"Fossies" - the Fresh Open Source Software Archive

Member "sudo-1.9.11p3/ChangeLog" (20 Jun 2022, 2154421 Bytes) of package /linux/misc/sudo-1.9.11p3.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 1.9.11p2_vs_1.9.11p3.

    1 2022-06-20  Todd C. Miller  <Todd.Miller@sudo.ws>
    2 
    3 	* .hgtags:
    4 	Added tag SUDO_1_9_11p3 for changeset 6e671475b373
    5 	[59e5766213e9] [tip] <1.9>
    6 
    7 	* NEWS, configure, configure.ac:
    8 	Merge sudo 1.9.11p3 from tip.
    9 	[6e671475b373] [SUDO_1_9_11p3] <1.9>
   10 
   11 	* NEWS, configure, configure.ac:
   12 	Sudo 1.9.11p3
   13 	[c96ded63ae46]
   14 
   15 	* src/exec_intercept.c, src/sudo_intercept_common.c:
   16 	Set TCP_NODELAY on the socket used for intercept IPC to reduce
   17 	latency. On some systems, Nagle's algorithm was delaying receipt of
   18 	the data, causing commands with intercept or log_subcmds to run
   19 	slowly. Related to Bug #1034.
   20 	[11b129850ac1]
   21 
   22 	* src/sudo_intercept_common.c:
   23 	Use blocking I/O when talking to the sudo process. Also check for
   24 	EAGAIN/EINTR when reading the message size. Fixes a problem seen on
   25 	AIX where recv_intercept_response() could fail unexpectedly. Bug
   26 	#1034.
   27 	[8554618665a2]
   28 
   29 	* src/exec_intercept.c:
   30 	Add debug printfs when send/recv return EAGAIN or EINTR. These are
   31 	not actually errors but can help gain insight into what is going on
   32 	and, in the case of EAGAIN, whether or not there may be a kernel
   33 	resource starvation problem.
   34 	[fd2dee906d2f]
   35 
   36 2022-06-14  Todd C. Miller  <Todd.Miller@sudo.ws>
   37 
   38 	* plugins/sudoers/logging.c:
   39 	log_exit_status: make local variables match struct evlog members.
   40 	[f93d5141e818]
   41 
   42 2022-06-13  Todd C. Miller  <Todd.Miller@sudo.ws>
   43 
   44 	* lib/util/getgrouplist.c:
   45 	Quiet a compiler warning on macOS. The getgrouplist() groups array
   46 	on macOS is int * instead of gid_t *.
   47 	[c64bf72a1416]
   48 
   49 2022-06-12  Todd C. Miller  <Todd.Miller@sudo.ws>
   50 
   51 	* .hgtags:
   52 	Added tag SUDO_1_9_11p2 for changeset 9e4705cb1db5
   53 	[2a4b6b814432] <1.9>
   54 
   55 	* NEWS, configure, configure.ac, include/sudo_compat.h:
   56 	Merge sudo 1.9.11p2 from tip.
   57 	[9e4705cb1db5] [SUDO_1_9_11p2] <1.9>
   58 
   59 	* NEWS, configure, configure.ac:
   60 	Sudo 1.9.11p2
   61 	[9505276e5c97]
   62 
   63 2022-06-11  Todd C. Miller  <Todd.Miller@sudo.ws>
   64 
   65 	* src/exec_ptrace.h:
   66 	Fix compilation on Linux/x32; GitHub issue #158
   67 	[8cebfdd49205]
   68 
   69 2022-06-10  Todd C. Miller  <Todd.Miller@sudo.ws>
   70 
   71 	* plugins/sudoers/policy.c:
   72 	Fix pasto in comment after HAVE_PRIV_SET #endif
   73 	[2275ab3b016d]
   74 
   75 	* include/sudo_compat.h:
   76 	Fix typo, we should define SSIZE_MAX if it is not defined.
   77 	[51c68f801479]
   78 
   79 2022-06-09  Todd C. Miller  <Todd.Miller@sudo.ws>
   80 
   81 	* plugins/sudoers/env.c:
   82 	Change black list -> blocklist This was missed in the previous
   83 	conversion.
   84 	[da610ebb5cb1]
   85 
   86 	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
   87 	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
   88 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
   89 	plugins/sudoers/policy.c,
   90 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
   91 	plugins/sudoers/sudoers.h:
   92 	Save a pointer to the event_alloc parameter in the plugin open
   93 	function. That way we don't need to pass event_alloc around to the
   94 	log client functions.
   95 	[a8a47f3770b3]
   96 
   97 	* lib/protobuf-c/protobuf-c.c:
   98 	Fix regression with zero-length messages introduced in protobuf-c PR
   99 	500.
  100 	[42062b9f75d5]
  101 
  102 2022-06-08  Todd C. Miller  <Todd.Miller@sudo.ws>
  103 
  104 	* .hgtags:
  105 	Added tag SUDO_1_9_11p1 for changeset 06b0f12fe91c
  106 	[feb8ae553833] <1.9>
  107 
  108 	* NEWS, config.h.in, configure, configure.ac:
  109 	Merge sudo 1.9.11p1 from tip.
  110 	[06b0f12fe91c] [SUDO_1_9_11p1] <1.9>
  111 
  112 	* NEWS, configure, configure.ac:
  113 	Sudo 1.9.11p1
  114 	[7fcfdaacb15e]
  115 
  116 2022-06-07  Todd C. Miller  <Todd.Miller@sudo.ws>
  117 
  118 	* src/exec_pty.c:
  119 	Make read and write events persistent and disable as needed. For the
  120 	read callback, disable reader when the buffer is full. For the write
  121 	callback, disable writer when the buffer is consumed.
  122 	[2b6953dc4224]
  123 
  124 	* config.h.in, configure, configure.ac, src/sudo_exec.h,
  125 	src/sudo_noexec.c:
  126 	Check for SECCOMP_MODE_FILTER not SECCOMP_SET_MODE_FILTER. This
  127 	matches the actual prctl() call we use.
  128 	[4222768293d1]
  129 
  130 	* Merge pull request #157 from 0x2b3bfa0/improve-tag-spec-ebnf-docs
  131 
  132 	Improve Tag_Spec EBNF documentation
  133 	[f528335aded5]
  134 
  135 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c:
  136 	Treat EINTR in a callback like we do EAGAIN. We shouldn't get EINTR
  137 	in practice since we set SA_RESTART when registering signal handlers
  138 	but it doesn't hurt to be consistent.
  139 	[acf3394e2df2]
  140 
  141 	* Merge pull request #156 from delroth/aarch64-build
  142 
  143 	exec_ptrace: fix missing sudo_pt_regs on aarch64
  144 	[a7062c609a96]
  145 
  146 2022-06-07  Pierre Bourdon  <delroth@gmail.com>
  147 
  148 	* src/exec_ptrace.h:
  149 	exec_ptrace: fix missing sudo_pt_regs on aarch64
  150 
  151 	AArch64 already had an existing "user_pt_regs" struct and didn't
  152 	need a struct alias before the renaming to "sudo_pt_regs". Make the
  153 	code build again by adding the now missing alias.
  154 
  155 	Fixes: 2eb8ff17
  156 	[3b55f40e9b83]
  157 
  158 2022-06-07  Helio Machado  <0x2b3bfa0+git@googlemail.com>
  159 
  160 	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
  161 	Improve Tag_Spec EBNF documentation
  162 	[7e23ec31d124]
  163 
  164 2022-06-07  Todd C. Miller  <Todd.Miller@sudo.ws>
  165 
  166 	* Merge pull request #154 from 0x2b3bfa0/fix-tag-spec-docs
  167 
  168 	Add missing colon in Tag_Spec documentation
  169 	[ec8f4610b677]
  170 
  171 	* Merge pull request #152 from particleflux/fix-sudoers-typo
  172 
  173 	Fix typo in sudoers comment
  174 	[bbbcff4c14ba]
  175 
  176 2022-06-07  Helio Machado  <0x2b3bfa0+git@googlemail.com>
  177 
  178 	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
  179 	Add missing colon in Tag_Spec documentation
  180 	[e6f4c612e22a]
  181 
  182 2022-06-07  Stefan Linke  <particleflux@gmail.com>
  183 
  184 	* plugins/sudoers/sudoers.in:
  185 	Fix typo in sudoers comment
  186 
  187 	Fix a typo in the sudoers comment about `maxseq` param.
  188 
  189 	Introduced by 906eb19ece47023c659b4b3db2e7a6bb57dff0d9 in 1.9.11.
  190 	[b38fae41b3eb]
  191 
  192 2022-06-06  Todd C. Miller  <Todd.Miller@sudo.ws>
  193 
  194 	* lib/protobuf-c/protobuf-c.c:
  195 	Only shift unsigned values to avoid implementation-specific
  196 	behavior. This converts the arithmetic shifts to logical shifts.
  197 	[e25aa8e9891a]
  198 
  199 	* lib/protobuf-c/protobuf-c.c:
  200 	Fix issue protobuf-c#499: unsigned integer overflow Signed-off-by:
  201 	10054172 <hui.zhang@thalesgroup.com>
  202 	[f3637be4df4f]
  203 
  204 	* include/sudo_event.h, lib/util/event_select.c:
  205 	Fix building with select (not poll) when fd_set is not defined in
  206 	sys/types.h. We can use a void * for the fd_set arrays and just add
  207 	a cast when using the FD_SET macros.
  208 	[5c636cbc11f0]
  209 
  210 	* src/exec_pty.c:
  211 	Reinstall the event handler if we get EAGAIN from read/write
  212 	callback. The read and write events do not set SUDO_EV_PERSIST so we
  213 	need to explicitly re-enable the event if there is still data to be
  214 	read. Bug #963.
  215 	[0006cb6531f4]
  216 
  217 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c:
  218 	If write(2) returns EAGAIN just re-enter the event loop. This is
  219 	consistent with how we handle EAGAIN for read(2).
  220 	[e6478d917a0f]
  221 
  222 	* .hgtags:
  223 	Added tag SUDO_1_9_11 for changeset d495c99554f7
  224 	[74c59bc5c323] <1.9>
  225 
  226 	* NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
  227 	logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
  228 	Merge sudo 1.9.11 from tip.
  229 	[d495c99554f7] [SUDO_1_9_11] <1.9>
  230 
  231 	* docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
  232 	Document how setting ModulePath affects the Python search path. Also
  233 	advise the user to use a unique prefix to avoid name space
  234 	collisions with installed Python modules. Bug #1031.
  235 	[68a9d50d7806]
  236 
  237 	* configure, configure.ac, docs/sudo_plugin_python.man.in,
  238 	docs/sudo_plugin_python.mdoc.in:
  239 	Add EXAMPLES variables for use in the man pages for the examples
  240 	directory.
  241 	[148272d9a6d3]
  242 
  243 2022-06-04  Todd C. Miller  <Todd.Miller@sudo.ws>
  244 
  245 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
  246 	Updated translations from translationproject.org
  247 	[985902730e5b]
  248 
  249 	* plugins/sudoers/po/hr.mo, po/hr.mo:
  250 	Rebuild Croatian message catalog.
  251 	[438136f65c13]
  252 
  253 2022-06-03  Todd C. Miller  <Todd.Miller@sudo.ws>
  254 
  255 	* .gitignore, .hgignore:
  256 	Add new test binaries to the ignore files.
  257 	[ea9de2ded48d]
  258 
  259 	* po/cs.mo, po/cs.po:
  260 	Updated translations from translationproject.org
  261 	[eac0aba546ed]
  262 
  263 	* lib/protobuf-c/protobuf-c.c:
  264 	Define WORDS_BIGENDIAN on big endian systems. Instead of a configure
  265 	check, we use endian.h (or a fallback).
  266 	[4d5603a9528c]
  267 
  268 	* include/intercept.pb-c.h, include/log_server.pb-c.h,
  269 	include/protobuf-c/protobuf-c.h, lib/protobuf-c/protobuf-c.c,
  270 	scripts/unanon:
  271 	Update to protobuf-c 1.4.0
  272 	[47ff9b8bab21]
  273 
  274 	* logsrvd/logsrvd.c, plugins/sudoers/cvtsudoers_csv.c:
  275 	Quiet two clang analyzer false positives.
  276 	[2c878f7853cc]
  277 
  278 	* src/exec_intercept.c:
  279 	Move a comment to the correct location.
  280 	[caacb3fae078]
  281 
  282 	* logsrvd/logsrvd.c:
  283 	union sockaddr_union: pass in sockaddr_union * instead of sockaddr
  284 	*. This eliminates the need for a few casts and is consistent with
  285 	how create_listener() is written.
  286 	[4def05f8d895]
  287 
  288 	* src/exec_ptrace.c:
  289 	Eliminate some dead stores that clang-analyzer complains about.
  290 	[3aac29fe0101]
  291 
  292 	* src/exec_ptrace.c:
  293 	ptrace_read_vec: don't try to free memory on the error path This is
  294 	leftover from when ptrace_read_string() allocated its own memory.
  295 	[7f5b5d21bce9]
  296 
  297 	* config.h.in, configure, configure.ac, src/sudo_intercept.c:
  298 	Avoid using vfork(2) in the DSO system(3) wrapper. Traditional
  299 	vfork(2) semantics make it unsafe for use for more than just
  300 	vfork(2) + execve(2).
