysize.c, lib/util/utimens.c,
	lib/util/vsyslog.c, lib/zlib/Makefile.in, log2cl.pl, m4/sudo.m4,
	mkdep.pl, mkpkg, pathnames.h.in, plugins/group_file/Makefile.in,
	plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
	plugins/group_file/plugin_test.c, plugins/sample/Makefile.in,
	plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/alias.c, plugins/sudoers/audit.c,
	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
	plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
	plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
	plugins/sudoers/check.c, plugins/sudoers/check.h,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/digestname.c,
	plugins/sudoers/editor.c, plugins/sudoers/env.c,
	plugins/sudoers/env_pattern.c, plugins/sudoers/file.c,
	plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/gc.c,
	plugins/sudoers/gentime.c, plugins/sudoers/getspwuid.c,
	plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/group_plugin.c, plugins/sudoers/hexchar.c,
	plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
	plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
	plugins/sudoers/ins_python.h, plugins/sudoers/insults.h,
	plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
	plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h,
	plugins/sudoers/iolog_path.c, plugins/sudoers/iolog_util.c,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c,
	plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
	plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
	plugins/sudoers/match_digest.c, plugins/sudoers/mkdir_parents.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
	plugins/sudoers/redblack.h,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
	plugins/sudoers/solaris_audit.h, plugins/sudoers/sssd.c,
	plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
	plugins/sudoers/strlist.h, plugins/sudoers/stubs.c,
	plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudo_ldap_conf.h,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
	plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_version.h,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h,
	plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
	plugins/system_group/system_group.c, src/Makefile.in,
	src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
	src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c,
	src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c,
	src/parse_args.c, src/preload.c, src/preserve_fds.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
	src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
	src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
	src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c,
	src/tgetpass.c, src/ttyname.c, src/utmp.c:
	Add SPDX-License-Identifier to files.
	[db66decfad24]

2019-04-28  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Filter out last login messages on HP-UX unless running a shell. HP-
	UX in trusted mode will display last login messages as part of the
	PAM account management module by libpam_comsec. There is no way to
	suppress these messages from the PAM configuration in trusted mode
	so we need to filter them in the conversation function. In regular
	mode, similar (but different) messages may be produced by
	libpam_hpsec.
	[5bbb02c69b46]

2019-04-26  Todd C. Miller

	* lib/util/closefrom.c:
	FreeBSD's /dev/fd only contains fds 0-2 unless fdescfs is mounted.
	In practice this doesn't matter since FreeBSD >= 8 has a native
	closefrom
	[bbeeb52550f1]

2019-04-20  Todd C. Miller

	* plugins/sudoers/logging.c:
	Keep debug fds open in send_mail() to aid in debugging. Adds
	closefrom_nodebug() which acts like closefrom(3) but doesn't close
	debug fds for use by send_mail(). Also moves the code to exec the
	mailer to its own function.
	[b1892425667a]

2019-04-19  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Set def_mailerflags even if sendmail was not found at configure
	time. Fixes a NULL dereference when mailerpath is set but
	mailerflags is not. Bug #878
	[6c57f5ddca54]

2019-04-08  Todd C. Miller

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, lib/util/getdelim.c,
	lib/util/getline.c, lib/util/parseln.c,
	lib/util/regress/getdelim/getdelim_test.c, mkdep.pl,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/boottime.c,
	plugins/sudoers/iolog_util.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/sssd.c:
	Add a proper getdelim(3) replacement and use it instead of
	getline(3).
	[2e06e45ffbd6]

	* plugins/sudoers/auth/pam.c:
	Restrict the PAM_TTY kludge to Solaris and Linux-PAM. Setting
	PAM_TTY to the empty string causes problems with some modules on HP-
	UX so restrict it to systems where it is fixes known issues.
	[d61f4e20dc67]

2019-03-18  Todd C. Miller

	* lib/util/getgrouplist.c:
	Fix the counting of supplementary groups on AIX. We should not
	assume that basegid will be present in the list of gids returned by
	getgrset().
	[6b5fa2805840]

2019-03-14  Todd C. Miller

	* plugins/sudoers/pwutil.c:
	Plug a memory leak on user/group lookup failure found by ASAN.
	[aff673f310d0]

2019-03-08  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/testsudoers/test3.d/root,
	plugins/sudoers/regress/testsudoers/test3.sh:
	Fix test failure when run by a user other than the file owner.
	[c41ea7cfedf8]

	* MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/da.mo,
	po/da.po, po/eo.mo, po/eo.po, po/es.mo, po/es.po, po/zh_TW.mo,
	po/zh_TW.po:
	Updated translations from translationproject.org
	[484d7b28bdd6]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test1.sh,
	plugins/sudoers/regress/cvtsudoers/test10.sh,
	plugins/sudoers/regress/cvtsudoers/test11.sh,
	plugins/sudoers/regress/cvtsudoers/test12.sh,
	plugins/sudoers/regress/cvtsudoers/test13.sh,
	plugins/sudoers/regress/cvtsudoers/test14.sh,
	plugins/sudoers/regress/cvtsudoers/test15.sh,
	plugins/sudoers/regress/cvtsudoers/test16.sh,
	plugins/sudoers/regress/cvtsudoers/test17.sh,
	plugins/sudoers/regress/cvtsudoers/test18.sh,
	plugins/sudoers/regress/cvtsudoers/test19.sh,
	plugins/sudoers/regress/cvtsudoers/test2.sh,
	plugins/sudoers/regress/cvtsudoers/test20.sh,
	plugins/sudoers/regress/cvtsudoers/test21.sh,
	plugins/sudoers/regress/cvtsudoers/test22.sh,
	plugins/sudoers/regress/cvtsudoers/test23.sh,
	plugins/sudoers/regress/cvtsudoers/test24.sh,
	plugins/sudoers/regress/cvtsudoers/test25.sh,
	plugins/sudoers/regress/cvtsudoers/test26.err.ok,
	plugins/sudoers/regress/cvtsudoers/test26.out.ok,
	plugins/sudoers/regress/cvtsudoers/test26.sh,
	plugins/sudoers/regress/cvtsudoers/test27.sh,
	plugins/sudoers/regress/cvtsudoers/test28.sh,
	plugins/sudoers/regress/cvtsudoers/test29.sh,
	plugins/sudoers/regress/cvtsudoers/test3.sh,
	plugins/sudoers/regress/cvtsudoers/test30.sh,
	plugins/sudoers/regress/cvtsudoers/test31.sh,
	plugins/sudoers/regress/cvtsudoers/test32.err.ok,
	plugins/sudoers/regress/cvtsudoers/test32.out.ok,
	plugins/sudoers/regress/cvtsudoers/test32.sh,
	plugins/sudoers/regress/cvtsudoers/test33.sh,
	plugins/sudoers/regress/cvtsudoers/test4.sh,
	plugins/sudoers/regress/cvtsudoers/test5.sh,
	plugins/sudoers/regress/cvtsudoers/test6.sh,
	plugins/sudoers/regress/cvtsudoers/test7.sh,
	plugins/sudoers/regress/cvtsudoers/test8.sh,
	plugins/sudoers/regress/cvtsudoers/test9.sh:
	Test cvtsudoers stdout and stderr separately. Fixes a test failure
	on systems with musl libc. Bug #873
	[e82a381f4f3d]

2019-03-06  Todd C. Miller

	* plugins/sudoers/starttime.c, src/ttyname.c:
	Better comment about EOVERFLOW and pstat_getproc(). Also remove some
	useless casts.
	[09a915110812]

	* lib/util/closefrom.c:
	Ignore EOVERFLOW from pstat_getproc(), it is not a fatal error. It
	just means that one of the fields in pstat lacks the precision to
	store a value. That's not an issue for pst_highestfd.
	[bb7ed18e360b]

	* sudo.pp:
	update copyright year
	[cff8184aeb11]

2019-03-05  Todd C. Miller

	* src/load_plugins.c:
	Fix error message when a fully-qualified plugin path does not exist.
	[318f7511c9bc]

2019-03-04  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Fix unescaped '\' and remove an extra '[' in the definition of
	digest.
	[9ea1a400ebc9]

2019-03-03  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Ignore carriage return before a linefeed. This allows sudo to parse
	files with DOS-style line endings.
	[65882b63a84d]

2019-02-26  Todd C. Miller

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	For sssd, the nsswitch.conf setting should be "sss" not "sssd". From
	Johnathan Smith.
	[5c07130d1bbc]

2019-02-20  Todd C. Miller

	* plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
	Add simple API for to allow reading environment data from different
	sources. Currently, this is used to read a file like
	/etc/environment.
	[ce9161899719]

2019-02-19  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Fix pasto; the unrestricted env file was read when we want the
	restricted one.
	[23b0b3c473db]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.h,
	plugins/sudoers/parse.h, plugins/sudoers/strlist.c, src/sudo.h:
	Be sure to include sudo_queue.h where needed instead of relying on
	other headers.
	[fe9418a9b378]

2019-02-18  Todd C. Miller

	* lib/util/util.exp.in:
	Only export sudo_arc4random_uniform() if arc4random_uniform() is
	missing.
	[e32a7243976d]

	* lib/util/regress/vsyslog/vsyslog_test.c:
	Quiet a warning on gcc 8
	[fe8cad6564e2]

	* include/sudo_compat.h:
	AIX 7.1 defines O_CLOEXEC but it can't be used outside the kernel.
	Redefine O_CLOEXEC if it doesn't fit in an int and pipe2() is
	missing.
	[3ef0220351ca]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
	plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
	plugins/sudoers/parse.h:
	Split command match code out into match_command.c. Also remove
	unused SUDOERS_NAME_MATCH code.
	[2a7adb93a65e]

2019-02-17  Todd C. Miller

	* plugins/sudoers/match_digest.c:
	Split out digest matching into its own file.
	[93863918f934]

	* plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
	plugins/sudoers/parse.h:
	Split out digest matching into its own file.
	[aafdc9b976ed]

2019-02-12  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Rename FOLLOW and NOFOLLOW tokens FOLLOWLNK and NOFOLLOWLNK. Fixes a
	namespace collision on Solaris when bison is used.
	[707b94b7c1e9]

2019-02-06  Todd C. Miller

	* plugins/sudoers/match.c:
	Add stub definition of digest_matches() for SUDOERS_NAME_MATCH
	[a322e57c85e0]

	* plugins/sudoers/sudo_nss.c:
	No longer need to include sudo_lbuf.h
	[db110422b24c]

	* mkpkg:
	On RedHat/CentOS get the OS major version from /etc/redhat-release.
	We cannot determine this from the output of "pp --probe" since it
	doesn't contain a period to separate the major and minor numbers.
	[78a27d62de0c]

2019-02-05  Todd C. Miller

	* plugins/sudoers/policy.c:
	Use SET macro instead of bitwise OR.
	[b523937e8da8]

	* plugins/sudoers/pwutil_impl.c:
	In sudo_make_grlist_item() the calculation of total did not include
	space for pointers to the group names.
	[7c438dd62f45]

	* plugins/sudoers/cvtsudoers_pwutil.c:
	Use correct debug_decl() names.
	[d0f02db8be20]

	* plugins/sudoers/sudoers.h:
	Add fallback values for sudoers uid, gid and mode if not set in
	Makefile.
	[21e41ed7a06c]

2019-02-04  Todd C. Miller

	* lib/util/memset_s.c:
	include stddef.h to make sure we get NULL
	[d42b4c325c0c]

2019-02-02  Todd C. Miller

	* src/net_ifs.c:
	Fix memory leak when there are no network interfaces or an error
	occurs.
	[7ba525ee9233]

2019-01-25  Todd C. Miller

	* configure, configure.ac:
	Use $ac_cv_search_FUNCTION instead of $ac_lib and $ac_res. Fixes a
	problem where libcrypt is not used with autoconf caching. Adapted
	from a diff from Adam Labbe.
	[5cfcade6ce3e]

2019-01-24  Todd C. Miller

	* po/de.mo, po/de.po, po/ko.mo, po/ko.po:
	Updated translations from translationproject.org
	[4995f6542a2c]

2019-01-22  Todd C. Miller

	* plugins/sudoers/parse.c:
	Fix listpw=never and verifypw=never. Bug #869
	[ecb89088a884]

2019-01-20  Todd C. Miller

	* lib/util/regress/vsyslog/vsyslog_test.c, lib/util/sig2str.c,
	plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_pwutil.c,
	plugins/sudoers/env.c, plugins/sudoers/find_path.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/group_plugin.c,
	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/logging.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
	plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c, src/sudo.c, src/ttyname.c:
	Minor snprintf() usage tweaks: 1) don't assume snprintf() returns -1
	on error, check for <0 2) when comparing return value of
	sizeof(foo), cast the sizeof, not the len 3) cast return value to
	void in cases where snprintf cannot fail
	[2af6dfb31a49]

2019-01-07  Todd C. Miller

	* NEWS:
	The AIX nofiles hard limit fix and bug #867 will make 1.8.27.
	[a8b4710ff907]

	* plugins/sudoers/auth/pam.c:
	Use PAM_SILENT to prevent pam_lastlog from printing last login
	information on RedHat except when explicitly running a shell.
	Adapted from a patch from Nir Soffer. Bug #867
	[b8b5d3445a3c]

	* lib/util/aix.c:
	Fix the default nofiles and stack hard limits. The table of default
	hard limits in /etc/security/limits was out of date with respect to
	the current documentation. The default hard limit for nofiles should
	be unlimited, not 8196. The default hard limit for stack should be
	4194304 blocks (which fits in an unsigned long on 32-bit platforms).
	[68c8c05a0b9b]

2019-01-03  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[3000c62ed0ba]

	* NEWS:
	Final updates for sudo 1.8.27.
	[40d6ecb1f739]

	* src/exec_pty.c:
	Update copyright year
	[adc9f4046585]

	* doc/LICENSE:
	Update for 2019
	[ccbbad25d7c7]

2019-01-02  Todd C. Miller

	* src/exec_pty.c:
	Fix setting of utmp entry when running command in a pty. Regression
	introduced in sudo 1.8.22.
	[cf81f3fa1f3a]

2018-12-24  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Use debug_return_int not debug_return_bool in resolve_host
	[490241e14e68]

	* NEWS, configure, configure.ac:
	sudo 1.8.27
	[f59a4a391a44]

	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
	plugins/sudoers/visudo.c:
	Allow the sudoers file to be specified without the -f option. Bug
	#864
	[eb3d4c4461ba]

2018-12-20  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	The iolog_dir section is below the maxseq section, not above.
	[35534e4f23d9]

2018-12-12  Todd C. Miller

	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo,
	po/ja.po:
	Updated translations from translationproject.org
	[270660da2de4]

2018-12-11  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	Add -n and -R options to help; reported by Radovan Sroka
	[683df32eb950]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	Add missing description of padding option and missing argument to
	-c.
	[c762020f1694]

	* plugins/sudoers/cvtsudoers.c:
	The -c option was missing from the help info; from Radovan Sroka
	[aa36d5c05b0b]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	Fix some typos; reported by Radovan Sroka
	[d6137224dd47]

2018-12-08  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	In sudo_pam_approval(), for the exempt case, only overwrite pam
	status when the passwd is expired or needs to be updated.
	[2c2d1ed1bb7e]

2018-12-07  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	The fix for bug #843 was incomplete and caused pam_end() to be
	called early. sudo_pam_approval() must not set the global pam status
	to an error value if it returns AUTH_SUCCESS. Otherwise,
	sudo_pam_cleanup() will call pam_end() before
	sudo_pam_begin_session(). This resulted in a NULL PAM handle being
	used in sudo_pam_begin_session().
	[656aa910fbaf]

2018-12-05  Todd C. Miller

	* src/exec.c:
	Don't run the command in a pty if no I/O plugins are logging
	anything. That way an I/O plugin that doesn't actually log anything
	won't cause the command to be run in a pty.
	[ef83f35c9cb0]

2018-11-29  Todd C. Miller

	* .hgignore:
	Update ignore patterns to match doc changes.
	[7438cdacc0e1]

	* doc/fixmdoc.sed:
	fix mode fixmdoc.sed
	[d74c0b7c5932]

2018-11-27  Todd C. Miller

	* doc/Makefile.in, doc/sudo.conf.man.in, doc/sudo.man.in,
	doc/sudoers.ldap.man.in, doc/sudoers.man.in,
	doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in,
	doc/visudo.man.in:
	Fix section in the .TH line of *.man.in file. The substitution for
	@mansectsu@ and @mansectform@ was broken. No longer need to strip
	out OpenBSD from the header line.
	[cb02c8496b21]

	* doc/sudoers.man.in.sed:
	Add sudoers.man.in.sed, missed from previous commit.
	[a2113a52e6a7]

	* doc/CONTRIBUTORS:
	Add Guillem Jover
	[db7a39f9726a]

	* NEWS:
	recent changes
	[0c07a0cdf2ff]

	* MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sed,
	doc/fixmdoc.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.man.in.sed,
	doc/sudo.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in:
	Use roff conditionals in the manuals instead of post-processing. We
	still need to process the resulting .man.in files to add back the
	conditionals but this should be easier to debug as the changes are
	visible in the .in file. Some minor postprocessing is still used to
	make the manuals HP-UX friendly and to change "0 seconds" ->
	unlimited after substitution.
	[44316d271ab8]

2018-11-24  Todd C. Miller

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in:
	Sudo plugin manual updates and clarification from Guillem Jover:
	- Add missing return information for show_version().
	- Fix prototypes for several function pointers.
	- Update SUDO_API_VERSION_MINOR.
	- Add missing references to log_suspend() and change_winsize().
	- Add missing "array.".
	- Clarify that argc can be zero on sudo -V.
	- Clarify size requirements for conversation array arguments.
	- Clarify timeout zero value for struct sudo_conv_message.
	- Clarify initial and final state of reply in struct sudo_conv_reply.
	[1241cff4dd51]

	* doc/fixmdoc.sh, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Revert changes to give arguments to the .Bx macro. This is intended
	for things like .Bx 4.3 to generate "4.3BSD" so the argument ends up
	before the BSD, not after. Just go back to using "BSD
	authentication" and "BSD login classes" so fixmdoc.sh can operate
	correctly. Bug #861
	[c58965343318]

2018-11-23  Todd C. Miller

	* doc/fixmdoc.sh, doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
	Update fixmdoc.sh to match the BSD -> .Bx changes in the manuals.
	Bug #861
	[7ddfb74781a1]

2018-11-18  Todd C. Miller

	* config.h.in, configure, configure.ac, m4/sudo.m4, src/utmp.c:
	Add support for utmps as found in HP-UX.
	[f55312948139]

2018-11-14  Todd C. Miller

	* config.h.in, configure, configure.ac, include/sudo_util.h,
	lib/util/utimens.c:
	Support st_nmtime in struct stat as found in HP-UX.
	[0854b34cd2ea]

	* lib/util/closefrom.c:
	If fcntl fails, fall back to the /proc implementation.
	[59a03e0d3148]

2018-11-12  Todd C. Miller

	* NEWS:
	Mention schema.olcSudo
	[320adcd29a61]

2018-11-09  Todd C. Miller

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	Mention schema.olcSudo here too.
	[a19dff54603b]

	* MANIFEST, README.LDAP, doc/CONTRIBUTORS, doc/schema.OpenLDAP,
	doc/schema.olcSudo:
	OpenLDAP schema file for Sudo in on-line configuration (OLC) format.
	From Frederic Pasteleurs.
	[1fcfa9f307a2]

	* po/ast.mo, po/ast.po:
	Updated translations from translationproject.org
	[70f0ec8c721c]

2018-11-08  Todd C. Miller

	* lib/util/closefrom.c:
	Only use closefrom_fallback() if no better method exists. The
	previous logic was too fragile.
	[2510928e291f]

2018-11-07  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
	po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo,
	po/it.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo,
	po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo,
	po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	Updated translations from translationproject.org
	[898154804015]

	* MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/pt.mo,
	plugins/sudoers/po/pt.po, po/pt.mo, po/pt.po:
	Portuguese translation for sudo and sudoers from
	translationproject.org.
	[4c49e5cf8936]

2018-11-05  Todd C. Miller

	* NEWS, configure, configure.ac, include/sudo_fatal.h,
	lib/util/Makefile.in, lib/util/fatal.c, lib/util/util.exp.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
	Add sudo_gai_fatal, sudo_gai_vfatal, sudo_gai_vwarn, sudo_gai_warn
	and gai_log_warning that use gai_strerror() instead of strerror().
	[9c37c5db3293]

2018-10-31  Todd C. Miller

	* plugins/sudoers/match.c:
	Fix memory leak in runaslist_matches().
	[f1366ad50eb3]

2018-10-29  Todd C. Miller

	* NEWS:
	typo
	[fc8aa243672a]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[f333405eb06c]

	* NEWS:
	More updates for 1.8.26
	[1941961b232f]

2018-10-28  Todd C. Miller

	* MANIFEST, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_util.c,
	plugins/sudoers/regress/cvtsudoers/test33.out.ok,
	plugins/sudoers/regress/cvtsudoers/test33.sh:
	Add support for negated sudoRunAsUser and sudoRunAsGroup entries.
	[d0368336d92b]

2018-10-27  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that the target user's groups may be specified via the -g
	option.
	[67b7643e3bcb]

	* plugins/sudoers/tsgetgrpw.c:
	Include getpwent() version of sudo_getgrouplist2_v1() from
	getgrouplist.c
	[60aa493504d1]

	* MANIFEST, plugins/sudoers/regress/testsudoers/group,
	plugins/sudoers/regress/testsudoers/test1.sh:
	Use a testsudoers group file with known contents instead of the
	system one.
	[7a4499c92acd]

	* plugins/sudoers/match.c, plugins/sudoers/parse.h,
	plugins/sudoers/set_perms.c:
	Allow the group set by "sudo -g" to be any of the target user's
	groups. Previously, this was only allowed if the group matched the
	target user's primary group ID (from the passwd database entry). The
	sudoers policy will now allow the group if it is one of the target
	user's supplemental groups as well.
	[c43fedc19a01]

2018-10-26  Todd C. Miller

	* lib/util/regress/getgrouplist/getgrouplist_test.c:
	Skip sudo_getgrouplist2() check on systems with getgrouplist_2().
	sudo_getgrouplist2() is just a wrapper on such systems and this
	avoids a test failure on macOS where a user is automatically a
	member of certain groups.
	[26ba0c363b80]

	* lib/util/util.exp.in:
	Add missing exported symbol sudo_term_eof
	[2d8e0438eba4]

	* plugins/sudoers/ldap_conf.c:
	Add missing #ifdef LDAP_OPT_X_TLS_REQUIRE_CERT Fixes problems
	building on older LDAP sdks.
	[1effb0f19867]

	* MANIFEST:
	add getgrouplist_test.c
	[ca5bae341846]

	* lib/util/regress/getgrouplist/getgrouplist_test.c:
	Check the user's primary gid from the passwd file too.
	[60ba98074d75]

	* .hgignore:
	ignore prologue
	[589222ec2717]

	* lib/util/aix.c, lib/util/arc4random.c,
	lib/util/arc4random_uniform.c, lib/util/closefrom.c,
	lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
	lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c,
	lib/util/getentropy.c, lib/util/getgrouplist.c,
	lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c,
	lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c,
	lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
	lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c,
	lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c,
	lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c,
	lib/util/pw_dup.c, lib/util/reallocarray.c,
	lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
	lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
	lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
	lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c,
	lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
	lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
	lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c,
	lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c,
	plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
	plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
	plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
	plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
	plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
	plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c,
	plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c,
	plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
	plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
	plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
	plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
	plugins/sudoers/redblack.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
	plugins/sudoers/sssd.c, plugins/sudoers/starttime.c,
	plugins/sudoers/strlist.c, plugins/sudoers/stubs.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
	plugins/system_group/system_group.c, src/conversation.c,
	src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
	src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
	src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c,
	src/preload.c, src/preserve_fds.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
	src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c,
	src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c,
	src/ttyname.c, src/utmp.c:
	Convert PVS-Studio comment to ANSI C.
	[31f2aefe6d9b]

	* Makefile.in, doc/Makefile.in, doc/cvtsudoers.man.in,
	doc/cvtsudoers.mdoc.in, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
	doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
	doc/visudo.mdoc.in, examples/Makefile.in, include/Makefile.in,
	include/sudo_lbuf.h, lib/util/Makefile.in, lib/util/digest.c,
	lib/util/digest_gcrypt.c, lib/util/digest_openssl.c,
	lib/util/lbuf.c, lib/util/setgroups.c, lib/util/ttysize.c,
	lib/zlib/Makefile.in, plugins/group_file/Makefile.in,
	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/base64.c,
	plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/gentime.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/match.c,
	plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/system_group/Makefile.in, src/Makefile.in, src/sesh.c,
	src/sudo_usage.h.in:
	Fix some mangled text in the license block.
	[86b88fbda4b4]

	* lib/util/Makefile.in,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c:
	Add regress test for sudo_getgrouplist2(). This test assumes all the
	groups in root's group list can be resolved by group ID.
	[48564f85b7ed]

2018-10-25  Todd C. Miller

	* NEWS:
	More changes in 1.8.26
	[fe81e3e4b653]

	* MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in,
	doc/cvtsudoers.mdoc.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/cvtsudoers/test31.conf,
	plugins/sudoers/regress/cvtsudoers/test31.out.ok,
	plugins/sudoers/regress/cvtsudoers/test31.sh,
	plugins/sudoers/regress/cvtsudoers/test32.out.ok,
	plugins/sudoers/regress/cvtsudoers/test32.sh:
	Add padding option to cvtsudoers. Bug #856
	[6e31b0e37ba1]

	* lib/util/getgrouplist.c:
	Remove an errant grset++ in the AIX version of sudo_getgrouplist2().
	Bug #857
	[03b19227cab2]

2018-10-22  Todd C. Miller

	* lib/util/Makefile.in, plugins/group_file/Makefile.in,
	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Pass --sourcetree-root to pvs-studio and don't check sudo_noexec.c.
	Since we don't auto-generate dependencies for sudo_noexec.c we can't
	easily check it from outside the source tree. This is not a problem
	as it just contains stub functions.
	[3cf842d30e45]

	* MANIFEST, doc/CONTRIBUTORS, po/ast.mo, po/ast.po:
	Asturian translation for sudo from translationproject.org
	[dc0b31fa013c]

2018-10-21  Todd C. Miller

	* lib/util/gettime.c:
	Add support for CLOCK_MONOTONIC_RAW and CLOCK_UPTIME_RAW, present on
	macOS.
	[5f34c8de0707]

	* INSTALL, configure, configure.ac:
	Add --enable-pvs-studio configure option to create PVS-Studio.cfg.
	[772e86227c11]

	* lib/util/aix.c, lib/util/arc4random.c,
	lib/util/arc4random_uniform.c, lib/util/closefrom.c,
	lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/event.c, lib/util/event_poll.c,
	lib/util/event_select.c, lib/util/fatal.c, lib/util/fnmatch.c,
	lib/util/getentropy.c, lib/util/getgrouplist.c,
	lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c,
	lib/util/gettime.c, lib/util/gidlist.c, lib/util/isblank.c,
	lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
	lib/util/memrchr.c, lib/util/memset_s.c, lib/util/mksiglist.c,
	lib/util/mksigname.c, lib/util/mktemp.c, lib/util/nanosleep.c,
	lib/util/parseln.c, lib/util/pipe2.c, lib/util/progname.c,
	lib/util/pw_dup.c, lib/util/reallocarray.c,
	lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
	lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
	lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
	lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c,
	lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
	lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
	lib/util/sudo_dso.c, lib/util/term.c, lib/util/ttyname_dev.c,
	lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c,
	plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
	plugins/group_file/plugin_test.c, plugins/sample/sample_plugin.c,
	plugins/sudoers/alias.c, plugins/sudoers/audit.c,
	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/base64.c,
	plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
	plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
	plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
	plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getspwuid.c,
	plugins/sudoers/gmtoff.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/gram.c, plugins/sudoers/group_plugin.c,
	plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
	plugins/sudoers/iolog_util.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
	plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
	plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
	plugins/sudoers/redblack.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
	plugins/sudoers/sssd.c, plugins/sudoers/starttime.c,
	plugins/sudoers/strlist.c, plugins/sudoers/stubs.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_printf.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
	plugins/system_group/system_group.c, src/conversation.c,
	src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
	src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
	src/load_plugins.c, src/net_ifs.c, src/openbsd.c, src/parse_args.c,
	src/preload.c, src/preserve_fds.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
	src/signal.c, src/solaris.c, src/sudo.c, src/sudo_edit.c,
	src/sudo_noexec.c, src/tcsetpgrp_nobg.c, src/tgetpass.c,
	src/ttyname.c, src/utmp.c:
	Add comments in .c files so PVS-Studio will check them.
	[b42b6dcb48a6]

	* .hgignore, Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	mkdep.pl, plugins/group_file/Makefile.in,
	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add pvs-studio target and associated production rules.
	[3dbcef5ac205]

2018-10-20  Todd C. Miller

	* plugins/sudoers/iolog_util.c:
	Simplify range checks. No need to check for ERANGE in the cases
	where we also check that the value is <= INT_MAX. Found by PVS-
	Studio.
	[45810a8437b6]

2018-10-19  Todd C. Miller

	* lib/util/key_val.c, plugins/sudoers/iolog_path.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/toke_util.c,
	src/preserve_fds.c:
	Avoid some PVS-Studio false positives.
	[e4d8ce94fda7]

	* src/sudo.c:
	Remove some calls to sudo_fatalx(); just propagate the error return.
	[bc9eefbf0cdf]

	* src/sesh.c:
	No need to check if fd_dst is -1 in sudoedit mode. Failure to open
	the destination sudoedit file is fatal so there's no need to check
	that fd_dst != -1 later on. Found by PVS-Studio.
	[5530586ace16]

	* plugins/sudoers/timestamp.c:
	In timestamp_open() no need to free cookie on error, it is NULL.
	Found by PVS-Studio.
	[becfe97c72f8]

2018-10-18  Todd C. Miller

	* plugins/sudoers/ldap_util.c:
	Fix a memory leak on malloc() error in sudo_ldap_role_to_priv().
	Coverity CID 188804
	[1bea56670410]

	* plugins/sudoers/parse_ldif.c:
	Move the allocation of role to be immediately before in_role is set.
	This makes it clear that when in_role == true, role is non-NULL.
	Also remove two dead stores.
	[790d90c578c8]

	* plugins/sudoers/parse_ldif.c:
	Fix trimming of non-escaped trailing space in
	ldif_parse_attribute(). Found by PVS-Studio.
	[37fded3c77a4]

	* plugins/sudoers/match.c:
	Simplify the logic surrounding sudoers_args in command_args_match().
	We only need to check that sudoers_args is non-NULL once. Found by
	PVS-Studio.
	[93c967145e82]

	* plugins/sudoers/ldap.c:
	If sudo_ldap_get_values_len() fails goto cleanup instead of oom.
	This is not strictly necessary as there's not anything to cleanup in
	this case but it is more consistent with the code that follows.
	[d0d8b8b8dca8]

	* plugins/sudoers/policy.c:
	Fix handling of timeout values in sudoers. When passing the timeout
	back to the front end, ignore the user-specified timeout if it is
	not set (initialized to 0). Otherwise, sudo would choose a zero
	user-specified timeout over the sudoers-specified timeout (non-
	zero).
	[6b08b3b918b7]

2018-10-17  Todd C. Miller

	* plugins/sudoers/cvtsudoers_pwutil.c:
	Fix cut & pastos in cvtsudoers_make_gritem()
	[bd901c0394ba]

	* plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok:
	Fix expected test output now that command_timeout is parsed
	correctly in LDIF.
	[ba6cfd26330e]

	* lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
	tv_nsec can never be negative after timespecsub. Found by PVS Studio
	[ecfb93c9463c]

2018-10-16  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Avoid potentially undefined behavior. Found by PVS Studio.
	[ae76c69e0d6f]

	* plugins/sudoers/ldap_util.c:
	sudo_ldap_parse_option() never returns '=' as the operator. When
	parsing command_timeout, role, type, privs and limitprivs, check
	that val is non-NULL instead. Found by PVS Studio.
	[10f8cff7cce7]

	* plugins/sudoers/Makefile.in, plugins/sudoers/toke.c:
	Fix up #line entries that reference lex.sudoers.c.
	[c724cef37b66]

2018-10-13  Todd C. Miller

	* plugins/sudoers/iolog.h, plugins/sudoers/iolog_util.c:
	Fix workaround for broken sudo 1.8.7 timing files.
	[78ef3625c650]

	* plugins/sudoers/parse_ldif.c:
	Fix memory leak when reusing the runas list. We need to free the
	member list itself as well as its contents.
	[62fb86a5c83f]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Some DIAGNOSTICS updates: Update error message for when the user's
	uid does not exist in passwd. Remove "This error indicates" and some
	other cosmetic cleanups.
	[c73841e03014]

	* src/sudo.c:
	If the user's passwd entry cannot be resolved via the uid, use the
	same error message as visudo.
	[ce596b32dfbb]

2018-10-12  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Add a DIAGNOSTICS section with an explanation of the more non-
	trivial error messages.
	[775419794f7d]

	* plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c:
	Replace sudo_fatal(NULL) with an "unable to allocate memory" message
	that includes the function name.
	[26e19bcc0ce8]

2018-10-09  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/tgetpass.c:
	Make EOF handling while reading the password prompt more like
	getpass(3). We now return the password as long as at least one
	character has been read. Previously, EOF at the password prompt was
	treated as if nothing was entered.
	[fc2ed4a87e6f]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
	regen
	[2aee8680abc3]

	* src/tgetpass.c:
	Print a warning for password read issues. Issues include: timeout at
	the password prompt, read error while reading the password, and EOF
	reading the password.
	[df1dcebe9ffa]

2018-10-08  Todd C. Miller

	* lib/util/term.c, src/tgetpass.c:
	Handle EOF on password input when pwfedback is enabled.
	[4958978fc967]

2018-10-07  Todd C. Miller

	* doc/sudoers.ldap.mdoc.in:
	Fix remaining instances of "e.g." without a trailing ','.
	[8cbf11c04b3c]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
	doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in,
	doc/sudoers_timestamp.mdoc.in:
	Use mdoc macros for BSD systems. All manuals now pass "make lint"
	[7f23209a5e1c]

	* doc/Makefile.in:
	Use -Wstyle with -Tlint since sudo is not part of the base system.
	This avoids "referenced manual not found" and "operating system
	explicitly specified" warnings.
	[e417e972a88a]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in:
	Document log_suspend() and fix the description of the
	change_winsize() return value.
	[be02b0fb26a9]

2018-10-06  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
	Fix problems found by igor. Bug #854
	[4ddcb625f3b7]

	* doc/Makefile.in:
	Sort DOCS and DEVDOCS and remove extra sudoers entry (it was listed
	twice).
	[abb2baac9373]

	* doc/Makefile.in:
	Add igor target to run igor(1) on the manuals.
	[64be7fb868b3]

2018-10-05  Todd C. Miller

	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	plugins/sudoers/sudoreplay.c:
	Add new -S option to sleep while the command was suspended. The
	default behavior is now to not consider the time the command was
	suspended as part of the normal inter-event delay.
	[bb30f7b28126]

	* MANIFEST, include/sudo_plugin.h, plugins/sudoers/Makefile.in,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
	plugins/sudoers/iolog_event.h, plugins/sudoers/iolog_files.h,
	plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/sudoreplay.c, src/exec_pty.c:
	Add a suspend event type to the I/O log to log suspend/resume of the
	command so we can skip that delay during replay.
	[8091d1835a31]

	* src/exec_pty.c, src/sudo.c, src/sudo.h:
	Initialize the pty rows/cols based on the values we stored in
	user_details. This fixes a minor issue where we would send an extra
	window size change event the first time the command was suspended.
	[b2ae9be4d1d6]

2018-09-27  Todd C. Miller

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/sudo_ldap_conf.h:
	Add support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
	[f07a14ae05cb]

2018-09-24  Todd C. Miller

	* include/sudo_util.h, plugins/sudoers/defaults.c,
	plugins/sudoers/iolog_util.c,
	plugins/sudoers/regress/starttime/check_starttime.c:
	Move definition of TIME_T_MAX to sudo_util.h
	[469c36d44950]

	* NEWS, doc/UPGRADE:
	Changes in 1.8.26 (so far).
	[5c73b0d8c676]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/env.c:
	Treat LOGIN, LOGNAME and USER specially. If one is preserved or
	deleted we want to preserve or delete all of them.
	[ea1782686195]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/env.c,
	plugins/sudoers/logging.c, plugins/sudoers/regress/visudo/test6.sh:
	Remove special handling of the USERNAME environment variable. It
	used to be set on old versions of Fedora but that hasn't been the
	case for some time. It's worth noting that ssh doesn't set USERNAME
	either.
	[5141bebd99c4]

	* configure, configure.ac:
	sudo 1.8.26
	[cfe8d540328e]

2018-09-22  Todd C. Miller

	* src/sudo.c:
	Remove unused system_maxgroups argument from fill_group_list().
	[debc4ca9d35f]

	* lib/util/getgrouplist.c:
	Pass getgrouplist() NGROUPS_MAX+1, not NGROUPS_MAX so we have room
	for the primary gid.
	[fccf07f2e8cf]

2018-09-20  Todd C. Miller

	* plugins/sudoers/cvtsudoers_json.c:
	In print_member_json_int() eliminate the need_newline variable and
	just move the non-alias expansion printing bits into the else
	clause, including the newline and comma printing.
	[b40224fc6090]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test30.out.ok,
	plugins/sudoers/regress/cvtsudoers/test30.sh:
	Add regress test for bug #853
	[31544afc6013]

	* plugins/sudoers/cvtsudoers_json.c:
	When expanding an alias in print_member_json_int() avoid printing an
	extra comma at the end of the entry. Bug #853.
	[e73e09f8569a]

2018-09-12  Todd C. Miller

	* doc/CONTRIBUTORS:
	Add Kan Sasaki
	[ff277fb5b0c9]

	* NEWS, configure, configure.ac:
	sudo 1.8.25p1
	[c4f0a69e6356]

	* lib/util/event_poll.c:
	Fix a crash in the event system's poll() backend introduced with
	support for nanosecond timers. Only affects systems without ppoll().
	Bug #851
	[54e561b11a0f]

2018-09-02  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[04afa00445ef]

2018-08-31  Todd C. Miller

	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Allow for some clock drift due to ntpd, etc.
	[2d72989fe7b1]

	* plugins/sudoers/visudo.c:
	If sudo_lock_file() fails for a reason other than the file already
	being locked, give the user a chance to edit anyway.
	[e5a963ecc083]

2018-08-30  Todd C. Miller

	* plugins/sudoers/regress/cvtsudoers/test28.sh:
	Quick sort is not a stable sort; use distinct sudoOrder values so
	the output is predictable.
	[46ebc1169c0c]

	* lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	plugins/sudoers/ldap.c,
	plugins/sudoers/regress/parser/check_base64.c:
	Fix warnings on OpenIndiana (Illumos)
	[1b45d303b338]

	* plugins/sudoers/ldap.c:
	Correct ldap_to_sudoers() return value.
	[16b0d144b196]

	* NEWS:
	Bug #849
	[3e05bad00a44]

	* plugins/sudoers/sssd.c:
	The sssd backend used to take the first match, assuming that entries
	were sorted in descending order by sudoOrder. That allowed it to
	avoid iterating over the entire list of rules. Now that we convert
	to a sudoers parse tree, we need to convert rules in ascending
	order, not descending. The simplest way to accomplish this is to
	simply iterate over the rules from last to first, reversing the sort
	order. Bug #849
	[63627909bb10]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test28.out.ok,
	plugins/sudoers/regress/cvtsudoers/test28.sh,
	plugins/sudoers/regress/cvtsudoers/test29.out.ok,
	plugins/sudoers/regress/cvtsudoers/test29.sh:
	Add some more ldif -> sudoers tests to verify sudoOrder.
	[f41358fbd066]

	* plugins/sudoers/ldap.c:
	For conversion to a sudoers parse tree, ldap_entry_compare() now
	needs to sort in ascending order, not descending. Bug #849
	[9f23126cded8]

2018-08-29  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c:
	No need to set input_file for stdin in parse_ldif(); noted by clang
	analyzer.
	[c852e1c92dd2]

	* plugins/sudoers/iolog_util.c:
	Use TIME_T_MAX when parsing the I/O log file timestamp and disallow
	negative times.
	[bfb17118e584]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_util.c,
	plugins/sudoers/iolog_util.h,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/iolog_util/check_iolog_util.c,
	plugins/sudoers/sudoreplay.c:
	When parsing an I/O log timing line, store the result in a timespec,
	not a double. The speed factor (for scaling the delay) in sudoreplay
	is still a double but we only need to adjust the delay if the factor
	is something other than 1.0.
	[39077129d1f9]

	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Fix memory leak in test.
	[94fb9f39dfee]

	* doc/cvtsudoers.cat, doc/sudo.cat, doc/sudo.conf.cat,
	doc/sudo_plugin.cat, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers_timestamp.cat, doc/sudoreplay.cat, doc/visudo.cat:
	regen
	[f2850c2f733a]

2018-08-28  Todd C. Miller

	* plugins/sudoers/env.c:
	Update conversion of DID_* to KEPT_* to match the new values of
	DID_* and KEPT_*.
	[6ce1bc30a4d1]

	* NEWS, plugins/sudoers/env.c:
	Set the LOGIN environment variable on AIX like we do LOGNAME.
	[e6afb82d918c]

2018-08-27  Todd C. Miller

	* config.h.in, configure, configure.ac, m4/sudo.m4,
	plugins/sudoers/bsm_audit.c:
	Add a test for the 4-argument au_close() function found in Solaris
	11 instead of assuming it is present if __sun is defined. Fixes a
	compilation error on OpenIndiana and older Solaris versions.
	[4a4f91e28bbc]

	* doc/CONTRIBUTORS:
	Add Miguel Sanders and Scott Cheloha
	[14aca7309a0a]

	* NEWS:
	testsudoers changes
	[f008d473c933]

	* plugins/sudoers/Makefile.in, plugins/sudoers/testsudoers.c:
	Add ldif support to testsudoers
	[321f11b7badd]

2018-08-26  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c:
	Move ldif -> sudoers conversion code into parse_ldif.c
	[497d55799d5b]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/strlist.c,
	plugins/sudoers/strlist.h:
	Move string list functions to their own file.
	[a15902cde4eb]

	* lib/util/Makefile.in:
	sync
	[9b1f98d4335f]

2018-08-25  Todd C. Miller

	* include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in:
	Backward ABI compatibility for even functions that use a timeval.
	[01d9e617a923]

	* lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
	Use a monotonic timer for the event subsystem.
	[acf30905a275]

	* config.h.in, configure, configure.ac, include/sudo_event.h,
	lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
	plugins/sudoers/iolog_util.h, plugins/sudoers/sudoers.h,
	plugins/sudoers/sudoreplay.c:
	Use struct timespec, not struct timeval in the event subsystem. Use
	ppoll() or pselect() if avaialble which use timespec.
	[b1bfccec8b13]

2018-08-24  Todd C. Miller

	* .hgignore:
	sync
	[193fd33e9864]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c:
	Eliminate most use of parsed_sudoers in cvtsudoers
	[0d0504f61e3e]

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c, plugins/sudoers/parse.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	Make alias_apply() take 3 arguments, the first being a pointer to
	the struct sudoers_parse_tree.
	[7802295c07fa]

2018-08-23  Todd C. Miller

	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
	Handle systems where root's gid is not 0.
	[1fc92bad715a]

	* plugins/sudoers/iolog_util.c, plugins/sudoers/iolog_util.h:
	Add missing files from last commit.
	[a155e07bb191]

	* .hgignore, MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/po/sudoers.pot,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/sudoreplay.c:
	Add regress test for I/O log plugin endpoints
	[bf9fbe5ff2a6]

	* plugins/sudoers/iolog.c:
	We cannot reuse last_time for the I/O log info file now that it is a
	monotonic timer. Just call time(3) in write_info_log() directly.
	[f2e1de732a91]

	* src/exec_pty.c:
	Move the loop to free the monitor_messages list into
	free_exec_closure_pty()
	[d6edc1a94e7e]

	* po/sudo.pot:
	regen
	[6467f05a2fd0]

2018-08-22  Todd C. Miller

	* lib/util/getentropy.c:
	Fix typo in last commit.
	[38f3450b57fb]

	* config.h.in, configure, configure.ac, lib/util/getentropy.c:
	Do not assume all Linux has linux/random.h. Add missing
	sys/syscall.h include
	[8460f258e1af]

	* plugins/sudoers/policy.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c, src/sudo_edit.c:
	Cast uid/gid to unsigned int before printing.
	[37fcab8b4f97]

	* include/sudo_compat.h:
	Only include stdarg.h if we need it.
	[c266d34454ba]

	* plugins/sudoers/bsm_audit.c, plugins/sudoers/timestamp.c:
	fix compiler warnings on Solaris 11
	[6c92c438a38e]

	* lib/util/getentropy.c:
	Fix setting of errno when gotdata() fails.
	[4fab71fa575f]

	* plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/ldap.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/rcstr.c, plugins/sudoers/timestamp.c,
	src/sudo_noexec.c:
	Include stddef.h for offsetof() definition.
	[15d13ae1ba46]

	* NEWS:
	Bugs 846 and 847
	[a0ba7ad24812]

	* include/sudo_compat.h:
	We still need to include string.h for AIX (and possibly others) when
	we are not using the system memset_r() function and rsize_t is
	defined by the system headers.
	[e1f8f7537209]

	* configure, configure.ac, include/sudo_compat.h, mkpkg:
	Add --enable-package-build to give configure a hint that we are
	building a package. This can be used to avoid relying on libc
	functions that may not be present in all libc versions for a
	particular system. For instance, AIX 7.1 may or may not have
	memset_s() and getline() present.
	[7e843bed8435]

	* include/sudo_compat.h:
	AIX defines rsize_t in string.h, not stddef.h for use by the
	memset_s() prototype. We use our own memset_s() on AIX since it is
	not available on all BOS levels which makes package building
	problematic.
	[3724b47eadd8]

2018-08-21  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Fix printing of T_TIMESPEC values.
	[8775c17229a4]

	* plugins/sudoers/iolog.c:
	Remove unused struct script_buf
	[fd27f67123b3]

2018-08-20  Todd C. Miller

	* NEWS:
	Document when the I/O log timing file entry bug was introduced.
	[09a75d80487e]

	* NEWS:
	sync
	[95fd54c61719]

	* config.h.in, configure, configure.ac, lib/util/gettime.c:
	HP-UX doesn't suport CLOCK_MONOTONIC but we can use gethrtime()
	instead.
	[3ec7d99444c0]

	* src/exec_monitor.c, src/exec_pty.c:
	Close the pty slave in the parent so that when the command and
	monitor exit, the pty gets recycled without our having to close it
	directly.
	[fec53753cf52]

	* lib/util/term.c, src/exec_monitor.c, src/exec_pty.c, src/sudo.h:
	Move updating of the window size to the monitor process. This will
	allow us to close the slave in the main sudo process in the future
	so only the command and monitor have it open.
	[07108a1c2edc]

	* configure, configure.ac:
	sudo 1.8.25
	[4938ba570787]

	* plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok:
	Fix test output for bug #845
	[ee6f2d615bd8]

	* plugins/sudoers/ldap_util.c:
	Fix pasto when converting sudoNotAfter; from Miguel Sanders Bug #845
	[69638cd6da60]

2018-08-19  Todd C. Miller

	* aclocal.m4, config.h.in, configure, configure.ac,
	include/sudo_util.h, lib/util/gettime.c, lib/util/util.exp.in:
	Add sudo_gettime_uptime() to measure time while not sleeping.
	[a128e7d51740]

	* plugins/sudoers/iolog.c:
	Use a monotonic timer that only runs while not suspended for the
	iolog timing values and write nsec-precision entries.
	[7f37f0b24ce7]

2018-08-18  Todd C. Miller

	* mkpkg:
	Detect number of CPUs on AIX.
	[2b7c62b42da2]

	* plugins/sudoers/iolog.c:
	Fix I/O log timing file on systems without a C99-compatible
	snprintf(). On those systems we use our own snprintf() that doesn't
	support floating point. We don't actually need floating point in
	this case since the we can print seconds and microseconds without
	using it.
	[4ea419ac5bee]

	* NEWS:
	Fix for Bug #844
	[51cfeb79669c]

	* src/sudo_edit.c:
	Handle the case where O_PATH or O_SEARCH is defined but O_DIRECTORY
	is not. In theory, O_DIRECTORY is redundant when O_SEARCH is
	specified but it is legal for O_EXEC and O_SEARCH to have the same
	value. Bug #844
	[fb75d75c7249]

2018-08-17  Todd C. Miller

	* NEWS:
	sync
	[2be1b619a06a]

	* plugins/sudoers/starttime.c:
	Fix get_starttime() on HP-UX.
	[329a4ad9f4ef]

	* mkpkg:
	Detect number of CPUs on HP-UX. Use MAKE environment variable if
	set.
	[c95ab5d6d392]

	* src/net_ifs.c:
	Avoid a compilation problem on HP-UX 11.31 with gcc and
	machine/sys/getppdp.h
	[b861e894271b]

2018-08-16  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	Add CHECK_SYMBOLS_LDFLAGS to check_symbols target. Non-ELF HP-UX
	executables don't support SHLIB_PATH or LD_LIBRARY_PATH unless ld is
	passed the +s flag. This lets the check_symbols test pass on systems
	where the ldap libraries aren't installed in the standard location.
	[c2d6d3248fa4]

2018-08-15  Todd C. Miller

	* doc/Makefile.in:
	For the lint target, don't stop after the first manual that fails
	lint.
	[8a80d8e7b540]

	* plugins/sudoers/timestamp.c:
	Add debugging info so we can tell why a timestamp record doesn't
	match.
	[99ede76f9835]

2018-08-13  Todd C. Miller

	* NEWS:
	typo
	[8a5a11b921ea]

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo,
	po/da.po:
	sync with translationproject.org
	[19f7eba39013]

2018-08-11  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Fix the return value of sudoers_io_change_winsize() on success.
	Otherwise, we only log a single window size change.
	[d6cdab99f6f9]

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
	sync with translationproject.org
	[4109b52f393f]

2018-08-08  Todd C. Miller

	* NEWS:
	sync
	[1448675b44aa]

2018-08-07  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Fix ambiguity when talking about Aliases. We can't use User_Alias in
	the grammar as both the definition of the Alias as well as its name.
	This adds {User,Runas,Host,Cmnd}_Alias_Spec to help differentiate
	between the name of the alias and its definition. Bug #834
	[06678d12306f]

	* doc/cvtsudoers.cat, doc/sudoreplay.cat:
	regen
	[d7237381675a]

	* Makefile.in:
	Warn if unable to run xgettext or msgfmt.
	[d0cbba35cd49]

2018-08-06  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/hr.mo,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/ja.mo,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/uk.mo,
	plugins/sudoers/po/vi.mo:
	sync with translationproject.org
	[d1deb5cb5eb3]

2018-08-05  Todd C. Miller

	* plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Refactor code to convert defaults to tags and do conversion on
	output for "sudo -l".

	Remove the short_list (was long_list) global in favor of a verbose
	argument.
	[eae1e1e814e0]

2018-08-04  Todd C. Miller

	* plugins/sudoers/policy.c:
	Assign short_list true, not 1 now that it is a boolean.
	[10354cd29439]

	* plugins/sudoers/fmtsudoers.c:
	fix typo
	[ad7e93f375ba]

2018-08-03  Todd C. Miller

	* plugins/sudoers/rcstr.c:
	Fix a warning on FreeBSD which has a fancier __containerof
	implementation.
	[b5106a524232]

	* plugins/sudoers/po/de.po, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.po, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.po, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.po, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.po:
	sync with translationproject.org
	[ae5353cbeac4]

2018-08-02  Todd C. Miller

	* aclocal.m4, autogen.sh, config.h.in, configure:
	Regen with aclocal 1.15.1.
	[22c02e451333]

	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	For ldap/sssd, include defaults in the generate privilege unless we
	are listing in short mode (in which case we convert them to tags if
	possible). Fixes a problem where sudoOptions were not being applied
	to the command.
	[b21267488971]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	update_defaults() needs to be able to take a defaults_list for the
	ldap/sssd backends which support per-role defaults.
	[ddbb07881a46]

2018-07-31  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[29c5a09aaeaf]

2018-07-30  Todd C. Miller

	* NEWS:
	Update
	[045b535f84b9]

2018-07-26  Todd C. Miller

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/file.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
	plugins/sudoers/match.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	o Move userspecs, defaults and aliases into a new struct
	sudoers_parse_tree. o The parse tree is now passed to the alias,
	match and defaults functions. o The nss API has been changed so that
	the nss parse() function returns a pointer to a struct
	sudoers_parse_tree which will be filled in by the getdefs() and
	query() functions.
	[bddb4676ad0e]

	* lib/util/getgrouplist.c:
	Don't need to preallocate 4 x NGROUP_MAX on AIX or BSD/Linux. For
	BSD/Linux, getgrouplist(3) will tell us the number of groups if we
	don't have enough. For AIX, we can count the entries in the group
	set before allocating the group vector.
	[c278fd947af4]

	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
	plugins/sudoers/check.c, plugins/sudoers/sudoers.h:
	Ignore PAM_NEW_AUTHTOK_REQD and PAM_AUTHTOK_EXPIRED errors from
	pam_acct_mgmt() if authentication is disabled for the user. Bug #843
	[1dc39794cf0d]

2018-07-23  Todd C. Miller

	* src/exec_pty.c:
	Work around a bug on AIX where closing the pty slave causes the main
	sudo process to lose its controlling tty (which was *not* the pty
	slave).
	[649a25b7f864]

	* src/sudo.c:
	Add missing aix_restoreauthdb() call to match the aix_setauthdb()
	added in b8a011be9af7. Fixes issues on AIX where local users/groups
	may not be resolved when some NIS/AD/LDAP is used for users.
	[16e196a7a337]

	* lib/util/getgrouplist.c:
	Linux getgrouplist(3) returns the number of groups on success
	instead of 0 like BSD.
	[599a89afa4f5]

2018-07-20  Todd C. Miller

	* mkdep.pl, plugins/sudoers/Makefile.in:
	When both a .o and .lo file was used in a Makefile, we used to make
	the .o depend on the .lo. Unfortunately, this creates a race
	condition for parallel make since libtool is not atomic (it creates
	a .o and then renames it when building PIC objects for shared libs).

	We always link with libtool so the only reason to prefer the .o over
	the .lo file is to avoid mixing .o and .lo in the dependencies.
	That's not a good enough reason so change mkdep.pl to warn when both
	a .o and .lo are referenced in a Makefile and do nothing else.

	Bug #842
	[a8d94e6aed9f]

2018-07-15  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Avoid duplicate free when netgroup_base is invalid.
	[5ce39dff77ba]

2018-07-03  Todd C. Miller

	* lib/util/arc4random.h:
	Use madvise(2) with MADV_WIPEONFORK if available.
	[a11461409569]

2018-07-01  Todd C. Miller

	* plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po, po/eo.mo,
	po/eo.po:
	sync with translationproject.org
	[01bcfe7b30e5]

	* NEWS:
	Update.
	[f5e0b1f909bb]

2018-06-25  Todd C. Miller

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	sync with schema.OpenLDAP
	[d83420d8228d]

	* doc/schema.OpenLDAP:
	RFC 2849 specifies whitespace as the space character only so replace
	tabs with spaces. Bug #840
	[e9d5de6365ba]

	* doc/schema.OpenLDAP:
	Fix typo; bug #839
	[dee2dad738de]

2018-06-16  Todd C. Miller

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	Should no longer need to set max_groups.
	[459119b11265]

2018-06-15  Todd C. Miller

	* plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil_impl.c,
	src/sudo.c:
	Use new sudo_getgrouplist2() function instead of getgrouplist().
	[8e88b6d3ea6f]

	* configure, configure.ac, include/sudo_compat.h, include/sudo_util.h,
	lib/util/Makefile.in, lib/util/getgrouplist.c, lib/util/util.exp.in:
	Add sudo_getgrouplist2() to dynamically allocate the group vector.
	This allows us to avoid repeatedly calling getgrouplist() with a
	statically sized vector on macOS, Solaris, HP-UX, and AIX.
	[55480e2ec7c2]

	* src/conversation.c:
	Fix fd leak introduced by SUDO_CONV_PREFER_TTY commit. Coverity CID
	186605.
	[fb6eb518bc4c]

2018-06-13  Todd C. Miller

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
	doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in,
	doc/sudoers_timestamp.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
	doc/visudo.mdoc.in:
	Fix some issues pointed out by mandoc -Tlint
	[7ace981c7334]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/conversation.c:
	Add SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo
	to try writing to /dev/tty first. Can be used in conjunction with
	SUDO_CONV_INFO_MSG and SUDO_CONV_ERROR_MSG.
	[a1e9420a7c5e]

2018-06-08  Todd C. Miller

	* doc/LICENSE:
	Update for arc4random.c, arc4random_uniform.c and getentropy.c
	[168db3c8d590]

2018-06-05  Todd C. Miller

	* src/regress/noexec/check_noexec.c:
	FreeBSD wordexp() returns WRDE_SYNTAX if it can't write to the shell
	process. Since we've prevented execve() from succeeding this is the
	error we get back from wordexp() on FreeBSD.
	[2a7a73de30cf]

2018-06-04  Todd C. Miller

	* plugins/sudoers/starttime.c:
	Fix conversion of usec to nsec; from Scott Cheloha
	[26fa756ea623]

2018-06-01  Todd C. Miller

	* include/sudo_plugin.h:
	Fix typo.
	[504256dc4ccc]

2018-05-29  Todd C. Miller

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	The getdefs() function now get called multiple times so use the
	cached data if present.
	[042be7ccab3c]

	* plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c:
	Return an empty defaults list, not NULL if there is no global
	sudoers defaults entry in sss.
	[8e16de465ee2]

	* plugins/sudoers/file.c:
	Fix memory leak of handle pointer on close.
	[e4eb30e611d4]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Remove a needless copy when parsing options.
	[60fe50b736a9]

	* plugins/sudoers/file.c, plugins/sudoers/ldap.c,
	plugins/sudoers/parse.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
	plugins/sudoers/sudoers.c:
	Move cached userspecs and defaults into the handle object.
	[37e4df73907d]

2018-05-28  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Quiet a clang analyzer warning. It should not be possible for
	pop_include() to be called when YY_CURRENT_BUFFER is NULL.
	[148d79e5a44e]

	* plugins/sudoers/file.c, plugins/sudoers/ldap.c,
	plugins/sudoers/sssd.c:
	Reorder things to avoid the need to declare static functions.
	[8f27e69fa9cb]

2018-05-24  Todd C. Miller

	* MANIFEST, config.h.in, configure, configure.ac, include/sudo_rand.h,
	lib/util/Makefile.in, lib/util/arc4random.c, lib/util/arc4random.h,
	lib/util/arc4random_uniform.c, lib/util/chacha_private.h,
	lib/util/getentropy.c, lib/util/util.exp.in, mkdep.pl:
	Import arc4random() from libressl. This takes an all-in-one approach
	instead of the one-file-per-OS approach that libressl takes. The
	fallback code does not have as many OS-specific bits as libressl.
	[310d65e466bd]

	* lib/util/Makefile.in, lib/util/mktemp.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/insults.h:
	Use arc4random for mkstemp() and insults.
	[b8c7447756f2]

	* MANIFEST, configure, configure.ac, include/sudo_digest.h,
	lib/util/Makefile.in, lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/util.exp.in, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c,
	plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c,
	plugins/sudoers/filedigest_openssl.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/sudo_ldap.h, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Move digest code into libutil
	[c53cf5c508eb]

2018-05-20  Todd C. Miller

	* MANIFEST, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/cvtsudoers/test25.sh,
	plugins/sudoers/regress/cvtsudoers/test26.out.ok,
	plugins/sudoers/regress/cvtsudoers/test26.sh,
	plugins/sudoers/regress/cvtsudoers/test27.out.ok,
	plugins/sudoers/regress/cvtsudoers/test27.sh:
	Check for invalid bas64 attributes.
	[4218d11c8205]

	* plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/parser/check_base64.c:
	Fix pointer sign warnings.
	[5ee724e3956e]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Add missing variable declaration for SELinux and Solaris.
	[c8084f0508e5]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Handle empty string and treat it as safe.
	[8029b97d8f4a]

	* MANIFEST, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/cvtsudoers/test26.out.ok,
	plugins/sudoers/regress/cvtsudoers/test26.sh:
	Add support for base64-encoding non-safe strings in LDIF output.
	[b9fd1795f4ee]

2018-05-19  Todd C. Miller

	* plugins/sudoers/base64.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_base64.c:
	Add base64_encode() by Jon Mayo.
	[a893ec3dc667]

2018-05-18  Todd C. Miller

	* MANIFEST, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/cvtsudoers/test25.out.ok,
	plugins/sudoers/regress/cvtsudoers/test25.sh:
	Add support for parsing base64-encoded attributes
	[262dd9a526de]

2018-05-17  Todd C. Miller

	* plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/sudoers/test2.ldif.ok:
	rfc2253 says we need to escape " and leading and trailing space.
	[1c0105a5eb1b]

	* configure, configure.ac:
	Define ZLIB_CONST so we get the const version of the API.
	[71a629d0eb4b]

2018-05-16  Todd C. Miller

	* plugins/sudoers/parse.c:
	Fix logic inversion when handing the authenticate Defaults option
	for "sudo -l" and "sudo -v" in long list mode.
	[f8157d4c4f03]

	* plugins/sudoers/sssd.c:
	Set handle->pw before sss_to_sudoers() since sss_check_user() uses
	it. Coverity CID 185651
	[fa646e569352]

	* plugins/sudoers/ldap_util.c:
	Fix memory leak on error, CID 185602
	[31c1ab085985]

	* plugins/sudoers/ldap.c:
	Some ldap_get_values_len -> sudo_ldap_get_values_len that were
	missed before.
	[d7f1877531be]

	* plugins/sudoers/ldap_util.c:
	When building up the cmndspec, add the actual command member last.
	This simplifies the logic regarding the SETENV tag and alsomakes
	"out of memory" cleanup simpler.
	[d704f3b09ac1]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Fix format string mismatch, sudo_order is unsigned.
	[ecc398e45b0a]

	* plugins/sudoers/pwutil.c:
	Add cppcheck annotation to suppress memory leak false positive.
	[d4a0ae57c372]

	* plugins/sudoers/ldap_util.c:
	Sudo "ALL" implies the SETENV tag.
	[7abc653b4d39]

	* src/parse_args.c:
	Only set MODE_PRESERVE_ENV when preserving the entire environment.
	Fixes a problem introduced in 1.8.23 where "sudo -i" could not be
	used in conjunction with --preserve-env=VARIABLE. Bug #835
	[8ea75ca8fbd2]

2018-05-15  Todd C. Miller

	* plugins/sudoers/file.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
	Add free_userspecs() and free_default() and use them instead of
	looping over the lists and calling free_userspec() and
	free_default().
	[797221539242]

	* configure, configure.ac:
	Depending on the bos level, AIX 6.1 may or may not include
	getline/getdelim and AIX 7.1 may or may not include memset_s. Since
	we need to build packages that will work on all AIX 6.1 and 7.1
	machines, use our getline() and memset_s emulation.
	[f5c427076b2c]

2018-05-14  Todd C. Miller

	* plugins/sudoers/ldap_util.c:
	Do not leak struct sudo_command when the command is ALL. Coverity
	CID 185602.
	[d71ca4bc06bc]

	* NEWS, configure, configure.ac:
	Sudo 1.8.24
	[7df3df9a3907]

	* plugins/sudoers/sssd.c:
	Improve comments about why we need to do a user check and how it
	related to netgroups.
	[605234ed0935]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Add checks for ldap/sss functions failing due to memory allocation
	errors.
	[0dfeb0d8ecf5]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Let the main sudoers lookup code check the host name. We still check
	the user name so it is possible to use a single userspec but this
	may change in the future.
	[a74699b90213]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/file.c,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	Simplify the nss interface such that each sudoers provider fills in
	a per-nss list of userspecs and defaults instead of using separate
	lookup and list functions. This makes it possible to have a single
	implementation of the code for sudoers lookup and listing.
	[50de9302de01]

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
	plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_gcrypt.c,
	plugins/sudoers/filedigest_openssl.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/regress/parser/check_addr.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
	Include parse.h in sudoers.h since it will soon be required.
	[196abb590d96]

	* plugins/sudoers/ldap_util.c:
	Parse "ALL" as a command correctly.
	[d969e7dfdbbc]

2018-05-11  Todd C. Miller

	* plugins/sudoers/match.c:
	Add debug warning if lseek() fails (should not be possible).
	[d568dc923c7d]

	* plugins/sudoers/match.c:
	Fix swapped args of lseek() when rewinding. This didn't cause a
	problem because the value of SEEK_SET is 0.
	[142591a3f333]

2018-05-10  Todd C. Miller

	* plugins/sudoers/regress/parser/check_hexchar.c:
	Fix a format-truncation warning in newer gcc by avoiding using %0x
	and %0X in the test. We are formatting a single byte so just do it
	one nybble at a time.
	[7c594a63598f]

	* configure:
	Regen with autoconf git commit
	e17a30e987d7ee695fb4294a82d987ec3dc9b974 AC_HEADER_MAJOR: port to
	glibc 2.25
	[9fe77765c768]

2018-05-03  Todd C. Miller

	* plugins/sudoers/cvtsudoers_ldif.c:
	No need to explicitly free role on EOF, it will be freed after the
	loop is done.
	[8d08c06b7622]

	* plugins/sudoers/policy.c:
	Garbage collect the command argv, envp and info vectors since they
	are not available at policy close time.
	[de22290a8ec5]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Plug memory leaks on parse error or when an LDIF entry doesn't match
	the dn filter.
	[4f48e740eed1]

	* plugins/sudoers/cvtsudoers.c:
	Rename variables now that the string list functions are not ldap-
	specific.
	[640497f70551]

2018-04-30  Todd C. Miller

	* NEWS:
	Fix typo
	[6466295ba962]

2018-04-29  Todd C. Miller

	* configure, configure.ac:
	fix version
	[bfed601130b5]

	* NEWS:
	sync
	[1c382f2aff27]

	* configure, configure.ac, plugins/sudoers/po/zh_CN.mo,
	plugins/sudoers/po/zh_CN.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[ec28ff5acbd6]

2018-04-25  Todd C. Miller

	* plugins/sudoers/match.c:
	O_EXEC for fexecve() not O_SEARCH.
	[a156d8b38f31]

	* doc/TROUBLESHOOTING:
	Document how to suppress the last login message on Solaris.
	[2926b670aca4]

2018-04-24  Todd C. Miller

	* plugins/sudoers/cvtsudoers_json.c:
	Fix compilation error with older Sun Studio compilers.
	[0f735611642d]

	* NEWS:
	Update Bug #831 decription.
	[d5e6a2a807b8]

	* MANIFEST, doc/CONTRIBUTORS, po/zh_TW.mo, po/zh_TW.po:
	Add Chinese(Taiwan) translation for sudo.
	[5a4ba6769cca]

	* plugins/sudoers/match.c:
	Move the check for /dev/fd/N until *after* the digest has been
	checked. We still need to be able to check the digest even if there
	is no /dev/fd/N or fexecve().
	[e0e086b4e764]

2018-04-23  Todd C. Miller

	* plugins/sudoers/match.c:
	Rewind the fd after calling sudo_filedigest(). Otherwise, when
	running a script via fexecve(), the interpreter may get EOF when
	reading /dev/fd/N. This only appears to affect BSD systems with
	fdescfs. Bug #831.
	[d79f5125cc73]

	* plugins/sudoers/match.c:
	In open_cmnd(), return true, not false, if we the /dev/fd/N pathname
	is not present. We don't want to fail a match because of this.
	[72c4b499c019]

	* NEWS:
	Bug #831.
	[700646725f45]

	* plugins/sudoers/match.c:
	We can only use fexecve() on a script if /dev/fd/N exists. Some
	systems, such as FreeBSD, don't have /dev/fd mounted by default. Bug
	#831
	[30f7c5d64104]

2018-04-22  Todd C. Miller

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po,
	plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po,
	plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
	plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
	plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po,
	plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo,
	po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
	po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo,
	po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo,
	po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo,
	po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo,
	po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
	po/zh_CN.po:
	sync with translationproject.org
	[a786a841f30a]

2018-04-21  Todd C. Miller

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/el.mo, plugins/sudoers/po/el.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/eu.mo, plugins/sudoers/po/eu.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po,
	plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po,
	plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
	plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
	plugins/sudoers/po/sk.mo, plugins/sudoers/po/sk.po,
	plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo,
	po/ca.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/eo.mo,
	po/eo.po, po/es.mo, po/es.po, po/eu.mo, po/eu.po, po/fi.mo,
	po/fi.po, po/fur.mo, po/fur.po, po/gl.mo, po/gl.po, po/hu.mo,
	po/hu.po, po/ko.mo, po/ko.po, po/nl.mo, po/nl.po, po/nn.mo,
	po/nn.po, po/ru.mo, po/ru.po, po/sk.mo, po/sk.po, po/sl.mo,
	po/sl.po, po/sr.mo, po/sr.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
	po/zh_CN.po:
	sync with translationproject.org
	[268a65ce44cb]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test23.out.ok,
	plugins/sudoers/regress/cvtsudoers/test23.sh,
	plugins/sudoers/regress/cvtsudoers/test24.out.ok,
	plugins/sudoers/regress/cvtsudoers/test24.sh:
	Add tests for round-tripping cvtsudoers, sudoers -> LDIF -> sudoers
	and LDIF -> sudoers -> LDIF.
	[370d4ba4dbb8]

2018-04-19  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test22.out.ok,
	plugins/sudoers/regress/cvtsudoers/test22.sh:
	Test the -b option when converting from LDIF.
	[4d65c7c2ed01]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Fix the -b option when converting from LDIF.
	[f3c1e4dbd61e]

2018-04-18  Todd C. Miller

	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo,
	po/it.po:
	sync with translationproject.org
	[1953956c60fe]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
	Fix some more typos.
	[87fde92a1fa4]

	* doc/Makefile.in:
	mandoc now preserves the copyright notice, no need to do it
	ourselves
	[2c3f6841941a]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Describe the special handling of LOGNAME, USER and USERNAME. Fix
	typos reported by aspell.
	[e89bd28f4530]

	* src/load_plugins.c:
	Fix a memory leak on the error path.
	[db5a4678e0e4]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that the editor setting is also used by sudoedit.
	[2ae14439efd7]

2018-04-17  Todd C. Miller

	* src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
	Plug memory leak when an I/O plugin is specified in sudo.conf but
	the I/O plugin is not configured.
	[5b5086d7152a]

	* INSTALL, MANIFEST, NEWS, config.h.in, configure, configure.ac,
	plugins/sudoers/Makefile.in, plugins/sudoers/ins_python.h,
	plugins/sudoers/insults.h:
	Monty Python insults from Philip Hudson
	[8330cfc5ea19]

2018-04-15  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	add examples
	[830ff26a0dbc]

	* doc/sudo.conf.man.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudoers.ldap.man.in, doc/sudoers.man.in,
	doc/sudoers_timestamp.man.in, doc/sudoreplay.man.in,
	doc/visudo.man.in:
	Update copyright year and regen man pages.
	[6385891ebaa3]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo,
	po/cs.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
	po/ja.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo,
	po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo, po/tr.po, po/uk.mo,
	po/uk.po:
	sync with translationproject.org
	[3495b17becb0]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/match.c:
	Prune alias contents when pruning and expanding aliases. This abuses
	the userlist_matches_filter() and hostlist_matches_filter()
	functions. A better approach would be to call the correct function
	from user_matches() and host_matches().
	[0ae5f351b09f]

	* MANIFEST, examples/sudoers, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/cvtsudoers/sudoers,
	plugins/sudoers/regress/cvtsudoers/sudoers.defs,
	plugins/sudoers/regress/cvtsudoers/test1.out.ok,
	plugins/sudoers/regress/cvtsudoers/test1.sh,
	plugins/sudoers/regress/cvtsudoers/test10.out.ok,
	plugins/sudoers/regress/cvtsudoers/test10.sh,
	plugins/sudoers/regress/cvtsudoers/test11.out.ok,
	plugins/sudoers/regress/cvtsudoers/test11.sh,
	plugins/sudoers/regress/cvtsudoers/test12.out.ok,
	plugins/sudoers/regress/cvtsudoers/test12.sh,
	plugins/sudoers/regress/cvtsudoers/test13.out.ok,
	plugins/sudoers/regress/cvtsudoers/test13.sh,
	plugins/sudoers/regress/cvtsudoers/test14.out.ok,
	plugins/sudoers/regress/cvtsudoers/test14.sh,
	plugins/sudoers/regress/cvtsudoers/test15.out.ok,
	plugins/sudoers/regress/cvtsudoers/test15.sh,
	plugins/sudoers/regress/cvtsudoers/test16.out.ok,
	plugins/sudoers/regress/cvtsudoers/test16.sh,
	plugins/sudoers/regress/cvtsudoers/test17.out.ok,
	plugins/sudoers/regress/cvtsudoers/test17.sh,
	plugins/sudoers/regress/cvtsudoers/test18.out.ok,
	plugins/sudoers/regress/cvtsudoers/test18.sh,
	plugins/sudoers/regress/cvtsudoers/test19.out.ok,
	plugins/sudoers/regress/cvtsudoers/test19.sh,
	plugins/sudoers/regress/cvtsudoers/test2.out.ok,
	plugins/sudoers/regress/cvtsudoers/test2.sh,
	plugins/sudoers/regress/cvtsudoers/test20.conf,
	plugins/sudoers/regress/cvtsudoers/test20.out.ok,
	plugins/sudoers/regress/cvtsudoers/test20.sh,
	plugins/sudoers/regress/cvtsudoers/test21.conf,
	plugins/sudoers/regress/cvtsudoers/test21.out.ok,
	plugins/sudoers/regress/cvtsudoers/test21.sh,
	plugins/sudoers/regress/cvtsudoers/test3.out.ok,
	plugins/sudoers/regress/cvtsudoers/test3.sh,
	plugins/sudoers/regress/cvtsudoers/test4.out.ok,
	plugins/sudoers/regress/cvtsudoers/test4.sh,
	plugins/sudoers/regress/cvtsudoers/test5.out.ok,
	plugins/sudoers/regress/cvtsudoers/test5.sh,
	plugins/sudoers/regress/cvtsudoers/test6.out.ok,
	plugins/sudoers/regress/cvtsudoers/test6.sh,
	plugins/sudoers/regress/cvtsudoers/test7.out.ok,
	plugins/sudoers/regress/cvtsudoers/test7.sh,
	plugins/sudoers/regress/cvtsudoers/test8.out.ok,
	plugins/sudoers/regress/cvtsudoers/test8.sh,
	plugins/sudoers/regress/cvtsudoers/test9.out.ok,
	plugins/sudoers/regress/cvtsudoers/test9.sh:
	cvtsudoers regress tests
	[72fd218b5036]

2018-04-14  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	Fix typo
	[e572c36919b7]