  301 	[9a8ce7aef55d]
  302 
  303 2022-06-02  Todd C. Miller  <Todd.Miller@sudo.ws>
  304 
  305 	* po/vi.mo, po/vi.po:
  306 	Updated translations from translationproject.org
  307 	[e3197ef8a98d]
  308 
  309 	* NEWS:
  310 	Mention sudo_logsrvd.conf "log_server" parsing fix.
  311 	[575a31b83bfd]
  312 
  313 	* MANIFEST, logsrvd/Makefile.in,
  314 	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in,
  315 	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in,
  316 	logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.1.in,
  317 	logsrvd/regress/logsrvd_conf/tls/sudo_logsrvd.conf.2.in:
  318 	For logsrvd_conf_test include both tls and non-tls configs.
  319 	[ec1815793aab]
  320 
  321 	* MANIFEST, logsrvd/Makefile.in,
  322 	logsrvd/regress/logsrvd_conf/cacert.pem,
  323 	logsrvd/regress/logsrvd_conf/logsrvd_cert.pem,
  324 	logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c,
  325 	logsrvd/regress/logsrvd_conf/logsrvd_dhparams.pem,
  326 	logsrvd/regress/logsrvd_conf/logsrvd_key.pem,
  327 	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.1.in,
  328 	logsrvd/regress/logsrvd_conf/sudo_logsrvd.conf.2.in:
  329 	Add a simple regression test for logsrvd.conf parser. Unlike the
  330 	parser fuzzer, this includes sample certs and keys. This test would
  331 	have detected the BIO_new_file() bug in set_dhparams().
  332 	[7ddabb9d022f]
  333 
  334 	* logsrvd/logsrvd_conf.c:
  335 	Fix inverted logic when setting server_log. A value that starts with
  336 	a '/' should be treated as a path.
  337 	[8941fd924fbf]
  338 
  339 	* plugins/audit_json/Makefile.in, plugins/sample_approval/Makefile.in:
  340 	Use abs_top_builddir instead of `pwd`/$(top_builddir).
  341 	[0f4e20a7aeed]
  342 
  343 2022-06-01  Todd C. Miller  <Todd.Miller@sudo.ws>
  344 
  345 	* lib/util/regress/parse_gids/parse_gids_test.c:
  346 	Plug a memory leak.
  347 	[8a9eb498ed55]
  348 
  349 	* plugins/sudoers/parse_ldif.c:
  350 	Fix bug in last commit, need to reinitialize role to NULL.
  351 	[1e454b967993]
  352 
  353 	* plugins/sudoers/parse_ldif.c:
  354 	Simplify the check for when we can reuse the previous user and host
  355 	specs. This makes the code easier to read and quiets a cppcheck
  356 	false positive.
  357 	[037c4943f1ac]
  358 
  359 	* docs/Makefile.in:
  360 	Install the plugin man pages in section 5 (or 4 for System V). The
  361 	manual had the correct section in the text but was installed in the
  362 	wrong directory.
  363 	[5df7d3f9a010]
  364 
  365 	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
  366 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
  367 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
  368 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
  369 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
  370 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
  371 	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
  372 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/de.mo,
  373 	po/de.po, po/eo.mo, po/eo.po, po/fr.mo, po/fr.po, po/hr.mo,
  374 	po/hr.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo,
  375 	po/ro.po, po/uk.mo, po/uk.po:
  376 	Updated translations from translationproject.org
  377 	[9ac84e5c9250]
  378 
  379 	* NEWS:
  380 	Sudo now supports intercepting system(3).
  381 	[a46db96a3b03]
  382 
  383 2022-05-31  Todd C. Miller  <Todd.Miller@sudo.ws>
  384 
  385 	* plugins/sudoers/log_client.c:
  386 	Only display "unable to connect to log server" warning once.
  387 	Previously, in intercept mode, if the log server is unreachable the
  388 	message would be printed for each sub-command.
  389 	[df4c53518bb7]
  390 
  391 	* src/exec.c, src/exec_monitor.c, src/exec_nopty.c, src/sudo_exec.h:
  392 	When using ptrace(2), push the point where we suspend into
  393 	exec_cmnd(). This should reduce the amount of time the child has to
  394 	wait for the parent to use PTRACE_SEIZE to seize control and then
  395 	PTRACE_CONT to continue the child.
  396 	[f9caab4bf18b]
  397 
  398 	* config.h.in, configure, configure.ac, src/sudo_intercept.c:
  399 	Add configure check for vfork(2) and fall back to fork(2) if
  400 	missing.
  401 	[ddfaba8d2a09]
  402 
  403 	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
  404 	docs/sudoers.mdoc.in, src/intercept.exp.in, src/sudo_intercept.c:
  405 	Add support for intercepting the system(3) function. This also means
  406 	we can log system(3) with log_subcmds.
  407 	[aca241d96c0b]
  408 
  409 	* include/compat/endian.h:
  410 	Newer compilers define __BYTE_ORDER__ and
  411 	__ORDER_{BIG,LITTLE}_ENDIAN__ Also add riscv the little endian list.
  412 	[55731e5517fc]
  413 
  414 2022-05-29  Todd C. Miller  <Todd.Miller@sudo.ws>
  415 
  416 	* configure, configure.ac:
  417 	On AIX, fmemopen(3) has a bug where feof() returns false at EOF. See
  418 	https://www.ibm.com/support/pages/apar/IJ11845
  419 	[a703278bceed]
  420 
  421 2022-05-27  Todd C. Miller  <Todd.Miller@sudo.ws>
  422 
  423 	* plugins/sudoers/defaults.c:
  424 	Fix potential signed integer overflow on 32-bit CPUs. Converting
  425 	fractional minutes to nanoseconds could overflow a 32-bit integer,
  426 	use long long instead.
  427 	[b1d2afc0cc4d]
  428 
  429 	* plugins/sudoers/Makefile.in:
  430 	Fix path to example sudoers file, it is now in the build dir.
  431 	[899850a04adf]
  432 
  433 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
  434 	init_options: initialize apparmor_profile to NULL
  435 	[ad0de9e0474f]
  436 
  437 	* NEWS:
  438 	Update with latest 1.9.11 changes.
  439 	[12650d2b6184]
  440 
  441 	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
  442 	Fix typo
  443 	[ce83f628330c]
  444 
  445 	* docs/CONTRIBUTORS.md:
  446 	Update contributors.
  447 	[5b69f27ea398]
  448 
  449 	* logsrvd/tls_init.c:
  450 	Fix uninitialized use of ca_store when building with wolfSSL.
  451 	[e7cc6d8d9f7e]
  452 
  453 	* docker/debian/testing/Dockerfile, docker/ubuntu/devel/Dockerfile,
  454 	docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
  455 	Newer Debian/Ubuntu uses libsepol-dev not libsepol1-dev.
  456 	[b2c1326bfb0d]
  457 
  458 	* configure, configure.ac, plugins/sudoers/def_data.h,
  459 	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
  460 	plugins/sudoers/toke.c, src/Makefile.in:
  461 	Regenerate files after merging AppArmor integration.
  462 	[d24fcec2cb87]
  463 
  464 	* Merge pull request #148 from kernelmethod/apparmor_support
  465 
  466 	Add AppArmor support to sudo
  467 	[fcbfb2410afd]
  468 
  469 	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
  470 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
  471 	plugins/sudoers/def_data.in, plugins/sudoers/policy.c,
  472 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
  473 	src/parse_args.c, src/sudo.c, src/sudo.h:
  474 	Merge branch 'main' into apparmor_support
  475 	[7832ecc5eb7f]
  476 
  477 2022-05-26  Todd C. Miller  <Todd.Miller@sudo.ws>
  478 
  479 	* src/sudo_intercept.c:
  480 	Pass envp, not environ, to real execve() from exec_wrapper() if
  481 	possible. The replacement execve() function was passing the global
  482 	environ to exec_wrapper() instead of the envp parameter. This caused
  483 	the command to be run with the wrong environment on AIX systems, and
  484 	possibly others, when intercept or log_subcmds was enabled. Bug
  485 	#1030.
  486 	[dc0187c68c1b]
  487 
  488 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
  489 	Update .pot files for 1.9.11
  490 	[b4c8ec57842f]
  491 
  492 	* src/exec_ptrace.c:
  493 	Consolidate some translatable strings.
  494 	[05dae7c3c8da]
  495 
  496 	* logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c,
  497 	logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
  498 	plugins/sudoers/log_client.c, src/exec_intercept.c:
  499 	Standardize protobuf "unable to unpack" warning messages.
  500 	[6f4e026c7a02]
  501 
  502 	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
  503 	include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
  504 	e_approval_plugin_and_arguments.stdout, src/exec.c:
  505 	Bump plugin minor version and document new intercept-related
  506 	settings. There should have been a minor version bump for sudo 1.9.8
  507 	when intercept was originally implemented.
  508 	[2b7591704df4]
  509 
  510 2022-05-25  Todd C. Miller  <Todd.Miller@sudo.ws>
  511 
  512 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
  513 	plugins/sudoers/sudoers.h:
  514 	Reset intercept_allow_setid if intercept_type changes from trace to
  515 	dso. But only reset intercept_allow_setid if the user didn't
  516 	explicitly set it.
  517 	[e398111d824e]
  518 
  519 2022-05-24  Todd C. Miller  <Todd.Miller@sudo.ws>
  520 
  521 	* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
  522 	CentOS Stream only uses a major version number, no minor version.
  523 	This prevents the packages from being created as foo.el.arch.rpm
  524 	since we were assuming that the version number was two digits.
  525 	[a3caed91ea8c]
  526 
  527 	* src/exec_ptrace.c, src/exec_ptrace.h:
  528 	Add support for running o32 and n32 binaries on mips64.
  529 	[887ab363f2a4]
  530 
  531 	* src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h:
  532 	Enable ptrace support for MIPS but only for log_subcmds. It is not
  533 	possible to change the syscall return value on MIPS so we cannot
  534 	support full intercept mode. Another complication on MIPS is that if
  535 	a system call is invoked via syscall(__NR_###), v0 holds
  536 	__NR_O32_Linux and the real syscall is in the first arg (a0) and
  537 	other args are shifted by one.
  538 	[0345a4137047]
  539 
  540 	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
  541 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
  542 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
  543 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
  544 	src/exec_ptrace.c, src/parse_args.c, src/sudo.c, src/sudo.h,
  545 	src/sudo_exec.h:
  546 	Add intercept_type sudoers option to set intercept/log_subcmds
  547 	mechanism.
  548 	[b97e461f7da1]
  549 
  550 2022-05-23  kernelmethod  <wss2ec@virginia.edu>
  551 
  552 	* MANIFEST, include/sudo_debug.h, src/Makefile.in, src/apparmor.c,
  553 	src/parse_args.c, src/sudo.c, src/sudo.h:
  554 	Add an apparmor_profile sudo setting
  555 
  556 	Define a new sudo setting, `apparmor_profile`, that can be used to
  557 	pass in an AppArmor profile that should be used to confine commands.
  558 	If apparmor_profile is specified, sudo will execute the command
  559 	using the new `apparmor_execve` function, which confines the command
  560 	under the provided profile before exec'ing it.
  561 	[a54897efe031]
  562 
  563 	* plugins/sudoers/check.c, plugins/sudoers/cvtsudoers_csv.c,
  564 	plugins/sudoers/cvtsudoers_json.c,
  565 	plugins/sudoers/cvtsudoers_ldif.c,
  566 	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/def_data.c,
  567 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
  568 	plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.y,
  569 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
  570 	plugins/sudoers/policy.c,
  571 	plugins/sudoers/regress/fuzz/fuzz_policy.dict,
  572 	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
  573 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
  574 	plugins/sudoers/toke.l:
  575 	Add an APPARMOR_PROFILE user spec option to sudoers
  576 
  577 	sudoers now supports an APPARMOR_PROFILE option, which can be
  578 	specified as e.g.
  579 
  580 	 alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo ALL
  581 
  582 	The line above says "user alice can run any command as any
  583 	user/group, under confinement by the AppArmor profile 'foo'."
  584 	Profiles can be specified in any way that complies with the rules of
  585 	aa_change_profile(2). For instance, the sudoers configuration
  586 
  587 	 alice ALL=(ALL:ALL) APPARMOR_PROFILE=unconfined ALL
  588 
  589 	allows alice to run any command unconfined (i.e., without an
  590 	AppArmor profile), while
  591 
  592 	 alice ALL=(ALL:ALL) APPARMOR_PROFILE=foo//&bar ALL
  593 
  594 	tells sudoers that alice can run any command under the stacked
  595 	AppArmor profiles 'foo' and 'bar'.
  596 
  597 	The intention of this option is to give sysadmins on Linux distros
  598 	supporting AppArmor better options for fine-grained access control.
  599 	Among other things, this option can enforce mandatory access control
  600 	(MAC) over the operations that a privileged user is able to perform
  601 	to ensure that they cannot privesc past the boundaries of a
  602 	specified profile. It can also be used to limit which users are able
  603 	to get unconfined system access, by enforcing a default AppArmor
  604 	profile on all users and then specifying
  605 	'APPARMOR_PROFILE=unconfined' for a privileged subset of users.
  606 	[2afe8c910959]
  607 
  608 	* config.h.in, configure.ac, scripts/mkdep.pl, scripts/mkpkg:
  609 	Add a --with-apparmor build flag
  610 
  611 	Add a new build flag, --with-apparmor, that builds sudo with
  612 	AppArmor support. Modify the build script for Debian and Ubuntu to
  613 	enable this flag by default.
  614 	[596b4e6dce4d]
  615 
  616 	* INSTALL.md, docs/sudoers.man.in, docs/sudoers.mdoc.in:
  617 	Add documentation for AppArmor support
  618 
  619 	- Document the AppArmor userspec option in the sudoers man pages.
  620 	- Add information about the --with-apparmor build configuration option
  621 	to INSTALL.md.