	* plugins/sudoers/cvtsudoers.c:
	Fix cut & pasto that prevented "-d command" from working.
	[6e4ff7f23d0a]

2018-04-13  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y:
	Fix a user after free crash as well as a memory leak when filtering
	Defaults.
	[9bdd404ae6a4]

2018-04-12  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	Document that a User_Alias or Host_Alias may be used in the match
	filter.
	[49b9306a6a6d]

	* plugins/sudoers/fmtsudoers.c:
	Don't always expand aliases when formatting a host-based Defaults
	line. This was missed when expand_aliases support was added.
	[ef12a033306c]

	* plugins/sudoers/cvtsudoers.c:
	Allow host and user aliases to be specified in match filters.
	[6bc8c0da4578]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update copyright year.
	[e9c2eb23def1]

2018-04-10  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/hu.mo, plugins/sudoers/po/hu.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/da.mo,
	po/da.po, po/hr.mo, po/hr.po, po/hu.mo, po/hu.po, po/pt_BR.mo,
	po/pt_BR.po, po/tr.mo, po/tr.po:
	sync with translationproject.org
	[4a0811073374]

2018-04-09  Todd C. Miller

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/parse.h:
	When the -d option is used, remove aliases used by the non-converted
	Defaults settings if the aliases are not also referenced by
	userspecs.
	[d07c4254b3dd]

2018-04-05  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[9a4d88b2a965]

	* NEWS:
	update
	[6ef9dde8fc9a]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	Mention -p and -M options in the description of -m.
	[b20abfd14164]

2018-04-04  Todd C. Miller

	* src/sudo_edit.c:
	Check sudoedit temporary directory for writability before using it.
	[1e29ade3f4b2]

	* plugins/sudoers/regress/starttime/check_starttime.c:
	Use btime in /proc/stat to determine system start time instead of
	/proc/uptime. Fixes the process start time test when run from a
	container where /proc/uptime is the uptime of the container but the
	process start time is relative to the host system boot time. Bug
	#829
	[65ba61e55011]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/match.c, plugins/sudoers/parse.h:
	Add option to prune non-matching entries from cvtsudoers output with
	-m option is used.
	[9a69ba35389d]

2018-04-02  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
	Allow defaults types and suppression list to be specified in the
	config file.
	[62dd7a96ac9b]

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/parse.h, plugins/sudoers/visudo.c:
	Refactor common alias code out of cvtsudoers and visudo and into
	alias.c.
	[b3ba3e6f24d2]

2018-03-29  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c:
	Avoid NULL deref in an error path. CID 183467
	[38ea56670f18]

	* plugins/sudoers/cvtsudoers.c:
	No need to initialize the last pointer passed to strtok_r(). This
	was originally added to appease newer gcc but no longer seems to be
	required. CID 183466, CID 183468, CID 183469
	[b0a9b90603e1]

	* plugins/sudoers/cvtsudoers_json.c:
	Avoid false positive NULL dereference by uses value.u.string instead
	of name as the former is guaranteed not to be NULL. Fixes CID
	183465.
	[c896d10f5626]

2018-03-29  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[8a88e162fd0b]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	Add a section on convertion from file-based sudoers.
	[033c797b229d]

2018-03-28  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c:
	Add support for "cvtsudoers -d all"
	[62e748b70105]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
	Add -d option to control what type of Defaults entries are
	converted.
	[b723f0dae5c7]

2018-03-27  Todd C. Miller

	* src/exec_pty.c:
	In pty_close() we still need to check whether the pty master and
	slave fds are open before closing them. When no tty is present but
	we are I/O logging pty_close() will be called when there is no
	actual pty in use.
	[59201fb78427]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/sudo.conf.cat,
	doc/sudoers_timestamp.cat, doc/visudo.cat:
	regen
	[186f3b58daf5]

2018-03-26  Todd C. Miller

	* .hgignore:
	ignore *.ldif2sudo regress output
	[8d57e8a0013f]

	* src/exec_pty.c:
	In pty_close() there is no need to remove events associated with the
	pty slave as there are none. We also don't need to check for the pty
	fds being -1 since they are not closed elsewhere and pty_close() is
	only called if pty_setup() succeeds.
	[585a47fb5a8b]

2018-03-25  Todd C. Miller

	* doc/Makefile.in, doc/cvtsudoers.mdoc.in:
	Move cvtsudoers to section 1.
	[69adcb2d24ff]

	* src/exec_pty.c:
	In pty_close() close the slave and remove any events associated with
	it. Fixes a potential hang when performing the final flush on non-
	BSD systems.
	[40159d852c2d]

2018-03-23  Todd C. Miller

	* plugins/sudoers/ldap_util.c:
	Fix typo in strcmp(), we are comparing var not val.
	[07ccd7bae4f6]

	* MANIFEST:
	sync
	[7960511e39dd]

	* NEWS:
	sync
	[c655e7111ce9]

2018-03-22  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[ff7b545844fb]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/sudoers.h:
	Add -M option to cvtsudoers to force the use of the local passwd and
	group databases when matching.
	[ea58e2765a40]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c:
	Add cvtsudoers command line option to suppress certain parts of the
	security policy. Can be used to suppress displaying of Defaults
	entries, aliases or privileges.
	[b243efa695e6]

2018-03-21  Todd C. Miller

	* plugins/sudoers/regress/parser/check_gentime.c:
	Silence a false positive from the clang static analyzer.
	[bfde0594783e]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h:
	Silence a false positive from the clang static analyzer.
	[5257e321158d]

	* plugins/sudoers/cvtsudoers.c:
	Fix memory leak on error path.
	[1a13732abfd5]

	* plugins/sudoers/po/sudoers.pot:
	regen
	[c139b8bed3c1]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_ldif.c:
	Move cvtsudoers string functions into cvtsudoers.c
	[4b5b799e7abc]

	* plugins/sudoers/Makefile.in:
	regen
	[6ecb37e35c9f]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/parse.h:
	Initial support filtering by user, group and host in cvtsudoers.
	Currently forces alias expansion when a filter is applied and the
	entire matching user or host list is printed, even the non-matching
	entries. This effectively allows you to grep sudoers by user, group
	and host.
	[0adbf8d38eb4]

	* plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h:
	Add free_default() to free a struct defaults pointer so we have a
	single place where we free the defaults. A pointer to the previous
	Default's binding may be passed in to avoid freeing an already free
	binding.
	[9d9ef007ee88]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Decrease bullet width to 1n.
	[e6f3776fd72e]

2018-03-17  Todd C. Miller

	* src/sudo.c:
	Add aix_setauthdb() before the initial getpwuid() call.
	[b8a011be9af7]

2018-03-10  Todd C. Miller

	* plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h:
	fix compilation on Solaris
	[e31019b5f545]

2018-03-08  Todd C. Miller

	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	plugins/sudoers/sudoreplay.c:
	Make "sudoreplay -m 0" skip the pauses entirely.
	[d9a7fc9f5720]

	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
	Document that a negative value for -m will elmininate the pauses.
	[a025e96abb47]

2018-03-06  Todd C. Miller

	* plugins/sudoers/testsudoers.c:
	Update copyright date, remove unneeded include and add a few
	comments.
	[ac1bccd631e5]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/sudoers/test1.out.ok,
	plugins/sudoers/regress/sudoers/test10.out.ok,
	plugins/sudoers/regress/sudoers/test11.out.ok,
	plugins/sudoers/regress/sudoers/test12.out.ok,
	plugins/sudoers/regress/sudoers/test13.out.ok,
	plugins/sudoers/regress/sudoers/test14.out.ok,
	plugins/sudoers/regress/sudoers/test15.out.ok,
	plugins/sudoers/regress/sudoers/test16.out.ok,
	plugins/sudoers/regress/sudoers/test17.out.ok,
	plugins/sudoers/regress/sudoers/test18.out.ok,
	plugins/sudoers/regress/sudoers/test19.out.ok,
	plugins/sudoers/regress/sudoers/test2.out.ok,
	plugins/sudoers/regress/sudoers/test20.out.ok,
	plugins/sudoers/regress/sudoers/test21.out.ok,
	plugins/sudoers/regress/sudoers/test22.out.ok,
	plugins/sudoers/regress/sudoers/test3.out.ok,
	plugins/sudoers/regress/sudoers/test4.out.ok,
	plugins/sudoers/regress/sudoers/test5.out.ok,
	plugins/sudoers/regress/sudoers/test6.out.ok,
	plugins/sudoers/regress/sudoers/test7.out.ok,
	plugins/sudoers/regress/sudoers/test8.out.ok,
	plugins/sudoers/regress/sudoers/test9.out.ok,
	plugins/sudoers/testsudoers.c:
	Use fmtsudoers functions in testsudoers.
	[be27df4a5291]

	* MANIFEST, plugins/sudoers/regress/sudoers/test22.in,
	plugins/sudoers/regress/sudoers/test22.json.ok,
	plugins/sudoers/regress/sudoers/test22.ldif.ok,
	plugins/sudoers/regress/sudoers/test22.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test22.out.ok,
	plugins/sudoers/regress/sudoers/test22.sudo.ok,
	plugins/sudoers/regress/sudoers/test22.toke.ok:
	Add test for empty runas user list.
	[5598cf4c3329]

	* plugins/sudoers/testsudoers.c:
	Don't print an empty user list as ALL.
	[806ee09f854d]

	* plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h:
	In sudoers_format_userspecs make the separator optional and silence
	a printf format warning.
	[62c576cbec4b]

	* plugins/sudoers/starttime.c:
	Use correct defines when checking for sysctl kinfo_proc support.
	[6017e45d14b9]

	* plugins/sudoers/cvtsudoers_json.c:
	Fix crash when converting sudoers entry with a runas list that is
	present but empty.
	[ff6b9ef53c6b]

2018-03-05  Todd C. Miller

	* config.h.in, configure, configure.ac, plugins/sudoers/starttime.c,
	plugins/sudoers/sudoers.c, src/regress/ttyname/check_ttyname.c,
	src/tgetpass.c, src/ttyname.c:
	Less confusing sysctl checks for kinfo_proc.
	[553f6b3f9c3b]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/ldap.c, plugins/sudoers/match.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/sssd.c:
	Add case_insensitive_group and case_insensitive_user sudoers
	options, which are enabled by default.
	[bd74d8b7fe83]

2018-03-04  Todd C. Miller

	* plugins/sudoers/fmtsudoers.c:
	Kill dead store found by clang-analyzer.
	[af2021d3d396]

	* plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/sudoers/test2.ldif.ok,
	plugins/sudoers/regress/sudoers/test3.ldif.ok,
	plugins/sudoers/regress/sudoers/test6.ldif.ok,
	plugins/sudoers/sssd.c:
	Initial support for adding comments that will be emitted when
	sudoers is formatted. Currently adds a comment for the source
	sudoRole when converting from ldif -> sudoers.
	[bf2e7f48f452]

	* lib/util/lbuf.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h:
	Special case comment lines in lbufs.
	[10d6d229ffae]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Handle escaped commas when skipping over the cn.
	[61aed7ff5e1c]

2018-03-03  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/parse.h:
	When formatting as sudoers, flush the lbuf after each userspec.
	[060266dd440c]

2018-03-02  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/sudoers/test1.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test15.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test16.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test17.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test19.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test20.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test21.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test3.ldif2sudo.ok,
	plugins/sudoers/regress/sudoers/test6.ldif2sudo.ok:
	Add tests for round-tripping sudoers -> ldif -> sudoers
	[72e3e73fb612]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Add missing sudoOrder support to parse_ldif().
	[8c5e9f22f0da]

	* plugins/sudoers/ldap_util.c:
	Add missing support for converting LOG_INPUT/LOG_OUTPUT tags and
	expand support for NOMAIL tags.
	[2820c8333381]

	* plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/sudoers/test2.ldif.ok,
	plugins/sudoers/regress/sudoers/test3.ldif.ok,
	plugins/sudoers/regress/sudoers/test6.ldif.ok:
	Don't emit an empty sudoRole for global defaults if there are none.
	[2a69dccb7071]

	* plugins/sudoers/ldap_util.c:
	Avoid changing the order of non-negated hosts and commands. We still
	put negated hosts/commands at the end of the list.
	[e1aea92dd6dc]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Handle parsing boolean options that have no explicit value.
	[b5d597faa23d]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Refactor the code that actually converts the role to sudoers format
	into role_to_sudoers() now that it is more involved than just
	calling sudo_ldap_role_to_priv().
	[b876171ff96e]

	* plugins/sudoers/cvtsudoers_ldif.c:
	When merging two privileges, use the runas lists of the previous
	privilege when possible. Otherwise, the generated sudoers line will
	include a runas list for commands that is not necessary.
	[337b49451947]

2018-03-01  Todd C. Miller

	* plugins/sudoers/match.c:
	Use a case-insensitive comparison when matching user and group names
	in sudoers with the passwd or group database. This can be necessary
	when users and groups are stored in AD or LDAP.
	[bfccb8acc3e9]

	* plugins/sudoers/Makefile.in:
	Fix clean target for *.sudo regress files
	[6f52a4aef93a]

	* .hgignore:
	ignore more binaries
	[9adf244d0e9e]

	* plugins/sudoers/cvtsudoers.c:
	Fix use of uninitialized variable (conf) if sudoers_debug_register()
	happens to fail.
	[0ef1765f14f4]

2018-02-28  Todd C. Miller

	* plugins/sudoers/cvtsudoers_ldif.c:
	Split conversion code out of parse_ldif() and into
	ldif_to_sudoers().
	[27c8b7001735]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Quiet a clang analyzer warning.
	[21102c27dcce]

	* MANIFEST, configure, configure.ac, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/ldap_common.c,
	plugins/sudoers/ldap_util.c:
	rename ldap_common.c -> ldap_util.c
	[3093bdbb8a9b]

	* plugins/sudoers/cvtsudoers_ldif.c:
	When converting from ldif to sudoers, sudoRole objects with the same
	user if possible. If both user and host are the same, merge into a
	single privilege. This makes it possible to convert a sudoers entry
	like:

	 aaron shanty = NOEXEC: /usr/bin/vi, /usr/bin/more, EXEC: /bin/sh

	to ldif and then back to sudoers as a single line. Currently, the
	ldif entries to be merged must have the same or adjacent sudoOrder
	attributes.
	[74e5cef2e849]

	* plugins/sudoers/cvtsudoers_ldif.c:
	plug memory leaks
	[a5268668c397]

	* src/parse_args.c:
	Restore line to set MODE_PRESERVE_ENV in flags when the -E command
	line option is used. The caller doesn't check MODE_PRESERVE_ENV
	these days but parse_args uses it to detect usage errors when -E is
	used along with a mutually excusive option. Problem found by Yuriy
	Vostrikov.
	[b511e35d9be4]

2018-02-26  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add missing close parenthesis in "Including other files from within
	sudoers" section. Bug #824
	[3335cb2ce29f]

2018-02-25  Todd C. Miller

	* plugins/sudoers/ldap_common.c:
	When converting from LDAP to sudoers, put negated hosts and commands
	at the end of the list. Since LDAP doesn't guarantee attribute order
	we need to make sure negated entries always override non- negated
	ones.
	[0ebff259c521]

2018-02-24  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c:
	We may need the hostname to resolve %h escapes in include files.
	[3e57710762d3]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c:
	Setting a sudoOrder start point of 0 will disable creation of
	sudoOrder attributes in the resulting LDIF output.
	[4107f61b431b]

	* plugins/sudoers/cvtsudoers.c:
	Don't need to fill in struct sudo_user since we don't do matching.
	[cdc876d298b5]

	* MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in,
	doc/cvtsudoers.mdoc.in, pathnames.h.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c:
	Add support for setting default options in a config file. In
	addition to expand_aliases, input_format and output_format, both the
	initial sudoOrder and the increment when updating sudoOrder for
	subsequent sudoRole objects can be specified. Command line options
	have also been added for the start order and increment.
	[d3121c039ddf]

2018-02-22  Todd C. Miller

	* NEWS:
	cvtsudoers can now read LDIF
	[99b7ed30c754]

	* doc/UPGRADE:
	Fix a typo.
	[87f635970a5d]

	* plugins/sudoers/fmtsudoers.c:
	Deal with user_name not being set in cvtsudoers.
	[421bb1dbff57]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_common.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_ldap.h:
	Initial support for parsing sudoers LDIF files in cvtsudoers. This
	makes it possible to convert from LDAP sudoers to a traditional
	sudoers file. Semantic differences between file sudoers and LDAP
	sudoers mean that LDIF -> sudoers is not completely equivalent.
	[ddf513e2778f]

2018-02-21  Todd C. Miller

	* plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/sudoers/test14.ldif.ok:
	Fix LDIF conversion of commands with an associated digest.
	[590ab0cb58e4]

	* plugins/sudoers/ldap_common.c:
	In array_to_member_list() use the correct type for netgroups and
	user groups.
	[359947d19131]

	* plugins/sudoers/fmtsudoers.c:
	Prepend digest to command if present. Fix printing of group IDs and
	non-unix groups.
	[5f9834b4bcbc]

	* plugins/sudoers/cvtsudoers_json.c:
	Fix gcc false positive for uninitialized variable
	[d250b862c1ed]

2018-02-20  Todd C. Miller

	* pp:
	Update Polypkg to the latest version from git.
	[204ebffb502f]

	* config.h.in, configure, configure.ac, src/sudo.c:
	Use setpassent() and setgroupent() on systems that support it to
	keep the passwd and group database open. Sudo does a lot of passwd
	and group lookups so it can be beneficial to just leave the file
	open.
	[3d2d5bca9670]

2018-02-19  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c:
	Add option to cvtsudoers to expand aliases in the output.
	[1af56459fd7d]

	* plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/regress/sudoers/test1.json.ok,
	plugins/sudoers/regress/sudoers/test14.json.ok,
	plugins/sudoers/regress/sudoers/test15.json.ok,
	plugins/sudoers/regress/sudoers/test16.json.ok,
	plugins/sudoers/regress/sudoers/test17.json.ok,
	plugins/sudoers/regress/sudoers/test19.json.ok,
	plugins/sudoers/regress/sudoers/test2.json.ok,
	plugins/sudoers/regress/sudoers/test6.json.ok:
	Fix conversion of "ALL" in the JSON output format, which was being
	printed as an alias.
	[3f7869688820]

	* INSTALL, configure, configure.ac:
	Clarify that --with-rundir and --with-vardir take sudo-specific
	directory, e.g. /var/run/sudo and not just /var/run. Bug #823
	[e1913085e544]

	* src/exec_pty.c:
	In pty_cleanup() we need to call sudo_term_restore() even if no I/O
	plugins are present as long as /dev/tty exists. Fixes the use_pty
	case with no I/O plugins.
	[82fecef72998]

	* include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in,
	plugins/sudoers/sudoreplay.c, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c:
	Add sudo_ev_dispatch(), a wrapper for ev_loop() with no flags.
	Similar the dispatch function in libevent.
	[61e588fd50d0]

	* INSTALL, configure, configure.ac, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, m4/sudo.m4:
	Use /run in preference to /var/run if it exists. Bug #822
	[ec2febe6f8a3]

2018-02-14  Todd C. Miller

	* NEWS:
	mention common sudoers formatting changes
	[b32825ca3e2f]

2018-02-11  Todd C. Miller

	* MANIFEST, configure, configure.ac, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap.h,
	plugins/sudoers/sudo_ldap_conf.h:
	Move LDAP configuration bits into ldap_conf.c
	[1673e3c7855a]

2018-02-10  Todd C. Miller

	* plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c:
	No longer need to include stddef.h
	[a10a13dc73c7]

	* plugins/sudoers/iolog.c:
	Remove dead store, found by cppcheck.
	[744e99ffc82e]

	* plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h:
	simplify iterator
	[944fd546ec98]

	* plugins/sudoers/mkdir_parents.c:
	Silence a false positive from cppcheck.
	[f94421968d8e]

	* plugins/sudoers/tsdump.c:
	Cast version to int when printing. Avoids a cppcheck warning.
	[3312bec4f1e3]

2018-02-09  Todd C. Miller

	* plugins/sudoers/ldap.c, plugins/sudoers/ldap_common.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h:
	Use an iterator instead of fragile pointer arithmetic to iterate
	over value arrays in sudo_ldap_role_to_priv().
	[61752c5f3427]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c:
	Move sudoers formatting code into fmtsudoers.
	[ff25291c99f4]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse.c:
	Clean up some XXX in parse.c
	[19854e7d8ac7]

	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
	Rename sudo_file_append_default() -> sudo_lbuf_append_default() and
	use it for ldap and sssd too.
	[dae22810f2dd]

	* MANIFEST, configure, configure.ac, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_common.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_ldap.h:
	Move common bits of ldap to sudoers conversion into ldap_common.c
	and use it in sssd.c.
	[5cca03f64b77]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h:
	Convert ldap results into a sudoers userspec so we can use the "sudo
	-l" output functions in parse.c.
	[1422e10dc274]

2018-02-08  Todd C. Miller

	* sudo.pp:
	Don't mark sudoers.dist volatile, it only gets used on systems that
	don't have the concept of volatile files.
	[c47fd17e62e3]

2018-02-05  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h:
	Refactor member freeing code into free_member(). Refactor userspec
	freeing code into free_userspec().
	[ccc95e8b9f69]

	* plugins/sudoers/cvtsudoers.c:
	Fix compilation with glibc where stdout is not constant.
	[97a0302c29c8]

2018-02-04  Todd C. Miller

	* plugins/sudoers/ldap.c:
	For "sudo -l", if a word includes spaces, print it in double quotes.
	Also escape spaces in the command path. This matches the sudoers
	quoting rules.
	[04ace6decf3a]

2018-02-03  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Display sudoNotBefore and sudoNotAfter in "sudo -l"
	[ef7de4c8aa9e]

	* plugins/sudoers/parse.c:
	For "sudo -l", if a word includes spaces, print it in double quotes.
	Also escape spaces in the command path. This matches the sudoers
	quoting rules.
	[fa12a254657c]

	* plugins/sudoers/cvtsudoers.c:
	Add back printing of negation operator ('!') when printing a word
	with spaces in it.
	[c69706a91817]

	* plugins/sudoers/Makefile.in:
	Use visudo to validate "cvtsudoers -f sudoers" output.
	[06bae7204926]

	* plugins/sudoers/regress/sudoers/test21.in,
	plugins/sudoers/regress/sudoers/test21.json.ok,
	plugins/sudoers/regress/sudoers/test21.ldif.ok,
	plugins/sudoers/regress/sudoers/test21.out.ok,
	plugins/sudoers/regress/sudoers/test21.toke.ok:
	Remove syslog_goodpri and syslog_badpri without a value that causes
	visudo to report an error.
	[c1f696e49f49]

	* plugins/sudoers/cvtsudoers.c:
	When outputting sudoers, if a word includes spaces, print it in
	double quotes. Also escape spaces in the command path.
	[d040c1a21277]

2018-02-02  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/parse.h, plugins/sudoers/visudo.c:
	Add sudoers output format to cvtsudoers. In the future this may be
	used with filters to emit a partial sudoers file instead of a full
	one.
	[533d2c389213]

	* plugins/sudoers/parse.c:
	When printing a member name, quote sudoers special characters unless
	it is a UID/GID, in which case we print the '#' unquoted.
	[e4e8154c4fe9]

	* plugins/sudoers/parse.c, plugins/sudoers/parse.h:
	Move SUDOERS_QUOTED define to parse.h
	[a813ec4acb5f]

2018-01-30  Todd C. Miller

	* plugins/sudoers/timestamp.c:
	Remove extraneous break statement and fix some whitespace.
	[39df566c33e3]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	The max timeout for kernel time stamps is 60 minutes, not 3600
	minutes.
	[95be88c4f106]

2018-01-29  Todd C. Miller

	* plugins/sudoers/testsudoers.c:
	Check the return value of sudoers_debug_register(). Coverity CID
	182574
	[fb5449acdafd]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Fix memory leak, su->count is now 0 when it is unused, not 1.
	Covertity CID 182573
	[77019ded8f84]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Quiet a clang analyzer false positive.
	[ef04f7069df4]

	* plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/sudoers/test2.ldif.ok,
	plugins/sudoers/regress/sudoers/test6.ldif.ok:
	Quote special characters when creating the cn as per RFC2253
	[e49ff28c1fd7]

	* NEWS, configure, configure.ac, doc/UPGRADE:
	Sudo 1.8.23
	[e364ed057d1d]

	* doc/LICENSE:
	Remove the C-style comment charactes from the getopt_long.c and
	inet_pton.c license text as it was inconsistent with the rest of the
	file and messed up the html formatting.
	[a26679d2d0a7]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/sudoers2ldif,
	sudo.pp:
	Remove sudoers2ldif, it has been replaced by cvtsudoers.
	[7563cc3768c2]

2018-01-28  Todd C. Miller

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c:
	Add -b option to specify the base dn.
	[7cd4c46c33bf]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in:
	Document limitations of LDIF conversion.
	[e8c84362f084]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c:
	Switch the default output format to LDIF
	[a677c7b72a90]

	* plugins/sudoers/visudo.c:
	Execute cvtsudoers if the user runs "visudo -x" but also emit a
	warning.
	[53ec45a847d2]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c,
	plugins/sudoers/visudo.c:
	Revert 04ec05108b2b, change the default input source back to stdin.
	[df8d94f1bab4]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/sudoers/test1.ldif.ok,
	plugins/sudoers/regress/sudoers/test10.ldif.ok,
	plugins/sudoers/regress/sudoers/test11.ldif.ok,
	plugins/sudoers/regress/sudoers/test12.ldif.ok,
	plugins/sudoers/regress/sudoers/test13.ldif.ok,
	plugins/sudoers/regress/sudoers/test14.ldif.ok,
	plugins/sudoers/regress/sudoers/test15.ldif.ok,
	plugins/sudoers/regress/sudoers/test16.ldif.ok,
	plugins/sudoers/regress/sudoers/test17.ldif.ok,
	plugins/sudoers/regress/sudoers/test18.ldif.ok,
	plugins/sudoers/regress/sudoers/test19.ldif.ok,
	plugins/sudoers/regress/sudoers/test2.ldif.ok,
	plugins/sudoers/regress/sudoers/test20.ldif.ok,
	plugins/sudoers/regress/sudoers/test21.ldif.ok,
	plugins/sudoers/regress/sudoers/test3.ldif.ok,
	plugins/sudoers/regress/sudoers/test4.ldif.ok,
	plugins/sudoers/regress/sudoers/test5.ldif.ok,
	plugins/sudoers/regress/sudoers/test6.ldif.ok,
	plugins/sudoers/regress/sudoers/test7.ldif.ok,
	plugins/sudoers/regress/sudoers/test8.ldif.ok,
	plugins/sudoers/regress/sudoers/test9.ldif.ok:
	Add LDIF conversion to sudoers tests
	[997b79da8874]

	* plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/regress/sudoers/test19.json.ok:
	Add notbefore and notafter support to the backends.
	[be50db300eda]

2018-01-27  Todd C. Miller

	* README.LDAP:
	cvtsudoers instead of sudoers2ldif
	[3909ea2c29c1]

	* MANIFEST, doc/cvtsudoers.cat, doc/cvtsudoers.man.in,
	doc/cvtsudoers.mdoc.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_ldif.c:
	Add ldif backend to cvtsudoers, to replace sudoers2ldif
	[f0e039c63488]

	* plugins/sudoers/Makefile.in:
	fix make check
	[2cbedce72e3a]

2018-01-26  Todd C. Miller

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c:
	Parse sudoers in the front end, not the back end.
	[30d4e40ed69a]

	* doc/Makefile.in:
	install the cvtsudoers manual
	[243d319fed1c]

	* doc/cvtsudoers.cat, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/stubs.c,
	plugins/sudoers/visudo.c:
	Use the built-in sudoers file location as the default sudoers file
	for cvtsudoers and move parse_sudoers_options() to stubs.c since it
	is shared between visudo.c and cvtsudoers.c.
	[04ec05108b2b]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/stubs.c, plugins/sudoers/visudo.c:
	Move common stub functions required by the parser out of visudo.c
	and cvtsudoers.c and into stubs.c.
	[a324cbde55a3]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c:
	Rename export_sudoers() to convert_sudoers_json() and move the check
	for the same input and output file to the front-end.
	[7c83c21ea479]

	* sudo.pp:
	add cvtsudoers
	[e8ba851cafb4]

	* MANIFEST, doc/Makefile.in, doc/cvtsudoers.cat,
	doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/visudo.cat,
	doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/Makefile.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
	Move sudoers JSON conversion to cvtsudoers which will eventually
	output to other formats too.
	[e64a50657a88]

	* plugins/sudoers/defaults.c:
	Convert from time in minutes to timespec directly instead of
	converting to double via strtod(). This makes it easier to catch
	overflow.
	[0d6ab7c21a15]

2018-01-24  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	document that kernel tty timestamps don't support negative timeouts
	[4ff726cf2010]

2018-01-23  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/timestamp.c:
	Fall back to ppid time stamps if timestamp_type == kernel and no tty
	is present. This is consistent with timestamp_type == tty.
	[26c527166a0c]

	* plugins/sudoers/timestamp.c:
	Do not call the TIOCSETVERAUTH ioctl with a negative number of
	seconds. Also cap the max number of seconds at 3600 to avoid getting
	EINVAL from TIOCSETVERAUTH.
	[371744874743]

2018-01-22  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Better conversion from double to nanoseconds.
	[2f54790801c8]

	* plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults,
	plugins/sudoers/timestamp.c:
	Store passwd_timeout and timestamp_timeout as a struct timespec
	instead of as a float. Remove timeout argument to auth_getpass() as
	it was never used.
	[c4a3c60d0284]

2018-01-21  Todd C. Miller

	* plugins/sudoers/mkdefaults:
	Don't rely on perl being installed in /usr/local/bin
	[e3274f56df43]

2018-01-17  Todd C. Miller

	* config.h.in, configure, configure.ac, lib/util/gettime.c,
	lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/utimens.c,
	plugins/sudoers/boottime.c, plugins/sudoers/check.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
	plugins/sudoers/ldap.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c, src/net_ifs.c, src/sesh.c, src/sudo.c,
	src/sudo_edit.c, src/utmp.c:
	Remove use of AC_HEADER_TIME, only obsolete platforms actually need
	this. Also stop removing sys/time.h unless the source file uses
	struct timeval.
	[a744b8a07685]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Remove duplicate options %type
	[3ea3c3d477bf]

2018-01-16  Todd C. Miller

	* plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
	plugins/sudoers/sudoers.h:
	Add an approval function to the sudo auth API which is run after the
	user's password has been verified. The approval function is run even
	if no password is required. This is currently only used for PAM (use
	pam_acct_mgmt) and BSD auth (auth_approval).
	[cab448ac8633]

2018-01-15  Todd C. Miller

	* plugins/sudoers/tsdump.c:
	treat uid as unsigned in error message
	[2672d4ca3479]

	* MANIFEST, plugins/sudoers/po/fur.mo:
	Add missing plugins/sudoers/po/fur.mo file to repo.
	[cfa503d7fcd4]

	* NEWS:
	Mention new sudoers_timestamp manual.
	[f96ad00c4ba4]

2018-01-12  Todd C. Miller

	* .hgignore:
	ignore tsdump
	[39306d37c846]

	* plugins/sudoers/tsdump.c:
	Convert from mono time to real time before displaying time stamps.
	[12f9e1f5e8e5]

2018-01-11  Todd C. Miller

	* plugins/sudoers/solaris_audit.c:
	Use PATH_MAX, not MAXPATHLEN.
	[d3c7466aad1d]

	* MANIFEST, config.h.in, configure, configure.ac, include/sudo_util.h,
	lib/util/Makefile.in, lib/util/ttyname_dev.c, lib/util/util.exp.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/check.h,
	plugins/sudoers/tsdump.c, src/ttyname.c:
	Add tsdump, a simple utility to dump a timestamp file. To build, run
	"make tsdump" in the plugins/sudoers directory (it is not built by
	default). In order to map the tty device number to a name,
	sudo_ttyname_dev() has been moved into libsudo_util.
	[b79ae30fe6a4]

2018-01-04  Todd C. Miller

	* plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/uk.mo,
	po/uk.po:
	sync with translationproject.org
	[71140a551c60]

	* doc/LICENSE:
	Welcome to 2018
	[3ddea360d414]

2017-12-28  Todd C. Miller

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/fur.po, plugins/sudoers/po/nb.mo,
	plugins/sudoers/po/nb.po, plugins/sudoers/po/zh_CN.mo,
	plugins/sudoers/po/zh_CN.po:
	sync with translationproject.org
	[fbd54c7f59f1]

2017-12-22  Todd C. Miller

	* plugins/sudoers/logging.c:
	Silence a clang analyzer false positive.
	[bfcdfe2c1376]

	* doc/Makefile.in:
	Remove extra $(srcdir)/sudoreplay.man.in target added by mistake.
	[7e83806cc17e]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ja.mo,
	po/ja.po:
	sync with translationproject.org
	[27cf5abeeb1a]

	* plugins/sudoers/timestamp.c:
	Use a tty lock even for kernel time stamps so we can avoid
	simultaneous password prompts.
	[90a55098176b]

	* NEWS:
	visudo changes
	[06c99aab6f7a]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
	plugins/sudoers/editor.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
	Also honor SUDO_EDITOR in visudo. Previously is was only used by
	sudoedit.
	[9bccc7171a53]

2017-12-21  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Stop looking for an editor as soon as we find one. A similar fix was
	made to visudo some time ago.
	[c6c5d968612a]

	* doc/sudoers_timestamp.cat, doc/sudoers_timestamp.man.in,
	doc/sudoers_timestamp.mdoc.in:
	The session ID was added in 1.8.6p7 to prevent a user in another
	session from re-using the time stamp file. Other minor cleanups.
	[f733f7ea97a7]

	* plugins/sudoers/check.h:
	"time stamp" not "timestamp"
	[af0f2d8b6d52]

2017-12-20  Todd C. Miller

	* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/timestamp.c:
	Add "kernel" as a possible value of timestamp_type. Currently only
	supported on OpenBSD.
	[ca1a2a03e37d]

	* MANIFEST, doc/Makefile.in, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, doc/sudoers_timestamp.cat,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	plugins/sudoers/check.h:
	Document the sudoers time stamp file format.
	[d3470da8fde9]

2017-12-19  Todd C. Miller

	* plugins/sudoers/regress/starttime/check_starttime.c:
	Verify start time of the current process, allowing for some clock
	drift. For Linux, process start time is relative to boot time, not
	wallclock time.
	[4928645eaa1c]

2017-12-18  Todd C. Miller

	* NEWS:
	sync
	[aeffb7f82e10]

	* plugins/sudoers/po/sudoers.pot:
	regen
	[8be51858eec1]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/starttime/check_starttime.c:
	Trivial test for process start time. We don't try to check the
	resulting timespec as it differs by platform. On most it is
	wallclock time, on others it is relative to boot time (Linux).
	[e74cf3bd4c87]

	* lib/util/Makefile.in:
	regen
	[6de26735d666]

2017-12-17  Todd C. Miller

	* plugins/sudoers/starttime.c:
	Support start time on macOS and 4.4BSD
	[81f2eebc7edb]

2017-12-16  Todd C. Miller

	* plugins/sudoers/regress/env_match/check_env_pattern.c:
	Include sys/types.h for mode_t used in sudoers.h.
	[bdff1606f111]

	* plugins/sudoers/starttime.c:
	Fix compilation error on FreeBSD
	[2c4962a7812c]

	* plugins/sudoers/starttime.c:
	Fix debug_decl(), it should be SUDOERS_DEBUG_UTIL Add debugging for
	the successful case For Linux, don't NUL out *ep before parsing with
	strtoull().
	* * * Add missing debug info for the System V /proc version.
	[2394c6d9375d]

	* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/check.h,
	plugins/sudoers/starttime.c, plugins/sudoers/timestamp.c:
	In the timestamp record, include the start time of the terminal
	session leader for tty-based timestamps or the start time of the
	parent process for ppid-based timestamps. Idea from Duncan
	Overbruck.
	[f0964b4cf4ac]

2017-12-15  Todd C. Miller

	* plugins/sudoers/timestamp.c:
	If the lock record doesn't match the expected record size we need to
	seek to the end of the record as we otherwise may have gone too far
	(or not far enough). Fixes interop problems when the time stamp
	record changes size.
	[e8e4c3815db5]

2017-12-12  Todd C. Miller

	* src/exec_pty.c:
	No need for a loop around the recv() now that we don't have to worry
	about EINTR. CID 180697
	[7cb966d69bc6]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Try to be clearer about sudo's exit value when the -l option is
	used.
	[efbddaa576a7]

	* NEWS:
	sync
	[99fc4b347250]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c,
	plugins/sudoers/sssd.c:
	An empty RunAsUser means run as the invoking user, similar to how
	the sudoers files works.
	[576172386594]

	* doc/sudoers.cat, doc/sudoers.man.in:
	regen
	[9b6d0064f410]

2017-12-11  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
	Add authfail_message sudoers option to allow the user to override
	the default message of %d incorrect password attempt(s).
	[f11e9d64a6da]

	* plugins/sudoers/policy.c, src/parse_args.c:
	Allow the plugin to determine whether or not an empty timeout is
	allowed. For sudoers, an error will be returned for an empty
	timeout.
	[26511c049fb1]

	* plugins/sudoers/timeout.c:
	Return an error for an empty timeout string. Just use strtol() for
	syntax checking instead of scanning with strspn().
	[1fa1b712fbcc]

	* src/parse_args.c, src/sudo_edit.c:
	Change some _() into U_() since they are used for warn/fatal. We
	always want to issue warnings in the user's locale.
	[684331aee66e]

	* Makefile.in:
	update my email address
	[b4ec26be6203]

2017-12-10  Todd C. Miller

	* log2cl.pl:
	Don't print mercurial branch info for merges.
	[489881774e52]

	* log2cl.pl:
	Use log size instead of using a separator between the log entry and
	the file names.
	[620c231f789b]

	* src/parse_args.c:
	Print usage and return an error when an empty argument is given for
	all command line arguments other than -p and -E. Bug #817
	[143be1bc8316]

	* plugins/sudoers/policy.c:
	Better input validation of settings passed by the sudo front-end.
	Instead of ignoring an empty setting, throw an error.
	[93cc4f4761f3]

	* log2cl.pl:
	Treat a blank line in a commit message as a line break. There
	doesn't appear to be a way to make perl's format use a blank field
	but at least the line break happens now.
	[fbc3ff819341]

2017-12-09  Todd C. Miller

	* MANIFEST, Makefile.in, log2cl.pl:
	Add script to generate ChangeLog from git log output.
	[e8bfbd1ae6ef]

2017-12-08  Todd C. Miller

	* plugins/sudoers/defaults.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Don't include syslog.h from logging.h, just include it in the two .c
	files it is actually needed.
	[9ffc5ca9eb49]

2017-12-06  Todd C. Miller

	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
	Document that in check mode, visudo does not check the owner/mode on
	files specified with the -f flag.
	[f5d86019e4c7]

2017-12-03  Todd C. Miller

	* Makefile.in, configure.ac, doc/HISTORY, doc/LICENSE,
	doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
	doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
	doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.man.in,
	doc/sudoreplay.mdoc.in, doc/visudo.man.in, doc/visudo.mdoc.in,
	examples/Makefile.in, include/Makefile.in,
	include/compat/charclass.h, include/compat/endian.h,
	include/compat/fnmatch.h, include/compat/nss_dbdefs.h,
	include/compat/sha2.h, include/sudo_compat.h, include/sudo_conf.h,
	include/sudo_debug.h, include/sudo_dso.h, include/sudo_event.h,
	include/sudo_fatal.h, include/sudo_gettext.h, include/sudo_lbuf.h,
	include/sudo_plugin.h, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/aix.c, lib/util/closefrom.c, lib/util/event.c,
	lib/util/event_poll.c, lib/util/event_select.c, lib/util/fatal.c,
	lib/util/getgrouplist.c, lib/util/gethostname.c, lib/util/getline.c,
	lib/util/getopt_long.c, lib/util/gettime.c, lib/util/gidlist.c,
	lib/util/glob.c, lib/util/isblank.c, lib/util/key_val.c,
	lib/util/lbuf.c, lib/util/locking.c, lib/util/memrchr.c,
	lib/util/memset_s.c, lib/util/mksiglist.c, lib/util/mksigname.c,
	lib/util/mktemp.c, lib/util/nanosleep.c, lib/util/parseln.c,
	lib/util/pipe2.c, lib/util/progname.c, lib/util/pw_dup.c,
	lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
	lib/util/setgroups.c, lib/util/sha2.c, lib/util/sig2str.c,
	lib/util/snprintf.c, lib/util/strlcat.c, lib/util/strlcpy.c,
	lib/util/strndup.c, lib/util/strnlen.c, lib/util/strsignal.c,
	lib/util/strsplit.c, lib/util/strtobool.c, lib/util/strtoid.c,
	lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
	lib/util/sudo_debug.c, lib/util/sudo_dso.c, lib/util/term.c,
	lib/util/ttysize.c, lib/util/utimens.c, lib/util/vsyslog.c,
	lib/zlib/Makefile.in, m4/sudo.m4, mkdep.pl, mkpkg, pathnames.h.in,
	plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
	plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
	plugins/sample/Makefile.in, plugins/sample/sample_plugin.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
	plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/base64.c,
	plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
	plugins/sudoers/bsm_audit.h, plugins/sudoers/check.c,
	plugins/sudoers/check.h, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/digestname.c,
	plugins/sudoers/editor.c, plugins/sudoers/env.c,
	plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/filedigest_gcrypt.c,
	plugins/sudoers/filedigest_openssl.c, plugins/sudoers/find_path.c,
	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
	plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c,
	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
	plugins/sudoers/hexchar.c, plugins/sudoers/ins_2001.h,
	plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
	plugins/sudoers/ins_goons.h, plugins/sudoers/insults.h,
	plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
	plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h,
	plugins/sudoers/locale.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h, plugins/sudoers/logwrap.c,
	plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
	plugins/sudoers/mkdir_parents.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/po/sudoers.pot,
	plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
	plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/logging/check_wrap.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudo_nss.h,
	plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers2ldif,
	plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoers_debug.h,
	plugins/sudoers/sudoers_version.h, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
	plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h,
	plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
	plugins/system_group/Makefile.in,
	plugins/system_group/system_group.c, po/sudo.pot, src/Makefile.in,
	src/conversation.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
	src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/get_pty.c,
	src/hooks.c, src/load_plugins.c, src/net_ifs.c, src/openbsd.c,
	src/parse_args.c, src/preload.c, src/preserve_fds.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
	src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
	src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
	src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tcsetpgrp_nobg.c,
	src/tgetpass.c, src/ttyname.c, src/utmp.c, sudo.pp:
	update my email to Todd.Miller@...
	[96110003e904]

2017-12-02  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	Add missing carriage return before prompt when replay is done.
	[cf4b8bfcb3dd]

	* src/exec_pty.c:
	Track window size changes that happen while sudo is suspended
	[cae06f75bde9]

2017-12-01  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[26ae754b8416]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
	doc/visudo.cat:
	regen for sudo 1.8.22
	[596d82da0158]

	* NEWS, configure, configure.ac:
	Sudo 1.8.22
	[6b32c2f5d020]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Background processes started by the command will no longer receive
	SIGHUP.
	[47bcc3ae4362]

	* src/exec_monitor.c:
	When the command completes, make the monitor the foreground process
	group before informing the main sudo process of the command's exit
	status. This will prevent processes started by the command (which
	runs in a different process group) from receiving SIGHUP since the
	kernel sends SIGHUP to the foreground process group associated with
	the terminal session. The monitor has a SIGHUP handler installed so
	the signal is effectively ignored.
	[9e163efe4afb]

	* src/sudo.c:
	Add debug printfs around group list retrieval.
	[5f307b00153b]

2017-11-30  Todd C. Miller

	* src/exec_pty.c:
	Move call to sudo_ev_loopcontinue() into schedule_signal() itself.
	We always want to prioritize signal forwarding.
	[4b25dc24038b]

	* src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
	Don't loop over read/write, recv/send or tcgetpgrp/tcsetpgrp trying
	to handle EINTR. We now use SA_RESTART with signals so this is not
	needed and is potentially dangerous if it is possible to receive
	SIGTTIN or SIGTTOU (which it currently is not).
	[ba6885b57891]

2017-11-29  Todd C. Miller

	* src/exec_monitor.c, src/signal.c:
	Sprinkle some extra debugging printfs
	[bf33574bc603]

	* src/exec_pty.c:
	We don't need to be the foreground process to be able to write to
	the terminal in most cases. If the background process tries to
	modify the terminal flags it will receive SIGTTOU which is relayed
	to the sudo front-end. This currently mishandles terminals with the
	TOSTOP local flag set.
	[3fc25570d482]

	* src/exec_pty.c:
	Handle receipt of SIGTTIN/SIGTTOU when reading/writing from/to the
	tty. We can't use a signal event for these since that would restart
	the system call after the signal was handled and the callback would
	not get a chance to run. Fixes running a command in the background
	that write to the tty when the TOSTOP terminal flag is set.
	[5ac68f05249a]

2017-11-28  Todd C. Miller

	* plugins/sudoers/sssd.c:
	Avoid a double free when ipa_hostname is set in sssd.conf and it is
	an unqualified host name. From Daniel Kopecek.

	Also move the "unable to allocate memory" warning into
	get_ipa_hostname() itself to make it easier to see where the
	allocation failed in the debug log.
	[14dacdea3319]

	* plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	When running a command as the invoking user we cannot use the gid
	list from the front-end since it may not correspond to the user's
	aux group vector as defined by the group database.
	[b456101fe509]

	* lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/glob/globtest.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/parser/check_hexchar.c:
	Add missing initprogname() calls.
	[ad4f8d236d89]

2017-11-21  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Better describe things when a command is run in a pty.
	[0f34fc342ab5]

2017-11-16  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Plug some memory leaks on error, some found by the clang static
	analyzer.
	[62844cc145b6]

2017-11-15  Todd C. Miller

	* plugins/sudoers/parse.c:
	Avoid calling cmnd_matches() in list/verify mode if we already have
	a match.
	[5bddfc911065]

	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/sssd.c:
	In list (-l) or verify (-v) mode, if we have a match but
	authentication is required, clear FLAG_NOPASSWD so that when
	listpw/verifypw is set to "all" and there are multiple sudoers
	sources a password will be required unless none of the entries in
	all sources require authentication. From Radovan Sroka of RedHat
	[edac7222600a]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	When checking the results for "sudo -l" and "sudo -v", keep checking
	even after we get a match since the value of doauth may depend on
	evaluating all the results. From Radovan Sroka of RedHat.
	[ae0704445bd4]

2017-11-14  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	If passwd_tries is less than 1, check_user() will always return
	false (since the user didn't authenticate). The normal reason for
	this is an authentication error but in this case no authentication
	was tries so no warning message has been displayed to the user. If
	the user wasn't given a chance to authenticate, set inform_user to
	true when calling log_denial() from sudoers_policy_main().

	An alternate approach would be for check_user() to return true in
	this case but seems more confusing.
	[c8be95b46e9d]

2017-10-22  Todd C. Miller

	* doc/TROUBLESHOOTING:
	Document bash shell alias issue with "sudo -i".
	[8affa5376277]

2017-10-20  Todd C. Miller

	* plugins/sudoers/policy.c:
	Return an error if the sudo front end doesn't set the user name,
	user ID, group ID or host name. Bug #807
	[03e281d93fff]

	* lib/util/gethostname.c:
	Treat an empty hostname as a failure and return NULL.
	[fafb3a3083cb]

2017-10-17  Todd C. Miller

	* plugins/sudoers/sudoers2ldif:
	Add support for #include and #includedir from Natale Vinto.
	[926deea0d506]

2017-10-14  Todd C. Miller

	* doc/CONTRIBUTORS:
	Minor corrections from Tae Wong
	[dbc5ee98ffa6]

2017-10-12  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Add a warning that for "sudo -i command" and "sudo -s command" the
	shell is not run in interactive mode which may change its behavior.
	[76c19db05a1e]

2017-09-26  Todd C. Miller

	* include/sudo_compat.h, src/exec_pty.c:
	Fix stair-stepped output when the output of a sudo command is piped
	to another command and use_pty is set.
	[e91e3f12d2d4]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	env_keep and env_check are also taken into account with "sudo -i".
	Bug #806
	[5f5568c6fdd9]

2017-09-18  Todd C. Miller

	* INSTALL, config.h.in, configure, configure.ac,
	plugins/sudoers/ins_classic.h:
	Make PC insults the default and add new configure option, enable-
	offensive-insults, to enable the offensive insults.
	[eb264d342601]

2017-09-14  Todd C. Miller

	* doc/CONTRIBUTORS:
	Add missing translators from recent updates and one name change.
	[20828c25ad92]

2017-09-07  Todd C. Miller

	* MANIFEST, plugins/sudoers/po/fur.po, plugins/sudoers/po/hr.mo,
	plugins/sudoers/po/hr.po, plugins/sudoers/po/sv.mo,
	plugins/sudoers/po/sv.po, po/hr.mo, po/hr.po, po/sv.mo, po/sv.po:
	sync with translationproject.org
	* * * sync with translationproject.org
	[24bb066fa19f]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	More accurately describe the use_pty option now that its behavior
	has changed with respect to interposition with a pipe. Also describe
	some caveats with log_input.
	[a87056499931]

	* doc/UPGRADE:
	Document changes in use_pty behavior when no terminal is present.
	[a4b978693178]

	* src/exec_pty.c:
	Set ec->cmnd_pid to the correct value when receiving the command's
	process ID from the monitor.
	[a624309ba848]

	* src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
	If /dev/tty is not available and no I/O logging plugins are
	configured, fall back on exec_nopty() even if the policy plugin
	requested a pty. We never allocate a pty when sudo is not run from a
	terminal anyway.
	[c9b9c6c4e0ad]

	* src/exec_pty.c:
	Do not set utmp_user if we did not actually allocate a pty.
	[aa8e0fdea32b]

2017-09-06  Todd C. Miller

	* NEWS, configure, configure.ac:
	sudo 1.8.21p2
	[94d18888e7c4]

	* src/exec.c:
	sudo_terminated() should not return true when SIGCHLD is pending.
	Bug #801
	[57f636b6489f]

	* src/tgetpass.c:
	Set SIGCHLD handler to SIG_DFL before forking the askpass command
	and restore after. Otherwise, SIGCHLD will end up in the list of
	pending signals and sudo_execute() will not execute the command.
	[c171eeabdc72]

	* lib/util/event.c:
	The read and write sides of signal_pipe[] were swapped, resulting in
	EBADF reading from and writing to the signal pipe on Linux and
	probably others. On systems with bidirectional pipes this was not an
	issue.
	[7668f93e6544]

2017-09-05  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Fix a logic error in 96651906de42 which prevented sudo from using
	the PAM-supplied prompt. Bug #799
	[6ee5cc13af69]

2017-09-01  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.8.21p1
	[7e6bf56cb06c]

	* mkpkg:
	The Fedora sudo package uses /etc/ldap.conf not /etc/sudo-ldap.conf.
	[7b4e6f50e138]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	The fix for matching when no sudoRunAsUser is present in a sudoRole
	was incomplete. If no -g option was specified on the command line
	but sudoRunAsGroup is present in a sudoRole, we need to treat the
	group match as failed instead of missing.
	[3aaeeebd924c]

	* plugins/sudoers/check.c, plugins/sudoers/defaults.c:
	Sprinkle a few more debugging printfs.
	[f7a40f9985cf]

	* plugins/sudoers/sudoreplay.c:
	Fix replaying sessions that contain input logs. When the inter-
	record timeout expires we need to read the next record if there is
	nothing to output.
	[443b329ddc60]

	* doc/visudo.cat:
	regen
	[7ace4ac32116]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Fix typo (Auguest vs. August). From David Pocock.
	[98a792ff1c90]

2017-08-31  Todd C. Miller

	* plugins/sudoers/sudo_nss.c:
	Go back to returning true from display_privs() on non-error. This
	results in "sudo -U otheruser -l" exiting with a status of 0 even
	when otheruser is not allowed to run commands. This is appropriate
	since the "sudo -l" command was successful. This does not change the
	exit value when otheruser runs "sudo -l" themselves, the exit status
	will be 1 since that user is not allowed to run commands. Requested
	by Radovan Sroka.
	[055b78015fcb]

	* plugins/sudoers/ldap.c:
	Fix the pass2 ldap query string when no search filter is defined.
	Due to the addition of "(sudoUser=*)" to the query we always need
	the AND operator, even if no search filter is present.
	[631243487d27]

2017-08-29  Todd C. Miller

	* src/exec_nopty.c:
	Don't forward SIGINFO to the child when it is send by the kernel
	(not another user process). This is consistent with the handling of
	other keyboard-generated signals such as SIGINT, SIGQUIT and
	SIGTSTP. Bug #796
	[29603b0a4315]

2017-08-23  Todd C. Miller

	* sudo.pp:
	Fix path to LICENSE and NEWS files that get used in the installer.
	Previously, the installed versions were used instead of the ones in
	the destdir.
	[689a5806f2de]

2017-08-20  Todd C. Miller

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/fi.mo,
	po/fi.po:
	sync with translationproject.org
	[32a0f3bbba31]

2017-08-18  Todd C. Miller

	* po/es.mo, po/es.po:
	sync with translationproject.org
	[bfa5659d66f2]

2017-08-12  Todd C. Miller

	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo,
	po/it.po:
	sync with translationproject.org
	[05cd6ff68a4b]

2017-08-11  Todd C. Miller

	* NEWS:
	Preserving environment variables on the command line was bug #279
	[46f2c7931a84]

2017-08-10  Todd C. Miller

	* MANIFEST, NEWS, doc/CONTRIBUTORS, po/fur.mo, po/fur.po:
	Add Friulian translation for sudo from Fabio Tomat via
	translationproject.org
	[77fdb76e83c8]

2017-08-08  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
	po/cs.po, po/fr.mo, po/fr.po, po/ko.mo, po/ko.po, po/nb.mo,
	po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo,
	po/sr.po, po/sv.mo, po/sv.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
	po/zh_CN.po:
	sync with translationproject.org
	[0f18e2f30ff5]

2017-08-04  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	In the Runas example that uses "boulder" make it clear that
	"boulder" is a host name.
	[6bca59aa5579]

2017-08-03  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[9bb78048656f]

	* NEWS, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	src/parse_args.c:
	Allow the user to specify a list of environment variables to
	preserve. This adds an option paramter to the --preserve-env option,
	a comma-separated list of variable names.
	[a6bc511a2e81]

2017-08-01  Todd C. Miller

	* INSTALL, NEWS, config.h.in, configure, configure.ac,
	doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
	Replace tty_tickets option with timestamp_type which can be global,
	ppid or tty. Defaults to tty (no change in behavior). Some users
	want the ppid behavior.
	[426161a2e06f]

	* lib/util/Makefile.in, plugins/sudoers/Makefile.in:
	regen
	[b396e70a4a8b]

	* plugins/sudoers/sudoers.c:
	Don't send email about an unresolvable host name if fqdn is enabled
	and the user specified the run host via the -h flag.
	[59d7a8743943]

2017-07-31  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	fix playback of stdout/stderr without embedded carriage returns
	[f1a5b47be2db]

2017-07-28  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Avoid unused variable warning when sasl is not used.
	[3010fd3c5a7f]

	* INSTALL, configure, configure.ac:
	Add support for --enable-sasl and --disable-sasl to make it possible
	to enable/disable support for LDAP with SASL authentication. Sudo
	compiles in support for SASL authentiation by default if the
	ldap_sasl_interactive_bind_s() function is detected. Bug #788
	[cf94d407d576]

	* NEWS:
	List the correct pattern ("*=()*") in the env_delete description.
	Use pseudo-tty instead of pseudo terminal for consistency.
	[f2df0baea2f0]

2017-07-27  Todd C. Miller

	* lib/util/closefrom.c:
	Include pathnames.h for /dev/fd on FreeBSD and Mac OS X.
	[b190dc607277]

	* NEWS:
	update for 1.8.21
	[a3a38f6cba66]

	* src/exec_pty.c:
	No need to call sudo_ev_del() before sudo_ev_free(); sudo_ev_free()
	will delete the event from its base before freeing it.
	[ebf3dedcba5c]

	* src/exec_pty.c:
	Terminate the command if an I/O log function returns 0 or -1. This
	was mistakenly removed by 25b7fd056614 in Sudo 1.8.18 with the
	removal of the ignore_iolog_errors variable.
	[e1dd18d95815]

	* plugins/sudoers/sudoreplay.c:
	Quiet a coverity false positive.
	[b7a9c9e35fd0]

	* plugins/sudoers/sudoreplay.c:
	Change to a single event loop in sudoreplay and use signal events.
	[7320de46cf48]

2017-07-21  Todd C. Miller

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	start new sentences on a new line
	[ae35ab253de5]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Clarify how the variable prompt options interact with each other and
	PAM.
	[342b936c4aaa]

	* plugins/sudoers/sudoers.c:
	Don't set passprompt_override when SUDO_PROMPT is present. This
	effectively reverts ed77d255f383.

	We treat the SUDO_PROMPT environment variable similar to passprompt
	in sudoers: it will only override a PAM prompt if the PAM prompt is
	either "Password:" or "username's Password:".
	[6dad2bd126d1]

2017-07-20  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/logging.c:
	Add syslog_pid sudoers option to log sudo's process ID when logging
	via syslog. This is disabled by default to match historic behavior.
	[f4dc29b0052c]

	* plugins/sudoers/auth/pam.c:
	When deciding which prompt to use (PAM's or sudo's) treat the PAM
	prompt "username's Password:" as equivalent to "Password:". Some PAM
	modules (on AIX at least) use this prompt.
	[96651906de42]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
	Add missing argument to a few of the defaults strings in the "sudo
	-V" output.
	[44546c4b87c3]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/visudo.c:
	When examining environment variables or variables passed in from the
	front-end, ignore variables with no value specified.
	[8537a7fc6190]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Document that "-p prompt" overrides SUDO_PROMPT.
	[d2e6b518d00d]

	* plugins/sudoers/sudoers.c:
	Enable passprompt_override by default if SUDO_PROMPT is present in
	the environment. This is consistent with how "sudo -p prompt" is
	handled.
	[ed77d255f383]

2017-07-17  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	When reading a single character via a switch() use "default: instead
	of "case 1:" to quiet a coverity warning.
	[ddcfc40159e4]

	* plugins/sudoers/sudoreplay.c:
	Initialize ch in getsize_cb() in case we are called with the wrong
	initial state.
	[a31431c59e14]

	* plugins/sudoers/sudoreplay.c:
	remove unused variable
	[488054411049]

	* plugins/sudoers/visudo.c:
	Call install_sudoers() even when doedit is false. If a file in a
	#includedir has a syntax error it will still have been edited and we
	need to install the edited temp file.
	[ab833e2d1791]

	* plugins/sudoers/visudo.c:
	Reparse sudoers if a new #include file was added. Otherwise the new
	file will not get its syntax checked. Bug #791
	[e584dc8bf306]

2017-07-14  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	don't restore the cursor when setting terminal size, we don't want
	the cursor to move
	[9cbcb3372bcd]

	* plugins/sudoers/sudoreplay.c:
	Read the xterm terminal size using an event so we can easily time
	out if needed.
	[634524476741]

	* lib/util/event.c, src/exec_nopty.c, src/exec_pty.c:
	If we free the default base in sudo_ev_base_free(), reset the
	default base to NULL.
	[2a8f7938618b]

2017-07-13  Todd C. Miller

	* include/sudo_event.h, lib/util/event.c, lib/util/util.exp.in,
	src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
	Add the ability to set a default event base, to be used by plugins
	which don't have access to the event base.
	[dc159ea98b25]

	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	plugins/sudoers/sudoreplay.c:
	Allow sudoreplay to adjust the window size on xterm-like terminals.
	[3358b1a9f01c]

2017-07-12  Todd C. Miller

	* lib/util/term.c:
	Clear input, output, control and local flags before copying them
	from the source terminal. Otherwise, flags that are disabled in the
	source terminal may still be enabled in the destination.
	[ead41242b820]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_plugin.h, src/exec_pty.c:
	Pass window size change events to the plugin.
	[529b5c9d16a4]

	* plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
	Log window size change events in the sudoers I/O plugin. Let
	sudoreplay parse a timing file with window change events (currently
	ignored).
	[a67f4627dfa7]

	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
	include/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Remove pointless subshells in targets that simply change the
	directory and execute a command. The command is already run in a
	shell so there is no need to execute a subshell in this case.
	[e57639cb2f97]

2017-07-10  Todd C. Miller

	* src/sudo.c:
	Store the debug instance ID for I/O plugins too. Now iolog_open() is
	consistent with policy_open().
	[519abb3c09d0]

2017-06-29  Todd C. Miller

	* config.h.in, configure, configure.ac, lib/util/mktemp.c:
	Use getentropy() in mkstemp/mkdtemp replacement.
	[8d8e45266858]

	* configure, configure.ac, lib/util/closefrom.c, lib/util/mktemp.c,
	pathnames.h.in, src/exec_pty.c, src/get_pty.c, src/ttyname.c:
	Use _PATH_DEV consistently
	[ca10a91539e0]

2017-06-15  Todd C. Miller

	* lib/util/term.c:
	When copying terminal settings from one tty to another only copy a
	subset of the flags. Sudo now copies the same set of flags that
	OpenSSH uses, which should be safe.
	[2f12bc7a87d1]

	* src/exec_monitor.c, src/exec_nopty.c:
	Add debug warning when we have wait status but don't overwrite the
	existing cstat.
	[5ae8f8e75104]

	* src/exec_monitor.c:
	Better handling of SIGCONT from in command in the monitor. It is
	useful to know when the command continued but we don't want to
	inform the parent or store the wait status in this case. Fixes a
	hang after multiple suspends on Linux.
	[9cdbbb7ff3dd]

2017-06-09  Todd C. Miller

	* plugins/sudoers/parse.h:
	avoid padding in struct cmndspec
	[2529551a9c2d]

2017-06-07  Todd C. Miller

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in:
	Fix the man section of sudo_plugin in cross-references.
	[f964de570403]

2017-06-05  Todd C. Miller

	* src/sudo_edit.c:
	Don't treat an unchanged file as an error. From Xin Li.
	[503e04f7856e]

	* src/sudo_edit.c:
	sudo_edit() must return a wait status but if there is an error, or
	even if no changes were made to the file, it was returning 1 instead
	which would be interpreted as the command having received SIGHUP.
	Use the W_EXITCODE() to construct a proper wait status in the error
	case too.
	[62515bd6c64c]

2017-06-03  Todd C. Miller

	* src/ttyname.c:
	Avoid sign extension when assigning the value of tty_nr in
	/proc/self/stat on Linux. It is an unsigned int value that is
	printed as a signed int but dev_t is unsigned long long. We need to
	cast to unsigned int before assigning to a dev_t.
	[c198d1317560]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/env.c:
	Instead of hard-coding a check for bash functions in
	env_should_delete(), use a "*=()* " pattern in
	initial_badenv_table[] to match them instead. This allows the user
	to remove the check via env_delete.
	[90c4dfd1d3a3]

2017-06-02  Todd C. Miller

	* INSTALL.configure, configure.ac, doc/sudo_plugin.cat,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, mkpkg, sudo.pp:
	Mac OS X -> macOS
	[08f793d1f496]

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	devsearch is ignored on BSD, macOS and Solaris
	[b041a1d64eda]

2017-06-01  Todd C. Miller

	* lib/util/event.c:
	Move the bits to fill in the new event base to sudo_ev_base_init(),
	which is not currently exported.
	[9be46693bed1]

2017-05-31  Todd C. Miller

	* src/ttyname.c:
	A command name may also contain newline characters so read
	/proc/self/stat until EOF. It is not legal for /proc/self/stat to
	contain embedded NUL bytes so treat the file as corrupt if we see
	any. With help from Qualys.

	This is not exploitable due to the /dev traversal changes in sudo
	1.8.20p1 (thanks Solar!).
	[9ad60fe663e5]

	* NEWS:
	Sudo 1.8.20p2
	[39f199a38383]

2017-05-30  Todd C. Miller

	* src/selinux.c:
	After opening a tty device, fstat() and error out if it is not a
	character device.
	[e03cfa98f2b6]

	* INSTALL, configure, configure.ac, doc/sudo.conf.cat,
	doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, include/sudo_conf.h,
	lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in,
	src/ttyname.c:
	Add a new "devsearch" Path setting to sudo.conf for configuring the
	/dev paths to traverse instead of hard-coding a list in ttyname.c
	The default value can be set at configure time.
	[7ab1be502dc3]

	* src/ttyname.c:
	Use /proc/self consistently on Linux. As far as I know, only AIX
	doesn't support /proc/self.
	[ef737b5d4ed8]

2017-05-29  Todd C. Miller

	* NEWS, configure:
	Sudo 1.8.20p1
	[c34da84ae8e4]

	* src/ttyname.c:
	Fix for CVE-2017-1000367, parsing of /proc/pid/stat on Linux when
	the process name contains spaces. Since the user has control over
	the command name this could be used by a user with sudo access to
	overwrite an arbitrary file. Thanks to Qualys for investigating and
	reporting this bug.

	Also stop performing a breadth-first traversal of /dev when looking
	for the device. Only the directories specified in search_devs[] are
	checked.
	[b5460cbbb11b]

2017-05-23  Todd C. Miller

	* lib/util/event_select.c:
	Fix potential memory leak on reallocarray() error. Coverity CID
	169639
	[c303e6eecc78]

	* plugins/sudoers/bsm_audit.c:
	Only fall back to deprecated getaudit() on FreeBSD. Fixes compiler
	warnings on macOS.
	[18f4699e417c]

	* mkpkg:
	Use clang on macOS if present
	[a963454d1b9e]

	* sudo.pp:
	fix paths to LICENSE and NEWS files for macOS packages
	[47103614311b]

2017-05-18  Todd C. Miller

	* src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
	To avoid overwriting existing command status, check for CMD_INVALID
	instead of CMD_ERRNO or CMD_WSTATUS.
	[5fec1fa81482]

	* plugins/sudoers/regress/env_match/data:
	Add some patterns that could result in exponential run time for
	poorly written '*' matching.
	[98f4d085c919]

2017-05-15  Todd C. Miller

	* lib/util/ttysize.c, src/exec_pty.c:
	On HP-UX 11.0, sys/ioctl.h is not sufficient to make struct winsize
	visisble, we need termios.h too.
	[211510123ad6]

	* lib/util/ttysize.c:
	Always used TIOCGWINSZ.
	[82e679b8cd00]

	* src/exec.c, src/sudo.c, src/sudo.h:
	Move exec_setup(), unlimit_nproc() and restore_nproc() from sudo.c
	to exec.c.
	[9127e50cf4ec]

	* src/sudo_edit.c:
	No need to include selinux.h here.
	[8bb07a8f4203]

	* plugins/sudoers/regress/env_match/check_env_pattern.c:
	Fix compilation error on macOS
	[bc5e5c3d44f2]

2017-05-12  Todd C. Miller

	* config.h.in, configure, configure.ac, include/sudo_compat.h,
	lib/util/term.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/visudo.c, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c, src/signal.c, src/sudo.c, src/tcsetpgrp_nobg.c,
	src/tgetpass.c:
	Remove use of non-standard sigaction_t
	[81a57af4c7a9]

	* plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c:
	Use debug logging instead of ignore_result() where possible.
	[9c9fde5b52cc]

	* Makefile.in:
	Add cov-build and cov-submit targets for checking with coverity.
	[bf88b4439c7b]

	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/ldap.c:
	Avoid a clang analyzer false positive.
	[9f4f915a2e28]

	* plugins/sudoers/sudoreplay.c:
	Restore the error message for sudo_ev_add() failure.
	[267305606577]

	* include/sudo_event.h, lib/util/event.c:
	Add support for signal events in sudo's event subsystem
	[0d48fab2dec8]

	* include/sudo_event.h, lib/util/event.c:
	Handle the possibility of the siginfo parameter in sa_sigaction
	handler being NULL.
	[0835ca553426]

	* src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c,
	src/signal.c, src/sudo.h, src/sudo_exec.h:
	Use SUDO_EV_SIGNAL and SUDO_EV_SIGINFO instead of managing the
	signal_pipe explicitly.
	[841e2ca6a4a6]

	* lib/util/event.c:
	Activate the sigevents inside the signal pipe callback itself and
	call signal_pipe_cb() directly if the backend returns EINTR and the
	signal_caught flag is set. This has the side effect of processing
	signal events in the current pass of the event loop instead of the
	next one.
	[d94e202b8e57]

	* src/signal.c:
	Add SIGCHLD to the list of signals we install sudo_handler() for.
	Otherwise, it is possible for the command to exit before the SIGCHLD
	handler is installed. POSIX says that signals that are ignored by
	default are still ignored even if the signal mask would block them.
	We need to have a handler installed for SIGCHLD before the fork().
	[a26f04459c37]

	* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
	plugins/sudoers/env_pattern.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/env_match/data, plugins/sudoers/sudoers.h:
	Add support for multiple '*' in env_keep, env_check and env_delete
	entries.
	[b55270a8ecc4]

	* configure, configure.ac:
	sudo 1.8.21
	[76aa5455903e]

	* include/sudo_compat.h, plugins/sudoers/timestamp.c,
	src/tcsetpgrp_nobg.c, src/tgetpass.c:
	Remove use of the non-standard SA_INTERRUPT
	[3ec05ffb0dcb]

	* include/sudo_queue.h:
	Add workaround for clang static analyzer being confused by
	LIST_REMOVE and TAILQ_REMOVE.
	[ff8d278e8526]

2017-05-11  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	Fix "make check" when openssl or gcrypt is used. Bug #787
	[7968686742e2]

2017-05-10  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	Only display string version of errno if sudo_ev_add() fails for now
	[24244a02c93f]

2017-05-08  Todd C. Miller

	* NEWS:
	update
	[8e3359235e24]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Be clear that #includedir diverts control to the files in the
	specified directory and, when parsing of those files is complete,
	returns control to the original file. Bug #775
	[f68769f15356]

2017-05-07  Todd C. Miller

	* plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/sr.mo,
	po/sr.po:
	sync with translationproject.org
	[4552eaf8fabf]

2017-05-05  Todd C. Miller

	* NEWS:
	update
	[53d1c9424816]

	* src/exec_monitor.c:
	Fix a hang introduced in the last commit. Don't close the pty slave
	until after we have the controlling tty.
	[c9c19beb60ed]

	* src/exec_monitor.c, src/exec_pty.c:
	If any of std{in,out,err} are not hooked up to a tty only interpose
	ourselves with a pipe if the plugin will actually log the data. This
	avoids a problem with non-interactive commands where no tty is
	present where sudo will consume stdin even when log_input is not
	enabled in sudoers.
	[a79edafdd307]

	* NEWS:
	update
	[144ff056cd01]

	* doc/TROUBLESHOOTING:
	Update based on information from Michael Felt.
	[7ea34380ba1d]

2017-05-04  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	In check_input() when switch()ing on the return value of read(), use
	the default label instead of 1 for the success case. It is only
	reading a single byte so the two are equivalent but it reads better
	using default.
	[860682b86af5]

	* plugins/sudoers/sudoreplay.c:
	Check sudo_ev_add() return value. Coverity CID 168362
	[b69779d3801f]

	* plugins/sudoers/iolog.c:
	Add io_open() wrapper for open(2) that retries with PERM_IOLOG if
	open(2) fails with EACCES. Use io_open() instead of duplicate copies
	of the same fallback code.
	[09f7992f681b]

	* plugins/sudoers/iolog.c:
	Don't retry the open() if set_perms() fails.
	[0808a9157037]

	* plugins/sudoers/iolog.c:
	Fix typo (fd2 vs. fd) caught by coverity, CID 168359.
	[f68df770e06f]

	* po/hu.mo, po/hu.po:
	sync with translationproject.org
	[ebef76dc27be]

2017-05-03  Todd C. Miller

	* INSTALL:
	Warn people not to use --enable-asan in production.
	[ecb5c1143ef4]

	* configure, configure.ac, src/Makefile.in:
	Move the invocation of check_noexec into the main "check" target but
	only run it if not cross compiling and whe CHECK_NOEXEC is not
	empty.
	[cba8fd3337c2]

	* src/Makefile.in:
	Move @CHECK_NOEXEC@ to TEST_PROGS so it gets cleaned up properly.
	[efaa9c44e749]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Move syslog_maxlen to the "Integers" section. Move syslog_goodpri
	and syslog_badpri to the "Strings at can be used in a boolean
	context" section.
	[342dfe9dd37c]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Fix a pasto that resulted in an extra (empty) syslog_goodpri list
	entry.
	[eb0563c5b8dc]

	* MANIFEST, plugins/sudoers/regress/sudoers/test20.in,
	plugins/sudoers/regress/sudoers/test20.json.ok,
	plugins/sudoers/regress/sudoers/test20.out.ok,
	plugins/sudoers/regress/sudoers/test20.toke.ok,
	plugins/sudoers/regress/sudoers/test21.in,
	plugins/sudoers/regress/sudoers/test21.json.ok,
	plugins/sudoers/regress/sudoers/test21.out.ok,
	plugins/sudoers/regress/sudoers/test21.toke.ok:
	Add tests for parsing tuples and syslog options.
	[86f3da23b4df]

	* plugins/sudoers/defaults.c:
	Allow the syslog Defaults option to be used in a "true" boolean
	context and use the compiled in default log facility in this case.
	[4fab25217602]

	* plugins/sudoers/defaults.c:
	Allow a tuple to be set to boolean true. Regression introduced by
	refactor of set_default_entry() in sudo 1.8.18.
	[9b38728deb27]

2017-05-01  Todd C. Miller

	* doc/TROUBLESHOOTING:
	Replace the list of "dangerous" environment variables and explain
	how sudo handles the environment instead.
	[966cf87d1bed]

2017-04-28  Todd C. Miller

	* lib/util/glob.c:
	Fix exponential behavior in glob() with respect to multiple '*'. See
	https://research.swtch.com/glob Adapted from https://perl5.git.perl.
	org/perl.git/commit/33252c318625f3c6c89b816ee88481940e3e6f95
	[3d187b0fb764]

	* src/exec_pty.c:
	We no longer need to write to the tty if the command was killed by a
	signal. Sudo will terminate itself with the same signal the command
	died from. Unfortunately, we lose the "core dumped" bit since sudo
	itself will not dump core, but there doesn't appear to be a way
	around that.
	[1be331e0c4d4]

2017-04-27  Todd C. Miller

	* src/sudo.c:
	On Linux, if the command we ran dumped core, set PR_SET_DUMPABLE to
	0. This will prevent sudo itself from dumping core in this case.
	[cf5a5793ebf4]

	* INSTALL:
	Update path to sudo_noexec.so
	[14e995667c8b]

	* src/sudo.c:
	If the command terminated due to a signal, sudo will send that same
	signal to itself so the parent shell knows the command died from a
	signal. However, we don't want sudo itself to dump core.
	[8d823e6ec41e]

2017-04-26  Todd C. Miller

	* NEWS:
	sync
	[1704e6005b07]

	* src/sudo.c:
	The fix for Bug #722 contained a typo/thinko that resulted in the
	exit status being 0 when a command was killed by a signal other than
	SIGINT. This fixes the signal handler setup so sudo will terminate
	with the same signal as the command. Bug #784.
	[50b988d0c97f]