  622 	[524dde965b94]
  623 
  624 2022-05-22  kernelmethod  <wss2ec@virginia.edu>
  625 
  626 	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
  627 	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
  628 	docker/ubuntu/rolling/Dockerfile:
  629 	Add libapparmor-dev to the Debian and Ubuntu Dockerfiles
  630 
  631 	Install libapparmor-dev on Debian- and Ubuntu-based Docker images so
  632 	that they can build sudo with AppArmor support.
  633 	[8491c8b6d240]
  634 
  635 2022-05-19  Todd C. Miller  <Todd.Miller@sudo.ws>
  636 
  637 	* src/exec_nopty.c, src/exec_pty.c:
  638 	Pass the WUNTRACED flag to waitpid() even if __WALL is present.
  639 	Otherwise, we won't get the wait status of a suspended command that
  640 	is not being traced.
  641 	[7c2b46ec73be]
  642 
  643 	* configure, configure.ac, lib/iolog/Makefile.in,
  644 	lib/logsrv/Makefile.in, logsrvd/Makefile.in,
  645 	plugins/sudoers/Makefile.in:
  646 	Use explicit library dependencies instead of implicit. We now
  647 	include all the dependent libraries when linking. Fixes a linking
  648 	problem on CentOS Stream 9.
  649 	[6f06cdbb1552]
  650 
  651 	* plugins/sudoers/logging.c:
  652 	mail_parse_errors: allocate the correct amount of space for mail
  653 	body. Use strlen(), not sizeof(), on "problem parsing sudoers" since
  654 	it is a tranlated string and not a constant. This was caught by the
  655 	existing overflow checks.
  656 	[5aa53136cd9d]
  657 
  658 2022-05-18  Todd C. Miller  <Todd.Miller@sudo.ws>
  659 
  660 	* MANIFEST, src/Makefile.in, src/exec_nopty.c, src/exec_pty.c,
  661 	src/regress/intercept/test_ptrace.c, src/sudo_exec.h,
  662 	src/suspend_nopty.c:
  663 	Move code to suspend sudo when no pty is in use to separate file.
  664 	Use this in test_ptrace.c to be able to suspend just like sudo does.
  665 	[ddef421918b7]
  666 
  667 2022-05-17  Todd C. Miller  <Todd.Miller@sudo.ws>
  668 
  669 	* src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c,
  670 	src/regress/intercept/test_ptrace.c, src/sudo_exec.h:
  671 	Fix suspending a sudo-run shell in ptrace intercept mode with no
  672 	pty. When ptracing a process, we receive the signal-delivery-stop
  673 	signal before the group-stop signal. If sudo is running the command
  674 	in the same terminal, we need to wait until the stop signal is
  675 	actually delivered to the command before we can suspend sudo itself.
  676 	If we suspend sudo before receiving the group-stop, the command will
  677 	be restarted with PTRACE_LISTEN too late and will miss the SIGCONT
  678 	from sudo.
  679 	[bf9a482ecddd]
  680 
  681 	* docs/TROUBLESHOOTING.md, docs/sudo_logsrvd.man.in,
  682 	docs/sudo_logsrvd.mdoc.in:
  683 	OpenSSL 3.x requires the key usage extension be present in CA and
  684 	certs. Certificates generated with a CA that doesn't set the key
  685 	usage extension will fail to validate if "tls_verify" is enabled.
  686 	[3ae4ef1ecf57]
  687 
  688 	* logsrvd/tls_init.c:
  689 	Include the cert or ca file in error messages where applicable.
  690 	[3e0558886a3d]
  691 
  692 	* logsrvd/tls_init.c:
  693 	Add missing include of string.h for strerror(3).
  694 	[253a5634d441]
  695 
  696 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
  697 	logsrvd/tls_client.c, logsrvd/tls_init.c,
  698 	plugins/sudoers/log_client.c:
  699 	If ERR_reason_error_string() returns NULL, fall back on
  700 	strerror(errno). That way we get reasonable error messages for
  701 	missing files, etc.
  702 	[d2423ef0e284]
  703 
  704 	* logsrvd/tls_init.c:
  705 	set_dhparams: pass BIO_new_file() "r" for the file mode, not
  706 	O_RDONLY. Unlike BIO_new_fp(), BIO_new_file() takes an fopen-style
  707 	mode string.
  708 	[7a67aec88cb4]
  709 
  710 	* src/exec_ptrace.c:
  711 	The set_sc_arg3, get_sc_arg3 and set_sc_arg4 functions are not used.
  712 	Use ifdef notyet to disable for now since they may be used in the
  713 	future.
  714 	[99d2f2a42da5]
  715 
  716 2022-05-16  Todd C. Miller  <Todd.Miller@sudo.ws>
  717 
  718 	* src/exec_ptrace.h, src/sudo_exec.h:
  719 	Use __x86_64__ preprocessor symbol, not __amd64__ Also clarify a
  720 	comment about MIPS ptrace.
  721 	[b02ad513eb64]
  722 
  723 	* src/exec_ptrace.h, src/sudo_exec.h:
  724 	ptrace support has been tested on Debian/s390x. It should also work
  725 	on s390 but this has not been tested. I have not added a compat mode
  726 	to trace 31-bit binaries on s390x due to the lack of a test system.
  727 	[3176433e7456]
  728 
  729 	* src/exec_ptrace.h:
  730 	Define sudo_pt_regs instead of user_pt_regs and include the struct
  731 	keyword. On s390, the struct is typedef'd without a name.
  732 	[b2b74f378eef]
  733 
  734 	* src/exec_ptrace.h, src/sudo_exec.h:
  735 	ptrace support has been tested on Debian/riscv64.
  736 	[e1011074d984]
  737 
  738 2022-05-15  Todd C. Miller  <Todd.Miller@sudo.ws>
  739 
  740 	* plugins/sudoers/sudoers.in:
  741 	Add maxseq setting to log_output example. This should make it more
  742 	obvious that you need to adjust maxseq unless you have (virtually)
  743 	unlimited disk space.
  744 	[5203240a248b]
  745 
  746 	* scripts/mkpkg:
  747 	Fix dependency check for libssl on Debian/Ubuntu with OpenSSL 3.
  748 	Also add check for python 3.10 and 3.11 and remove versions < 3.4.
  749 	Fixes building on Ubuntu 22.04.
  750 	[c9114582911c]
  751 
  752 2022-05-14  Todd C. Miller  <Todd.Miller@sudo.ws>
  753 
  754 	* src/exec_ptrace.h:
  755 	Tracing 32-bit arm binaries from a 64-bit sudo works.
  756 	[c1e1602874ed]
  757 
  758 	* src/exec_ptrace.c:
  759 	ptrace_write_string: the terminating NUL fix was reverted by
  760 	mistake.
  761 	[587dd11b2783]
  762 
  763 	* src/exec_ptrace.h, src/sudo_exec.h:
  764 	ptrace-based intercept has now been tested on 32-bit arm
  765 	[493b17a89e63]
  766 
  767 2022-05-13  Todd C. Miller  <Todd.Miller@sudo.ws>
  768 
  769 	* src/exec_ptrace.h:
  770 	Don't use PTRACE_SET_SYSCALL for 32-bit arm binaries running on
  771 	aarch64. Use PTRACE_SETREGSET with NT_ARM_SYSTEM_CALL instead just
  772 	like we would for a 64-bit binary. Newer Linux headers don't define
  773 	PTRACE_SET_SYSCALL for aarch64.
  774 	[5930846e9c9e]
  775 
  776 	* src/regress/intercept/test_ptrace.c:
  777 	Replace verbose flag with debug flag. This is more accurate since it
  778 	actually uses the debug subsystem.
  779 	[dda8b8af8bd2]
  780 
  781 	* src/exec_ptrace.h:
  782 	Initial cut at MIPS support, untested. Mips is a bit different in
  783 	that most Linux distros appear to use the n32 ABI on 64-bit CPUs. We
  784 	don't currently support tracing a 64-bit binary from a 32-bit sudo.
  785 	We could suport tracing o32 ABI binaries in compat mode, though.
  786 	[05e5e246463a]
  787 
  788 2022-05-12  Todd C. Miller  <Todd.Miller@sudo.ws>
  789 
  790 	* src/regress/intercept/test_ptrace.c:
  791 	Add have_seccomp_action("trap") call to check for
  792 	SECCOMP_MODE_FILTER.
  793 	[250c6b72c4f4]
  794 
  795 	* src/exec_ptrace.c, src/exec_ptrace.h:
  796 	Add arm-specific code to set the system call number. Fixes rejection
  797 	of commands due to policy on arm when in intercept mode.
  798 	[74c5bd26713b]
  799 
  800 	* scripts/mkpkg:
  801 	Fix OS major version detection on CentOS Stream
  802 	[cd4d5aaf59a7]
  803 
  804 	* src/exec_ptrace.c:
  805 	Repair ptrace_write_vec() for compat binaries.
  806 	[77ee302b0631]
  807 
  808 	* src/regress/intercept/test_ptrace.c:
  809 	Fix a crash when not run in verbose mode.
  810 	[adf481623228]
  811 
  812 	* src/exec_ptrace.c:
  813 	ptrace_intercept_execve: read back the updated syscall args in test
  814 	mode. This makes it easier to detect problems with the syscall
  815 	rewrite code when testing with test_ptrace.
  816 	[4eb9e09d90d9]
  817 
  818 2022-05-11  Todd C. Miller  <Todd.Miller@sudo.ws>
  819 
  820 	* src/exec_ptrace.c, src/exec_ptrace.h, src/sudo_exec.h:
  821 	Enable ptrace intercept on powerpc. Tested on ppc64 and ppc64le.
  822 	[fbd12baa1a02]
  823 
  824 	* src/exec_ptrace.c:
  825 	Fix tracing compat binaries on big endian systems. We need to swap
  826 	the order of the two 32-bit addresses for big-endian.
  827 	[375004a3ef09]
  828 
  829 	* src/exec_ptrace.c:
  830 	Move code to write a string vector to ptrace_write_vec().
  831 	[8401e0397f11]
  832 
  833 	* src/exec_ptrace.c:
  834 	Fix compilation error on systems with no compat arch. Currently only
  835 	affects i386.
  836 	[b95c707298c5]
  837 
  838 	* MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c,
  839 	src/regress/intercept/test_ptrace.c, src/sudo_exec.h:
  840 	Add test_ptrace program to test ptrace-based intercept support.
  841 	[5f7162bcdbfd]
  842 
  843 	* src/exec_ptrace.c:
  844 	Use unsigned long for addresses so we don't have to worry about sign
  845 	extension.
  846 	[7a0d4ea2fa70]
  847 
  848 2022-05-10  Todd C. Miller  <Todd.Miller@sudo.ws>
  849 
  850 	* src/exec_ptrace.c:
  851 	ptrace_write_string: make sure we always write the terminating NUL.
  852 	We can't check *str for NUL since it may not have been written yet.
  853 	[9d95217981ac]
  854 
  855 	* src/exec_ptrace.c:
  856 	Fix compilation error when SECCOMP_AUDIT_ARCH_COMPAT is not defined.
  857 	[3162054bac24]
  858 
  859 2022-05-09  Todd C. Miller  <Todd.Miller@sudo.ws>
  860 
  861 	* src/exec_ptrace.c, src/exec_ptrace.h:
  862 	It is now safe to make WORDALIGN use compat (not native) aligment.
  863 	We allocate space for an extra pointer between argv and the string
  864 	table for compat binaries so there is no need to align address to
  865 	sizeof(long).
  866 	[898626f1cdf6]
  867 
  868 	* src/exec_ptrace.c, src/exec_ptrace.h:
  869 	Use the entire word in ptrace_get_vec_len() and ptrace_read_vec().
  870 	For compat binaries, use the upper 32-bits as the next word instead
  871 	of calling ptrace(2) to get it. This reduces the number of ptrace(2)
  872 	calls when reading argv and envp for compat binaries.
  873 	[cf5d1ae47dbe]
  874 
  875 2022-05-07  Todd C. Miller  <Todd.Miller@sudo.ws>
  876 
  877 	* src/exec_ptrace.c:
  878 	We don't need to align strings in the string table. We align the
  879 	start of the string table to a word boundary to help prevent overlap
  880 	when writing the pointers. However, the actual strings themselves
  881 	don't need to be aligned.
  882 	[219a1a07fc2e]
  883 
  884 2022-05-06  Todd C. Miller  <Todd.Miller@sudo.ws>
  885 
  886 	* src/exec_ptrace.c:
  887 	Avoid potentially overwriting string table when writing argv. In
  888 	compat mode, if argc is odd, writing the last pointer of argv will
  889 	overlap with the address of argv[0], so leave an extra word in
  890 	between. Also remove incorrect comments about PTRACE_PEEKDATA
  891 	unaligned access.
  892 	[13f7e63a31bd]
  893 
  894 	* src/exec_ptrace.c, src/exec_ptrace.h:
  895 	Use native word size for padding and when reading/writing strings.
  896 	If we try to use the compat word size we can end up in a situation
  897 	where a subsequent PTRACE_POKEDATA overwrites part of what we've
  898 	already written since it always writes in sizeof(long) units.
  899 	[e0d7fdc3f8e2]
  900 
  901 2022-05-05  Todd C. Miller  <Todd.Miller@sudo.ws>
  902 
  903 	* src/exec_ptrace.c:
  904 	ptrace_intercept_execve: rewrite path to exec if changed by the
  905 	policy
  906 	[089f0e32cf2a]
  907 
  908 	* src/exec_ptrace.c:
  909 	ptrace_intercept_execve: plug memory leak of get_execve_info()
  910 	buffer
  911 	[5ce2cf252c80]
  912 
  913 	* MANIFEST, src/Makefile.in, src/exec_intercept.h, src/exec_ptrace.c,
  914 	src/exec_ptrace.h:
  915 	Move register definitions to exec_ptrace.h
  916 	[59cc9bec6925]
  917 
  918 	* src/exec_ptrace.c:
  919 	Add support for intercepting 32-bit binaries on 64-bit systems. We
  920 	need to define the ptrace register struct ourselves for the 32-bit
  921 	system since there is no good way to get it from the system headers.
  922 	Currently only implemented for x86_64 and aarch64.
  923 	[a0407bb1fee0]
  924 
  925 	* src/exec_ptrace.c:
  926 	Add setters and getters for ptrace(2) register access. This will be
  927 	used when running 32-bit binaries from a 64-bit sudo.
  928 	[f7da9453d9fa]
  929 
  930 	* src/exec_ptrace.c:
  931 	exec_ptrace_handled: don't return early if ptrace_intercept_execve()
  932 	fails. We need to continue the traced process even if there is a
  933 	fatal error. Otherwise, sudo will appear to hang as the running
  934 	process is left in PTRACE_EVENT stop.
  935 	[5b3bd75c4486]
  936 
  937 	* src/exec_ptrace.c:
  938 	Don't use PTRACE_GETREGS, it is too complicated when runing compat
  939 	binaries. Unlike PTRACE_GETREGSET, PTRACE_GETREGS requires that we
  940 	manually map registers from 64-bit to 32-bit layouts when running,
  941 	e.g. a 32-bit binary from a 64-bit sudo process.
  942 	[bb3476230373]
  943 
  944 2022-05-04  Todd C. Miller  <Todd.Miller@sudo.ws>
  945 
  946 	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
  947 	plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
  948 	plugins/sudoers/sudoers.h, src/exec_nopty.c, src/exec_pty.c,
  949 	src/parse_args.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
  950 	Initialize intercept_allow_setid to true if we use ptrace(2) and
  951 	seccomp(2).
  952 	[57e58c0ada44]
  953 
  954 2022-05-03  Todd C. Miller  <Todd.Miller@sudo.ws>
  955 
  956 	* src/exec_nopty.c, src/exec_ptrace.c, src/exec_pty.c,
  957 	src/sudo_exec.h:
  958 	If the process is already being traced, just resume it and clear
  959 	flags. This makes it possible to run sudo in ptrace intercept mode
  960 	from within a shell (or other process) that is already being traced
  961 	by sudo.
  962 	[db4d7cd5f673]
  963 
  964 	* src/exec_ptrace.c:
  965 	exec_ptrace_handled: fix delivery of non-stop signals. We need to
  966 	deliver signals to the tracee as long as it is not a group stop.
  967 	Fixes a hang while tracing another sudo process.
  968 	[4ede8b4cfbd9]
  969 
  970 	* src/exec_nopty.c:
  971 	Make SIGCHLD handler more consistent with the pty version. No real
  972 	change other than a few debug statements.
  973 	[bd52284b1e2a]
  974 
  975 	* plugins/sudoers/parse.c:
  976 	sudoers_lookup_check: preserve intercepted flag when reinitializing
  977 	cmnd_info Otherwise we may not reject an attempt to run a set-user-
  978 	ID command.
  979 	[43d72d1537b2]
  980 
  981 	* src/exec_nopty.c, src/exec_pty.c:
  982 	Kill the command if intercept_setup() or ptrace_seize() fail.
  983 	[1037f81b327b]
  984 
  985 2022-05-02  Todd C. Miller  <Todd.Miller@sudo.ws>
  986 
  987 	* plugins/sudoers/match_command.c:
  988 	Move intercept setid check out of do_stat() and into its own
  989 	function. For command_matches_all() we should only perform the setid
  990 	check if the file exists and intercept is enabled. Otherwise, we can
  991 	end up returning an error if the fully-qualified command does not
  992 	exist. Fixes a regression introduced in sudo 1.9.0 with the support
  993 	for digests in conjunction with "sudo ALL".
  994 	[1b5f9ed2160a]
  995 
  996 	* src/exec_ptrace.c:
  997 	Add support for intercepting x32 binaries on Linux x64_64.
  998 	[c5fc89f38c43]
  999 
 1000 2022-04-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 1001 
 1002 	* NEWS, configure, configure.ac:
 1003 	Sudo 1.9.11
 1004 	[d3e832f94348]
 1005 
 1006 	* plugins/sudoers/auth/kerb5.c, src/exec_ptrace.c:
 1007 	Fix typos
 1008 	[8ef3e84fc62e]
 1009 
 1010 	* MANIFEST, docs/CONTRIBUTORS.md, po/ka.mo, po/ka.po:
 1011 	New Georgian translation from translationproject.org
 1012 	[f6b9c7d2192c]
 1013 
 1014 	* src/exec_ptrace.c:
 1015 	Short-circuit the policy check if the command doesn't exist.
 1016 	Otherwise, both sudo and the shell will report the error.
 1017 	[f16f1b6705d9]
 1018 
 1019 	* src/exec_ptrace.c:
 1020 	Add support for replacing argv in ptrace intecept mode. The new argv
 1021 	is written below the tracee's stack and the system call argument is
 1022 	replaced with the new argv address.
 1023 	[3974c784be8b]
 1024 
 1025 	* src/exec_ptrace.c:
 1026 	Check architecture in the seccomp filter. Currently only supports
 1027 	the native architecture.
 1028 	[13f88e436ae0]
 1029 
 1030 	* src/exec_common.c, src/exec_monitor.c, src/exec_nopty.c,
 1031 	src/exec_ptrace.c:
 1032 	Suspend the child process and wait for SIGUSR when using ptrace.
 1033 	This fixes a race condition in ptrace-based intercept mode when
 1034 	running the command in a pty. It was possible for the monitor to
 1035 	receive SIGCHLD when the command sent itself SIGSTOP before the main
 1036 	sudo process did.
 1037 	[cf1f0bea9931]
 1038 
 1039 	* plugins/sudoers/parse.c, src/exec.c, src/selinux.c, src/sudo.h:
 1040 	Enable intercept and log_subcmds for SELinux using ptrace and
 1041 	seccomp.
 1042 	[5d7a3df4457e]
 1043 
 1044 	* src/exec_intercept.c, src/exec_intercept.h, src/exec_ptrace.c,
 1045 	src/sudo.c, src/sudo.h:
 1046 	For ptrace intercept mode, do not do a policy check for the initial
 1047 	command. We can skip the policy check for the execve(2) of the
 1048 	initial command since it has already been check. Otherwise, we would
 1049 	log the command twice. When using fexecve(2) due to a digest check,
 1050 	there should be no need to skip the initial command since it will be
 1051 	executed via execveat(2) not execve(2). However, on older kernels
 1052 	without execveat(2), glibc will emulate fexecve(2) using /proc which
 1053 	will result in the extra log entry.
 1054 	[e411d6bc3855]
 1055 
 1056 	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
 1057 	docs/sudoers.mdoc.in:
 1058 	Update intercept documentation.
 1059 	[f44f1cb2a5d2]
 1060 
 1061 	* src/exec_intercept.c, src/exec_ptrace.c:
 1062 	In ptrace(2) intercept mode, add execveat to the seccomp(2) filter.
 1063 	This allows us to avoid logging the initial command twice regardless
 1064 	of whether the kernel supports execveat(2) or not.
 1065 	[d39bd5adac13]
 1066 
 1067 	* src/exec_ptrace.c:
 1068 	Use PTRACE_GETREGS/PTRACE_SETREGS on platforms that support it. This
 1069 	has a better chance of working on things like user-mode Linux.
 1070 	[c53475bd4020]
 1071 
 1072 	* MANIFEST, src/Makefile.in, src/exec_intercept.c,
 1073 	src/exec_intercept.h, src/exec_nopty.c, src/exec_ptrace.c,
 1074 	src/exec_pty.c, src/sudo_exec.h:
 1075 	Check the policy for ptrace-based intercept mode.
 1076 	[6eadd667ca6d]
 1077 
 1078 	* src/exec_ptrace.c:
 1079 	Add support for getting the execve(2) arguments via ptrace(2). This
 1080 	will be used to perform a policy check in intercept mode.
 1081 	[84b23ae53e2f]
 1082 
 1083 	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
 1084 	src/exec_intercept.c, src/exec_nopty.c, src/exec_ptrace.c,
 1085 	src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
 1086 	Add scaffolding for ptrace-based intercept mode.
 1087 	[34a6269ac4eb]
 1088 
 1089 	* include/sudo_compat.h, src/exec_monitor.c, src/exec_nopty.c,
 1090 	src/exec_pty.c:
 1091 	Stop using the WCONTINUED flag with waitpid(2). We don't use it for
 1092 	anything other than a debug message and it will cause problems when
 1093 	intercept mode starts using ptrace(2).
 1094 	[1f55993d68eb]
 1095 
 1096 	* src/exec_nopty.c, src/exec_pty.c:
 1097 	Handle multiple child processes in the SIGCHLD handler. This is
 1098 	required by the uncoming ptrace intercept code.
 1099 	[6dd72fb8f53f]
 1100 
 1101 2022-04-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 1102 
 1103 	* logsrvd/iolog_writer.c, logsrvd/logsrvd_journal.c,
 1104 	plugins/sudoers/log_client.c:
 1105 	sudo_logsrvd: update elapsed time for winsize and suspend in journal
 1106 	mode Fixes a bug in store-first relay mode where the commit point
 1107 	messages sent by the server were incorrect.
 1108 	[5607e8c7b559]
 1109 
 1110 2022-04-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 1111 
 1112 	* docs/visudo.man.in, docs/visudo.mdoc.in:
 1113 	Fix typo; GitHub issue #144
 1114 	[fb1a539569b4]
 1115 
 1116 2022-04-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 1117 
 1118 	* docs/TROUBLESHOOTING.md:
 1119 	Expand section about expired accounts to include /etc/shadow info.
 1120 	GitHub issue #143
 1121 	[78368dadddfb]
 1122 
 1123 	* src/exec_monitor.c:
 1124 	Add struct command details * to struct monitor_closure. This will be
 1125 	used in the future by the ptrace intercept code.
 1126 	[0603acf1ff96]
 1127 
 1128 	* src/exec.c:
 1129 	Translate "unable to set limit privileges" strings.
 1130 	[a8426e224497]
 1131 
 1132 	* ABOUT-NLS, MANIFEST, docs/CONTRIBUTING.md:
 1133 	Remove ABOUT-NLS file, it is no longer maintained as part of GNU
 1134 	gettext. Expand the Translations section in CONTRIBUTING.md.
 1135 	[b4f0269a8f13]
 1136 
 1137 	* src/exec.c, src/exec_intercept.c:
 1138 	Don't require a pty for intercept or log_subcmmds. The code to take
 1139 	back control of the tty before a policy check doesn't appear to be
 1140 	needed. If the command is run in its own pty, sudo has control over
 1141 	the user's tty. If the command is run in the user's tty, sudo should
 1142 	be in the foreground process group.
 1143 	[bddcc0d9fee6]
 1144 
 1145 2022-04-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 1146 
 1147 	* config.h.in, configure, configure.ac:
 1148 	Define _TIME_BITS=64 on systems that define __TIMESIZE, like GNU
 1149 	libc. This should be replaced by a specialized autoconf macro when
 1150 	one becomes available.
 1151 	[f63b7f9ea5c2]
 1152 
 1153 2022-04-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 1154 
 1155 	* plugins/python/regress/testdata/check_example_group_plugin_is_able_t
 1156 	o_debug.log, plugins/python/regress/testhelpers.c:
 1157 	clean_output: prune lines that consisting of '^' characters and
 1158 	whitespace. Starting with Python 3.11, backtraces may contain a line
 1159 	with '^' characters to bring attention to the important part of the
 1160 	line. Also replace "REJECT" with "0" in backtrace output for Python
 1161 	3.11.
 1162 	[f6a5d1c05b2b]
 1163 
 1164 2022-04-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 1165 
 1166 	* configure, configure.ac:
 1167 	Fix check for EVP_MD_CTX_new() when -pthread is in Libs.private.
 1168 	[4f3fd0d1fd34]
 1169 
 1170 2022-04-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 1171 
 1172 	* configure, configure.ac, lib/eventlog/Makefile.in,
 1173 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 1174 	lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
 1175 	lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
 1176 	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
 1177 	plugins/python/Makefile.in, plugins/sample/Makefile.in,
 1178 	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
 1179 	plugins/system_group/Makefile.in, src/Makefile.in:
 1180 	Rename SSP_(C|LD)FLAGS -> HARDENING_(C|LD)FLAGS
 1181 	[92aa57606481]
 1182 
 1183 	* INSTALL.md:
 1184 	Mention other hardening compilation and linker options.
 1185 	[7da9cf428e39]
 1186 
 1187 2022-03-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 1188 
 1189 	* configure, configure.ac:
 1190 	Fix check for EVP_MD_CTX_new using static libcrypto with
 1191 	dependencies.