	* sudo.pp:
	Better check for /etc/rc.d/rc2.d/S90sudo on AIX
	[93de5e34a6a3]

	* src/Makefile.in:
	Don't install the rc.d link when installing to a DESTDIR. DESTDIR is
	generally only set when installing to a temporary directory for
	packaging in which case the link should be made in a post-install
	script.
	[4200ef757b56]

	* plugins/sudoers/Makefile.in, sudo.pp:
	In "make install", install sample sudoers file as /etc/sudoers.dist
	and copy it to /etc/sudoers if there is no existing /etc/sudoers.
	Packages either contain /etc/sudoers (RPM and Debian) or
	/etc/sudoers.dist (everything else).
	[40f8e5806d71]

	* Makefile.in, mkdep.pl:
	Allow "make dist" and "make depend" to work for out of tree builds.
	[7b7ba3f38abb]

2017-04-24  Todd C. Miller

	* lib/zlib/Makefile.in:
	Add missing $(srcdir) prefix to shlib_exp definition.
	[c63e8e73507e]

2017-04-21  Todd C. Miller

	* include/sudo_compat.h:
	Fix typo in killpg macro.
	[f7392d21c915]

	* include/sudo_compat.h:
	Fix the killpg macro for systems without killpg() in libc.
	[ba0c5162bc4a]

2017-04-20  Todd C. Miller

	* src/exec_pty.c:
	Use the standard idiom for popping all entries from a tail queue.
	The llvm checker gets confused by TAILQ_REMOVE and generate use-
	after-free false positives.
	[a88cacd23f09]

	* src/exec_monitor.c, src/exec_nopty.c:
	rewrite errpipe callbacks
	[5c75729cea19]

	* src/exec_monitor.c, src/exec_nopty.c:
	use pipe2() with O_CLOEXEC instead of pipe() + fcntl() and
	FD_CLOEXEC
	[c8c9cc31c43a]

	* src/exec_pty.c:
	init io_pipe[][] to -1, not 0
	[71012940a8f1]

2017-04-19  Todd C. Miller

	* plugins/sudoers/sssd.c:
	In sudo_sss_check_user() it is not possible for handle to be NULL.
	[de41ba76a4ce]

	* plugins/sudoers/sssd.c:
	Fix a use after free when the fqdn sudoOption is set and no hostname
	value is present in sssd.conf.
	[716a7c502cc0]

	* src/sudo.c:
	Avoid unused variable when getgrouplist_2() is available. It would
	be nicer to just provide getgrouplist_2() (or the equivalent) and
	avoid the ugly #ifdefs.
	[2c7ac21feb5f]

	* plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
	po/nb.po:
	sync with translationproject.org
	[e91a983f9de6]

2017-04-13  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	regen
	[790d9a05f585]

2017-04-12  Todd C. Miller

	* src/ttyname.c:
	In sudo_ttyname_scan() if dir is the empty string, set errno to
	ENOENT before returning.
	[f531ea6e489e]

2017-04-11  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Try to make it clear that when match_group_by_gid is enabled, groups
	in sudoers are looked up by group name instead of group ID. This
	doesn't usually cause problems, but if there are conflicting group
	entries (for example, from a local /etc/group file and an LDAP or AD
	group database), whether the group is resolved by name or ID can be
	used to work around conflicts.
	[fe3bfca4fcce]

2017-04-07  Todd C. Miller

	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/ja.mo,
	po/ja.po:
	sync with translationproject.org
	[94d36c45e345]

	* plugins/sudoers/regress/parser/check_digest.c:
	plug memory leak in check_digest
	[40aab9e6e365]

	* src/exec.c:
	Check return value of dispatch_pending_signals() in case we received
	SIGINT or SIGQUIT before executing the command.
	[218758d1560d]

2017-03-30  Todd C. Miller

	* configure, configure.ac:
	back out unintentional change to the version number
	[799b396c1c69]

2017-03-28  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
	po/cs.po, po/da.mo, po/da.po, po/de.mo, po/de.po, po/fr.mo,
	po/fr.po, po/hr.mo, po/hr.po, po/it.mo, po/it.po, po/pl.mo,
	po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo,
	po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[04c4a3ec233d]

2017-03-27  Todd C. Miller

	* configure, configure.ac, plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_digest.out.ok:
	Make check_digest test sudo_filedigest() itself instead of the
	underlying SHA2 functions. That way we can test it regardless of
	whether we use sudo's SHA2 functions or a library version.
	[9834b37f1fb0]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that commands matched by "sudo ALL" are not affected by
	fdexec.
	[7cc3b770a2ff]

2017-03-24  Todd C. Miller

	* NEWS:
	Update for 1.8.20
	[14a09000c1dc]

	* plugins/sudoers/po/sudoers.pot:
	regen for restricted_env_file
	[81290b370c95]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Mention that iolog_user is useful for NFS.
	[9c8f9dfdebf0]

2017-03-23  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Only retry mkdir or create with PERM_IOLOG if errno is EACCES. Also
	always use PERM_IOLOG for mkdtemp() since we cannot retry if it
	fails. Since we are guaranteed to create a new directory there's no
	real need to try w/o PERM_IOLOG in this case.
	[c3c67d78e46a]

2017-03-22  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Add fallback to PERM_IOLOG when making the final componenet of
	iolog_dir.
	[72924e4c8f5d]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/env.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Add restricted_env_file which is like env_file but subject to the
	same restrictions as the user's own environment.
	[ec887cc57a8b]

	* plugins/sudoers/iolog.c:
	quiet a warning on older zlib
	[bcd3cac968a2]

	* plugins/sudoers/iolog.c, plugins/sudoers/timestamp.c:
	cast mode_t to unsigned int when printing with %o
	[f9ca9ead134e]

2017-03-21  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[f62e81f74d10]

	* plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
	plugins/sudoers/timestamp.c:
	Set umask temporarily when creating files instead of changing the
	mode after the fact. This is slightly less error prone.
	[a9b4cf336b73]

	* plugins/sudoers/iolog.c:
	remove now-useless variable
	[9a36b2449ac4]

	* plugins/sudoers/mkdir_parents.c:
	Don't set owner/mode on directories that already exist, only on
	newly-created ones.
	[2b616be0e165]

	* plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c:
	Explicitly set the file mode of I/O log files so the mode is not
	affected by the invoking user's umask.
	[ec7d5dd47b6b]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/iolog.c, plugins/sudoers/mkdir_parents.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/timestamp.c:
	Add PERM_IOLOG so we can create I/O log files on an NFS-mounted
	filesystem where root is remapped to an unprivileged user.
	[01804a971cd5]

	* plugins/sudoers/mkdir_parents.c:
	Restore the '/' in the path before returning if we encounter an
	error.
	[bb12cfce16fd]

	* plugins/sudoers/sssd.c:
	zero out nss->handle after it has been freed to make sure we cannot
	free it twice
	[00d5340b7541]

2017-03-20  Todd C. Miller

	* plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/timestamp.c:
	When creating the timestamp directory, use the group of the
	timestamp owner instead of inheriting the group of the parent
	directory.
	[7a4a10cafe08]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
	Add iolog_flush option.
	[96baa17409cf]

2017-03-17  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/iolog.c:
	Don't allow the user to specify an I/O log file mode that sudo can't
	read or write to. I/O logs must always be readable and writable by
	the owner.
	[b32e2ef04905]

2017-03-14  Todd C. Miller

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
	doc/visudo.cat:
	Regenerate the cat pages with newer mandoc which formats double
	quotes as "foo" instead of ``foo''.
	[5f14e527ae05]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Make it clear that I/O logs will be complete even if the command run
	by sudo is terminated by a signal. The I/O log buffering just
	prevents the logs from being displayed in real-time as the command
	is running.
	[072fd419ac1e]

2017-03-13  Todd C. Miller

	* src/exec.c, src/exec_monitor.c, src/signal.c, src/sudo.h:
	Replace pipe_nonblock() with pipe2()
	[c106b62d7835]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, lib/util/pipe2.c,
	mkdep.pl:
	Emulate pipe2() on systems without it.
	[5a183dd380f0]

2017-03-10  Todd C. Miller

	* plugins/sudoers/auth/kerb5.c:
	Fix declaration of sudo_krb5_verify() in the case where
	krb5_verify_user() is not present. Bug #777
	[eafd4e2d7c7f]

	* plugins/sudoers/rcstr.c:
	Use HAVE_STDBOOL_H to detect systems w/o stdbool.h. Bug #778
	[dbac86777429]

2017-03-09  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[2fc489ddc143]

	* src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
	Move SIGCHLD handling into handle_sigchld() functions and move the
	remaining bits of dispatch_signal() into signal_pipe_cb()
	[b120f5cfa8cc]

2017-03-08  Todd C. Miller

	* src/utmp.c:
	e_termination should be set to the value of WTERMSIG not WEXITSTATUS
	[95f37078ae8f]

2017-03-07  Todd C. Miller

	* MANIFEST, src/Makefile.in, src/exec_nopty.c, src/sudo.h,
	src/tcsetpgrp_nobg.c:
	Add tcsetpgrp_nobg() which acts like tcsetpgrp() but returns -1 for
	a background process. This is safer than blocking SIGTTOU which
	would cause tcsetpgrp() to succeed in the background.
	[7ab75c47b8bf]

2017-03-06  Todd C. Miller

	* src/exec_nopty.c:
	Prevent sudo from receiving SIGTTOU when it tries to restore the
	controlling terminal. There appears to be a race with the shell
	(bash) which we may lose.
	[aab018fb9940]

2017-03-03  Todd C. Miller

	* plugins/sudoers/timestamp.c, src/exec_monitor.c:
	Add some casts to quiet gcc warnings on Solaris and remove a now-
	useless debug printf.
	[16c862eab0ce]

	* src/exec_pty.c:
	change debug info when suspending sudo
	[f5c5ee07f8e3]

	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_monitor.c,
	src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
	Reorganize the command execution code to separate out the pty and
	non-pty code paths into their own event loops. The non-pty exec code
	is now contained in exec_nopty.c and the pty exec code is split
	between exec_pty.c (parent process) and exec_monitor.c (session
	leader). This results in a small bit of duplicated code but improves
	readability. Some of the duplicated code will fall out in future
	changes to the event subsystem (the signal pipe).
	[fe239d2a3cbd]

2017-02-26  Todd C. Miller

	* lib/util/ttysize.c, src/exec_pty.c:
	Remove support for the TIOCGSIZE ioctl. Systems that use this rather
	than TIOCGWINSZ are too old for sudo to build on anyway.
	[0179b16c70f9]

2017-02-24  Todd C. Miller

	* src/exec.c, src/exec_pty.c:
	Set the child pid to -1 after we've waited for it and take care to
	avoid killing pid -1. This makes it a bit more explicit and removes
	the need for a separate variable to track the child's status. Sudo
	already stops processing signals after it receives SIGCHLD so it is
	not vulnerable to CVE-2017-2616.
	[1123704858ae]

2017-02-22  Todd C. Miller

	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
	Update the description of strict mode to current reality. Aliases
	haven't needed to be defined before they are used since sudo 1.7.
	[9dc4ce4ec538]

	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
	plugins/sudoers/regress/visudo/test2.err.ok,
	plugins/sudoers/regress/visudo/test3.err.ok,
	plugins/sudoers/visudo.c:
	Go back to using a Warning/Error prefix in the message printed to
	stderr for alias problems. Requested by Tomas Sykora.
	[ad4dc6e34222]

2017-02-21  Todd C. Miller

	* plugins/sudoers/filedigest.c, plugins/sudoers/filedigest_openssl.c:
	fix copyright years
	[b9f013f95bb2]

2017-02-20  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/digestname.c,
	plugins/sudoers/filedigest.c, plugins/sudoers/ldap.c,
	plugins/sudoers/match.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c, plugins/sudoers/visudo_json.c:
	Move the file digest code out of match.c and into filedigest.c.
	Inspired by RedHat changes that used libgcrypt. Also add
	digest_type_to_name() to map a sudo digest type (int) to a name
	(string) and use it.
	[9213d8c94b8f]

	* INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_openssl.c:
	Add support for using the message digest functions in OpenSSL
	instead of sudo's own SHA2 implementation.
	[d77639c97e43]

	* INSTALL, MANIFEST, configure, configure.ac, mkdep.pl,
	plugins/sudoers/Makefile.in, plugins/sudoers/filedigest_gcrypt.c:
	Add support for using the message digest functions in libgcrypt
	instead of sudo's own SHA2 implementation.
	[0259467c38dd]

	* plugins/sudoers/gmtoff.c:
	Check for gmtime() or localtime() returning NULL and just use a zero
	offset in that case. Should not be possible.
	[ed210dd8bf46]

2017-02-18  Todd C. Miller

	* plugins/sudoers/sudoers2ldif:
	Add support for ROLE, TYPE, PRIVS, LIMITPRIVS, TIMEOUT, NOTBEFORE
	and NOTAFTER.
	[d0310b017c78]

	* config.h.in, configure, configure.ac, plugins/sudoers/timestr.c:
	strftime() was in C89 so use it unconditionally.
	[87bf66aa18fd]

	* MANIFEST, config.h.in, configure, configure.ac, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_debug.h,
	lib/util/sudo_debug.c, lib/util/util.exp.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c,
	plugins/sudoers/gmtoff.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/sudoers/test19.in,
	plugins/sudoers/regress/sudoers/test19.json.ok,
	plugins/sudoers/regress/sudoers/test19.out.ok,
	plugins/sudoers/regress/sudoers/test19.toke.ok,
	plugins/sudoers/regress/visudo/test10.out.ok,
	plugins/sudoers/regress/visudo/test10.sh,
	plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Add NOTBEFORE and NOTAFTER command options similar to what is
	already available in LDAP.
	[3ba0f9567f83]

2017-02-16  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[f2876eadc1f5]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
	Bump version to 1.11 for timeout entry in settings[]
	[7b288e4bab93]

	* doc/sudo.conf.cat, doc/sudo_plugin.cat, doc/sudoers.ldap.cat,
	doc/sudoreplay.cat, doc/visudo.cat:
	regen
	[8c059a57d367]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in:
	Add a command line option to specify the command timeout, as long as
	sudoers does not specify a shorter time limit.
	[a8ef7f923d0a]

2017-02-15  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Better error message when the timeout value does not parse.
	[2360fb093e3e]

	* plugins/sudoers/timeout.c:
	set errno to ERANGE not EOVERFLOW on range error
	[9654e1acab0d]

2017-02-14  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	regen
	[46a124dd72aa]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h:
	Merge command tags, SELinux type/role and Solaris privs settings
	into "command options". This relaxes the order of things so tags and
	other options can be interspersed.
	[0970fd78cbe8]

	* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
	plugins/sudoers/mkdefaults, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
	plugins/sudoers/regress/sudoers/test17.in,
	plugins/sudoers/regress/sudoers/test17.json.ok,
	plugins/sudoers/regress/sudoers/test17.out.ok,
	plugins/sudoers/regress/sudoers/test17.toke.ok,
	plugins/sudoers/regress/sudoers/test18.in,
	plugins/sudoers/regress/sudoers/test18.json.ok,
	plugins/sudoers/regress/sudoers/test18.out.ok,
	plugins/sudoers/regress/sudoers/test18.toke.ok,
	plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/visudo_json.c:
	Add support for command timeouts in sudoers. After the timeout, the
	command will be terminated.
	[a36a748e9324]

	* doc/fixman.sh, doc/fixmdoc.sh, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h:
	Split out tags again so they must precede the command and not allow
	them to be mixed in with options.
	[e7e7d60316cc]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Only inherit SELinux role/type and Solaris privilege sets if the
	command does not include any. Previously, a command with only a role
	would inherit a type from the previous command which is not what was
	intended.
	[171a3ad972e7]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	List SELinux role/type for "sudo -l" with LDAP and SSSd backends.
	Also fix printing of the timeout.
	[740723a49ab5]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Plug some memory leaks found by ASAN.
	[08189098a5b6]

	* plugins/sudoers/Makefile.in:
	Only inhibit ASAN leak detector for tests that result in a parse
	error. The parser cannot currently clean up completely on error.
	[b2f82dcd2545]

	* plugins/sudoers/rcstr.c:
	supress cppcheck memory leak false positive
	[e0caf2275a44]

	* lib/util/strtoid.c:
	fix typo that prevented compilation on FreeBSD
	[27866f6a2b5e]

2017-02-13  Todd C. Miller

	* lib/util/Makefile.in:
	Link vsyslog.lo directly into vsyslog_test to make sure the syslog()
	stub gets called. Otherwise, the real syslog will get called via
	libutil on AIX.
	[693bc8411a98]

	* lib/util/regress/vsyslog/vsyslog_test.c:
	Fix final test with a format > 2048 bytes. Keep track of tests run
	in the syslog() stub so we can detect if the stub is not being
	called.
	[d10d784446c1]

	* lib/zlib/deflate.c:
	avoid redefining the MIN macro
	[45b7b0ba0f01]

	* plugins/sudoers/parse.h, plugins/sudoers/timestr.c:
	Include parse.h in timestr.c which is where function prototype
	lives.
	[3ec9ec84a84c]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix for including a sudoers file that begins with the letter 'i'.
	The hack to determine whether we are parsing an include or
	includedir is no longer safe now that relative include paths are
	permitted. Bug #776.
	[4d9691a43867]

2017-02-10  Todd C. Miller

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
	Display the value of syslog_maxlen in sudo -V output.
	[0841ad36531c]

2017-02-06  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
	Add ignore_unknown_defaults flag to ignore unknown Defaults entries
	in sudoers instead of producing a warning.
	[a7fdb44677dd]

2017-01-27  Todd C. Miller

	* plugins/sudoers/match.c:
	Always set the close-on-exec bit on the fd used to generate the
	digest (i.e. the command to run) on systems that lack fexecve(2).
	That way we don't need to explicitly close it using #ifdefs.
	[f840a22fac1c]

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ca.mo,
	po/ca.po, po/eo.mo, po/eo.po, po/sv.mo, po/sv.po:
	sync with translationproject.org
	[57e877674892]

	* NEWS:
	first updates for 1.8.20
	[118208688b08]

	* configure, configure.ac:
	sudo 1.8.20
	[6cba125ea903]

2017-01-25  Todd C. Miller

	* doc/LICENSE, lib/zlib/adler32.c, lib/zlib/compress.c,
	lib/zlib/crc32.c, lib/zlib/deflate.c, lib/zlib/deflate.h,
	lib/zlib/gzguts.h, lib/zlib/gzlib.c, lib/zlib/gzread.c,
	lib/zlib/gzwrite.c, lib/zlib/infback.c, lib/zlib/inffast.c,
	lib/zlib/inflate.c, lib/zlib/inflate.h, lib/zlib/inftrees.c,
	lib/zlib/trees.c, lib/zlib/uncompr.c, lib/zlib/zconf.h.in,
	lib/zlib/zlib.exp, lib/zlib/zlib.h, lib/zlib/zutil.c,
	lib/zlib/zutil.h:
	update zlib to version 1.2.11
	[75a563663083]

2017-01-23  Todd C. Miller

	* plugins/sudoers/match.c:
	Fix fdexec=never when a digest is present.
	[49d3ab5baad0]

2017-01-22  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/match.c:
	Add new fdexec sudoers setting to allow choose whether execve() or
	fexecve() is used.
	[6a7623aa9a64]

	* src/exec.c, src/exec_pty.c:
	Close execfd in parent processes where it is not needed.
	[f44e334d43e2]

2017-01-21  Todd C. Miller

	* plugins/sudoers/match.c:
	Add support for digest matching when the command is a glob-style
	pattern or a directory. For example:

	millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/
	millert ALL = sha224:TmUvLkp3a2txliSC2X6CiK42626qdKsH72m/PQ== /bin/*

	would only match /bin/ls (assuming the digest matches).

	Previously, only explicit path matches checked the digest.
	[d4f6822ba9bb]

2017-01-17  Todd C. Miller

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
	Add support for SASL_MECH in ldap.conf; Bug #764
	[d057bb7f2ddc]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Fix documentation bug, the contents of env_file have never been
	subject to env_keep or env_check. However, variables are only added
	if they have not already been preserved.
	[4483b1b44709]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	examples/sudoers:
	Safer example for rule that can change non-root passwords. GNU
	getopts allows options to follow arguments so we need to be able to
	deny things like "passwd root -q". From Paul "Joey" Clark. Bug #772
	[c809f1372811]

2017-01-16  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Don't overwrite the return value of ldap_sasl_interactive_bind_s()
	by the subsequent call to sudo_set_krb5_ccache_name(). From Paul
	Zirnik of SUSE.
	[448baff2b586]

	* plugins/sudoers/env.c:
	In sudo_unsetenv_nodebug(), decrement envp.env_len after removing
	the variable. From Paul Zirnik of SUSE.
	[3d87a008671c]

2017-01-15  Todd C. Miller

	* lib/util/Makefile.in:
	only run vsyslog_test if it exists
	[5323dfcfb009]

	* MANIFEST, configure, configure.ac, lib/util/Makefile.in,
	lib/util/regress/vsyslog/vsyslog_test.c:
	Add regress for vsyslog replacement.
	[1f767b8f5940]

2017-01-13  Todd C. Miller

	* configure, configure.ac:
	Define HAVE_NANOSLEEP if we find nanosleep in librt
	[ec8d949bf411]

	* configure, configure.ac:
	sudo_nanosleep not nanosleep in util.exp.in
	[18a3bca78962]

	* configure, configure.ac:
	add nanosleep to util.exp.in if needed
	[6ac2e9266d67]

	* NEWS, configure, configure.ac:
	sudo 1.8.19p2
	[9c15593a007a]

	* lib/util/vsyslog.c:
	Double the size of new_fmt[] and remove an extraneous break in the
	%m handling that was leftover from an earlier edit.
	[fcb28dc9cd4e]

	* lib/util/vsyslog.c:
	Fix typo, want vsnprintf not snprintf.
	[2717f2125ecd]

	* plugins/sudoers/logging.c:
	move va_start() in mysyslog()
	[b58ec40bbfc3]

	* plugins/sudoers/sudoers.c:
	Only treat failure of expand_iolog_path() as fatal if
	ignore_iolog_errors is not set.
	[1ba009311cf7]

2017-01-12  Todd C. Miller

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/Makefile.in, lib/util/nanosleep.c,
	mkdep.pl, src/exec_pty.c:
	When waiting for the parent to grant us the tty, use nanosleep
	instead of spinning to avoid hogging the CPU.
	[76335b380d7c]

	* src/sudo.c:
	Use ROOT_UID instead of 0
	[5ed03a4e0b0b]

2017-01-09  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	regen
	[99b26e2c523d]

2017-01-07  Todd C. Miller

	* MANIFEST, plugins/sudoers/interfaces.c,
	plugins/sudoers/regress/visudo/test9.out.ok,
	plugins/sudoers/regress/visudo/test9.sh, plugins/sudoers/visudo.c:
	Fix crash in visudo introduced in sudo 1.8.9 when an IP address or
	network is used in a host-based Defaults entry. Bug #766
	[ff9001f126b5]

2017-01-05  Todd C. Miller

	* configure, configure.ac, doc/LICENSE:
	Avoid using the system strnlen/strndup on AIX < 6. Even if configure
	correctly detects it is working on the build machine, the sudo
	package may be run on a system with an old libc were it is broken.
	[28d148db0aaa]

2016-12-20  Todd C. Miller

	* NEWS, configure, configure.ac:
	sudo 1.8.19p1
	[7bfd43fa5caf]

	* plugins/sudoers/defaults.c:
	Fix logic bug when matching syslog priority and facility.
	[576cc9eb850f]

	* doc/HISTORY:
	Dell spun off Quest so simplify the history by just talking about
	Quest and not Dell.
	[a66120495435]

2016-12-19  Todd C. Miller

	* doc/LICENSE:
	Fix copyright year
	[3122e55195a6]

	* NEWS:
	typo
	[ffe9e84928b6]

2016-12-18  Todd C. Miller

	* include/sudo_compat.h:
	HAVE_DECL_GETGROUPLIST_2 is always defined if HAVE_GETGROUPLIST_2
	is, we need to check its value, not whether it is defined.
	[849eb3113149]

2016-12-15  Todd C. Miller

	* plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po:
	sync with translationproject.org
	[abf5d356a33b]

2016-12-13  Todd C. Miller

	* configure, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo,
	po/sr.po:
	sync with translationproject.org
	[fec672d5a4c7]

	* config.h.in, configure.ac, include/sudo_compat.h,
	plugins/sudoers/pwutil_impl.c, src/sudo.c:
	Use getgrouplist_2() on macOS if available.
	[3bf58af56d18]

2016-12-03  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[3f4d52230317]

	* plugins/sudoers/interfaces.c:
	In set_interfaces() treat a parse error as fatal.
	[7d0048108b1d]

2016-12-02  Todd C. Miller

	* lib/util/regress/atofoo/atofoo_test.c:
	Fix a clang warning on macOS
	[58e9d192e907]

2016-12-01  Todd C. Miller

	* plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/ko.mo,
	po/ko.po, po/vi.mo, po/vi.po:
	sync with translationproject.org
	[99cce0f5fddc]

	* NEWS:
	update for 1.8.19b2
	[18cfc9b8b8e7]

	* plugins/sudoers/timestamp.c:
	Ignore a boot time that is in the future, which can happen when the
	clock is corrected down after boot. Otherwise, the timestamp file
	will be unlinked each time sudo is run and a password is always
	required.
	[dd3b2b7ae709]

2016-11-30  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
	Allow syslog priority to be negated or set to "none" to disable
	logging successes or failures.
	[624eddac4ab1]

	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
	plugins/sudoers/sudoreplay.c:
	Allow stdin and ttyin to be displayed too. The only one that is
	really useful in sudoreplay is stdin when input is from a pipe.
	[5aa8b3a90c84]

	* src/regress/noexec/check_noexec.c:
	Solaris 10 wordexp() returns 127 on execve() failure like popen()
	does.
	[f927c50dda17]

	* config.h.in, configure, configure.ac, include/sudo_debug.h,
	lib/util/regress/atofoo/atofoo_test.c, lib/util/strtoid.c,
	lib/util/sudo_debug.c, lib/util/util.exp.in:
	id_t is 64-bits on FreeBSD so use strtoll() there. Fixes the strtoid
	regress.
	[448a9857e89f]

2016-11-29  Todd C. Miller

	* NEWS:
	fix typo
	[92ea657a87f5]

	* plugins/sudoers/sudoers.c:
	Fix the "all" setting for verifypw and listpw; nopass would never be
	true even if all the user's entries had the NOPASSWD tag. Regression
	introduce in sudo 1.8.17. Bug #762
	[c672e3ebfbe2]

2016-11-28  Todd C. Miller

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/cs.mo,
	plugins/sudoers/po/cs.po, plugins/sudoers/po/da.mo,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/el.mo, plugins/sudoers/po/eo.mo,
	plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/hr.mo,
	plugins/sudoers/po/hr.po, plugins/sudoers/po/hu.mo,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/lt.mo, plugins/sudoers/po/nb.mo,
	plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.mo,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/ru.mo, plugins/sudoers/po/sk.mo,
	plugins/sudoers/po/sl.mo, plugins/sudoers/po/sr.mo,
	plugins/sudoers/po/tr.mo, plugins/sudoers/po/uk.mo,
	plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.mo,
	plugins/sudoers/po/zh_CN.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po,
	po/es.mo, po/es.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po,
	po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo, po/ko.po,
	po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt_BR.mo, po/pt_BR.po,
	po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[8a4ab570d132]

2016-11-25  Todd C. Miller

	* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c, src/openbsd.c:
	Just use malloc_options "S" on OpenBSD instead of "AFGJPR".
	[2851cd2da1c7]

2016-11-22  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update year in license
	[e370bf3d1035]

2016-11-21  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[d524f0306467]

	* doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat:
	regen
	[185328ea20c3]

	* include/sudo_debug.h, lib/util/sudo_debug.c,
	plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/visudo.c, src/sudo.c:
	Add SUDO_DEBUG_INSTANCE_ERROR return value for sudo_debug_register()
	and check for it in places where we check the return value of
	sudo_debug_register().
	[d1e74c5f21a6]

2016-11-20  Todd C. Miller

	* NEWS:
	update for 1.8.19
	[b248866c511d]

2016-11-17  Todd C. Miller

	* config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c:
	Add support for getpwnam_shadow() on OpenBSD
	[4db7ed374c33]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, plugins/sudoers/policy.c, src/sudo.c:
	Add umask to user_info passed in from the front end to the plugin.
	[4a4eee52a717]

	* plugins/sudoers/auth/rfc1938.c:
	Fix sign compare warning.
	[8732d632cbff]

	* MANIFEST, aclocal.m4, configure, configure.ac, m4/ax_append_flag.m4,
	m4/sudo.m4:
	Use AX_APPEND_FLAG instead of SUDO_APPEND_CPPFLAGS and direct
	modification of LDFLAGS.
	[c1464dcd45e0]

	* MANIFEST, configure, configure.ac, plugins/sudoers/aixcrypt.exp:
	Remove aixcrypt.exp, it was a remnant of the 90's crypto wars where
	crypt() was not exported.
	[785d57666d41]

	* doc/TROUBLESHOOTING:
	Remove obsolete solaris issue with snprintf
	[3ce6cc899026]

	* INSTALL:
	SunOS 4.x is no longer supported
	[2239eb30ff2c]

2016-11-16  Todd C. Miller

	* lib/util/regress/sudo_conf/test1.in, lib/util/sudo_conf.c:
	Plug memory leak when a particular Path is set more than once.
	[debc97dac01d]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Add sudo_ldap_is_negated() and sudo_ldap_is_negated() functions and
	use them to parse negated entries instead of doing it manually.
	[12010b64afe5]

	* plugins/sudoers/ldap.c:
	Fix printing of sudoedit_follow in "sudo -l"
	[2094a8f880c4]

	* plugins/sudoers/sssd.c:
	For "sudo -l" print sudoOption sudoedit_follow as FOLLOW.
	[9c860b1fa721]

	* config.h.in, configure, configure.ac, include/sudo_conf.h,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_conf/test1.out.ok, lib/util/sudo_conf.c,
	lib/util/util.exp.in, plugins/sudoers/policy.c, src/exec_common.c,
	src/load_plugins.c, src/parse_args.c:
	Always define _PATH_SUDO_NOEXEC, _PATH_SUDO_SESH,
	_PATH_SUDO_PLUGIN_DIR, even if only defined to NULL. This means the
	accessors can always be present.

	Use RTLD_PRELOAD_VAR instead of _PATH_SUDO_NOEXEC to tell when
	noexec is available.

	Add ENABLE_SUDO_PLUGIN_API and use it instead of
	_PATH_SUDO_PLUGIN_DIR to tell when the plugin API is available.

	Add sudo_conf_clear_paths() to clear the path values so the regress
	tests are not affected by compile-time settings.
	[2b05e4a143d9]

	* plugins/sudoers/ldap.c:
	Use readline() in sudo_ldap_read_secret()
	[3f0506e5cbe3]

2016-11-15  Todd C. Miller

	* lib/util/sudo_conf.c:
	Get rid of struct sudo_conf_paths and just use #defined index values
	to access the path values. Make all accessors available even when
	the feature is not enabled.
	[58d1ec6170a8]

	* configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in,
	mkdep.pl, plugins/group_file/Makefile.in,
	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add ASAN_CFLAGS and ASAN_LDFLAGS and use -Wc prefix in ASAN_LDFLAGS
	to prevent libtool from strippign them out. Avoid using ASAN flags
	when building sudo_noexec.so.
	[9644dd92e586]

2016-11-14  Todd C. Miller

	* configure, configure.ac:
	Disable noexec for HP-UX 10.x which probably doesn't support
	LD_PRELOAD
	[d87bc5ea4688]

	* config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c:
	Remove SunOS 4 support, it is not modern enough to run sudo.
	[b6e15f8360b6]

	* config.h.in, configure, configure.ac, plugins/sudoers/getspwuid.c:
	Remove HP-UX 9 support, it is not modern enough for sudo.
	[226dda48c1e1]

	* config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c,
	plugins/sudoers/getspwuid.c:
	Remove Ultrix support, modern sudo can't run on Ultrix anyway.
	[95a11ef29a2b]

	* MANIFEST, configure, configure.ac, lib/util/sudo_conf.c,
	src/Makefile.in, src/exec_common.c,
	src/regress/noexec/check_noexec.c, src/sudo_exec.h:
	Add regress for noexec functionality
	[2cadd8e04677]

	* src/Makefile.in:
	Unbreak sudo_noexec on macOS where shared libraries and dynamic
	modules are different. We still want to install sudo_noexec.so
	without the "lib" prefix so some hackery is required.
	[93d7b69491a1]

	* configure, configure.ac:
	Don't enable noexec for AIX 5.0-5.2, we need 5.3 and above.
	[92cad0180239]

2016-11-13  Todd C. Miller

	* src/Makefile.in:
	Need to link sudo_noexec.so with -ldl for dlsym() on some platforms.
	Otherwise, the wordexp(3) wrapper will fail due to an undefined
	symbol. Bug #761
	[120a317ce25b]

	* plugins/sudoers/visudo.c:
	In strict mode, go to the file/line with an undefined aliases or
	aliases cycle directly.
	[b4f51b79bd9e]

2016-11-12  Todd C. Miller

	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
	plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h,
	plugins/sudoers/regress/visudo/test2.err.ok,
	plugins/sudoers/regress/visudo/test3.err.ok,
	plugins/sudoers/visudo.c:
	Store the file/lineno for alias and userspec entries so we can
	provide that info if there is an error.
	[7deb4e41ca7b]

2016-11-11  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/rcstr.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c:
	Add simple reference-counted string allocator and use it for passing
	around references to the sudoers path. This lets us avoid making
	copies of the sudoers path for the errorfile as well as each
	Defaults entry.
	[afcff7b5b647]

	* lib/util/sha2.c:
	Cast len from size_t to uint64_t before bit shifting since we are
	adding to count which is also uint64_t. Quiets a PVS-Studio warning.
	[167210670b30]

2016-11-10  Todd C. Miller

	* MANIFEST, plugins/sudoers/regress/visudo/test7.out.ok,
	plugins/sudoers/regress/visudo/test7.sh,
	plugins/sudoers/regress/visudo/test8.err.ok,
	plugins/sudoers/regress/visudo/test8.out.ok,
	plugins/sudoers/regress/visudo/test8.sh:
	Add checks for sudoers_locale early Defaults
	[582c08c9418c]

	* src/parse_args.c, src/sudo.c, src/sudo.h:
	Add the argument vector allocated for -s and -i mode to the garbage
	collector list. Avoids an ASAN warning on exit when the -s or -i
	flags are used.
	[652691a5216b]

2016-11-09  Todd C. Miller

	* plugins/sudoers/iolog.c:
	add missing sudo_pw_delref/sudo_gr_delref to plug memory leak
	[c4ba4c26e0c1]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c:
	Go back to parsing Defaults entries in update_defaults instead of as
	sudoers is read. Otherwise, we cannot properly support early
	defaults like sudoers_locale.
	[ff1328a86b97]

	* mkpkg:
	Use expr instead of POSIX sh numerical expression to avoid a syntax
	error on older shells.
	[638383bb40d5]

2016-11-08  Todd C. Miller

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
	Bump plugin minor version to 10 for sudo_mode, sudo_group and
	sudo_user.
	[0c65dc1f2874]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Fix a bug in host matching where a negated sudoHost entry would
	prevent other sudoHosts following it from matching.
	[40cbd5790106]

	* plugins/sudoers/defaults.c:
	Zero out sd_un before calling parse_default() so we don't try to
	free stack garbage in the ldap/sssd backends.
	[6b64a8e3a19d]

2016-11-07  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Use "ret", not "rc" for the function return value.
	[fdfe637adee6]

	* include/sudo_compat.h, lib/util/strtomode.c,
	plugins/sudoers/defaults.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/logging.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c, src/sudo_edit.c:
	Use sys/stat.h defines instead of bare octal values.
	[215c80e09830]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, plugins/sudoers/iolog.c,
	plugins/sudoers/policy.c:
	Pass iolog mode, group and user from policy plugin to I/O log
	plugin.
	[1ed4967771c8]

2016-11-06  Todd C. Miller

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/sssd.c:
	Instead of parsing sudoers Defaults twice, parse once while reading
	sudoers and then just set the parsed value in update_defaults().
	[370d51681c6e]

	* plugins/sudoers/defaults.c:
	Use "struct defaults *d" instead of "struct defaults *def"
	throughout for consistency and to avoid confusino with "struct
	def_values *def". Use "str" not "var" for the string argument to
	convert and store in sd_un for the store_* functions.
	[5cc3efc609df]

	* plugins/sudoers/parse.c:
	In display_bound_defaults() rename dtype arg -> deftype.
	[b3323960e1db]

2016-11-03  Todd C. Miller

	* lib/util/regress/sudo_conf/test4.err.ok,
	lib/util/regress/sudo_conf/test5.err.ok,
	plugins/sudoers/regress/visudo/test2.err.ok,
	plugins/sudoers/regress/visudo/test3.err.ok:
	Update error output to match quoting changes.
	[27bbf5004d1e]

	* plugins/sudoers/defaults.c:
	Avoid passing in a struct sudo_defs_types pointer to the store
	functions. Pass in a pointer to the union to fill instead.
	[ea956d00aae3]

	* plugins/sudoers/defaults.h:
	no longer need struct defaults forward referebce
	[21e34ca85de5]

2016-11-02  Todd C. Miller

	* lib/util/sudo_conf.c, plugins/sudoers/alias.c,
	plugins/sudoers/defaults.c, plugins/sudoers/logging.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c, src/load_plugins.c:
	Use "double quotes" in messages instead of a combination of the
	accent (grave) mark and apostrophe.
	[10dee3ecf3e1]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Add file:linenumber prefix to all Defaults warnings so we can see
	them when running sudo too. For LDAP/SSSD we print the sudoRole
	instead of the file name and omit the line number.
	[5c6b95cd3792]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Use sudoedit in examples instead of "sudo vi"
	[6008c208682c]

2016-11-01  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c:
	Only treat an unknown Defaults entry as a parse error in visudo, not
	in sudo itself.
	[8d8aa7ac5a32]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/visudo.c:
	Instead of checking Defaults values after the fact, check them at
	sudoers parse time. This makes it possible to display the file and
	line number with the problem and for visudo to go right to the
	error.
	[ac66bd690d05]

	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h:
	Refactor freeing of a member_list into free_members().
	[d29daa01bb9c]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	add_defaults() now calls sudoerserror() itself instead of the caller
	assuming any error means out of member.
	[a25e51321e0b]

	* plugins/sudoers/defaults.c, plugins/sudoers/mkdir_parents.c:
	s/rval/ret/g -- old habits die hard
	[fa55d08b233a]

2016-10-31  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Remove inaccurate XXX comment, sudo_file_parse() sends mail on parse
	error.
	[052b0e112839]

	* plugins/sudoers/visudo.c:
	The fix for Bug #408 broke editing of files in an include dir that
	have a syntax error. Normally, visudo does not edit those files, but
	if a syntax error is detected in one, the user gets a chance to fix
	it.
	[6b00f9bfff31]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c:
	Make a copy of the current sudoers path when assigning errorfile.
	Fixes a potential use after free in visudo when there is an error in
	one of the include files.
	[eb6db5d15b61]

	* plugins/sudoers/sudoers_debug.c:
	sudoers_debug_register() was not setting the active debug instance
	to sudoers_debug_instance when called from the I/O log plugin. This
	is because it relied on sudo_debug_register to do that but
	sudoers_debug_parse_flags() doesn't set debug_files[]
	sudoers_debug_instance is already set (we can only init sudoers
	debug once).