 1192 	[c02d6b6e474c]
 1193 
 1194 	* configure, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
 1195 	m4/ltversion.m4, m4/lt~obsolete.m4, scripts/ltmain.sh:
 1196 	Update to libtool 2.4.7.
 1197 	[b8824f6b792c]
 1198 
 1199 2022-03-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 1200 
 1201 	* configure, configure.ac:
 1202 	--enable-openssl: don't add non-existent directories to
 1203 	PKG_CONFIG_LIBDIR
 1204 	[daa9cab172da]
 1205 
 1206 2022-03-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 1207 
 1208 	* scripts/mkpkg:
 1209 	Fix a typo in the AIX section.
 1210 	[4d122a222632]
 1211 
 1212 2022-03-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 1213 
 1214 	* lib/zlib/crc32.c, lib/zlib/crc32.h, lib/zlib/deflate.c,
 1215 	lib/zlib/deflate.h, lib/zlib/gzguts.h, lib/zlib/gzlib.c,
 1216 	lib/zlib/gzread.c, lib/zlib/gzwrite.c, lib/zlib/infback.c,
 1217 	lib/zlib/inffast.c, lib/zlib/inflate.c, lib/zlib/inflate.h,
 1218 	lib/zlib/inftrees.c, lib/zlib/trees.c, lib/zlib/zlib.exp,
 1219 	lib/zlib/zlib.h, lib/zlib/zutil.c, lib/zlib/zutil.h:
 1220 	Update embedded copy of zlib to version 1.2.12. Fixes CVE-2018-25032
 1221 	[3e2517079d86]
 1222 
 1223 2022-03-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 1224 
 1225 	* plugins/sudoers/auth/kerb5.c:
 1226 	Minor style nit.
 1227 	[9bdde2c81a3d]
 1228 
 1229 	* Merge pull request #138 from dfskoll/main
 1230 
 1231 	If we're using Kerberos, don't overwrite a custom prompt
 1232 	[266b04c9ee0a]
 1233 
 1234 2022-03-16  Dianne Skoll  <dianne@skoll.ca>
 1235 
 1236 	* plugins/sudoers/auth/kerb5.c:
 1237 	If we're using Kerberos, don't overwrite a custom prompt if one was
 1238 	given with -p
 1239 
 1240 	Thanks to @thend20 for testing this patch.
 1241 	[e62136f88c3e]
 1242 
 1243 2022-03-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 1244 
 1245 	* src/conversation.c:
 1246 	Write the \r\n pair to ttyfp if possible, falling back on fp. This
 1247 	is consistent with the vfprintf() call and fixes a problem
 1248 	introduced by the last commit where the newline could be written
 1249 	before the message instead of after.
 1250 	[3aaebbec4ee5]
 1251 
 1252 	* include/sudo_util.h,
 1253 	plugins/sudoers/regress/starttime/check_starttime.c:
 1254 	Adjust starttime test when run under Debian faketime. Bug #1026
 1255 	[b8ac7dec6e11]
 1256 
 1257 2022-03-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 1258 
 1259 	* src/conversation.c:
 1260 	sudo_conversation_printf: convert trailing nl to cr + nl combo. This
 1261 	fixes output when the terminal is in raw mode and is consistent with
 1262 	how sudo_conversation() behaves.
 1263 	[e377f2a71021]
 1264 
 1265 	* lib/eventlog/eventlog.c, src/exec_monitor.c, src/exec_nopty.c,
 1266 	src/exec_pty.c, src/tgetpass.c:
 1267 	Block SIGCHLD when forking the mailer. Otherwise, it may be picked
 1268 	up by the signal handler instead of our waitpid(2) call. Don't warn
 1269 	if waitpid() returns 0 in a SIGCHLD handler.
 1270 	[e34a3f90de5b]
 1271 
 1272 	* plugins/sudoers/sudoers.c:
 1273 	Do not warn, log or send mail for errors when reinitializing
 1274 	defaults. If there is a problem, we would have already warned,
 1275 	logged or mailed it. The one exception is the initial defaults,
 1276 	which should never fail.
 1277 	[0d273f4d307d]
 1278 
 1279 	* plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 1280 	plugins/sudoers/parse.c, plugins/sudoers/regress/fuzz/fuzz_policy.c,
 1281 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 1282 	plugins/sudoers/sudoers.c:
 1283 	If there are multiple parse errors, send them in a single mail
 1284 	message.
 1285 	[5de37ad1101f]
 1286 
 1287 	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 1288 	lib/util/Makefile.in, logsrvd/Makefile.in,
 1289 	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
 1290 	src/Makefile.in:
 1291 	Unset LANGUAGE when running tests, otherwise it may override LC_ALL.
 1292 	Bug #1025.
 1293 	[87573102f25b]
 1294 
 1295 2022-03-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 1296 
 1297 	* plugins/sudoers/visudo.c:
 1298 	Looser owner/permission checks for an uninstalled sudoers file. We
 1299 	don't check the owner or permissions on a sudoers file that is
 1300 	specified as an argument to visudo by default. However, the owner
 1301 	and mode of files included via @includedir were still checked. This
 1302 	commit makes the owner and permissions checks for filed included via
 1303 	@includedir follow the same as for the original sudoers file.
 1304 	[db78857306d4]
 1305 
 1306 	* lib/util/regress/getdelim/getdelim_test.c:
 1307 	getdelim_test: increase longstr to check end pointer after realloc
 1308 	This would have caught the recent bug in our getdelim replacement
 1309 	when run under address-sanitizer or valgrind.
 1310 	[6559a42a3205]
 1311 
 1312 	* plugins/sudoers/check_aliases.c:
 1313 	Add missing va_start/va_end around call to sudoers_error_hook().
 1314 	Coverity CID 250885
 1315 	[49d026ba67b2]
 1316 
 1317 	* lib/util/getdelim.c:
 1318 	Correctly update the end pointer when we expand the buffer. From
 1319 	Robert Manner.
 1320 	[99617ae8332d]
 1321 
 1322 2022-03-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 1323 
 1324 	* lib/util/secure_path.c:
 1325 	sudo_secure_path: pass the struct stat * argument directly to
 1326 	stat(2) Set the pointer to a struct stat on the stack if st is NULL.
 1327 	Avoids a needless memcpy() at the end.
 1328 	[11636745ce29]
 1329 
 1330 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 1331 	Fix off-by-one when storing line number in userspec. We store the
 1332 	line number *after* parsing the newline so we need to subtract one.
 1333 	[40d6521a966e]
 1334 
 1335 	* lib/eventlog/eventlog.c:
 1336 	For alert messages, the command or runuser may not be set. This
 1337 	fixes the logging of parse errors when JSON logging is enabled.
 1338 	[cfde228ef422]
 1339 
 1340 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 1341 	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
 1342 	plugins/sudoers/locale.c, plugins/sudoers/logging.h,
 1343 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 1344 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 1345 	plugins/sudoers/testsudoers.c:
 1346 	Pass file, line and column to sudoers defaults callbacks.
 1347 	[04a26b1a224c]
 1348 
 1349 	* plugins/sudoers/audit.c, plugins/sudoers/check_aliases.c,
 1350 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/defaults.c,
 1351 	plugins/sudoers/file.c, plugins/sudoers/gram.c,
 1352 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 1353 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 1354 	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
 1355 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 1356 	plugins/sudoers/regress/sudoers/test18.toke.ok,
 1357 	plugins/sudoers/regress/visudo/test2.err.ok,
 1358 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 1359 	plugins/sudoers/visudo.c:
 1360 	Add a hook for sudoers parse errors (including defaults and
 1361 	aliases). The hook can be used to log parser errors (sudoers module)
 1362 	or keep track of which files have an error (visudo). Previously, we
 1363 	only kept track of a single parse error.
 1364 	[601915bb6265]
 1365 
 1366 2022-03-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 1367 
 1368 	* plugins/sudoers/file.c, plugins/sudoers/ldap.c,
 1369 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 1370 	plugins/sudoers/regress/sudoers/test18.out.ok,
 1371 	plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.h,
 1372 	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
 1373 	Add a source to struct sudo_nss and use it if getdefs() fails. Also
 1374 	remove useless "Problem with defaults entries" warning in
 1375 	testsudoers.
 1376 	[f9ba65e975a0]
 1377 
 1378 2022-03-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 1379 
 1380 	* lib/iolog/regress/iolog_path/check_iolog_path.c,
 1381 	lib/util/regress/getgrouplist/getgrouplist_test.c:
 1382 	Plug a few test memory leaks now that they return from main().
 1383 	[dc4db97a1d57]
 1384 
 1385 2022-03-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 1386 
 1387 	* lib/eventlog/regress/logwrap/check_wrap.c,
 1388 	plugins/sudoers/regress/parser/check_addr.c:
 1389 	Remove extra newline in sudo_warnx() calls.
 1390 	[3366401671fc]
 1391 
 1392 	* plugins/sudoers/check_aliases.c, plugins/sudoers/cvtsudoers.c,
 1393 	plugins/sudoers/file.c, plugins/sudoers/gram.c,
 1394 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 1395 	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
 1396 	Preserve the column and error message when there is a syntax error.
 1397 	This information is now included in the error mail sent to root.
 1398 	[a224b006bfb3]
 1399 
 1400 	* plugins/python/python_plugin_common.c:
 1401 	Deinit python subinterpreters in reverse order (last to first). This
 1402 	appears to work around a crash on OpenBSD with Python 3.9.10.
 1403 	[ad4d7b33da9b]
 1404 
 1405 2022-03-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 1406 
 1407 	* .hgtags:
 1408 	Added tag SUDO_1_9_10 for changeset 3557db693da4
 1409 	[edcb9bf4d4c3] <1.9>
 1410 
 1411 	* NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
 1412 	plugins/sudoers/regress/fuzz/fuzz_policy.c:
 1413 	Merge sudo 1.9.10 from tip.
 1414 	[3557db693da4] [SUDO_1_9_10] <1.9>
 1415 
 1416 	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 1417 	lib/util/Makefile.in, logsrvd/Makefile.in,
 1418 	plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
 1419 	src/Makefile.in:
 1420 	For 'make check-verbose' run fuzzers with -verbose=1 This is the
 1421 	default for libFuzzer but not for the stub fuzzer lib.
 1422 	[7f2551a87c08]
 1423 
 1424 2022-03-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 1425 
 1426 	* INSTALL.md:
 1427 	INSTALL.md: Mention "make check" and "make check-verbose"
 1428 	[17a30e329ba7]
 1429 
 1430 	* scripts/generate_test_coverage.sh:
 1431 	Repair generate_test_coverage.sh after move to scripts directory.
 1432 	[ffef93da0436]
 1433 
 1434 	* Makefile.in, docs/Makefile.in, examples/Makefile.in,
 1435 	include/Makefile.in, lib/eventlog/Makefile.in,
 1436 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 1437 	lib/logsrv/Makefile.in, lib/protobuf-c/Makefile.in,
 1438 	lib/util/Makefile.in, lib/zlib/Makefile.in, logsrvd/Makefile.in,
 1439 	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
 1440 	plugins/python/Makefile.in, plugins/sample/Makefile.in,
 1441 	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
 1442 	plugins/system_group/Makefile.in, src/Makefile.in:
 1443 	Add check-verbose Makefile target that runs tests in verbose mode.
 1444 	[929d079dbfc7]
 1445 
 1446 	* lib/eventlog/regress/logwrap/check_wrap.c,
 1447 	lib/iolog/regress/host_port/host_port_test.c,
 1448 	lib/iolog/regress/iolog_filter/check_iolog_filter.c,
 1449 	lib/iolog/regress/iolog_json/check_iolog_json.c,
 1450 	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
 1451 	lib/iolog/regress/iolog_path/check_iolog_path.c,
 1452 	lib/iolog/regress/iolog_timing/check_iolog_timing.c,
 1453 	lib/util/regress/closefrom/closefrom_test.c,
 1454 	lib/util/regress/fnmatch/fnm_test.c,
 1455 	lib/util/regress/getdelim/getdelim_test.c,
 1456 	lib/util/regress/getgrouplist/getgids.c,
 1457 	lib/util/regress/getgrouplist/getgrouplist_test.c,
 1458 	lib/util/regress/glob/globtest.c,
 1459 	lib/util/regress/mktemp/mktemp_test.c,
 1460 	lib/util/regress/parse_gids/parse_gids_test.c,
 1461 	lib/util/regress/progname/progname_test.c,
 1462 	lib/util/regress/strsig/strsig_test.c,
 1463 	lib/util/regress/strsplit/strsplit_test.c,
 1464 	lib/util/regress/strtofoo/strtobool_test.c,
 1465 	lib/util/regress/strtofoo/strtoid_test.c,
 1466 	lib/util/regress/strtofoo/strtomode_test.c,
 1467 	lib/util/regress/strtofoo/strtonum_test.c,
 1468 	lib/util/regress/sudo_conf/conf_test.c,
 1469 	lib/util/regress/sudo_parseln/parseln_test.c,
 1470 	lib/util/regress/tailq/hltq_test.c,
 1471 	lib/util/regress/uuid/uuid_test.c:
 1472 	Add -v option parsing to regress tests, currently a no-op. This will
 1473 	be used by a "check-verbose" target in the future.
 1474 	[9cdcc23e6a70]
 1475 
 1476 2022-03-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 1477 
 1478 	* plugins/python/regress/check_python_examples.c,
 1479 	plugins/python/regress/testhelpers.h:
 1480 	Less verbose output unless the -v option is used. Also display a
 1481 	test summary at the end.
 1482 	[b18a8f6526e9]
 1483 
 1484 	* src/regress/net_ifs/check_net_ifs.c,
 1485 	src/regress/noexec/check_noexec.c,
 1486 	src/regress/ttyname/check_ttyname.c:
 1487 	verbose flag is boolean, not int
 1488 	[8663ac48be27]
 1489 
 1490 	* configure.ac:
 1491 	Update copyright year.
 1492 	[461698b72a64]
 1493 
 1494 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 1495 	Regenerate dependencies.