	To work around this, just make sudoers_debug_instance the active
	debug instance in sudoers_debug_register() when it is already set.
	[71b0221c8c28]

	* src/load_plugins.c:
	Fix pasto when setting I/O plugin debug files
	[03c3aab22e65]

	* plugins/sudoers/iolog.c:
	use cp instead of *cur when comparing against plugin_path
	[f2dfe69549f5]

2016-10-30  Todd C. Miller

	* plugins/sudoers/mkdir_parents.c:
	In sudo_mkdir_parents() inherit the gid of / instead of using gid 0
	for the first component.
	[5f2bf33bccb5]

	* plugins/sudoers/iolog.c:
	We want to inherit the gid from the parent directory when not
	setting permissions on intermerdiate directories.
	[845f5a20b5fa]

2016-10-29  Todd C. Miller

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
	plugins/sudoers/mkdir_parents.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/timestamp.c:
	Move io_mkdir_parents() to its own file and use it in ts_mkdirs().
	[c1d55f588a60]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Make the I/O log file/dir permissions and owner configurable.
	[e7a74f3dfa56]

	* lib/util/Makefile.in, mkdep.pl:
	Add vsyslog.lo
	[18362a9ae32e]

	* configure, configure.ac:
	sudo 1.8.19
	[97743604e6e3]

2016-10-28  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Don't try to syntax check an unrecognized Defaults value in visudo.
	[e4972655b5d3]

2016-10-26  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Create I/O log files with the same gid as the parent directory.
	[0da5824e006d]

	* plugins/sudoers/ldap.c:
	Check for sudo_ldap_result_last_search() returning NULL. This can't
	happen in practice because we always call
	sudo_ldap_result_add_search() first which guarantees there is a
	result to be found. Quiets a PVS-Studio warning.
	[4f6074f40fbc]

	* src/exec_pty.c:
	Quiet a PVS-Studio warning about the spin loop when waiting for the
	parent to assign us the terminal pgrp.
	[d063a283477b]

	* plugins/sudoers/env.c:
	Fix incorrect strncmp() lengths. The check for USERNAME was only
	looking at the first 5 characters (copy and paste error). The check
	for SUDO_PS1 was not checking the trailing '=' character (off by one
	error). Found by PVS-Studio.
	[297380eb6940]

	* plugins/sudoers/env.c:
	When checking for old-style bash functions in the environment, check
	for values starting with "() " (note the trailing space) rather than
	"()". Bash will only treat the value as a function if the space
	after "()" is present. The trailing space was already present in the
	compare string but when it was added, the length passed to strncmp()
	was not updated from 3 to 4. Found by PVS-Studio. No security
	impact.
	[7e35f39d356b]

	* plugins/sudoers/set_perms.c:
	Add some missing casts from uid_t/gid_t to int when printing uid/gid
	values. We print these as signed so a value of -1 (no change) is
	obvious. Quiets PVS-Studio warnings.
	[9773e5b166e1]

	* plugins/sudoers/timestamp.c:
	def_timestamp_timeout is a double so compare against 0.0 not 0 to
	avoid making it appear to be an integer type.
	[8675db470ab7]

	* plugins/sudoers/defaults.c:
	When checking syslog facility or priority, move the string compare
	into the body of the loop and return if it matches. If we finish the
	loop it means we didn't find a match. This makes the code a little
	bit more readable.
	[d1df1649a01e]

	* lib/util/strlcpy.c, lib/util/strnlen.c, plugins/sudoers/defaults.c,
	plugins/sudoers/env.c, plugins/sudoers/logging.c,
	plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec_pty.c:
	Replace bare ";" in the body of for() loops with "continue;" for
	improved readability.
	[92eff8dbe5f8]

2016-10-21  Todd C. Miller

	* config.guess, config.sub:
	Update from http://git.savannah.gnu.org/gitweb/?p=config.git
	[86e6144dfdd7]

	* config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
	m4/ltoptions.m4, m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
	Update to libtool 2.4.6
	[8d85d9e8687b]

2016-10-19  Todd C. Miller

	* lib/util/vsyslog.c:
	Use a static buffer if possible.
	[758ce6478994]

	* MANIFEST, configure, configure.ac, include/sudo_compat.h,
	lib/util/vsyslog.c, plugins/sudoers/logging.c:
	add vsyslog() for systems without it.
	[c6457f333252]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	There are now 14 tag values, not 10. Don't bother mentioning the
	number since it keeps increasing. Bug #759
	[17e4c900dc12]

2016-10-18  Todd C. Miller

	* config.h.in, configure, configure.ac, plugins/sudoers/logging.c:
	Use vsyslog() if available.
	[ea9b7a51eaec]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/logging.c:
	Add syslog_maxlen to control the max size of syslog messages.
	[5f9872d2073f]

2016-10-17  Todd C. Miller

	* src/tgetpass.c:
	Don't generate SIGTOU when restoring the terminal modes. It doen't
	make sense to suspend the process only to restore the terminal
	settings since in this case the shell has already taken ownership of
	the tty.
	[981c26f3fc8f]

	* plugins/sudoers/sudoreplay.c, src/exec_pty.c, src/tgetpass.c:
	The flush parameter of sudo_term_restore() is bool, not int.
	[c2597f1881f3]

2016-10-14  Todd C. Miller

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	Add wordexp() to the list of functions wrapped by sudo_noexec.so.
	[2e847ce3f02f]

2016-10-10  Todd C. Miller

	* src/sudo_noexec.c:
	Need RTLD_NEXT for wordexp() on dlopen() systems. It is missing on
	AIX 5.1 at least.
	[167a518d8129]

	* src/sudo_noexec.c:
	add missing guard around wordexp()
	[7b8357b0a358]

	* NEWS:
	expand on 1.8.18p1 changes
	[f560e06ad584]

2016-10-09  Todd C. Miller

	* NEWS, configure, configure.ac:
	sudo 1.8.18p1
	[a36e17d1c5db]

	* config.h.in, configure, configure.ac, src/sudo_noexec.c:
	Fix configure check for seccomp filter on Linux
	[5d88d7cda853]

2016-10-08  Todd C. Miller

	* config.h.in, configure, configure.ac, src/sudo_noexec.c:
	Use a seccomp filter on Linux to disable execve(2) and execveat(2).
	This still relies on LD_PRELOAD to work so it has the same issues as
	the existing mether with respect to running 32-bit binaries on a
	64-bit kernel.
	[59d76bdc0f0c]

	* src/Makefile.in:
	regen
	[9e313cb0900b]

	* plugins/sudoers/Makefile.in:
	regen
	[5ca77049e5cd]

2016-10-05  Todd C. Miller

	* aclocal.m4, config.h.in, configure, configure.ac, src/sudo_noexec.c:
	Wrap wordexp(3) in sudo_noexec.
	[e7d09243e51b]

2016-09-26  Todd C. Miller

	* plugins/sudoers/Makefile.in:
	Clean .json files created by "make check"
	[d214117fbda1]

2016-09-19  Todd C. Miller

	* po/ca.mo, po/da.mo, po/eo.mo, po/es.mo, po/eu.mo, po/fi.mo,
	po/gl.mo, po/hr.mo, po/hu.mo, po/ko.mo, po/nl.mo, po/ru.mo,
	po/sk.mo, po/sl.mo, po/sr.mo, po/tr.mo:
	recompile .po files
	[3d91cbf75744]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Fix matching when no sudoRunAsUser is present in a sudoRole. If only
	a sudoRunAsGroup is present, match on the invoking user if the -g
	option was specified and the group matched. If no sudoRunAsGroup is
	present and the -g option was specified, allow it if it matches the
	passwd gid of the runas user. This matches the behavior of the
	sudoers backend.
	[e1a52c34da5e]

	* plugins/sudoers/match.c:
	runas_pw can no longer be NULL
	[020c6ddcae11]

2016-09-15  Todd C. Miller

	* NEWS:
	RunAsGroup without RunAsUser issues
	[52d1547c9d3a]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	user_matched and group_matched must be type int, not bool
	[204d8de97a05]

	* plugins/sudoers/ldap.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
	Use RUNAS_USER_SPECIFIED and RUNAS_GROUP_SPECIFIED when deciding
	whether to check runas user/group instead of checking runas_pw or
	runas_gr.
	[d17f223e8313]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	When matching against runas_default use userpw_matches() instead of
	just strcasecmp().
	[ce70077c5861]

	* plugins/sudoers/testsudoers.c:
	Set RUNAS_USER_SPECIFIED when -u is specified and/or
	RUNAS_GROUP_SPECIFIED when -g is specified.
	[fa7a1035a058]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Fix printing of the default runas user when a RunAsGroup is
	specified but no RunAsUser is present.
	[c05dabd194a1]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Only match against runas_default if both sudoRunAsUser and
	sudoRunAsGroup are missing.
	[019084f428b2]

	* plugins/sudoers/match.c:
	runas_pw can no longer be NULL here
	[e73dcebafa15]

	* plugins/sudoers/ldap.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
	Update check for whether or not the runas user was set in the ldap
	and sssd backends to match the sudoers file backend. Introduces the
	runas_user_set() macro to improve readability. Previously, runas_pw
	was set late, now it is set before checking sudoers.
	[d8280d8a96c9]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	Document that negated sudoHosts are only supported by 1.8.18 and
	higher.
	[f56824fe61bc]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/testsudoers/test4.sh,
	plugins/sudoers/regress/testsudoers/test5.sh:
	Disable Address Sanitizer leak detection for tests which generate
	parse errors. The parser leaks a bit on error.
	[4b0ddb11df3a]

	* plugins/sudoers/sssd.c:
	Fix underflow in get_ipa_hostname() when trimming trailing
	whitespace.
	[875f2f5cd363]

2016-09-14  Todd C. Miller

	* NEWS:
	Document negated sudoHost entries.
	[41d9853f89f7]

	* plugins/sudoers/sssd.c:
	Support negated sudoHost entries.
	[7c25f9111633]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	Document negated sudoHost entries.
	[6c8444c6bc6c]

	* plugins/sudoers/ldap.c:
	Support negated sudoHost entries.
	[1899906b8ef4]

2016-09-13  Todd C. Miller

	* plugins/sudoers/match.c:
	Don't check the username when matching a host netgroup unless
	def_netgroup_tuple is enabled.
	[238c8064542f]

	* plugins/sudoers/match.c:
	Move valid domain name check into a new valid_domain() function. Fix
	memory leak if getdomainname(2) fails and avoid using heap garbage
	for the domain name matching in this case.
	[946f2441c90a]

2016-09-12  Todd C. Miller

	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, po/it.mo,
	po/it.po:
	sync with translationproject.org
	[40eab0801eae]

2016-09-11  Todd C. Miller

	* src/exec_pty.c:
	Add back line mistakenly removed in 0cf2a9351740
	[8622c83c1474]

	* plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
	po/nb.po:
	sync with translationproject.org
	[f180826bb77b]

2016-09-09  Todd C. Miller

	* NEWS:
	Bug #757
	[de67bc9e26f8]

	* plugins/sudoers/sudoers.c:
	Fix typo that broke short host name matching when the fqdn flag is
	enabled. Bug #757
	[605c03afc80f]

2016-09-08  Todd C. Miller

	* include/sudo_debug.h, lib/util/aix.c, lib/util/fnmatch.c,
	lib/util/getgrouplist.c, lib/util/secure_path.c,
	lib/util/setgroups.c, lib/util/strtoid.c, lib/util/sudo_conf.c,
	lib/util/sudo_debug.c, plugins/sample/sample_plugin.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
	plugins/sudoers/env.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
	plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
	plugins/sudoers/match.c, plugins/sudoers/parse.c,
	plugins/sudoers/policy.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/timestamp.c, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c, src/env_hooks.c, src/exec.c,
	src/exec_pty.c, src/get_pty.c, src/hooks.c, src/load_plugins.c,
	src/regress/ttyname/check_ttyname.c, src/selinux.c, src/signal.c,
	src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/ttyname.c,
	src/utmp.c:
	Be consistent with the naming of the variable used to store the
	function return value. Previously, some code used "rval", some used
	"ret". This standardizes on "ret" and uses "rc" for temporary return
	codes.
	[017866310d24]

2016-09-07  Todd C. Miller

	* plugins/sudoers/po/ca.po, plugins/sudoers/po/cs.mo,
	plugins/sudoers/po/cs.po, plugins/sudoers/po/da.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/el.po, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.po, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/hu.po, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.po, plugins/sudoers/po/lt.po,
	plugins/sudoers/po/nb.po, plugins/sudoers/po/nl.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/ru.po, plugins/sudoers/po/sk.po,
	plugins/sudoers/po/sl.po, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/tr.po, plugins/sudoers/po/uk.mo,
	plugins/sudoers/po/uk.po, plugins/sudoers/po/vi.mo,
	plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.mo,
	plugins/sudoers/po/zh_CN.po, po/ca.po, po/cs.mo, po/cs.po, po/da.po,
	po/de.mo, po/de.po, po/eo.po, po/es.po, po/eu.po, po/fi.po,
	po/fr.mo, po/fr.po, po/gl.po, po/hr.po, po/hu.po, po/it.po,
	po/ja.mo, po/ja.po, po/ko.po, po/nb.po, po/nl.po, po/pl.mo,
	po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/ru.po, po/sk.po, po/sl.po,
	po/sr.po, po/sv.mo, po/sv.po, po/tr.po, po/uk.mo, po/uk.po,
	po/vi.mo, po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[6312962695df]

	* MANIFEST, NEWS, doc/CONTRIBUTORS, po/nn.mo, po/nn.po:
	Norwegian Nynorsk translation of sudo from translationproject.org
	[05203a266265]

	* NEWS:
	Fix for Bug #756
	[89ff21579216]

2016-09-05  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	In sudoers_main() avoid setting rval prematurely. Prevents a crash
	when auditing fails after successfully authenticating. Bug #756
	[d17a06bce04c]

	* plugins/sudoers/defaults.c:
	Apply match_group_by_gid early.
	[1259c7fd66ca]

2016-09-02  Todd C. Miller

	* NEWS:
	update
	[292a9e21474e]

	* src/ttyname.c:
	Don't disable large file support for Linux, just SVR4-style /proc.
	Otherwise, stat(2) may fail on Linux when running a 32-bit sudo on a
	64-bit machine. Bug #755
	[09450ce8b8a8]

2016-09-01  Todd C. Miller

	* include/sudo_util.h:
	Make sudo_parseln() flags hex to make it more obvious that they are
	bit flags.
	[b912a078047e]

	* plugins/sudoers/env.c:
	Don't try to support line continuation in /etc/environment.
	[d7e30e821c0e]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
	No line continuation support in ldap.conf.
	[211caaba2395]

	* include/sudo_util.h, lib/util/parseln.c:
	Add flag to sudo_parseln() to disable line continuation support.
	[d2820247fc07]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	A comment character ('#') is only special at the beginning of the
	line.
	[b3b67b7e4fc0]

	* include/sudo_util.h, lib/util/parseln.c,
	lib/util/regress/sudo_parseln/parseln_test.c, lib/util/sudo_conf.c,
	lib/util/util.exp.in, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
	plugins/sudoers/sudo_nss.c:
	Add a flags option to sudo_parseln() and a flag to only mach
	comments at the beginning of the line. Use the flag when parsing
	ldap.conf.
	[40c560fc9a10]

	* src/sudo.c:
	If get_process_ttyname() fails for errno != ENOENT, just warn
	instead of making it a fatal error. Bug #755
	[1a028b861801]

2016-08-31  Todd C. Miller

	* plugins/sudoers/mkdefaults:
	use strict
	[681281bc0f6d]

	* plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
	Define def_foo in terms of the I_FOO index instead of a bare number.
	[abb119f84ae6]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
	sync with translationproject.org
	[d339717f8692]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Mention that match_group_by_gid has no effect when sudoers is stored
	in LDAP.
	[5eb6ae45c699]

	* include/sudo_compat.h, src/sudo.c:
	Use W_EXITCODE to construct the wait status if sudo could not
	execute the command. Fixes the sudo exit value for exec(3) failure.
	[95eae2d60292]

	* src/exec.c:
	fix brace style
	[54448c10b6b5]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[794b06ba727b]

	* src/sudo.c:
	It is possible for get_user_info() to fail for reasons other than
	ENOMEM so print the warning message there rather than in main().
	[8c24df8d6b78]

2016-08-30  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	match_group_by_gid is only available in sudo 1.8.18 and above
	[dd237eb540d0]

	* doc/UPGRADE:
	Mention match_group_by_gid
	[417f27e9059a]

	* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document match_group_by_gid
	[2234997acb8d]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/pwutil.c:
	Add match_group_by_gid Defaults option to allow sites with slow
	group lookups and a small number of groups in sudoers to match
	groups by group ID instead of by group name.
	[20714580da96]

2016-08-29  Todd C. Miller

	* NEWS:
	Mention "sudo -l command" bug fix.
	[cb8ade186880]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Fix "sudo -l command" in the LDAP and SSS backends when the command
	is not allowed.
	[631038350b2a]

2016-08-26  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Use sudo_strsplit() instead of doing the equivalent manually.
	[9eb6d1cc78bd]

2016-08-25  Todd C. Miller

	* NEWS:
	Move SIGPIPE bug fix to 1.8.18 where it belongs
	[52509fd0100e]

	* plugins/sudoers/defaults.c:
	Fix memset size typo in previous commit.
	[e00299f7c50f]

	* plugins/sudoers/regress/visudo/test6.out.ok,
	plugins/sudoers/regress/visudo/test6.sh:
	Add regress for check_defaults() use-after-free bug.
	[0b362678ca10]

	* MANIFEST, plugins/sudoers/defaults.c:
	Fix use-after-free in check_defaults(), reported by Radovan Sroka of
	RedHat.
	[ab3a4227c12f]

2016-08-24  Todd C. Miller

	* NEWS:
	SIGPIPE bug fix
	[24c9a12f7e59]

	* src/signal.c:
	Now that we ignore SIGPIPE in sudo we need to restore it at exec
	time. Problem reported by Radovan Sroka of RedHat.
	[3cfa7e3510ff]

2016-08-22  Todd C. Miller

	* mkpkg:
	Fix appending to make_opts
	[abe28b6b7663]

	* NEWS:
	Add Bug #753 and fix reference to Bug #752.
	[e8c959e1cd6c]

2016-08-21  Todd C. Miller

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/da.mo,
	po/da.po, po/pt_BR.mo, po/pt_BR.po:
	sync with translationproject.org
	[219c3f0aeee7]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen pot files
	[d0c56a4ff553]

2016-08-17  Todd C. Miller

	* NEWS:
	Update with logging changes.
	[f41beca23b99]

	* plugins/sudoers/logging.c:
	Avoid duplicate warnings when we cannot write to the log file. Also
	send the warning in mail if possible.
	[9b8509cff137]

	* plugins/sudoers/iolog.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
	Move the ignoring of I/O log plugin errors into the I/O log plugin
	itself.
	[25b7fd056614]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
	Make the behavior when we cannot write to a log or audit file
	configurable. File log failures are ignored by default for
	consistency with syslog. Audit errors are ignored by default to
	allow the admin to fix the issue. I/O log file errors are still
	fatal by default since if I/O logging is activated it is usually to
	have an audit trail. Bug #751
	[dbd085e7c736]

2016-08-15  Todd C. Miller

	* plugins/sudoers/logging.c:
	Make sure we print an error message to stderr (and not just send
	mail) if do_logfile() fails. Bug #751
	[7884a23a0cdc]

2016-08-13  Todd C. Miller

	* plugins/sudoers/pwutil.c:
	Separate out the supplemental group ID checks from the supplemental
	group name checks in user_in_group(). We now call sudo_get_gidlist()
	only when the group name in sudoers begins with a '#' (which is
	seldom used).
	[80534785d8b7]

	* plugins/sudoers/ldap.c, plugins/sudoers/policy.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Cache the user's group IDs and group names separately and only
	resolve group IDs -> names when needed. If the sudoers file doesn't
	contain groups we will no longer try to resolve all the user's group
	IDs to names, which can be expensive on some systems.
	[8ce3564e896e]

2016-08-12  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Remove the "op" parameter from all the store_foo() functions except
	store_list() where it is actually needed. For the others, a NULL
	value indicates the setting was negated. This unconfuses static
	analyzers (and perhaps humans too).
	[fca031b57f15]

	* plugins/sudoers/defaults.c:
	Flags always have a NULL value. Regression introduced by refactor of
	set_default_entry().
	[71fe4fad097b]

	* plugins/sudoers/defaults.c:
	Set rc to true when setting a flag Defaults value.
	[cf016b6aedd4]

	* src/utmp.c:
	suppress a cppcheck false positive
	[0d44aa7cf05c]

	* plugins/sudoers/defaults.c:
	Refactor the error parts of set_default_entry() so the switch() is
	mostly just calls to store_foo() functions. Avoids a lot of
	duplicated error checking and silences a cppcheck false positive.
	[1112b894007c]

	* plugins/sudoers/defaults.c:
	In set_default_entry() check for unsupported Defaults type.
	[beb1ae20179f]

	* lib/util/aix.c:
	Add missing break in switch that sets the max limit for
	RLIMIT_NOFILE. Found by cppcheck.
	[39b1979b1b92]

	* plugins/sudoers/defaults.c:
	Check sudoers_initlocale return value and treat as oom. Coverity CID
	141832
	[b1cad9d6c49d]

2016-08-10  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/match.c, plugins/sudoers/parse.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
	Set runas_pw early and adjust runaslist_matches() to deal. Since we
	now set runas_default early there is no need to call update_defaults
	with SETDEF_RUNAS after sudoers has been parsed.
	[35e0b08219a8]

2016-08-09  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c:
	Load sudoers group plugin via an early callback.
	[0fc4382cd6e4]

	* sudo.pp:
	System Integrity Protection on Mac OS X won't allow us to write
	directly to /etc or /var. We must install in /private/{etc,var}
	instead.
	[831c78241e78]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that fqdn, runas_default and sudoers_locale are parsed
	early.
	[beb4868c449e]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
	doc/visudo.cat:
	Regen for 1.8.18
	[eb4feabb8fee]

2016-08-08  Todd C. Miller

	* plugins/sudoers/defaults.h, plugins/sudoers/ldap.c,
	plugins/sudoers/sssd.c:
	Avoid passing around struct defaults when it is not needed. As a
	result, we no longer need to include gram.h in the LDAP and SSSD
	backends.
	[14d0bfdc8bd2]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Instead of deferring setting early defaults until we have traversed
	the entire defaults list, just defer running the callbacks.
	Otherwise, if the last early default setting we see has a bad value
	we won't set any defaults of that type even if there was an earlier
	one that was valid.
	[552863e5a097]

	* plugins/sudoers/defaults.c:
	Run callbacks once in set_default_entry() instead of each of the
	store_foo() functions.
	[b92b51c67845]

2016-08-03  Todd C. Miller

	* mkpkg:
	Use /proc/cpuinfo on Linux instead of running lscpu
	[450ea436dbe4]

	* mkpkg:
	If using GNU make on a multi-cpu system, use the -j flag to run make
	jobs in parallel, up to the number of cpus/cores.
	[7a6670de96dc]

2016-07-31  Todd C. Miller

	* plugins/sudoers/visudo.c:
	Only check SUDO_USER if euid is 0
	[f42d00c94817]

2016-07-30  Todd C. Miller

	* plugins/sudoers/visudo.c:
	Initialize sudo_user based on the SUDO_USER environment variable if
	present. This allows things like :Defaults:username editor=foo" to
	work when visudo is run via sudo.
	[a526d6f74198]

2016-07-28  Todd C. Miller

	* src/exec_pty.c:
	Add function name in "command resumed" debug message
	[e209f199a79f]

	* src/exec_pty.c:
	If waitpid() returns 0 or -1, display a warning, this should never
	happen. Add a check for unhandled wait status (also should never
	happen).
	[983a0b79b527]

	* plugins/sudoers/defaults.c:
	Flag settings have a NULL value so we can't use that to test whether
	an entry in struct early_default is set or not. Add a "set" member
	and use that instead.
	[68a7c0de9b0e]

2016-07-27  Todd C. Miller

	* src/exec_pty.c:
	Explicitly check for a continued process with waitpid(2). Otherwise,
	waitpid() will return 0 when the command is resumed after being
	suspended, which we were treating the same as -1. Fixes suspend and
	resume on Linux and probably others.
	[54a464b116ad]

	* plugins/sudoers/defaults.c:
	Fix --with-fqdn, the value should be NULL since it is a flag.
	[95bc8b82911e]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Add support for early defaults to the ldap and sssd backends.
	[3a034360c177]

2016-07-25  Todd C. Miller

	* src/sudo_edit.c:
	Repair symlink check in sudo_edit_openat_nofollow() on systems
	without O_NOFOLLOW, it must be done relative to dfd. Previously the
	lstat() would always fail, possibly leading to a false positive.
	Also add an early symlink check like in sudo_edit() while here.
	[f72901c7f7cc]

	* src/sudo_edit.c:
	On systems that lack the O_NOFOLLOW open(2) flag, check in
	sudo_edit_open() whether the path to be opened is symlink before
	opening it. This is racey but we detect losing the last post-open
	and it is better to fail early if possible. When editing a link to a
	non-existent file, a zero-length file will be left behind but it is
	too dangerous to try and remove it after the fact. Bug #753
	[dac04f305262]

	* src/sudo_edit.c:
	Update debug_decl for sudo_edit_openat_nofollow() Remove unused
	variables when O_NOFOLLOW is not present.
	[8dc0afb1de58]

2016-07-23  Todd C. Miller

	* plugins/sudoers/defaults.c, plugins/sudoers/visudo.c:
	Split set_default_entry() out of set_default() so we can call it
	from check_defaults() to validate the defaults value. In visudo,
	suppress warnings from update_defaults() and rely on
	check_defaults() to provide warnings.
	[7d9b50f42d0b]

	* plugins/sudoers/defaults.c:
	Split binding match code out of default_type_matches() into
	default_binding_matches(). We can now use default_type_matches() in
	check_defaults().
	[c158768b12c5]

	* plugins/sudoers/visudo.c:
	Pass quiet flag to init_parser() and update_defaults() when doing
	first parse of sudoers.
	[3af76c1a0d84]

2016-07-22  Todd C. Miller

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	Update defaults in visudo after sudoers has been edited so we pick
	up locale changes. The init_defaults() function will now re-init the
	sudoers locale.
	[ceb099392289]

2016-07-20  Todd C. Miller

	* plugins/sudoers/testsudoers.c:
	Set sudoers locale before calling sudoersparse(). We don't need to
	restore the user's locale since warnings are displayed in the user's
	locale anyway.
	[c44a38a496d1]

	* plugins/sudoers/visudo.c:
	Set the locale to the sudoers locale when parsing and restore the
	user's locale afterward. Also set the warn/fatal locale helper
	function so warning messages during a sudoers parse are displayed in
	the user's own locale.
	[a0b2cdb69d43]

	* plugins/sudoers/logging.h:
	Add forward decl of union sudo_defs_val to silence a gcc warning.
	[9e717510f132]

	* plugins/sudoers/sudoers.c:
	Set the warn/fatal locale helper function in sudoers_policy_init()
	so warning messages during sudoers loading are displayed in the
	user's own locale.
	[b6c7bab1ca80]

	* plugins/sudoers/locale.c, plugins/sudoers/logging.h,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c:
	Move sudoers locale callback function to locale.c and user it in
	visudo and testsudoers.
	[7c4e9a71e252]

	* plugins/sudoers/sudoers.c:
	In cb_sudoers_locale() actually set the locale in addition to
	storing its name. Otherwise, it won't take effect until sudoers
	lookup time.
	[ceb446c2168b]

	* plugins/sudoers/defaults.c:
	Fix regression that would cause early defaults entries to be set
	multiple times.
	[5f5cd02d5f0f]

	* NEWS, configure, configure.ac:
	sudo 1.8.18
	[7c778904c39b]

2016-07-19  Todd C. Miller

	* plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
	Only set early defaults once, regardless of how many times the
	variable is set in sudoers. This avoids running an early callback
	more than once. For example, we don't want to call cb_fqdn() if sudo
	is compiled with FQDN set but sudoers has "Defaults !fqdn".
	[0c5d80939ea2]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
	Make strings const in functions that set defaults as they are not
	modified.
	[d01f22ab1902]

	* plugins/sudoers/sudoers.c:
	In cb_fqdn() just return if the fqdn flag is set to false.
	[0cb3d78aa944]

2016-07-18  Todd C. Miller

	* plugins/sudoers/defaults.c:
	Implement callbacks for defaults flags (T_FLAG).
	[936adcc98800]

	* plugins/sudoers/sudoers.c:
	add debug_decl for cb_runas_default and cb_sudoers_locale
	[4667b1e14172]

	* plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
	Convert fqdn to a callback and add it to the list of early defaults.
	[df863787cf5e]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
	Change defaults callbacks to take a union sudo_defs_val * instead of
	a char *.
	[c7730fa19e46]

	* plugins/sudoers/defaults.c:
	When updating defaults, process certain values fist since they can
	influence how other defaults are parsed. Currently, runas_default
	and sudoers_locale are processed early.
	[32062737a1ae]

2016-07-16  Todd C. Miller

	* plugins/sudoers/toke_util.c:
	Fix typo introduced in last commit to fix fill_args() overflow
	check.
	[535d13b81c5d]

	* plugins/sudoers/toke_util.c:
	Fix underflow checl in fill_args().
	[2c6852e65ad6]

	* plugins/sudoers/toke_util.c:
	Make sure we account for the trailing NUL when computing arg_size in
	fill_args(). Bug #752
	[c73c1ea4b230]

	* plugins/sudoers/toke_util.c:
	Make arg_size and arg_len unsigned since we do bitwise operations on
	them.
	[0a551c7a5e67]

2016-07-08  Todd C. Miller

	* lib/util/Makefile.in, lib/zlib/Makefile.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Only remove backup files as part of "make uninstall" when
	INSTALL_BACKUP is set.
	[c2541d2de89c]

	* configure, configure.ac, lib/util/Makefile.in, lib/zlib/Makefile.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Only keep backups of installed files on HP-UX where you cannot
	unlink a shared library that is in use.
	[8763a1d0d515]

2016-07-03  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Ignore a missing or insecure #includedir, it is not a fatal error.
	[8a82818c9f0d]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Make sure we always call sudoerserror() on error in
	read_dir_files(), otherwise sudo will not treat it as a fatal error.
	[1a38da425ca0]

2016-06-30  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Set the sudoers locale before opening the sudoers file. Previously
	the sudoers locale was used when evaluating sudoers but not during
	the inital parse. Bug #748
	[c8deb0da75b4]

	* plugins/sudoers/locale.c:
	Add debugging
	[5fbe2f109b92]

	* plugins/sudoers/Makefile.in:
	Don't link test programs with the sudoers-specific locale code if we
	don't need to.
	[41224154534e]

	* plugins/sudoers/Makefile.in:
	sudoreplay does not need to link with the sudoers-specific locale
	code.
	[348638a68f69]

2016-06-27  Todd C. Miller

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	new_digest was prototyped as static but not explicitly declared
	static.
	[52949a024acb]

	* configure, configure.ac:
	Some versions of HP-UX 11.11 do not expose struct sockaddr_ext if
	_XOPEN_SOURCE_EXTENDED is defined. Only define
	_XOPEN_SOURCE_EXTENDED if we can still compile net/if.h.
	[0189ff7daa63]

	* plugins/sudoers/Makefile.in:
	Some versions of HP-UX make will ignore suffix rules if they are
	empty.
	[cffeee232752]

2016-06-23  Todd C. Miller

	* src/exec_pty.c:
	Don't skip debug printfs in handle_sigchld() just because execve()
	returned an error.
	[0cf2a9351740]

	* include/compat/charclass.h, include/sudo_compat.h, lib/util/aix.c,
	lib/util/getaddrinfo.c, lib/util/sudo_debug.c,
	plugins/sudoers/insults.h,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/sudoers_debug.c:
	Add definition of nitems for those without it and use it throughout.
	[4b30c8834fdd]

2016-06-22  Todd C. Miller

	* sudo.pp:
	Update copyright year.
	[638c964e44fd]

	* NEWS, configure, configure.ac:
	Sudo 1.8.17p1
	[bc30a172370c]

	* src/sudo.c, src/sudo.h:
	Set user groups in exec_setup() if they were not already set by
	policy_init_session(). Bug #749
	[3bf16489800c]

2016-06-15  Todd C. Miller

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	Point the reader to the sudoers manual for the list of supported
	arguments after the plugin path.
	[40cbfa5deeb1]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	forgot to update date in last commit
	[3872a46e229b]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	Fix typo; cn=default should be cn=defaults
	[06e097667465]

2016-06-13  Todd C. Miller

	* lib/util/Makefile.in, lib/zlib/Makefile.in,
	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Fold lines at 80 characters for the clean: target
	[651623231cd8]

	* lib/util/Makefile.in:
	Remove mksiglist, siglist.c, mksigname, signame.c as part of
	"distclean"
	[ed7f58685633]

2016-06-12  Todd C. Miller

	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
	sync with translationproject.org
	[a3bb8c15ef3d]

	* plugins/sudoers/sssd.c:
	LDAP sudoers doesn't support negated users, groups or netgroups.
	[d6585245c24d]

2016-06-09  Todd C. Miller

	* NEWS:
	Bug #746
	[e0bba3ae78c2]

	* plugins/sudoers/match.c:
	When matching paths with glob(3), check returned matches against
	user_cmnd first if it is fully-qualified. This avoids a lot of
	needless stat(2) calls and avoids a mismatch between safe_cmnd and
	argv[0] if there are multiple matches with the same inode/dev due to
	links. Bug #746.
	[29bdba0cf2eb]

	* NEWS:
	Add execve failure in pty bug fix.
	[941672cc6793]

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po:
	sync with translationproject.org
	[a4f789cedecc]

	* src/exec_pty.c:
	In handle_sigchld() fix the return value when we've already received
	an exec error. We don't want to overwrite the error status but we do
	need to indicate that the command is no longer running. Fixes as
	hang on execve(2) error when running in a pty.
	[797bed2c39a7]

	* src/exec.c, src/exec_common.c:
	Move sudo_debug_execve() call into sudo_execve().
	[ab2ea3459a7c]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/sr.mo,
	po/sr.po, po/sv.mo, po/sv.po:
	sync with translationproject.org
	[046ba9a0fca8]

2016-06-07  Todd C. Miller

	* NEWS:
	update for 1.8.17 final
	[a2f02775aba5]

	* lib/util/aix.c:
	Fix setting of hard stack limit when stack_hard is not specified in
	/etc/security/limits. When 64-bit resource limits are supported we
	can use the default value of 8388608 512-byte blocks directly. We
	should only resort to using RLIM_SAVED_MAX for 32-bit resource
	limits.
	[cc4933fc41bd]

2016-06-06  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot:
	regen
	[4ab85a46cf63]

2016-06-05  Todd C. Miller

	* plugins/sudoers/sssd.c:
	Ignore empty ipa_hostname
	[9421ade7b47f]

	* plugins/sudoers/sssd.c:
	Better martching of ipa_hostname in sssd.conf
	[abd53491cb4b]

2016-06-04  Todd C. Miller

	* INSTALL, configure, configure.ac, pathnames.h.in,
	plugins/sudoers/sssd.c:
	Use the value of ipa_hostname from /etc/sssd/sssd.conf if present
	instead of the system hostname.
	[3f5cffcd8432]

2016-06-03  Todd C. Miller

	* plugins/sudoers/sssd.c:
	When matching host, short-circuit the loop when we get a match. Only
	check username as part of the netgroup when netgroup_tuple is
	enabled.
	[2eab4070dcf7]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Avoid using !strcmp()
	[f976b3d973e0]