 1496 	[f007ec225986]
 1497 
 1498 	* MANIFEST, configure, configure.ac, lib/util/Makefile.in,
 1499 	lib/util/regress/closefrom/closefrom_test.c:
 1500 	Add sudo_closefrom() regression test.
 1501 	[14f4439a8437]
 1502 
 1503 	* NEWS, config.h.in, configure, configure.ac, lib/util/closefrom.c:
 1504 	Use close_range(2) in closefrom() emulation if available. On Linux,
 1505 	prefer our own closefrom() emulation since the glibc version may
 1506 	fail if /proc is not present and close_range() is not supported. On
 1507 	FreeBSD, closefrom(3) will either call the closefrom or close_range
 1508 	system call, depending on which is available.
 1509 	[d84eff07783f]
 1510 
 1511 	* configure, configure.ac:
 1512 	Repair --enable-pvs-studio on Linux.
 1513 	[add3c7fff7f5]
 1514 
 1515 	* configure, configure.ac:
 1516 	Mention apple radar 3710161 in the comment about broken macOS
 1517 	poll(2).
 1518 	[ffb6c8c070dc]
 1519 
 1520 2022-02-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 1521 
 1522 	* src/regress/net_ifs/check_net_ifs.c,
 1523 	src/regress/noexec/check_noexec.c,
 1524 	src/regress/ttyname/check_ttyname.c:
 1525 	Only display test totals unless run in verbose mode.
 1526 	[f543b41f226e]
 1527 
 1528 	* lib/util/regress/harness.in, plugins/sudoers/regress/harness.in:
 1529 	Allow test harness to be run from any directory. Also add missing
 1530 	copyright notice.
 1531 	[5e60bc5beb52]
 1532 
 1533 	* lib/util/regress/harness.in:
 1534 	Adapt test harness for lib/util and move to regress directory.
 1535 	[f415d958bca7]
 1536 
 1537 	* .gitignore, .hgignore, MANIFEST, configure, configure.ac,
 1538 	lib/util/Makefile.in, plugins/sudoers/Makefile.in,
 1539 	plugins/sudoers/harness.in, plugins/sudoers/regress/harness.in:
 1540 	Adapt test harness for lib/util and move to regress directory.
 1541 	[5f488712f797]
 1542 
 1543 	* lib/fuzzstub/fuzzstub.c:
 1544 	Make fuzzer stub main() quiet by default. LLVM LibFuzzer displays
 1545 	the input and running time by default but we don't care about that
 1546 	for the stub fuzzer library.
 1547 	[728005c2de78]
 1548 
 1549 	* .gitignore, .hgignore, MANIFEST, configure, configure.ac,
 1550 	plugins/sudoers/Makefile.in, plugins/sudoers/harness.in:
 1551 	Move the cvtsudoers/sudoers/testsudoers/visudo tests into a script.
 1552 	It is easier to maintain these tests in script form. The output now
 1553 	more closely matches that of the other tests. The harness script can
 1554 	be invoked directly and supports running specific tests.
 1555 	[fbad6e93201e]
 1556 
 1557 2022-02-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 1558 
 1559 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po:
 1560 	Updated translations from translationproject.org
 1561 	[b2622a56fcbc]
 1562 
 1563 2022-02-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 1564 
 1565 	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 1566 	sudo_regex_compile_v1 stub: set errstr on error
 1567 	[2da61535e60d]
 1568 
 1569 	* logsrvd/Makefile.in, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 1570 	fuzz_logsrvd_conf: add stub version of sudo_regex_compile_v1(). We
 1571 	want to fuzz our parser, not the libc regular expression code.
 1572 	[2662a181acc8]
 1573 
 1574 	* plugins/sudoers/regress/testsudoers/test18.out.ok,
 1575 	plugins/sudoers/regress/testsudoers/test18.sh:
 1576 	testsudoers/test18: don't rely on /usr/bin/w being present Fixes a
 1577 	test failure on Alpine Linux.
 1578 	[5b3915cef32b]
 1579 
 1580 2022-02-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 1581 
 1582 	* configure, configure.ac:
 1583 	Add configure check for gzclearerr() when using system zlib.
 1584 	[388dd60cd577]
 1585 
 1586 	* configure, configure.ac:
 1587 	Fix PVS-Studio platform check for macOS.
 1588 	[cc46ae5d60a3]
 1589 
 1590 	* plugins/sudoers/ldap.c:
 1591 	sudo_ldap_parse_options: fix memory leak of sudoRole cn string.
 1592 	Coverity CID 249976
 1593 	[bcf86c362e05]
 1594 
 1595 	* src/sudo_intercept_common.c:
 1596 	command_allowed: plug memory leak on strdup() failure. Coverity CID
 1597 	249972
 1598 	[f15a58ed68d6]
 1599 
 1600 2022-02-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 1601 
 1602 	* plugins/sudoers/check.c:
 1603 	display_lecture: just return if callback is NULL
 1604 	[3e7352fbc28b]
 1605 
 1606 	* lib/eventlog/eventlog.c:
 1607 	For alert messages it is possible for evlog to be NULL. Coverity CID
 1608 	238641
 1609 	[3e89523699fd]
 1610 
 1611 	* logsrvd/logsrv_util.c:
 1612 	iolog_seekto: initialize struct timing_closure before using.
 1613 	Coverity CID 249977
 1614 	[ea53680a2367]
 1615 
 1616 	* logsrvd/iolog_writer.c:
 1617 	iolog_rewrite: initialize struct timing_closure before using.
 1618 	Coverity CID 249971
 1619 	[d214237f3ce8]
 1620 
 1621 	* scripts/mkpkg:
 1622 	Allow ARCH_FLAGS to be overridden and handle macOS 12.
 1623 	[f04f3405fa50]
 1624 
 1625 	* scripts/mkpkg:
 1626 	Prefer if [ ... ]; then over if test ...; then.
 1627 	[4ba3e6ed7280]
 1628 
 1629 	* .circleci/config.yml:
 1630 	Do not build with -Werror on macOS. Some macOS warnings are bogus,
 1631 	for instance it has an incorrect getgrouplist(3) definition.
 1632 	[7e5f469cb0ec]
 1633 
 1634 	* .circleci/config.yml:
 1635 	Build and test macos with circleci.
 1636 	[fc62dc986646]
 1637 
 1638 2022-02-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 1639 
 1640 	* NEWS:
 1641 	Mention lecture behavior change.
 1642 	[cc034a54eb11]
 1643 
 1644 	* lib/iolog/regress/iolog_filter/check_iolog_filter.c:
 1645 	Fix compilation on systems without a real openat(2).
 1646 	[25067ad6772b]
 1647 
 1648 	* plugins/sudoers/match_digest.c:
 1649 	Better warning message when the digest in sudoers is the wrong
 1650 	length.
 1651 	[c2043906f356]
 1652 
 1653 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 1654 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 1655 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 1656 	lib/util/regress/fuzz/fuzz_sudo_conf.c,
 1657 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
 1658 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 1659 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 1660 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 1661 	Do not disable fuzzer output if SUDO_FUZZ_VERBOSE env variable is
 1662 	set.
 1663 	[fd3d5706ffda]
 1664 
 1665 2022-02-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 1666 
 1667 	* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/dce.c,
 1668 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
 1669 	plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
 1670 	Display the lecture immediately before prompting for a password.
 1671 	This means we no longer display the lecture unless the user is going
 1672 	to enter a password. Authentication methods that don't interact with
 1673 	the user via the terminal don't trigger the lecture.
 1674 	[17ef981664c3]
 1675 
 1676 	* NEWS, plugins/sudoers/logging.c:
 1677 	Add back warning when a user is not allowed to run a command.
 1678 	Previously, the warning was displayed when a user was not in the
 1679 	sudoers file, or was present but not listed for the local host. The
 1680 	new behavior is to display the warning if a command is denied and
 1681 	mail is sent to the administrator. Whether or not mail is sent is
 1682 	controlled by the "mail_*" flags in sudoers. The warning text is now
 1683 	"This incident has been reported to the administrator." which is
 1684 	hopefully less confusing. The message will not be printed if either
 1685 	the "mailto" or "mailerpath" sudoers settings are disabled.
 1686 	[dcaeadb7e558]
 1687 
 1688 	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
 1689 	Document that negating mailto or mailerpath disables sending mail.
 1690 	[02d8aabd9af3]
 1691 
 1692 	* TODO:
 1693 	Remove obsolete TODO file.
 1694 	[98e112abab92]
 1695 
 1696 2022-02-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 1697 
 1698 	* plugins/sudoers/logging.c:
 1699 	Don't try to send mail if mailto not set or the mailer is not
 1700 	present.
 1701 	[37166e692a9c]
 1702 
 1703 2022-02-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 1704 
 1705 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
 1706 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 1707 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 1708 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 1709 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 1710 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 1711 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
 1712 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 1713 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
 1714 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 1715 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 1716 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
 1717 	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
 1718 	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
 1719 	po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/ro.mo,
 1720 	po/ro.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/vi.mo,
 1721 	po/vi.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
 1722 	Updated translations from translationproject.org
 1723 	[194b42011062]
 1724 
 1725 	* MANIFEST, lib/iolog/Makefile.in,
 1726 	lib/iolog/regress/iolog_filter/check_iolog_filter.c,
 1727 	lib/iolog/regress/iolog_filter/test1/log,
 1728 	lib/iolog/regress/iolog_filter/test1/timing,
 1729 	lib/iolog/regress/iolog_filter/test1/ttyin,
 1730 	lib/iolog/regress/iolog_filter/test1/ttyin.filtered,
 1731 	lib/iolog/regress/iolog_filter/test1/ttyout,
 1732 	lib/iolog/regress/iolog_filter/test2/log,
 1733 	lib/iolog/regress/iolog_filter/test2/timing,
 1734 	lib/iolog/regress/iolog_filter/test2/ttyin,
 1735 	lib/iolog/regress/iolog_filter/test2/ttyin.filtered,
 1736 	lib/iolog/regress/iolog_filter/test2/ttyout,
 1737 	lib/iolog/regress/iolog_filter/test3/log,
 1738 	lib/iolog/regress/iolog_filter/test3/timing,
 1739 	lib/iolog/regress/iolog_filter/test3/ttyin,
 1740 	lib/iolog/regress/iolog_filter/test3/ttyin.filtered,
 1741 	lib/iolog/regress/iolog_filter/test3/ttyout:
 1742 	Add tests for iolog filtering. This is the functionality used by the
 1743 	log_passwords and passprompt_regex options.
 1744 	[07e587dfd765]
 1745 
 1746 	* lib/iolog/iolog_filter.c:
 1747 	iolog_pwfilt_run: apply regex on ttyout even if we disabled
 1748 	filtering. The heuristic used to decide when to disable filtering is
 1749 	when we see another ttyout buffer or find a cr or nl in the ttyin
 1750 	buffer. However, we should also check the buffer that caused us to
 1751 	disable filtering for a matching regex that would re-enable
 1752 	filtering. Programs that prompt for a password twice might otherwise
 1753 	not have the second password filtered.
 1754 	[f34bf167c3b4]
 1755 
 1756 2022-02-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 1757 
 1758 	* INSTALL.md, README.LDAP.md, docs/TROUBLESHOOTING.md,
 1759 	docs/UPGRADE.md, docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in,
 1760 	docs/sudo.man.in, docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
 1761 	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
 1762 	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
 1763 	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
 1764 	docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
 1765 	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
 1766 	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
 1767 	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
 1768 	examples/sudo_logsrvd.conf.in:
 1769 	Avoid using "note that" and "note: " in documentation.
 1770 	[d75995c86fe0]
 1771 
 1772 	* INSTALL.md, README.LDAP.md, README.md, docs/CONTRIBUTING.md,
 1773 	docs/CONTRIBUTORS.md, docs/SECURITY.md, docs/TROUBLESHOOTING.md,
 1774 	docs/UPGRADE.md, docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
 1775 	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
 1776 	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
 1777 	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
 1778 	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
 1779 	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
 1780 	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
 1781 	docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in,
 1782 	docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
 1783 	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
 1784 	docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
 1785 	docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
 1786 	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
 1787 	Remove "please" from the documentation, it is considered bad style.
 1788 	[9c4a7bc1b48c]
 1789 
 1790 	* docs/UPGRADE.md:
 1791 	Mention regular expressions and "sudo -l -U user" behavior change.
 1792 	[9bf947ed3e30]
 1793 
 1794 	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
 1795 	Add security notes about regular expressions in sudoers rules.
 1796 	[1748e3a05906]
 1797 
 1798 	* NEWS:
 1799 	Update NEWS for GitHub issue #134.
 1800 	[c69636554901]
 1801 
 1802 2022-02-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 1803 
 1804 	* lib/eventlog/eventlog.c:
 1805 	do_logfile_sudo: plug memory leak of full_line Coverity CID 249329
 1806 	[d1d2bc51077a]
 1807 
 1808 	* plugins/sudoers/logging.c:
 1809 	log_server_alert: plug potential memory leak Coverity CID 249328
 1810 	[4d01a8e7dffb]
 1811 
 1812 	* plugins/sudoers/logging.c:
 1813 	fmt_authfail_message: compute the exact amount of space needed.
 1814 	Instead of truncating on overflow, warn and return NULL.
 1815 	[96542ddc9674]
 1816 
 1817 	* plugins/sudoers/parse.c:
 1818 	Fix potential NULL deref if getpwuid(0) fails. Coverity CID 249326
 1819 	[23249273cd01]
 1820 
 1821 2022-02-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 1822 
 1823 	* docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/parse.c,
 1824 	plugins/sudoers/policy.c:
 1825 	Restrict "sudo -U other -l" to users with sudo ALL for root or
 1826 	"other". Having "sudo ALL" permissions in no longer sufficient to be
 1827 	able to list another user's privileges. The invoking user must now
 1828 	have "sudo ALL" for root or the target user. GitHub issue #134
 1829 	[e2b4f8400599]
 1830 
 1831 2022-02-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 1832 
 1833 	* NEWS:
 1834 	Reword some of the NEWS items for 1.9.10.
 1835 	[b2d757e7889c]
 1836 
 1837 2022-02-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 1838 
 1839 	* docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
 1840 	docs/sudoers.man.in, docs/sudoers.mdoc.in, lib/util/regex.c,
 1841 	po/sudo.pot:
 1842 	Limit regular expressions to 1024 characters each. Avoids a problem
 1843 	with the fuzzer creating large regular expressions that blow up the
 1844 	glibc regcomp().
 1845 	[83b1cac11c79]
 1846 
 1847 2022-02-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 1848 
 1849 	* .gitignore, .hgignore, MANIFEST, configure, configure.ac,
 1850 	examples/Makefile.in, examples/sudo.conf.in, examples/syslog.conf,
 1851 	examples/syslog.conf.in:
 1852 	Substitute values in the example syslog.conf too. Also update ignore
 1853 	files for example changes
 1854 	[b13a7e6a630c]
 1855 
 1856 	* MANIFEST, configure, configure.ac, docs/sudo.conf.man.in,
 1857 	docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
 1858 	docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
 1859 	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
 1860 	docs/sudoers.man.in, docs/sudoers.mdoc.in, examples/Makefile.in,
 1861 	examples/sudo_logsrvd.conf, examples/sudo_logsrvd.conf.in,
 1862 	examples/sudoers, examples/sudoers.in:
 1863 	Substitute paths set by configure in examples. Bug #1023
 1864 	[f528fe7a8f88]
 1865 
 1866 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 1867 	Update Project-Id-Version to 1.9.10.
 1868 	[0ad7934baa9f]
 1869 
 1870 	* plugins/sudoers/po/sudoers.pot:
 1871 	Update .pot files for 1.9.10
 1872 	[c7a477455e2e]
 1873 
 1874 	* NEWS, configure, configure.ac:
 1875 	Sudo 1.9.10
 1876 	[b437c4c37971]
 1877 
 1878 	* MANIFEST, docs/sudo_logsrvd.conf.man.in,
 1879 	docs/sudo_logsrvd.conf.mdoc.in, docs/sudoers.man.in,
 1880 	docs/sudoers.mdoc.in, include/sudo_util.h, lib/iolog/iolog_filter.c,
 1881 	lib/util/Makefile.in, lib/util/regex.c, lib/util/util.exp.in,
 1882 	plugins/sudoers/defaults.c, plugins/sudoers/match_command.c,
 1883 	plugins/sudoers/regress/sudoers/test28.in,
 1884 	plugins/sudoers/regress/sudoers/test28.json.ok,
 1885 	plugins/sudoers/regress/sudoers/test28.ldif.ok,
 1886 	plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok,
 1887 	plugins/sudoers/regress/sudoers/test28.out.ok,
 1888 	plugins/sudoers/regress/sudoers/test28.toke.ok,
 1889 	plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c,
 1890 	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
 1891 	plugins/sudoers/toke_util.c:
 1892 	Add helper function to compile a regex that supports (?i).
 1893 	[d680d423d2df]
 1894 
 1895 2022-02-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 1896 
 1897 	* MANIFEST, configure, configure.ac, docs/sudoers.man.in,
 1898 	docs/sudoers.mdoc.in, examples/sudoers,
 1899 	plugins/sudoers/fmtsudoers.c, plugins/sudoers/match_command.c,
 1900 	plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test28.in,
 1901 	plugins/sudoers/regress/sudoers/test28.json.ok,
 1902 	plugins/sudoers/regress/sudoers/test28.ldif.ok,
 1903 	plugins/sudoers/regress/sudoers/test28.ldif2sudo.ok,
 1904 	plugins/sudoers/regress/sudoers/test28.out.ok,
 1905 	plugins/sudoers/regress/sudoers/test28.toke.ok,
 1906 	plugins/sudoers/regress/sudoers/test29.in,
 1907 	plugins/sudoers/regress/sudoers/test29.json.ok,
 1908 	plugins/sudoers/regress/sudoers/test29.ldif.ok,
 1909 	plugins/sudoers/regress/sudoers/test29.out.ok,
 1910 	plugins/sudoers/regress/sudoers/test29.toke.ok,
 1911 	plugins/sudoers/regress/testsudoers/test18.out.ok,
 1912 	plugins/sudoers/regress/testsudoers/test18.sh,
 1913 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
 1914 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
 1915 	Add support for matching command and args using regular expressions.
 1916 	Either the command, its arguments or both may be (separate) regular
 1917 	expressions.
 1918 	[bef0b1a14771]
 1919 
 1920 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 1921 	Clear sudoers_errstr after it is used. This way we avoid printing
 1922 	the same error message more than once if there are multiple ERROR
 1923 	tokens returned from the lexer.
 1924 	[8a7509cd1c46]
 1925 
 1926 	* logsrvd/logsrvd_local.c:
 1927 	store_iobuf_local: fix potential double free on the error path.
 1928 	[f9a0e3cb3c7f]
 1929 
 1930 	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
 1931 	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
 1932 	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
 1933 	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
 1934 	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_logsrvd.man.in,
 1935 	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.man.in,
 1936 	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
 1937 	docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.man.in,
 1938 	docs/sudo_sendlog.mdoc.in, docs/sudoers.ldap.man.in,
 1939 	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
 1940 	docs/sudoers.mdoc.in, docs/sudoers_timestamp.man.in,
 1941 	docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.man.in,
 1942 	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
 1943 	Update links to sudo web site and reference markdown docs.
 1944 	[da9a9eb04f04]
 1945 
 1946 	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
 1947 	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
 1948 	docs/sudo.mdoc.in, docs/sudo_logsrvd.man.in,
 1949 	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin_python.man.in,
 1950 	docs/sudo_plugin_python.mdoc.in, docs/sudoers.man.in,
 1951 	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
 1952 	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in:
 1953 	Use a 4n indent for code blocks instead of the default 6n.
 1954 	[7322dd26a3d4]
 1955 
 1956 	* plugins/sudoers/testsudoers.c:
 1957 	testsudoers: disable argument permutation in GNU getopt This makes
 1958 	it easier to test commands with arguments.
 1959 	[fb005b03a75e]
 1960 
 1961 	* lib/iolog/iolog_filter.c:
 1962 	iolog_pwfilt_run: fix types in error return
 1963 	[663deea257d0]
 1964 
 1965 	* lib/iolog/iolog_filter.c, plugins/sudoers/iolog.c:
 1966 	Free potential leaks of passprompt_regex_handle. Coverity CID 249057
 1967 	[d562ea42ab66]
 1968 
 1969 2022-02-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 1970 
 1971 	* Merge pull request #133 from Dzejrou/main
 1972 
 1973 	Do not unset user timeout when no default timeout is set.
 1974 	[58504381014e]
 1975 
 1976 2022-02-09  Jaroslav Jindrak  <dzejrou@gmail.com>
 1977 
 1978 	* plugins/sudoers/policy.c:
 1979 	Do not unset user timeout when no default timeout is set.
 1980 	[25f32be7d18d]
 1981 
 1982 2022-02-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 1983 
 1984 	* plugins/sudoers/fmtsudoers.c, plugins/sudoers/parse.h,
 1985 	plugins/sudoers/regress/sudoers/test2.in,
 1986 	plugins/sudoers/regress/sudoers/test2.json.ok,
 1987 	plugins/sudoers/regress/sudoers/test2.ldif.ok,
 1988 	plugins/sudoers/regress/sudoers/test2.ldif2sudo.ok,
 1989 	plugins/sudoers/regress/sudoers/test2.out.ok,
 1990 	plugins/sudoers/regress/sudoers/test2.toke.ok:
 1991 	Don't escape double quotes (") in a command when printing it.
 1992 	Previously, cvtsudoers and "sudo -l" would escape double quotes in a
 1993 	command or command line argument, which is not valid sudoers syntax.
 1994 	[3bd0505b03e2]
 1995 
 1996 	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
 1997 	A few minor (mostly cosmetic) fixes. Add missing ALL to Runas_Member
 1998 	and Host. Replace some tabs with spaces. Fix the syntax of a
 1999 	sudoedit example.
 2000 	[a943116eb35b]
 2001 
 2002 2022-02-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 2003 
 2004 	* Merge pull request #132 from ninedotnine/patch-1
 2005 
 2006 	Sync example sudoers with default sudoers
 2007 	[8c903452e624]
 2008 
 2009 2022-02-04  dan soucy  <ninedotnine@users.noreply.github.com>
 2010 
 2011 	* examples/sudoers:
 2012 	Sync example sudoers with default sudoers
 2013 
 2014 	`sudoers.in` was changed by 1d13533
 2015 	[f34657ff9345]
 2016 
 2017 2022-02-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 2018 
 2019 	* ABOUT-NLS, INSTALL.md, NEWS, README.LDAP.md, docs/CONTRIBUTING.md,
 2020 	plugins/sudoers/po/README, po/README:
 2021 	Upgrade http links to https where possible and fix some broken
 2022 	links.
 2023 	[e33d61fdafdb]
 2024 
 2025 2022-02-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 2026 
 2027 	* plugins/sudoers/logging.c:
 2028 	Remove "This incident will be reported." from user warnings. This
 2029 	used to indicate that email had been sent to the administrator
 2030 	telling them that someone tried to run sudo. Whether or not sudo
 2031 	sends email is now configurable, so the warning may not be accurate.
 2032 	It is also confusing to the user since they will not know who the
 2033 	incident is being reported to. See also https://xkcd.com/838/
 2034 	[b2860bb51393]
 2035 
 2036 	* plugins/sudoers/sssd.c:
 2037 	Log fn_get_values() return code in the debug log on error. Also move
 2038 	a nested switch() statement out of 'case 0' for improved
 2039 	readability.
 2040 	[ad609804a70c]
 2041 
 2042 	* plugins/sudoers/sssd.c:
 2043 	Do not return an error if we cannot connect to the SSSD connector.
 2044 	This may simply mean that nsswitch.conf lists sss as a sudoers
 2045 	source but SSSD is not configured for sudo. Otherwise, the user will
 2046 	receive a useless "problem with defaults entries" when the sssd
 2047 	backend tries to fetch the global defaults. Bug #1022.
 2048 	[60bb147ed3e6]
 2049 
 2050 	* plugins/sudoers/log_client.c, plugins/sudoers/logging.c:
 2051 	Set client_closure to NULL after freeing it.
 2052 	[20da8f0c9226]
 2053 
 2054 	* plugins/sudoers/log_client.c:
 2055 	client_closure_alloc: init write_bufs/free_bufs before other
 2056 	allocations. We must initialize the tail queues before any possible
 2057 	call to client_closure_free(), such as due to malloc() failure.
 2058 	[5dd7d1ba2b76]
 2059 
 2060 	* logsrvd/logsrvd_journal.c:
 2061 	Add missing default return in last commit.
 2062 	[e17820ba6ff8]
 2063 
 2064 	* logsrvd/logsrvd_journal.c:
 2065 	sudo_logsrvd: make sure journal exists before writing the alert
 2066 	message. Fixes a potential NULL dereference when journaling an alert
 2067 	message.
 2068 	[19d109fb1420]
 2069 
 2070 	* include/sudo_compat.h:
 2071 	Fix compilation on Debian kFreeBSD. The configure script correctly
 2072 	detects that utimensat() and futimens() are missing but the headers
 2073 	define stub versions of the functions. Including sys/stat.h pulls in
 2074 	the system definitions so we can override them safely. Bug #1021.
 2075 	[10775e14164a]
 2076 
 2077 2022-02-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 2078 
 2079 	* src/ttyname.c:
 2080 	Add fallback if /proc/self/stat or /proc/pid/psinfo is missing or
 2081 	invalid. If the /proc file indicates no terminal is present there is
 2082 	no fallback. Bug #1020
 2083 	[c32620c9f115]
 2084 
 2085 2022-02-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 2086 
 2087 	* docs/sudoers.man.in, docs/sudoers.mdoc.in, plugins/sudoers/check.c,
 2088 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 2089 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
 2090 	Add sudoers option to perform authentication even in non-interative
 2091 	mode. If noninteractive_auth is set, authentication methods that do
 2092 	not require input from the user's terminal may proceed. It is off by
 2093 	default, which restores the pre-1.9.9 behavior of "sudo -n".
 2094 	[f06dcd0957d0]
 2095 
 2096 	* MANIFEST, lib/iolog/iolog_filter.c,
 2097 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.7:
 2098 	Work around a glibc regcomp() bug with repeated '+' operators. Glibc
 2099 	regcomp() has a bug where it uses excessive memory for repeated '+'
 2100 	ops. Collapse them to avoid running the fuzzer out of memory.
 2101 	[db423326311f]
 2102 
 2103 	* logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
 2104 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
 2105 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
 2106 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
 2107 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
 2108 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6:
 2109 	Rebase seed corpus on updated sudo_logsrvd.conf example.
 2110 	[1f30b95c6ce6]
 2111 
 2112 	* logsrvd/logsrvd_conf.c:
 2113 	Fix parsing of "retry_interval" in the relay section. The setting
 2114 	was present but the callback was missing so it could not be parsed
 2115 	in the conf file.
 2116 	[09666425a392]
 2117 
 2118 	* logsrvd/logsrvd_conf.c:
 2119 	Use TIME_T_MAX as the upper limit when parsing timeouts.
 2120 	[989eaa812d4e]
 2121 
 2122 	* plugins/sudoers/auth/pam.c:
 2123 	converse: don't set response pointer on error Linux pam_conv(3) says
 2124 	not to set the pointer on PAM_CONV_ERR.