2016-06-02  Todd C. Miller

	* plugins/sudoers/sssd.c:
	SSSD doesn't handle netgroups, we have to ensure they are correctly
	filtered in sudo. The rules may contain mixed sudoUser specification
	so we have to check not only for netgroup membership but also for
	user and group matches. Adapted from a patch from Daniel Kopecek.
	[50d8d88bcc28]

2016-06-01  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Return PAM_CONV_ERR from the conversation function if getpass
	returns NULL or the user pressed ^C.
	[bec7e2ec26ff]

	* plugins/sudoers/base64.c:
	Make base64 decoding table-driven.
	[2d001c111552]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Back out cfa26b99228f, it was already fixed differently. Caught by
	regress checks.
	[0584f80e9951]

2016-05-31  Todd C. Miller

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Allow double-quoted groups and netgroups to be part of a Defaults
	spec. From Daniel Kopecek.
	[cfa26b99228f]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	The sudoers.ldap manual is installed in section 4 or 5, not 1m or 8.
	Also fix the section for ldap.conf cross-references.
	[eb1c0a2b84a1]

	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in:
	Fix copy pasta, "sudoNotAfter" not "sudoNotBefore". Add missing word
	"order" in a sentence describing sudoOrder.
	[653cb783f89b]

	* plugins/sudoers/sssd.c:
	For sudo -ll (long list) print the SSSD role just like we do for the
	LDAP backend. Adapted from sudo-1.8.6p3-sssdrulenames.patch
	[46f962b1f3ef]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Setting timestamp_timeout less than zero only lasts until the next
	reboot. Adapted from a RedHat patch.
	[f8ce1dfebfe9]

	* po/it.mo, po/it.po, po/nb.mo, po/nb.po:
	sync with translationproject.org
	[31b55426358b]

2016-05-25  Todd C. Miller

	* src/conversation.c:
	fputs() is now specified as returning non-negative on success, not
	explicitly zero. Fixes a failure on glibc.
	[55f8a25d4af4]

	* src/conversation.c:
	Don't try to dereference replies[] if it is a NULL pointer.
	[c4fdd838f2f5]

	* plugins/sudoers/policy.c:
	sudo_version should be unsigned
	[7719d425c65a]

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/ca.mo,
	po/ca.po, po/cs.mo, po/cs.po, po/da.mo, po/da.po, po/de.mo,
	po/de.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
	po/ja.po, po/pl.mo, po/pl.po, po/sk.mo, po/sk.po, po/sv.mo,
	po/sv.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
	po/zh_CN.po:
	sync with translationproject.org
	[e40cdc972d19]

	* MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/ko.mo,
	plugins/sudoers/po/ko.po, po/ko.mo, po/ko.po:
	Korean translation for sudo and sudoers from translationproject.org.
	[188ffbed5bf2]

	* NEWS, plugins/sudoers/auth/pam.c:
	Ignore PAM_SESSION_ERR from pam_open_session() since this can
	apparently happen on systems using Solaris-derived PAM. Other errors
	from pam_open_session() are treated as fatal. This avoids the
	"policy plugin failed session initialization" error message seen on
	some systems.
	[0f7f3e7ead21]

2016-05-24  Todd C. Miller

	* NEWS, src/exec_pty.c:
	Don't read from stdin when flushing final buffers in blocking mode.
	Reading from the pipe can block too if the other end is not closed.
	[a651f913a1ef]

2016-05-23  Todd C. Miller

	* NEWS:
	Mention visudo -x change.
	[2fd35df055b2]

	* plugins/sudoers/regress/sudoers/test1.json.ok,
	plugins/sudoers/regress/sudoers/test14.json.ok,
	plugins/sudoers/regress/sudoers/test15.json.ok,
	plugins/sudoers/regress/sudoers/test16.json.ok,
	plugins/sudoers/regress/sudoers/test2.json.ok,
	plugins/sudoers/visudo_json.c:
	There's no need to escape forward slashes in JSON output. While it
	is legal to escape a forward slash, it is not required.
	[044710f516a9]

	* doc/UPGRADE:
	Document that in 1.8.12 sudo started being able to check the NIS
	domain on Solaris.
	[bced94478c0e]

2016-05-20  Todd C. Miller

	* NEWS:
	Better description of the I/O logging pipe issue.
	[6eee2f8a1fae]

	* src/exec_pty.c:
	In del_io_events(), avoid reading from the pty master in blocking
	mode. We now do two passes, one with SUDO_EVLOOP_NONBLOCK and
	another that could block if stdin is a pipe. This ensures we consume
	the pipe until EOF.
	[564ae2b4c305]

	* lib/util/event.c:
	Improve debug info in sudo_ev_add() and sudo_ev_del()
	[ca839439ff22]

	* src/exec_pty.c:
	In pty_close(), call del_io_events with the SUDO_EVLOOP_ONCE flag so
	the event loop will exit after a single run through. Otherwise, we
	may hang at exit on non-BSD systems.
	[e6c38d5a341b]

2016-05-18  Todd C. Miller

	* po/sudo.pot:
	regen
	[18a4570be506]

2016-05-17  Todd C. Miller

	* src/exec_pty.c:
	Bump I/O buffer size to 64K. We don't use PIPE_BUF or _PC_PIPE_BUF
	for this because that corresponds to the value for atomic pipe
	writes. The actual pipe buffer is much larger on modern systems and
	64K is what BSD and Linux support for large pipe buffers.
	[3b5d995966ef]

	* NEWS:
	I/O logging bug fix
	[934d755ac12c]

	* src/exec_pty.c:
	Don't use SUDO_EVLOOP_NONBLOCK when flushing buffers at pty close
	time, only when the user suspends sudo. Fixes a problem where all
	buffers might not get flushed at exit when logging I/O. Reproducible
	via "sudo tar cf - foo | (cd /tmp && sudo tar xf -)" on OpenBSD.
	[bbe0e18739ec]

2016-05-16  Todd C. Miller

	* plugins/sudoers/visudo_json.c:
	Don't try to fflush(export_fp) or ferror(export_fp) if export_fp is
	NULL, which can happen on the error path.
	[ccfb4dd260fa]

	* plugins/sudoers/sudoers.c, src/exec.c, src/exec_pty.c, src/sudo.c,
	src/tgetpass.c:
	O_NOCTTY has no effect when opening /dev/tty as the open can only
	succeed if there is already a controlling tty.
	[9ca106c499b2]

	* src/sudo.c:
	Do not need to open /dev/tty with O_NONBLOCK, it doesn't block on
	first open like a physical terminal. By definition, if you have a
	controlling tty, the first open (which might block) has already
	occurred.
	[15a5f006836a]

	* src/selinux.c:
	Use O_NOCTTY when opening a tty.
	[5f9fd6458be4]

	* src/Makefile.in:
	regen
	[105ef4533724]

	* plugins/sudoers/auth/sudo_auth.c:
	No need to set pass to NULL after freeing at the end of the loop it
	since it is already set to NULL each time through the loop.
	[2657b0b4260d]

2016-05-14  Todd C. Miller

	* NEWS:
	SELinux fixes in 1.8.17.
	[f743cf0d9c62]

	* plugins/sudoers/logging.h, plugins/sudoers/logwrap.c:
	Check fprintf() return value in writeln_wrap() and return the number
	of characters actually written, or -1 on error.
	[4739e0f58fa3]

	* src/conversation.c:
	Check fputs() return value.
	[e85778cbe0e3]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Do not write directly to stdout/stderr, use sudo_printf which calls
	the conversation function.
	[e86d5ed4dca7]

	* plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c:
	Do not write directly to stdout/stderr, use sudo_printf which calls
	the conversation function.
	[002a30fdb4e0]

	* plugins/sudoers/iolog.c, plugins/sudoers/visudo_json.c:
	Use ferror() after fflush() to check the error status of the stdio
	stream we wrote to.
	[fa1db13fe9ac]

2016-05-13  Todd C. Miller

	* plugins/sudoers/parse.c:
	printf() returns < 0 on error, not explicitly -1
	[2a2385b941de]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo_plugin.cat,
	doc/sudoers.ldap.cat, doc/sudoreplay.cat, doc/visudo.cat:
	Regen for 1.8.17
	[e24b0f944000]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that you need to preserve EDITOR and/or VISUAL for
	env_editor to be useful.
	[ef0ce8917307]

	* src/selinux.c:
	Fix last commit, now that argc is not reset we need to explicitly
	start the copy from argv[1]. From Daniel Kopecek
	[f52403ef587a]

2016-05-12  Todd C. Miller

	* src/selinux.c:
	cosmetic change to warning string
	[a2893e3f9b70]

	* plugins/sudoers/auth/pam.c:
	Avoid adding an extraneous warning string to sudoers.pot.
	[6b07043b48f7]

	* lib/util/snprintf.c:
	Use EOVERFLOW, not ENOMEM for overflow conditions. For snprintf()
	and vsnprintf(), POSIX says we should return -1 and set errno to
	EOVERFLOW if the size param is > INT_MAX; also zero out the string
	in this case (not mandated by POSIX) for safety.
	[294720fc981a]

2016-05-11  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Now that pam_open_session() failure is fatal we should print and log
	an error from it. Bug #744
	[0e98a92ef910]

	* src/selinux.c:
	Repair SELinux support, broken by 397722cdd7ec. From Daniel Kopecek.
	[1246583c7c1f]

	* plugins/sudoers/iolog.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	Remove sudo_mkpwcache() and sudo_mkgrcache(). We now create the
	caches as needed on demand. Also remove calls to sudo_freepwcache()
	and sudo_freegrcache() that are immediately followed by execve(),
	they are not needed.
	[60448afe813d]

	* plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c:
	Eliminate use of setpwent()/endpwent() and setgrent()/endgrent().
	Sudo never iterates over the passwd or group file. Rename
	sudo_set{pw,gr}ent() -> sudo_mk{pw,gr}cache() and use
	sudo_free{pw,gr}cache() instead of sudo_end{pw,gr}ent().
	[66e6f5e7b51b]

2016-05-10  Todd C. Miller

	* plugins/sudoers/parse.h:
	Remove unnecessary NULL checks in the RUNAS_CHANGED macro. The only
	place where the pointers could be NULL is in visudo_json.c but we
	already check for "next" being NULL there. Quiets a cppcheck
	warning.
	[a0d84832c154]

2016-05-09  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	In replay_session() free iov at the end of the function (if needed)
	instead of after processing each line from the timing file. Coverity
	CID 104843.
	[5112f514af87]

	* plugins/sudoers/sudoreplay.c:
	Add io_log_read() and io_log_gets() to hide differences between
	gzread/fread and gzgets/fgets. Check for premature EOF and error
	from io_log_read(). Also sanity check the index in the timing file.
	Coverity CID 104630.
	[6a3b9932f567]

	* src/exec_pty.c:
	Break up io_callback() into read_callback() and write_callback() to
	make it clear that we can't get an event with both read and write
	set.
	[cd3a1e182dd4]

2016-05-07  Todd C. Miller

	* src/exec_pty.c:
	In io_callback() make sure we clear SUDO_EV_READ if we close the fd.
	It should not be possible for SUDO_EV_READ to be set when revent is
	non-NULL but this makes static analyzers happier. Coverity CID
	104124.
	[7acc249fa098]

	* plugins/sudoers/ldap.c:
	In sudo_krb5_copy_cc_file() move the close(ofd) to the done: label
	so we only have to cleanup in one place. Coverity CID 104577.
	[0f189e70c59d]

	* plugins/sudoers/ldap.c:
	Fix memory leak in sudo_netgroup_lookup() in the non-error case.
	Coverity CID 104572, 104573, 104574, 104575.
	[7f9fb7a360b7]

	* plugins/sudoers/ldap.c:
	Fix fd leak in sudo_krb5_copy_cc_file() if restore_perms() fails.
	Coverity CID 104571.
	[d9434cdfb73c]

	* plugins/sudoers/sudoreplay.c:
	Free the events and event base before returning from
	replay_session(). Coverity CID 104116, 104117.
	[321216089e4a]

	* src/sudo_edit.c:
	In sudo_edit_create_tfiles(), fix fd leak if sudo_edit_mktemp()
	fails. Coverity CID 104114.
	[713de09ff956]

	* src/sudo_edit.c:
	Fix fd leak in sudo_edit_open_nonwritable() if dir_is_writable()
	returns an error. Coverity CID 104113.
	[314a57004f00]

	* src/sudo_edit.c:
	Fix memory leak of sesh_args in selinux_edit_copy_tfiles(). Coverity
	CID 104112.
	[ac7f0cbd07c9]

	* plugins/sudoers/visudo.c:
	Fix memory leak in get_editor() if resolve_editor() fails with an
	error. Coverity CID 104107.
	[e355b1f45bcb]

	* src/sudo.c:
	Fix memory leak on error if sudo_new_key_val() fails. Coverity CID
	104103.
	[c2ee1557aef2]

	* plugins/sudoers/visudo.c:
	Ignore the return value of the initial sudoersparse(), before we
	have actually edited any files. Coverity CID 104078.
	[184d9c6aec65]

	* src/exec.c:
	Ignore the result of send() on exec error, if it fails the other end
	of the pipe is gone and we are headed for exit. Coverity CID 104066.
	[cdcd7dfcbca1]

	* plugins/sudoers/toke_util.c:
	In fill_args() clean up properly if there is an internal overflow
	(which should not be possible). Coverity CID 104569.
	[0bc710e91ec4]

	* plugins/sudoers/gc.c:
	Fix logic inversion in sudoers_gc_remove(), currently unused.
	Coverity CID 104568
	[e29df8da11ea]

2016-05-06  Todd C. Miller

	* plugins/sudoers/iolog.c:
	In io_mkdirs(), change the order from stat then mkdir, to mkdir then
	stat. This more closely matches what "mkdir -p" does. Coverity CID
	104120.
	[e462528ff7ea]

	* plugins/sudoers/timestamp.c:
	In ts_mkdirs(), change the order from stat then mkdir, to mkdir then
	stat. This more closely matches what "mkdir -p" does. Coverity CID
	104119.
	[c0c0e2662883]

	* plugins/sudoers/sudoers.c:
	Newer versions of Ubuntu have switched from using the "admin" group
	to the "sudo" group to align with Debian.
	create_admin_success_flag() now accepts either one.
	https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1387347
	[17b4d725dac4]

	* plugins/sudoers/timestamp.c:
	Cast off_t printed via printf(3) instead of assuming it is long
	long.
	[b1d398f4a8dc]

	* plugins/sudoers/sudoers.c:
	Instead of using stat(2) to see if the admin flag file exists and
	creating it if not, just try to create the file and treat EEXIST as
	a non-error. Coverity CID 104121.
	[bd58b0a35a3c]

	* MANIFEST, plugins/sample/README:
	README file for the sample plugin that tells the user how to build,
	install and enable it.
	[8d7096ce78cc]

	* plugins/sample/sample_plugin.c:
	Fix compilation error and export sample_policy struct. From Michael
	Evans
	[5280c1576e7f]

	* NEWS:
	Update for 1.8.17
	[979688a5ef13]

	* configure, configure.ac:
	Sudo 1.8.17
	[09311b2e9697]

	* plugins/sudoers/logging.c:
	Check return value of restore_perms() in vlog_warning(). Coverity
	CID 104079.
	[86555dd0942d]

	* plugins/sudoers/editor.c:
	Fix memory leaks in resolve_editor() in the error path. Coverity CID
	104109, 104110
	[6ac3f7e3ada9]

	* plugins/sudoers/policy.c:
	Fix memory leak of gid_list in sudoers_policy_exec_setup() in the
	error path. Coverity CID 104111.
	[eac1e9489367]

	* plugins/sudoers/logging.c:
	Fix fd leak in do_logfile() if we fail to lock the log file.
	Coverity CID 104115.
	[164a693207a8]

	* plugins/sudoers/sssd.c:
	Fix memory leak of sss_result in sudo_sss_lookup() Coverity CID
	104106
	[7dcee1e6d76f]

	* plugins/sudoers/iolog.c:
	Fix fd leak in open_io_fd() if gzdopen/fdopen fails. Coverity CID
	104105
	[c4c2848c1167]

	* plugins/sudoers/iolog.c:
	Fix fd leak in io_nextid() in error path. Coverity CID 104104
	[8920cdaab5bd]

2016-05-05  Todd C. Miller

	* plugins/sudoers/timestamp.c:
	Check lseek() return value. Coverity CID 104061.
	[bf3bb4c80cfc]

	* plugins/sudoers/timestamp.c:
	Ignore ts_write() return value when disabling an entry with a bogus
	timestamp. We ignore the timestamp entry even it doesn't succeed.
	Coverity CID 104062.
	[5e5925ebbc75]

	* plugins/sudoers/iolog.c, plugins/sudoers/match.c,
	plugins/sudoers/tsgetgrpw.c, src/exec.c, src/exec_pty.c, src/sudo.c:
	Cast the return value of fcntl() to void when setting FD_CLOEXEC.
	Coverity CID 104063, 104064, 104069, 104070, 104071, 104072, 104073,
	104074
	[48720d2f6658]

	* plugins/group_file/getgrent.c:
	Cast the return value of fcntl() to void when setting FD_CLOEXEC.
	Coverity CID 104075, 104076, 104077.
	[7fe1d9f97321]

	* plugins/sudoers/env.c:
	Avoid a false positive. Coverity CID 104056.
	[0256978219a6]

	* plugins/sudoers/visudo_json.c:
	Avoid calling fclose(NULL) on error in export_sudoers(). Coverity
	CID 104091.
	[2f73d86ab929]

	* plugins/sudoers/toke_util.c:
	In fill_args(), check for "arg_size == 0" instead of
	"sudoerslval.command.args == NULL" since the latter leads Coverity
	to imply that sudoerslval.command.args could be NULL later on.
	Coverity CID 104093.
	[bab505438881]

	* plugins/sudoers/sudoers.c:
	Avoid calling fclose(NULL) if the sudoers file is not secure and
	restore_perms() fails. Coverity CID 104090.
	[150db126c221]

2016-05-04  Todd C. Miller

	* plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
	In fill_args(), replace loop that increments arg_size() with a
	simple add and mask. Should prevent a false positive from Coverity
	CID 104094.
	[411c7e398286]

	* plugins/sudoers/sudoreplay.c:
	In parse_expr(), move the "bad" label after the "default" case in
	the switch(), not before it. This seemed to confuse Covertity,
	resulting in a false positive, CID 104095.
	[4371f26995fb]

	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
	For "sudoreplay -l", not all predicates may be shortened to a single
	character. Both 'c' and 't' have more than one possibility.
	[29a5a9a313e2]

	* src/exec.c, src/exec_pty.c, src/sudo.c:
	pid_t is defined by POSIX as a signed integer type so we don't need
	a cast when comparing to -1.
	[98f0a86260a0]

	* src/exec.c:
	In dispatch_signal() for stopped processes check for tcgetpgrp()
	returning -1. Also change checks from "saved_pgrp != -1" to "fd !=
	-1". Coverity CID 104098.
	[42ac4ad85900]

	* src/selinux.c:
	In relabel_tty() always jump to bad: on error, regardless of the
	value of se_state.enforcing. On error, return -1 if enforcing, else
	0. Coverity CID 104099.
	[db1a54d718f1]

	* config.h.in, configure.ac:
	Define NO_LEAKS when sudo is built with Coverity.
	[f4209b9ade8c]

	* src/exec_pty.c:
	In io_callback() if we write the complete buffer and find that there
	is no associated reader just return as there is nothing else to be
	done. In practice is it not possible for SUDO_EV_READ to be set if
	revent is NULL but an early return is harmless and possibly easier
	to understand. Coverity CID 104124.
	[3b3eb45b701e]

	* src/sudo_edit.c:
	Handle read() returning -1 when creating temporary files. Coverity
	CID 104100
	[e82af51e4f48]

	* plugins/sudoers/policy.c:
	Fix cut and paste error when checking cols for 0. Coverity CID
	104081
	[22a3b7d9bce1]

	* plugins/sudoers/pwutil.c:
	Use a single debug message for cache hit or store to avoid another
	situation where they get out of sync. Bug #743
	[4cf484e9b016]

	* plugins/sudoers/pwutil.c:
	Sync the "cache hit" debug messages with the "cached" debug
	messages. This fixes a bug where we could dereference a NULL pointer
	when we look up a negative cached entry which is stored as a NULL
	passwd or group struct pointer. Bug #743.
	[1d13341d53ec]

2016-04-28  Todd C. Miller

	* configure, configure.ac:
	Remove the check for __sprintf_chk when checking for
	_FORTIFY_SOURCE, Some implementations are purely header-file based.
	As long as we can link a test program using sprintf() when
	_FORTIFY_SOURCE=2 it should be safe to use.
	[910af8ba4666]

	* config.h.in, configure, configure.ac:
	Remove configure checks for dev_t, id_t, ino_t, ptrdiff_t, size_t
	and ssize_t. These have been specified by either ANSI C or POSIX for
	long enough that if the system doesn't support them, it is unlikely
	to be able to compile sudo anyway.
	[c9fd433cfe27]

	* src/sudo.c:
	Do group setup in policy_init_session() before calling out to the
	plugin. This makes it possible for the pam_group module to change
	the group in pam_setcred(). It's a bit bogus since pam_setcred() is
	documented as not changing the group or user ID, but pam_group is
	shipped with stock Linux-PAM so we need to support it.
	[814cda602541]

2016-04-26  Todd C. Miller

	* plugins/sudoers/logging.c:
	Add missing newline when logging to a file (not syslog) and
	loglinelen is set to a non-positive number. Bug #742
	[ef0a5428a574]

2016-04-25  Todd C. Miller

	* src/exec.c:
	style fix; fork_cmnd should start on a new line
	[e8211fe0f8d7]

2016-04-22  Todd C. Miller

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, plugins/sudoers/ldap.c,
	plugins/sudoers/logging.c, src/signal.c, src/sudo.c, src/tgetpass.c:
	Ignore SIGPIPE for the duration of sudo and not just in a few select
	places. We have no control over what nss, PAM modules or sudo
	plugins might do so ignoring SIGPIPE is safest.
	[7c919101b8ec]

	* src/selinux.c:
	Use string_to_security_class() instead of pulling SECCLASS_CHR_FILE
	from flask.h. Avoids a warning with new SELinux includes.
	[24f357b419c4]

2016-04-19  Todd C. Miller

	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	When determining whether or not "sudo -l" or "sudo -b" should prompt
	for a password, take all sudoers sources into account. In other
	words, if both file and ldap sudoers sources are in use, "sudo -v"
	will now require that all entries in both sources be have NOPASSWD
	(file) or !authenticate (ldap) in the entries.
	[51e2a5ecacc6]

2016-03-22  Todd C. Miller

	* plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/sudo_auth.h:
	If the auth_type setting in /etc/security/login.cfg is set to
	PAM_AUTH but pam_start() fails, fall back to use AIX authentication.
	Skip the auth_type check if sudo is not compiled with PAM support.
	[cdbe432c465c]

2016-03-17  Todd C. Miller

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	The header for sudo.conf(5) should be SUDO.CONF(5) not SUDO(5).
	[d3afd5bd550f]

2016-03-16  Todd C. Miller

	* plugins/sudoers/policy.c:
	hook_version and hook_type are unsigned so use 0, not -1 in the
	final (empty) entry. Quiets a warning on Solaris Studio 12.2.
	[4947de8e35b7]

2016-03-09  Todd C. Miller

	* NEWS, config.h.in, configure, configure.ac,
	plugins/sudoers/auth/pam.c:
	Work around an ambiguity in the PAM spec with respect to the
	conversation function. It is not clear whether the "struct
	pam_message **msg" is an array of pointers or a pointer to an array.
	Linux-PAM and OpenPAM use an array of pointers while Solaris/HP-
	UX/AIX uses a pointer to an array. Bug #726.
	[d2b926e2f7d6]

2016-03-08  Todd C. Miller

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/eo.mo,
	po/eo.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ru.mo,
	po/ru.po, po/sr.mo, po/sr.po:
	sync with translationproject.org
	[271c6738213d]

2016-02-27  Todd C. Miller

	* NEWS:
	Bug #738
	[9e7974480cdc]

2016-02-26  Todd C. Miller

	* plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
	po/nb.po:
	sync with translationproject.org
	[6aa32f6e5240]

	* lib/util/regress/fnmatch/fnm_test.in:
	Better test for negated character classes.
	[635e3c17bca1]

	* lib/util/regress/fnmatch/fnm_test.in:
	Add test for negated character class
	[0d813e098864]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/pl.mo,
	po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo,
	po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[9398ffdc7719]

	* NEWS:
	sync
	[a27a7d40491e]

	* lib/util/fnmatch.c:
	Fix negation of character classes.
	[aed07c013a41]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Fix the check for whether a user is allowed to lists another user's
	privileges. The "matched" variable is not boolean, it can also have
	the value UNSPEC so we need to check explicitly for true. Bug #738
	[e8ed706fda03]

	* plugins/sudoers/auth/pam.c:
	Log the number of PAM messages in the conversation function at debug
	level.
	[3f16eea5875f]

2016-02-24  Todd C. Miller

	* configure, configure.ac:
	Don't check for posix_spawn() or posix_spawnp() if we were unable to
	find spawn.h. This should only be a problem on systems with broken
	headers. Bug #730
	[5e5b0646dca4]

2016-02-22  Todd C. Miller

	* NEWS:
	update for 1.8.16
	[bad5e6534f39]

	* doc/CONTRIBUTORS, plugins/sudoers/sudoers2ldif:
	Fix documented bug with duplicate role names and turn on perl
	warnings. Based on a diff from Aaron Peschel
	[344a1c1f5c93]

2016-02-20  Todd C. Miller

	* lib/util/aix.c:
	Add declaration of getauthdb() for AIX 5.1
	[f758960bcfd6]

2016-02-19  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[e61e1241f15f]

	* plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po:
	sync with translationproject.org
	[2f3dea24199b]

	* INSTALL:
	Add a note that --with-solaris-audit is only for Solaris 11 and
	above. Bug #737
	[6722331c2830]

2016-02-18  Todd C. Miller

	* configure, configure.ac:
	Remove last remnants of the deprecated --with-stow option.
	[8616d6de7ecd]

	* src/Makefile.in:
	src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be
	overridden via the Makefile like other consumers of _PATH_SUDO_CONF.
	Bug #735
	[10148ef883ec]

2016-02-01  Todd C. Miller

	* configure, configure.ac, include/sudo_util.h, lib/util/aix.c,
	lib/util/getgrouplist.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/set_perms.c, src/sudo.c:
	Add an administrative domain to the passwd/group cache key for AIX
	which can have different name <-> ID mappings depending on whether
	the database is local, LDAP, etc.
	[5319c11aefe9]

	* mkpkg, sudo.pp:
	Fedora dropped "core" from the name some time ago so just match on
	f[0-9] for the rpm distro name provided by pp. Since the version
	numbers of Fedora and RHEL are so different switch to defining
	variables to indicate which features should be enabled. Works for
	Fedora 23.
	[4ec50b352293]

2016-01-31  Todd C. Miller

	* mkpkg, sudo.pp:
	Treat fedora core like centos/rhel for package building.
	[0dfc607d07a1]

2016-01-29  Todd C. Miller

	* plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/parser/check_fill.c:
	Plug some memory leaks in the tests.
	[ce76ba538867]

	* plugins/sudoers/toke_util.c:
	If realloc of sudoerslval.command.args fails, reset
	sudoerslval.command.args as well as arg_len and arg_size after
	freeing sudoerslval.command.args.
	[6481bad56e6a]

	* src/exec_pty.c:
	When freeing the iobs after pty tear-down, also free the associated
	event structures. Quiets a memory leak warnings from address
	sanitizer and valgrind.
	[f19c689a2ded]

2016-01-28  Todd C. Miller

	* plugins/sudoers/iolog.c:
	iolog_compress should be bool, not int
	[b437123a242b]

	* plugins/sudoers/visudo.c:
	Quiet address sanitizer leak detector.
	[b7ce672331f6]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
	plugins/sudoers/gc.c, plugins/sudoers/sudoers.h:
	Simple garbage collection (really a to-be-freed list) for the
	sudoers plugin. Almost identical to what sudo.c uses. Currenly only
	the environment strings are collected at exit time which is enough
	to quiet address sanitizer's leak detector.
	[47f32e047b1a]

	* src/sudo.c:
	Rename gc_cleanup to gc_run and remove I/O plugins from the plugin
	list when freeing them.
	[ea640f0b46f9]

	* src/sudo.c:
	Free up the garbage via an atexit() handler instead of requiring a
	call to gc_exit.
	[cc9c96d88595]

	* src/sudo_edit.c:
	Plug a memory leak in sudo_edit.
	[cab9a13a669b]

2016-01-27  Todd C. Miller

	* INSTALL:
	mention --enable-asan
	[ee2bc0f60c8b]

	* plugins/sudoers/auth/sudo_auth.c:
	Try to deconfuse static analyzers a bit.
	[7e728c76f5df]

	* plugins/sudoers/sssd.c:
	Avoid possible NULL deref found by clang analyzer.
	[8bb3cbfe0446]

	* config.h.in, configure, configure.ac:
	Add --enable-asan configure flag to enable address sanitizer
	[8aae250fb68e]

	* src/sudo.c, src/sudo_plugin_int.h, src/ttyname.c:
	Add support for garbage collecting info passed to the plugin before
	exit to appease address sanitizer's leak detector (and valgrind's
	leak checker). We can't free these sooner since the plugin may be
	using the memory. For plugin API 2.0 it should be make clear that
	the plugin must make a copy of the data in the arrays passed in to
	the plugin's open() function. Only enabled if NO_LEAKS is defined.
	[8458bcb165d8]

	* plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c:
	auth_getpass() returns a dynamically allocated copy of the plaintext
	password which needs to be freed after checking (and clearing) it.
	[28d2c83c3ac4]

	* src/sudo.c:
	Remove sudo_fatalx() calls from format_plugin_settings().
	[96a18a3ccc49]

	* plugins/sudoers/sssd.c:
	fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
	a NULL poiner so there's no need to check before calling it. Add
	missing initialization of sss_sudo_result to NULL in
	sudo_sss_setdefs().
	[fa1c8eaed6ac]

	* plugins/sudoers/sssd.c:
	Add missing return when user is not found in sudo_sss_result_get().
	Previously we fell through to the default case which just logged a
	debug message and returned so this just avoids the extra (generic)
	debug message.
	[68c2201f3a85]

2016-01-26  Todd C. Miller

	* lib/util/gettime.c:
	Fix a warning on AIX.
	[4ebc19a143ff]

	* src/sudo.c:
	Pass updated user_env_out, not envp, to the I/O open function.
	[f02e6f32f189]

	* src/sudo.c:
	Pass updated argv/envp to the I/O open function like the plugin API
	documents.
	[ff9f4fae5cf3]

2016-01-25  Todd C. Miller

	* plugins/sudoers/iolog.c:
	Add check for I/O log file handle being NULL. This could only happen
	if the front-end calls iolog_open with argc == 0 but actually runs a
	command.
	[5113a3c04494]

2016-01-22  Todd C. Miller

	* plugins/sudoers/pwutil.c:
	Additional debugging for pwutil functions.
	[908b83c3acbb]

	* config.h.in, configure, configure.ac, lib/util/aix.c:
	When calling setauthdb(), save the old registry value so we can
	restore it properly. Previously we were setting the registry to
	unrestricted instead of actually restoring it.
	[5a2921412663]

	* plugins/sudoers/sudoers.c:
	Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin.
	[79b012777e71]

2016-01-21  Todd C. Miller

	* lib/util/sudo_debug.c:
	When parsing debug entries, don't make a lower value override a
	higher one. For example, for "pcomm@debug,all@warn" the "all@warn"
	should not set pcomm to "warn" when it is already at "debug".
	[031037a56e51]

2016-01-20  Todd C. Miller

	* plugins/sudoers/policy.c:
	Set sudoedit_checkdir=false in command_details when it is disabled
	in sudoers.
	[811dd43b29f5]

	* include/sudo_compat.h, lib/util/strtobool.c, plugins/sudoers/ldap.c,
	plugins/sudoers/sssd.c, src/sudo_edit.c:
	Update copyright year
	[5ec484920763]

	* src/sudo_edit.c:
	If the user runs "sudoedit /" we will receive ENOENT from openat(2)
	and sudoedit will try to create a file with the null string. If path
	is empty, open the cwd instead so sudoedit can give a sensible error
	message.
	[fc39d5804f1f]

	* lib/util/strtobool.c:
	Log an error for invalid boolean strings.
	[004afa5e05c5]

	* src/sudo.c:
	Fix off by one error in new SET_FLAG macro.
	[5bdce4edf8b9]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the race with sudoedit_checkdir in 1.8.15.
	[cb7aed3367e9]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in:
	Document sudoedit_checkdir
	[89f2452272ad]

2016-01-19  Todd C. Miller

	* src/sudo_edit.c:
	There are no systems that support O_SEARCH/O_PATH that do not also
	support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a
	bit.
	[a48f11ea53b3]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[8ae4d883ac59]

	* NEWS, doc/UPGRADE:
	Add 1.8.16 changes
	[8d3a3f5cdf59]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/defaults.c,
	src/sudo.c:
	Make sudoedit_checkdir the default and update the documentation
	accordingly.
	[84bbc1b73411]

	* src/sudo.c:
	Add a SET_FLAG macro to simplify parsing command details boolean
	flags. Previously, flags were only set and never cleared even if the
	boolean value was false. This was not a problem as there were no
	default flags for the plugin to enable. That will change in the
	future.
	[75f24ca13f41]

2016-01-18  Todd C. Miller

	* src/sudo_edit.c:
	Need to be root when switching to a different user.
	[06d5f010b607]

	* src/sudo_edit.c:
	Use O_SEARCH on systems without O_PATH if present. It can be used
	for a similar purpose.
	[3f559a389bf9]

	* config.h.in, configure, configure.ac, src/sudo_edit.c:
	Use faccessat(2) for directory writability instead of doing the
	checks manually where possible. This also allows us to remove the
	#ifdef __linux__ bits since we no longer use fstat(2) on Linux with
	an O_PATH fd.
	[fe50d0c1f1b9]

2016-01-16  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add "I/O LOG FILES" section to the manual and move many of the
	details from the log_input and log_output descriptions to it.
	[a604903f5ae3]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Use "Nm sudoers" when talking about the plugin and "Em sudoers" when
	talking about the sudoers file.
	[727a68b02de7]

2016-01-13  Todd C. Miller

	* lib/zlib/zlib.exp:
	Remove gzopen_w which is only defined on Windows.
	[a73236903e7b]

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using
	pread64() on that platform.
	[31c4be934115]

2016-01-12  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/ldap.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c, plugins/sudoers/testsudoers.c:
	Add support for matching the entire netgroup tuple (user, host,
	domain).
	[9f694ba7c86d]

	* plugins/sudoers/ldap.c:
	Use asprintf() to generate the netgroup filter instead of using lots
	of concatenation.
	[f8290c040aea]

	* lib/util/util.exp.in:
	Add missing sudo_debug_exit_ssize_t_v1 symbol.
	[9407fb25dfa4]

2016-01-11  Todd C. Miller

	* plugins/sudoers/match.c:
	Silence warning in digest_matches() on systems with no fexecve(2).
	[0cd3cc8fa195]

	* plugins/sudoers/sssd.c:
	Fix free() of invalid pointer introduced in the commit that stripped
	whitespace between a '!' and the name in a sudoOption.
	[4d2c1761c752]

	* plugins/sudoers/ldap.c:
	Fix free() of invalid pointer introduced in the commit that stripped
	whitespace between a '!' and the name in a sudoOption.
	[14391603a9e5]

	* src/sudo_edit.c:
	Add missing dfd argument to the version of
	sudo_edit_openat_nofollow() for systems without O_NOFOLLOW.
	[574e4a840879]

	* plugins/sudoers/ldap.c:
	In sudo_netgroup_lookup() only build up the search filter once
	instead of once per netgroup_base.
	[a03440237078]

	* plugins/sudoers/ldap.c:
	It is safe to pass ldap_msgfree() a NULL pointer.
	[abc2eaddbf83]

	* plugins/sudoers/ldap.c:
	On overflow, warn before freeing anything.
	[2e3bcfa4a8f9]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Use user_runhost and user_srunhost instead of user_host and
	user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd.
	[e1abfdc82242]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
	Update description of sudoedit_checkdir. Reported by Sander Bos.
	[ee44e7255096]

	* src/sudo_edit.c:
	No need to check whether the fd we opened is really a directory in
	sudo_edit_open_nonwritable() since if not, the openat() will fail
	with ENOTDIR anyway.
	[b41c5b289f35]

2016-01-10  Todd C. Miller

	* doc/CONTRIBUTORS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, include/sudo_compat.h, src/sudo_edit.c:
	Rewritten sudoedit_checkdir support that checks all the dirs in the
	path and refuses to follow symlinks in writable directories. This is
	a better fix for CVE-2015-5602. Adapted from a diff by Ben
	Hutchings. Bug #707
	[c2e36a80a279]

2016-01-04  Todd C. Miller

	* MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/ca.mo,
	po/ca.po, po/fi.mo, po/fi.po, po/hu.mo, po/hu.po, po/sr.mo,
	po/sr.po:
	sync with translationproject.org
	[94ffd6b18431]

	* configure, configure.ac, doc/sudo_plugin.cat,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h,
	plugins/sudoers/match.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, src/exec.c, src/exec_common.c,
	src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
	Add support for using fexecve() if supported on commands that are
	checksummed.
	[397722cdd7ec]

2015-12-29  Todd C. Miller

	* src/sudo_edit.c:
	Call openat() with the basename not the full path. From Ben
	Hutchings.
	[33272418bb10]

2015-12-24  Todd C. Miller

	* plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c:
	Fix compilation with --disable-shared
	[84c084618676]

2015-12-20  Todd C. Miller

	* src/exec_common.c:
	Check for existing dso in LD_PRELOAD and only add it if it is not
	already present.
	[15042e8999f7]

2015-12-18  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Clarify when SIGINT and SIGQUIT are relayed by sudo to the command.
	[8efed5784393]

	* plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, src/load_plugins.c:
	Actually use the plugin_dir Path setting in sudo.conf.
	[bccc548127a2]

	* lib/util/sudo_conf.c:
	The Path setting for the plugin directory is "plugin_dir" not
	"plugin".
	[07c2677bbce5]

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
	lib/util/sudo_conf.c, src/exec_common.c:
	Allow sudo.conf Path settings to disable path names (by setting the
	value of NULL).
	[81a44e011a40]

2015-12-16  Todd C. Miller

	* src/selinux.c, src/sudo.h:
	Change noexec flag in selinux_execve() from int to bool.
	[7cb872aac155]

	* src/exec_common.c, src/sudo_exec.h:
	Refactor code to set LD_PRELOAD (or the equivalent) in the
	environment into a preload_dso() function. Also avoid allocating a
	new copy of the environment array if the size of the array does not
	change.
	[72194b0b51f7]

	* configure, configure.ac:
	Add missing square brackets in configure option descriptions.
	[6e25685c6349]

2015-12-11  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the names of the I/O log files and mention buffering.
	Document that I/O logs are in gzip format by default.
	[474838e7b365]

2015-12-10  Todd C. Miller

	* plugins/sudoers/env.c:
	Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas
	[f206a9089a69]

2015-12-09  Todd C. Miller

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	When parsing sudoOptions that include an operator (!, +, +=, -=)
	strip out any whitespace on either side of the operator.
	[62041b5888e5]

2015-12-08  Todd C. Miller

	* plugins/sudoers/sudoers2ldif:
	Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries.
	[dcc9d15b0f3c]

2015-12-06  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the race condition between the digest check and command
	execution.
	[24a3d9215c64]

2015-12-02  Todd C. Miller

	* plugins/sudoers/ldap.c:
	When checking the query results, don't set user_matches in the
	netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
	This was preventing the mail_no_user sudoOption from being
	effective.
	[31004144421b]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST
	regardless of whether or not there was an actual match. Otherwise,
	warning mail may be sent which is not what we want in list mode.
	This is consistent with what the sudoers file backend does.
	[2809338a7b21]

2015-11-22  Todd C. Miller

	* plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
	Use size_t for length parameters in the fill functions used by the
	lexer.
	[0428c9067182]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Use yy_size_t for digest_len since newer flex uses yy_size_t for
	yyleng. Old flex uses int for yyleng so we need to use a cast to
	avoid a sign compare warning.
	[4a3dc6fb8f99]

2015-11-20  Todd C. Miller

	* Makefile.in, README, configure, configure.ac,
	plugins/sudoers/regress/sudoers/test1.in, sudo.pp:
	Use https in sudo.ws urls
	[04e5177022d3]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
	doc/visudo.man.in, doc/visudo.mdoc.in:
	Use https in urls.
	[855b05943b2d]

	* configure, configure.ac:
	sudo 1.8.16
	[b745f7031aeb]

	* plugins/sudoers/env.c:
	When preserving variables from the invoking user's environment, if
	there are duplicates only keep the first instance.
	[d4dfb05db5d7]

2015-11-01  Todd C. Miller

	* include/sudo_debug.h, lib/util/parseln.c, lib/util/sudo_debug.c,
	plugins/sudoers/timestamp.c:
	Add debug_return_ssize_t
	[d491ed281726]

	* plugins/sudoers/timestamp.c:
	Avoid compilation error on Solaris 10 with Stun Studio 12. Bug #727
	[facd8ff1ee6c]

2015-10-31  Todd C. Miller

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo,
	po/da.po:
	sync with translationproject.org
	[6711d740d3d0]

	* NEWS:
	Mention ssp configure fix.
	[92d64fd724cc]

2015-10-30  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/it.mo,
	po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, po/pl.mo,
	po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo,
	po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[9c8eb0062d8c]

	* configure, configure.ac:
	Don't use CPPFLAGS for the -fstack-protector check. Otherwise on
	systems with _FORTIFY_SOURCE support we'll get an error due to the
	lack of optimization flags. Bug #725
	[1a9f8571a82d]

	* configure, configure.ac:
	When checking for stack protector support we need to actually link
	the test program.
	[ab4f94aac7de]

2015-10-29  Todd C. Miller

	* configure, configure.ac:
	Preserve LDFLAGS when checking for stack protector as they may
	include rpath settings to allow the stack protector lib to be found.
	Avoid using existing CFLAGS since we don't want the compiler to
	optimize away the stack variable.
	[e6bc59225c06]

	* configure, configure.ac:
	Better configure test for -fstack-protector. Some gcc installations
	may be missing the ssp library even though the compiler supports it.
	[4ade5d1249f4]

2015-10-25  Todd C. Miller

	* src/sudo_edit.c:
	Set errno to EISDIR instead of ENOTDIR if directory is writable
	since ENOTDIR can be a legitimate errno. This avoids a bogus
	"directory is writable" error in that case.
	[97ee37d905ce]

	* mkpkg:
	Fix the check for whether to include 32-bit arch in Mac OS X
	packages.
	[a76654512f6b]

2015-10-24  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[58277a8f418b]

	* NEWS, src/sudo_edit.c:
	When creating a new file, sudoedit will now check that the file's
	parent directory exists before running the editor.
	[65bc45510fb2]

	* NEWS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/match.c:
	Add always_query_group_plugin
	[7e9060d4c13a]

2015-10-23  Todd C. Miller

	* ABOUT-NLS, MANIFEST:
	Add ABOUT-NLS from GNU gettext.
	[971c168c065a]

	* NEWS, config.h.in, configure, configure.ac, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers_version.h,
	src/sudo.c, src/sudo.h, src/sudo_edit.c:
	Add directory writability checks for sudoedit.
	[f5349d059a98]

2015-10-06  Todd C. Miller

	* NEWS:
	Latest.
	[9aae49302c60]

	* src/conversation.c:
	Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. This
	was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which resulted in
	a masked password instead of an echoed one.
	[53f6a78d79e3]

	* plugins/sudoers/auth/bsdauth.c:
	Repair challenge/response prompting for BSD authentication which got
	broken while it was converted to use the conversation function.
	[2d0b0cec5e4f]

	* plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h:
	Use the auth_getpass (and the plugin conversation fuction) for Tru64
	SIA. This prevents sudo from sleeping while holding the tty ticket
	lock.
	[9221eec812cf]

	* NEWS, doc/UPGRADE, plugins/sudoers/env.c:
	For env_reset, SHELL should be set based on the target user, not the
	invoking user unless preserved via env_keep.
	[b77adbc08c91]

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
	sync with translationproject.org
	[adb927ad5e86]

2015-10-05  Todd C. Miller

	* NEWS:
	Hungarian and Slovak translations
	[d3b6acece125]

	* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/hu.mo,
	plugins/sudoers/po/hu.po, plugins/sudoers/po/sk.mo,
	plugins/sudoers/po/sk.po, po/sk.mo, po/sk.po:
	Add new Slovak and Hungarian translations from
	translationproject.org
	[132ec9b7a927]

2015-10-02  Todd C. Miller

	* src/sudo_edit.c:
	Remove S_ISREG check from sudo_edit_open(), it is already done in
	the caller.
	[9fff8c0bb1f7]

	* src/sudo_edit.c:
	Open sudoedit files with O_NONBLOCK and fail if they are not regular
	files.
	[56b01164869c]

	* plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/tgetpass.c:
	It is possible for WIFSTOPPED to be true even if waitpid() is not
	given WUNTRACED if the child is ptraced. Don't exit the waitpid()
	loop if WIFSTOPPED is true, just in case.
	[a2cab04a03da]

2015-09-30  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/de.mo,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/nb.mo,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo,
	plugins/sudoers/po/zh_CN.mo, po/cs.mo, po/de.mo, po/fi.mo, po/fr.mo,
	po/gl.mo, po/it.mo, po/ja.mo, po/nb.mo, po/pl.mo, po/pt_BR.mo,
	po/uk.mo, po/vi.mo, po/zh_CN.mo:
	rebuild .mo files
	[676362ed6061]

	* plugins/sudoers/po/pt_BR.po, po/pt_BR.po:
	sync with translationproject.org
	[be932694e600]

2015-09-28  Todd C. Miller

	* config.h.in, configure, configure.ac, src/sudo_noexec.c:
	There's no point in trying to interpose protected versions of the
	exec family of functions. Many modern C libraries use hidden symbols
	for the functions and syscalls defined in libc such that they cannot
	be overridden inside libc itself. We have to just wrap all the exec
	variants plus system and popen.
	[30aa4bd6c15b]

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	List all the functions wrapped by sudo_noexec.so.
	[57a9db56f4e0]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	The section is now called "EXEC and NOEXEC" and it is above, not
	below.
	[9b0a2537f65d]

	* src/sudo_noexec.c:
	Also wrap popen(3).
	[a826cd7787e9]

	* src/sudo_noexec.c:
	Also interpose system(3). On glibc systems you cannot interpose the
	syscalls used internally by libc.
	[58a5c06b5257]

	* src/conversation.c:
	Set active debug instance to sudo_debug_instance() during the
	conversation function.
	[22fb750d92a9]

2015-09-27  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	LOGNAME and USERNAME are set the same way as USER
	[54f170cf2536]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Document behavior when the command dies from a signal in EXIT
	STATUS.
	[3c93d682e5e6]

2015-09-26  Todd C. Miller

	* NEWS:
	Bug #722
	[5cca49bb0e02]

	* src/sudo.c:
	When the command sudo is running is killed by a signal, sudo will
	now send itself the same signal with the default signal handler
	instead of exiting. The bash shell appears to ignore some signals,
	e.g. SIGINT, unless the command is killed by that signal. This makes
	the behavior of commands run under sudo the same as without sudo
	when bash is the shell. Bug #722
	[153f016db8f1]

2015-09-25  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Adjust set_logname description to new behavior when any of LOGNAME,
	USER or USERNAME are preserved.
	[89009c2dcf38]

	* NEWS, plugins/sudoers/env.c:
	If some, but not all, of the LOGNAME, USER or USERNAME environment
	variables have been preserved from the invoking user's environment,
	sudo will now use the preserved value to set the remaining variables
	instead of using the runas user. This ensures that if, for example,
	only LOGNAME is present in the env_keep list, that sudo will not set
	USER and USERNAME to the runas user.
	[54a60fe72b9a]

2015-09-24  Todd C. Miller

	* plugins/sudoers/auth/pam.c:
	Fix passing of the callback pointer to the conversation function.
	This was preventing the on_suspend and on_resume functions from
	being called on PAM systems.
	[611246ded4ff]

	* include/sudo_plugin.h:
	Explicitly mark large hex constants unsigned.
	[5b67b0090814]

	* plugins/sudoers/timestamp.c:
	Cast sizeof(entry) to off_t before making it a negative offset for
	lseek(). Fixes "sudo -k" on Solaris and probably others.
	[ed5d312f6baa]

2015-09-21  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add explicit mention of sudo's netgroup semantics since they differ
	from most other netgroup consumers.
	[0e9030f8cf56]

	* plugins/sudoers/po/fi.po, po/fi.po:
	sync with translationproject.org
	[f9236f25a616]

	* plugins/sudoers/check.c:
	Fix potential double free of the cookie when sudo is suspended at
	the password prompt.
	[cbecb3136155]

2015-09-16  Todd C. Miller

	* plugins/sudoers/po/cs.po, plugins/sudoers/po/zh_CN.po, po/cs.po,
	po/zh_CN.po:
	sync with translationproject.org
	[21138f16a3a6]

2015-09-15  Todd C. Miller

	* plugins/sudoers/po/de.po, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.po, po/de.po, po/fr.po, po/gl.po, po/it.po,
	po/ja.po, po/nb.po, po/pl.po, po/uk.po, po/vi.po:
	sync with translationproject.org
	[2d9f3e4c3ccf]

	* NEWS:
	Bug #719
	[cfa393164a0f]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	SIGHUP is now relayed to the command. Bug #719
	[8db7c492c52a]

	* src/exec.c:
	When a terminal device is closed, SIGHUP is sent to the controlling
	process associated with that terminal. It is not sent to the entire
	process group so sudo needs to relay SIGHUP to the command when it
	is not being run in a new pty. Bug #719
	[b408a792f31a]

	* NEWS:
	Mention visudo bug in 1.8.14
	[0fec829807fd]

	* plugins/sudoers/visudo.c:
	We reserved two slots at the end of the editor argv for the line
	number and the file name. However, resolve_editor() adds "--" before
	the file names so the +line_number is interpreted as a file name,
	not a line number so we need to overwrite the "--" as well.
	[ff107430ee4b]

2015-09-10  Todd C. Miller

	* config.h.in, configure, configure.ac, lib/util/sig2str.c,
	lib/util/strsignal.c:
	Remove checks for __sys_siglist and __sys_signame. They are internal
	to libc and there are no known systems that export those symbols
	that do not already export the single underbar or no- underbar
	versions.
	[2b3efe0a91f2]

	* plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po, po/es.mo,
	po/es.po:
	Sync with translationproject.org
	[feb5eb934a9e]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[947e8320c557]

2015-09-09  Todd C. Miller

	* src/tgetpass.c:
	Restore old signal handlers before tty settings. That way SIGTTOU is
	at its original value if sudo_term_restore() should fail.
	[69d2cc6c0702]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in:
	Document what happens when the on_suspend/on_resume callbacks return
	an error.
	[d8c9dcf7a926]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_plugin.h,
	plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
	plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
	plugins/system_group/system_group.c, src/hooks.c:
	No need to have version macros for hooks, callbacks and the sudoers
	group plugin. We can just use the main sudo API macros. The sudoers
	group plugin macros are preserved for source compatibility but are
	not documented.
	[8c52bb83f991]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Properly escape the backslash before a comma in an example so the
	example rule is parsable by visudo.
	[6745d38e9876]

	* src/tgetpass.c:
	Ignore callbacks if major version doesn't match.
	[f852e6ebff01]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/compat/timespec.h, lib/util/Makefile.in, lib/util/gettime.c,
	lib/util/utimens.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/visudo.c, src/Makefile.in, src/sudo_edit.c:
	Remove include/compat/timespec.h. Systems old enough to lack struct
	timespec are too old to build a modern sudo.
	[37812e10a449]

	* NEWS:
	Bug #713
	[8a7245d76799]

	* src/exec.c:
	Fill in cstat if exec_setup() fails. Previously it was only filled
	in for an execve() failure. Fixes an unkillable sudo process when
	exec_setup() fails and I/O logging is enabled.
	[ff1d39d9e505]

	* src/sudo.c:
	Fix running commands as non-root when neither setresuid() not
	setreuid() are available. At this point we are already root so
	setuid() must succeed. Bug #713
	[34754ad586c7]

	* src/sudo.c:
	Cast uid_t to unsigned int when printing as %u
	[669e2d5244a6]

	* doc/UPGRADE:
	Mention time stamp file locking changes, fix some spelling.
	[c4563ea85e3a]

	* NEWS:
	Update with latest changes.
	[2cbd50e7c158]

2015-09-07  Todd C. Miller

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_fatal.h,
	include/sudo_plugin.h, lib/util/fatal.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.h,
	src/conversation.c, src/sudo.c, src/sudo.h, src/sudo_plugin_int.h,
	src/tgetpass.c:
	Add a struct sudo_conv_callback that contains on_suspend and
	on_resume function pointer args plus a closure pointer and at it to
	the conversation function.
	[5608cb4c18f2]

	* config.h.in, configure, configure.ac, include/sudo_util.h,
	lib/util/locking.c, lib/util/util.exp.in, plugins/sudoers/check.c,
	plugins/sudoers/check.h, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
	Lock individual records in the timestamp file instead of the entire
	file. This will make it possible for multiple sudo processes using
	the same tty to serialize their timestamp lookups.
	[f4ad82e36d90]

	* lib/util/term.c, plugins/sudoers/check.c,
	plugins/sudoers/sudoreplay.c, src/tgetpass.c:
	Implement suspend/resume callbacks for the conversation function. If
	suspended, close the timestamp file (dropping all locks). On resume,
	lock the record before reading the password.

	For this to work properly we need to be able to run th callback when
	tsetattr() suspends us, not just when the user does. To accomplish
	this the term_* functions now return EINTR if SIGTTOU would be
	generated. The caller now has to restart the term_* function (and
	send itself SIGTTOU) instead of it being done automatically.
	[572374035897]

	* plugins/sudoers/timestamp.c:
	Allow the time stamp lock to be interrupted by signals.
	[aa5017f86210]

	* plugins/sudoers/timestamp.c:
	Adjust new locking to work when tty_tickets is disabled. We need to
	use per-tty/ppid locking to gain exclusive access to the tty for the
	password prompt but use a separate (short term) lock that is shared
	among all sudo processes for the user.
	[d6d7a0bb6bd0]

	* lib/util/locking.c:
	Set errno to EINVAL if sudo_lock_* is called with a bad type.
	[cfba014f1c1a]

	* src/exec_pty.c:
	sudo_term_* already restart themselve for all but SIGTTOU so we
	don't need to use our own restart loops.
	[113924cd05c0]

	* config.h.in, configure, configure.ac, plugins/sudoers/iolog.c,
	plugins/sudoers/timestamp.c:
	Use pread(2) and pwrite(2) where possible.
	[86cd3f6bab9e]

	* plugins/sudoers/timestamp.c:
	Bring back the check for time stamp files that predate the boot
	time. Instead of truncating we now unlink the file since another
	process may be sleeping on the lock.
	[9cdf7468d0f2]

	* plugins/sudoers/check.c:
	Avoid touching the time stamp directory for "sudo -k command"
	[391d20c17775]

2015-09-02  Todd C. Miller

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, include/sudo_plugin.h:
	Make hook_version and hook_type unsigned.
	[77cb84793f07]

2015-09-01  Todd C. Miller

	* plugins/sudoers/base64.c, plugins/sudoers/match.c,
	plugins/sudoers/regress/parser/check_base64.c:
	When decoding base64, avoid using '=' in the decoded temporary array
	as a sentinel as it can legitimately be present. Instead, just use
	the count of bytes stored in the temp array to determine which bytes
	to fold into the destination.
	[6abef15d3954]

2015-08-21  Todd C. Miller

	* NEWS, plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c:
	When parsing def_editor, break out of the loop when we find the
	first valid editor. Bug #714
	[c7508ed075c2]

2015-08-18  Todd C. Miller

	* plugins/sudoers/visudo.c:
	The condition for adding a missing newline at the end of sudoers was
	never reached. Keep track of the last character and write a newline
	character if when copying to the temp file. Found by Radovan Sroka.
	[86c20e7fc6bd]

	* plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c:
	Remove extraneous while() from botched do {} while() loop conversion
	to use sudo_strsplit. Noticed by Radovan Sroka.
	[cd2d25510129]

2015-08-10  Todd C. Miller

	* plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c:
	In sudo_pam_begin_session() and sudo_pam_end_session() return
	AUTH_FATAL on error, not AUTH_FAILURE. In sudo_auth_begin_session()
	treat anything other than AUTH_SUCCESS as a fatal error.
	[3ad7296390f2]

	* doc/CONTRIBUTORS, src/exec.c, src/exec_pty.c:
	Linux sets si_pid in struct siginfo to 0 when the process that sent
	the signal is in a different container since the PID namespaces in
	different conatiners are separate. Avoid looking up the process
	group by id when si_pid is 0 since getpgid(0) returns the process
	group of the current process. Since sudo ignores signals sent by
	processes in its own process group, this had the effect of ignoring
	signals sent from other containers. From Maarten de Vries
	[6d3f43b95a1f]

	* plugins/sudoers/auth/pam.c:
	Sprinkle some debugging.
	[f5a94a3a1192]

2015-08-09  Todd C. Miller

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.man.in, doc/sudo.mdoc.in:
	Document that sudo uses the real uid to map from uid to passwd file
	user name.
	[04f6709675cc]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in:
	disable_coredump can be set to no on modern OSes without security
	consequences.
	[ebe6d5bb2274]

2015-08-07  Todd C. Miller

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Emphasis on the never.
	[39ca000281c7]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Explicitly tell people not to grant sudoedit to directories the user
	can write to. While sudoedit will no longer open symbolic links,
	hard links are still an issue.
	[26e0afae9bae]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Add warning about writable directories and sudo/sudoedit.
	[701ff725af42]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Emphasize that wildcards are not regexps. Bug #692
	[1e071810c4cb]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Emphasize that wildcards in command line arguments are dangerous.
	Document the failings of the passwd example on GNU systems. Bug #691
	[54d793aea6b2]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Escape the colons in [[:alpha:]] as required by sudoers.
	[ad875dd5ca64]

	* po/sudo.pot, src/sudo_edit.c:
	Change warning when user tries to sudoedit a symbolic link.
	[b8f44e834c2f]

2015-08-06  Todd C. Miller

	* MANIFEST:
	add .json regress files to MANIFEST
	[03ddb3a9671b]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[5abaa0eeab86]

	* doc/sudo.conf.cat, doc/sudoers.ldap.cat, doc/sudoreplay.cat,
	doc/visudo.cat:
	regen
	[43e6b445734c]

	* doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, include/sudo_compat.h, include/sudo_plugin.h,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
	plugins/sudoers/regress/sudoers/test1.in,
	plugins/sudoers/regress/sudoers/test1.json.ok,
	plugins/sudoers/regress/sudoers/test1.out.ok,
	plugins/sudoers/regress/sudoers/test1.toke.ok,
	plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/visudo_json.c, src/sesh.c, src/sudo.c, src/sudo.h,
	src/sudo_edit.c:
	Do not follow symbolic links in sudoedit by default. This behavior
	can be controlled by the sudoedit_follow Defaults flag as well as
	the FOLLOW/NOFOLLOW tags.
	[9636fd256325]

	* NEWS, aclocal.m4, configure, configure.ac:
	Sudo 1.8.15
	[bf18da363b06]

	* plugins/sudoers/Makefile.in,
	plugins/sudoers/regress/sudoers/test1.json.ok,
	plugins/sudoers/regress/sudoers/test10.json.ok,
	plugins/sudoers/regress/sudoers/test11.json.ok,
	plugins/sudoers/regress/sudoers/test12.json.ok,
	plugins/sudoers/regress/sudoers/test13.json.ok,
	plugins/sudoers/regress/sudoers/test14.json.ok,
	plugins/sudoers/regress/sudoers/test15.json.ok,
	plugins/sudoers/regress/sudoers/test16.json.ok,
	plugins/sudoers/regress/sudoers/test2.json.ok,
	plugins/sudoers/regress/sudoers/test3.json.ok,
	plugins/sudoers/regress/sudoers/test4.json.ok,
	plugins/sudoers/regress/sudoers/test5.json.ok,
	plugins/sudoers/regress/sudoers/test6.json.ok,
	plugins/sudoers/regress/sudoers/test7.json.ok,
	plugins/sudoers/regress/sudoers/test8.json.ok,
	plugins/sudoers/regress/sudoers/test9.json.ok:
	Check JSON output of sudoers test files too.
	[3d8517812b80]

2015-08-04  Todd C. Miller

	* plugins/sudoers/sudoers.c:
	Move comment to match moved code.
	[7a30f06462a8]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	maxseq is an int not a string
	[bffd97d22064]

2015-08-02  Todd C. Miller

	* src/preserve_fds.c:
	Include sys/types.h for id_t. Bug #711
	[fda95d9ca1e9]

2015-07-31  Todd C. Miller

	* lib/util/fnmatch.c:
	Avoid a potential out of bounds read found by enh while fuzzing with
	address sanitizer enabled.
	[52d6b9916593]

2015-07-27  Todd C. Miller

	* mkpkg:
	Set sssd lib location to /usr/lib64 on 64-bit RHEL/Centos. Bug #710
	[428421925a20]

2015-07-24  Todd C. Miller

	* doc/CONTRIBUTORS, src/Makefile.in:
	The init.d files are generated from a .in file so we need to install
	from top_builddir not top_srcdir. From Ross Burton. Bug #708
	[df1e7a0d3182]

2015-07-22  Todd C. Miller

	* lib/util/term.c:
	Replace two "return 0" with debug_return_bool(false).
	[49f8fb3dcd36]

	* src/ttyname.c:
	fix typo in previous commit
	[094488696f2c]

	* NEWS, configure, configure.ac:
	Sudo 1.8.14p3
	[0079c43d8247]

2015-07-21  Todd C. Miller

	* src/ttyname.c:
	Fix errno value from get_process_ttyname() when no tty is present.
	[ff7b12bb0638]

	* src/ttyname.c:
	On AIX, only convert the tty device number from dev64_t to dev32_t
	if dev_t is 32-bits.
	[0e728a1eb07a]

2015-07-20  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.8.14p2
	[55fe56b28c7b]

	* plugins/sudoers/timestamp.c:
	Fix creation of the timestamp file; bug #704
	[1ff77fd5cc8f]

2015-07-19  Todd C. Miller

	* src/regress/ttyname/check_ttyname.c, src/sudo.c, src/sudo.h,
	src/ttyname.c:
	Avoid needless memory allocation when resolving the tty name.
	[c58cce92d5e0]

2015-07-17  Todd C. Miller

	* NEWS, configure, configure.ac:
	Sudo 1.8.14p1
	[973705806759]

	* plugins/sudoers/sssd.c:
	Fix typo in sudo_sss_attrcpy() that caused a memory allocation
	error.
	[0fa324a7bb56]

2015-07-15  Todd C. Miller

	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/uk.mo,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
	rebuild
	[e4c7cda46475]

2015-07-14  Todd C. Miller

	* lib/util/lbuf.c, plugins/sudoers/env.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
	plugins/sudoers/match.c, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/redblack.c, src/hooks.c, src/net_ifs.c, src/sudo.c:
	Add some debugging printfs when malloc fails and we don't have an
	explicit call to sudo_warnx().
	[07aebb5839c3]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c:
	Add missing warnings for memory allocation failure. Add function
	name to memory allocation warnings.
	[4f6027786a28]

	* lib/util/parseln.c:
	Return -1 if realloc() fails.
	[707632291eac]

	* lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
	Add line number to debug log for memory allocation errors.
	[f4f3debdfcc5]

	* plugins/sudoers/auth/pam.c:
	Add warning if calloc() fails. Add debugging for other unexpected
	errors.
	[a1e0945237d8]

	* plugins/sudoers/ldap.c:
	Add missing check for calloc(3) return value.
	[37fe3ca78e8e]

2015-07-13  Todd C. Miller

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document that the values printed by "sudo -V" are affected by
	Defaults settings in sudoers.
	[80ec2572861b]

2015-07-10  Todd C. Miller

	* plugins/sudoers/group_plugin.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/sssd.c, src/load_plugins.c:
	Avoid calling dlerror() multiple times since it clear the error
	status after printing the error. Problem caused by
	sudo_warn/sudo_fatal being macros...
	[c0fd3b0fb9c3]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Attempt to clarify the conditions under which MAIL and HOME are set
	to the target user.
	[ebd269bebe64]

2015-07-09  Todd C. Miller

	* mkpkg:
	Better checks for the libaudit package for Debian and error out if
	we can't figure it out.
	[225c1bfcb629]

	* mkpkg:
	Fix linux_audit setting on non-multiarch Debian.
	[0a38e9d158f4]

	* sudo.pp:
	Fix typo that broke the linux_audit dependency on Debian.
	[0917bd45acf1]

	* NEWS:
	Mention /proc/stat btime fix.
	[754050a340e2]

	* config.h.in, configure, configure.ac, lib/util/getaddrinfo.c,
	plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c,
	src/net_ifs.c:
	Solaris 2.6 has the prototypes for inet_pton() and inet_ntop() in
	resolv.h.
	[dc0f62743845]

	* plugins/sudoers/boottime.c:
	Sprinkle debugging for boottime.
	[dfb45c763179]

	* mkpkg:
	The old Solaris /bin/sh doesn't support POSIX $( .. ) syntax, use
	backquotes instead.
	[c9e33ffef2b1]

2015-07-08  Todd C. Miller

	* mkpkg, sudo.pp:
	Only use --with-sssd-lib on Debian/Ubuntu w/ multipackage. Use dpkg-
	query to determine the name of the audit package for proper
	dependencies.
	[e9669389aa2f]

	* mkpkg, plugins/sudoers/sudoers.in, sudo.pp:
	Update Debian/Ubuntu packages to be more like the vendor ones. One
	notable exception is that sudo.ws packages use /var/run, not
	/var/lib for timestamp files.
	[0f4c49a3768e]

	* doc/CONTRIBUTORS:
	Add Jakub Wilk
	[78bfdf2e441b]

	* plugins/sudoers/boottime.c:
	Strip newline from /proc/stat btime line to avoid a strtonum()
	failure. From Jakub Wilk.
	[8a04f85a070f]

	* src/exec_pty.c:
	In io_callback() service writes before reads. That way, if both
	SUDO_EV_READ and SUDO_EV_WRITE are set and read() returns 0 (EOF) we
	don't close the fd before the write() is performed.

	If the write() returns EPIPE, ENXIO, EIO or EBADF, clear
	SUDO_EV_READ before we close the fd to avoid calling read() on a
	closed fd.
	[167548fd8af2]

2015-07-07  Todd C. Miller

	* lib/util/regress/sudo_conf/conf_test.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
	Check sudo_conf_read() return value and exit on fatal error (a
	warning was already printed by sudo_conf_read()).
	[d05797f4f197]

	* NEWS:
	Mention double-quoted sudoOption value support.
	[55684a73f097]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Add support for parsing quoted strings in a sudoOption just like
	sudoers Defaults settings.
	[fe8291414179]

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, po/da.mo,
	po/da.po:
	Sync with translationproject.org
	[1c15d1a3dbdd]

2015-07-06  Todd C. Miller

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update year.
	[6ca660e4a957]

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/de.mo,
	po/de.po, po/nb.mo, po/nb.po:
	Sync with translationproject.org
	[d7ede74dcb19]

	* src/sudo.c:
	Fix utmp setup broken by commit be0ca60facf8
	[cd8a06f57f2b]

2015-07-03  Todd C. Miller

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.po, plugins/sudoers/po/pl.mo,
	plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, po/cs.mo,
	po/cs.po, po/fr.mo, po/fr.po, po/it.mo, po/it.po, po/pl.mo,
	po/pl.po:
	Sync with translationproject.org
	[aa473519e66d]

	* plugins/sudoers/po/sudoers.pot:
	regen
	[8f8aa321f043]

	* plugins/sudoers/logging.c:
	Fix typo in error message.
	[220832711826]

2015-07-02  Todd C. Miller

	* NEWS:
	Bug #702 is the AIX timespec issue.
	[c597a312e816]

	* config.h.in, configure, configure.ac, lib/util/closefrom.c,
	lib/util/getcwd.c, lib/util/glob.c, plugins/sudoers/match.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, src/ttyname.c:
	We require POSIX so no need to conditionally include dirent.h. Add a
	check for d_namlen and use the result in the NAMLEN macro.
	[2728194cb6cf]

	* lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
	lib/util/getcwd.c, lib/util/gettime.c, lib/util/glob.c,
	lib/util/lbuf.c, lib/util/locking.c, lib/util/mktemp.c,
	lib/util/parseln.c, lib/util/secure_path.c, lib/util/setgroups.c,
	lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/ttysize.c,
	plugins/group_file/group_file.c, plugins/sample/sample_plugin.c,
	plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
	plugins/sudoers/editor.c, plugins/sudoers/env.c,
	plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
	plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
	plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_json.c, plugins/system_group/system_group.c,
	src/conversation.c, src/exec.c, src/exec_common.c, src/exec_pty.c,
	src/get_pty.c, src/hooks.c, src/load_plugins.c, src/net_ifs.c,
	src/openbsd.c, src/parse_args.c, src/preserve_fds.c, src/signal.c,
	src/solaris.c, src/sudo.c, src/sudo_edit.c, src/sudo_noexec.c,
	src/tgetpass.c, src/ttyname.c, src/utmp.c:
	There's no need to conditionalize the #include <unistd.h>, we
	require a POSIX system.
	[79389c527c08]

	* include/sudo_compat.h:
	Remove some compatibilty defines that should no longer be needed.
	[e9136646d1c6]

2015-06-30  Todd C. Miller

	* NEWS:
	Final changes in 1.8.14
	[3a5cd4f2875a]

	* include/sudo_compat.h:
	Need to include stddef.h to get rsize_t on Mac OS X for
	sudo_memset_s() prototype.
	[9615efed4a9a]

	* lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/strsplit/strsplit_test.c:
	Add missing exit value.
	[484202b53893]

	* lib/util/regress/mktemp/mktemp_test.c:
	Add missing fcntl.h include.
	[020fe6252d96]

	* configure, configure.ac:
	Do check for inet_pton before inet_ntop since we may need to record
	dependent libraries for inet_pton when linking our getaddrinfo
	replacement.
	[fde03eefd88d]

	* include/sudo_debug.h, lib/util/sudo_debug.c:
	Fix build on compilers w/o __func__ or __FUNCTION__
	[196d75416cd5]

	* lib/util/util.exp.in:
	Remove sudo_evasprintf_v1, missed during alloc.c removal.
	[7d0ac7e5909d]

	* lib/util/snprintf.c:
	Add missing fcntl.h include.
	[23b886deb879]

	* config.h.in, configure, configure.ac:
	Add check for inline support.
	[061dab0e411c]

2015-06-29  Todd C. Miller

	* doc/LICENSE:
	Add reallocarray.c license.
	[b4b4d46309f3]

2015-06-27  Todd C. Miller

	* doc/CONTRIBUTORS:
	Fix entry for Joel Pelaez Jorge.
	[386434049903]

2015-06-26  Todd C. Miller

	* include/sudo_lbuf.h, lib/util/lbuf.c, lib/util/util.exp.in,
	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
	plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c:
	Add an error flag to the lbuf struct to simplify error checking.
	Callers of the lbuf functions now check the error flag to tell if a
	memory allocation error ocurred.
	[bc44b0fbc03b]

	* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
	plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.h:
	display_privs() and display_cmnd() may need to return -1 on error.
	[b6d8826900bb]

2015-06-25  Todd C. Miller

	* plugins/sudoers/check.c, plugins/sudoers/check.h,
	plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
	Check restore_perms() return value in all cases, pushing the return
	value back up the call stack.
	[c9beeed2b614]

	* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Return -1, not 0 from sudoers when there is an error (as opposed to
	a policy denial).
	[5d197fe29e0e]

	* doc/CONTRIBUTORS:
	Add Joel Pelaez Jorge
	[55387b44d6e9]

	* plugins/sudoers/auth/pam.c:
	When checking whether the PAM prompt matches "Password:", also check
	for the untranslated version. The PAM module might not be using the
	localized string even though it exists. From Joel Pelaez Jorge.
	Fixes Bug #701
	[d87f6f2ccb42]

2015-06-24  Todd C. Miller

	* plugins/sudoers/ldap.c:
	Silence clang analyzer warning on glibc systems where the first
	argument to qsort() is marked as non-NULL. Also change some counters
	from into to unsigned int and two flags from int to bool.
	[09e400445ca2]

2015-06-23  Todd C. Miller

	* plugins/sudoers/sudoreplay.c:
	Silence clang analyzer warning on glibc systems where the first
	argument to qsort() is marked as non-NULL.
	[34fa7256f1e2]

	* include/sudo_compat.h, include/sudo_debug.h, include/sudo_util.h,
	src/preserve_fds.c:
	Use our own bitmap macros instead of borrowing the ones from select.
	[51ef403511d9]

	* lib/util/sudo_debug.c:
	Must call round_nfds() with fd+1 since it takes a count not the fd
	number. In other words, the lowest value is 1, not 0.
	[cc175cba5371]

	* src/ttyname.c:
	Quiet clang analyzer false positive.
	[9ebecd6b6b29]

	* src/sesh.c:
	Fix uninitialized variables warnings in error case when src file
	cannot be opened. At least one of these is a false positive.
	[98b417c1307a]

2015-06-20  Todd C. Miller

	* lib/util/getline.c, plugins/sudoers/toke_util.c:
	It's safe to rely on C89 semantics for realloc(NULL, size).
	[b633582413ac]

	* plugins/sudoers/env.c:
	malloc() sets errno to ENOMEM on failure so we don't need to set it
	explicitly.
	[09cb5ceaaec3]

	* include/sudo_compat.h:
	No longer need __malloc_like
	[a41b69f256f6]

	* lib/util/util.exp.in:
	Remove symbols from the now-removed alloc.c.
	[da0753d85d20]

	* include/sudo_compat.h, lib/util/aix.c, lib/util/closefrom.c,
	lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c,
	lib/util/getaddrinfo.c, lib/util/getcwd.c, lib/util/getgrouplist.c,
	lib/util/gethostname.c, lib/util/getline.c, lib/util/getopt_long.c,
	lib/util/gettime.c, lib/util/gidlist.c, lib/util/glob.c,
	lib/util/key_val.c, lib/util/lbuf.c, lib/util/locking.c,
	lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/parseln.c,
	lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
	lib/util/regress/atofoo/atofoo_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c, lib/util/setgroups.c,
	lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c,
	lib/util/strndup.c, lib/util/strsplit.c, lib/util/strtobool.c,
	lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c,
	lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
	lib/util/term.c, lib/util/ttysize.c, plugins/group_file/getgrent.c,
	plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
	plugins/sample/sample_plugin.c, plugins/sudoers/alias.c,
	plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/base64.c, plugins/sudoers/boottime.c,
	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
	plugins/sudoers/editor.c, plugins/sudoers/env.c,
	plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
	plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
	plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
	plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
	plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/pwutil_impl.c,
	plugins/sudoe