 2125 	[79934c8631c0]
 2126 
 2127 2022-01-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 2128 
 2129 	* MANIFEST, plugins/sudoers/regress/cvtsudoers/sudoers4:
 2130 	Add missing sudoers4 test file for new cvtsudoers test.
 2131 	[5b9f3084d9e9]
 2132 
 2133 	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
 2134 	plugins/sudoers/regress/cvtsudoers/test38.out.ok,
 2135 	plugins/sudoers/regress/cvtsudoers/test38.sh:
 2136 	defaults_check_conflict: it is only really a conflict if the binding
 2137 	match If the Defaults name matched but the binding does not, we can
 2138 	simply leave it be. Fixes a problem where given two sudoers sources
 2139 	that have a host specified, if they contain conflicting Defaults
 2140 	entries we would drop one of the Defaults instead of keeping both
 2141 	after making them host-specific.
 2142 	[9b8ad3d1e163]
 2143 
 2144 	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
 2145 	plugins/sudoers/regress/cvtsudoers/sudoers1,
 2146 	plugins/sudoers/regress/cvtsudoers/sudoers2,
 2147 	plugins/sudoers/regress/cvtsudoers/sudoers3,
 2148 	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
 2149 	plugins/sudoers/regress/cvtsudoers/test34.sh,
 2150 	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
 2151 	plugins/sudoers/regress/cvtsudoers/test35.sh,
 2152 	plugins/sudoers/regress/cvtsudoers/test36.out.ok,
 2153 	plugins/sudoers/regress/cvtsudoers/test36.sh,
 2154 	plugins/sudoers/regress/cvtsudoers/test37.out.ok,
 2155 	plugins/sudoers/regress/cvtsudoers/test37.sh:
 2156 	Make it possible to merge a host-based Defaults with a global one.
 2157 	We convert the global Defaults to a host-based one with a single
 2158 	"ALL" member. Later, when we simplify the host list, we'll convert
 2159 	this back to a global Defaults.
 2160 	[152c16a608c1]
 2161 
 2162 2022-01-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 2163 
 2164 	* logsrvd/logsrvd_conf.c:
 2165 	Check for garbage after [section] in sudo_logsrvd.conf.
 2166 	[46a222b60747]
 2167 
 2168 	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict,
 2169 	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict:
 2170 	Sync fuzzing dictionary with current configuration keyword list.
 2171 	[9af3929a2f6a]
 2172 
 2173 2022-01-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 2174 
 2175 	* docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
 2176 	examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
 2177 	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c:
 2178 	Add new log_passwords and passprompt_regex settings. When logging
 2179 	terminal input, if log_passwords is false and any of the regular
 2180 	expressions in the passprompt_regex list are found in the terminal
 2181 	output, terminal input will be replaced with '*' characters until a
 2182 	newline or carriage return is found in the input or an output
 2183 	character is received.
 2184 	[1d07eaada99c]
 2185 
 2186 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
 2187 	plugins/sudoers/policy.c,
 2188 	plugins/sudoers/regress/serialize_list/check_serialize_list.c,
 2189 	plugins/sudoers/regress/unescape/check_unesc.c,
 2190 	plugins/sudoers/serialize_list.c, plugins/sudoers/sudoers.h,
 2191 	plugins/sudoers/unesc_str.c:
 2192 	Escape/unescape commas when serializing/deserializing a stringlist.
 2193 	[17c422c0b236]
 2194 
 2195 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 2196 	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog.c,
 2197 	plugins/sudoers/locale.c, plugins/sudoers/logging.h,
 2198 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 2199 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 2200 	plugins/sudoers/testsudoers.c:
 2201 	Pass the operator to the Defaults callback too. That way we can tell
 2202 	what to do in callbacks for lists.
 2203 	[d541809b62bf]
 2204 
 2205 	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
 2206 	lib/iolog/iolog_filter.c:
 2207 	lib/iolog: add support for filtering password out of tty input If a
 2208 	password regex is found in the tty output, tty input will be
 2209 	replaced with '*' chars until a newline or another tty output
 2210 	character is received.
 2211 	[19c3a58dfe29]
 2212 
 2213 	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
 2214 	plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
 2215 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 2216 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 2217 	plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
 2218 	plugins/sudoers/sudoers.c:
 2219 	Add a new sudoers settings log_passwords and passprompt_regex. When
 2220 	logging terminal input, if log_passwords is disabled and any of the
 2221 	regular expressions in the passprompt_regex list are found in the
 2222 	terminal output, terminal input will be replaced with '*' characters
 2223 	until a newline or carriage return is found in the input or an
 2224 	output character is received.
 2225 	[5fa969cfdef4]
 2226 
 2227 	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
 2228 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
 2229 	Add a flag to avoid splitting list entries on white space.
 2230 	[32ac4cd5eae7]
 2231 
 2232 2022-01-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 2233 
 2234 	* .hgtags:
 2235 	Added tag SUDO_1_9_9 for changeset 296f4f986a7a
 2236 	[cba838829505] <1.9>
 2237 
 2238 	* NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
 2239 	logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
 2240 	Merge sudo 1.9.9 from tip.
 2241 	[296f4f986a7a] [SUDO_1_9_9] <1.9>
 2242 
 2243 	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
 2244 	"plain text" -> "plaintext" for consistency.
 2245 	[6cbefac27286]
 2246 
 2247 2022-01-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 2248 
 2249 	* po/ro.mo, po/ro.po:
 2250 	Updated translations from translationproject.org
 2251 	[c264de490846]
 2252 
 2253 	* INSTALL.configure:
 2254 	Sync with autoconf git.
 2255 	[efd6e2df1b4f]
 2256 
 2257 	* scripts/mkdep.pl:
 2258 	Fix potential infinite loop when trying to format long lines.
 2259 	[e17a3b7b657b]
 2260 
 2261 2022-01-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 2262 
 2263 	* docs/sudo.man.in, docs/sudo.mdoc.in:
 2264 	Document how commands are passed to the shell for the -i and -s
 2265 	options. The concatenation of command and arguments and escaping of
 2266 	special characters was not documented. Text adapted from GitHub
 2267 	issue #121 from Kris Rinzwind
 2268 	[852f803234af]
 2269 
 2270 	* docs/TROUBLESHOOTING.md:
 2271 	Also mention no_new_privs error in the troubleshooting guide.
 2272 	[70cc0679098f]
 2273 
 2274 	* INSTALL.md, docs/TROUBLESHOOTING.md, docs/sudo.conf.man.in,
 2275 	docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
 2276 	docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
 2277 	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
 2278 	docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
 2279 	docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in,
 2280 	docs/visudo.mdoc.in:
 2281 	Replace uid and gid with user-ID and group-ID in more places.
 2282 	[2b6bc95509fd]
 2283 
 2284 2022-01-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 2285 
 2286 	* INSTALL.md:
 2287 	PAM is enabled on NetBSD by default too.
 2288 	[3bc31511f687]
 2289 
 2290 	* INSTALL.md, README.LDAP.md, docs/HISTORY.md,
 2291 	docs/TROUBLESHOOTING.md, docs/UPGRADE.md:
 2292 	Use the Oxford comma consistently, it is helpful in technical
 2293 	documents.
 2294 	[3df4b26d035e]
 2295 
 2296 	* docs/sudo.man.in, docs/sudo.mdoc.in:
 2297 	Document the error message when no_new_privs is set.
 2298 	[492a154dec10]
 2299 
 2300 	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
 2301 	Sudo now recovers from sudoers syntax errors.
 2302 	[77d457c4e722]
 2303 
 2304 	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
 2305 	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
 2306 	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
 2307 	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
 2308 	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
 2309 	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
 2310 	docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
 2311 	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
 2312 	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
 2313 	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
 2314 	examples/sudo.conf.in, examples/sudo_logsrvd.conf:
 2315 	Use the Oxford comma consistently, it is helpful in technical
 2316 	documents.
 2317 	[e8d29c772963]
 2318 
 2319 	* INSTALL.md:
 2320 	Mention docker configuration.
 2321 	[8312350518cb]
 2322 
 2323 	* plugins/sudoers/ldap_util.c:
 2324 	Quiet a cppcheck false positive.
 2325 	[023468af3269]
 2326 
 2327 	* docs/CONTRIBUTING.md:
 2328 	Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing
 2329 	section.
 2330 	[87767f7b89ad]
 2331 
 2332 	* plugins/sudoers/sssd.c:
 2333 	Fix logic inversion when setting negated flag.
 2334 	[3e4051bc9f30]
 2335 
 2336 	* src/sudo.c:
 2337 	Quiet a PVS-Studio format string warning.
 2338 	[77e953f3c46f]
 2339 
 2340 2022-01-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 2341 
 2342 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 2343 	Regen .pot files.
 2344 	[b999972bc90d]
 2345 
 2346 	* NEWS:
 2347 	Bug #1016, #1017 and negated sudoUser in LDAP.
 2348 	[4ec54e728437]
 2349 
 2350 	* plugins/sudoers/defaults.c:
 2351 	Don't set/run early Defaults if a custom defaults_list is specified.
 2352 	Defaults settings passed in by the front end are already "early" so
 2353 	there is no need to treat any of them as special.
 2354 
 2355 	Otherwise, we end up running the early defaults callbacks before
 2356 	sudoers has been parsed. This means that, for instance, it is not
 2357 	possible to disable the fqdn flag before its callback is run if sudo
 2358 	is build with the --with-fqdn option. Bug #1016.
 2359 	[8c6eaa503793]
 2360 
 2361 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
 2362 	Mark is_early_default(), run_early_defaults(), set_early_default()
 2363 	static. They are not used outside of defaults.c.
 2364 	[1045e8c7a92e]
 2365 
 2366 	* plugins/sudoers/sssd.c:
 2367 	Add support in SSSD for negated users.
 2368 	[bca3d02cdd8b]
 2369 
 2370 	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
 2371 	plugins/sudoers/ldap.c:
 2372 	Add support in the LDAP filter for negated users. Based on a diff
 2373 	from Simon Lees
 2374 	[e1d48d44229e]
 2375 
 2376 2022-01-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 2377 
 2378 	* lib/util/mkdir_parents.c:
 2379 	Use PATH_MAX, not NAME_MAX+1 for the directory entry length. On some
 2380 	systems, such as Solaris, the max length of a directory entry is
 2381 	filesystem-dependent. We could use fpathconf() and dynamically
 2382 	allocate the name but it is simpler to just use PATH_MAX here.
 2383 	[d1a097783717]
 2384 
 2385 	* plugins/python/python_plugin_common.c:
 2386 	Only emulate Py_FinalizeEx for Python 3.[0-5].
 2387 	[b314942c0f2f]
 2388 
 2389 	* lib/util/getcwd.c, lib/util/mkdir_parents.c:
 2390 	Use POSIX NAME_MAX, not the obsolete MAXNAMLEN define. Fixes
 2391 	compilation with musl libc.
 2392 	[a1609b2d968f]
 2393 
 2394 2022-01-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 2395 
 2396 	* src/limits.c:
 2397 	When applying fallback limits, make sure we don't reduce rlim_max.
 2398 	Fixes a problem where sudo could reduce the max stack size on some
 2399 	systems if the original limit was higher than the fallback limit,
 2400 	but not unlimited/infinity.
 2401 	[1fef77204f17]
 2402 
 2403 	* src/limits.c:
 2404 	Don't modify the stack limit if it is >= SUDO_STACK_MIN.
 2405 	[b9e473780083]
 2406 
 2407 	* plugins/sudoers/Makefile.in:
 2408 	The pre-install target requires visudo, add an explicit dependency.
 2409 	[b5b073d2fc9b]
 2410 
 2411 2022-01-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 2412 
 2413 	* src/sudo.c:
 2414 	If sudo is not set-user-ID root, check for the no_new_privs flag on
 2415 	Linux. This flag disables set-user-ID at execve(2) time and may be
 2416 	set by default for some containers. GitHub issue #129.
 2417 	[462249058274]
 2418 
 2419 2022-01-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 2420 
 2421 	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
 2422 	plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
 2423 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 2424 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
 2425 	src/parse_args.c:
 2426 	Add pam_askpass_service sudoers setting for "sudo -A". This makes it
 2427 	possible to use a different PAM configuration for when "sudo -A" is
 2428 	used. The main use case is to only use PAM modules that can interact
 2429 	with the askpass program. GitHub issue #112.
 2430 	[5f59bc3f9d81]
 2431 
 2432 2022-01-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 2433 
 2434 	* lib/iolog/iolog_loginfo.c:
 2435 	Improve debugging info when fdopen() fails.
 2436 	[0d9711d8564a]
 2437 
 2438 2022-01-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 2439 
 2440 	* plugins/sudoers/sssd.c:
 2441 	sss_sudo_free_values() checks for NULL, no need to do it manually.
 2442 	[ccf012907a01]
 2443 
 2444 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 2445 	Quiet a clang analyzer false positive.
 2446 	[90b6791616b0]
 2447 
 2448 2022-01-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 2449 
 2450 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 2451 	Quiet a clang analyzer false positive.
 2452 	[3c66e9be5f24]
 2453 
 2454 	* plugins/sudoers/auth/sudo_auth.c:
 2455 	Fix return value for non-interactive mode for non-standalone auth
 2456 	methods. AUTH_NONINTERACTIVE was being stored in the wrong variable.
 2457 	[199a180e7fab]
 2458 
 2459 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 2460 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 2461 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, po/fi.mo,
 2462 	po/fi.po, po/ko.mo, po/ko.po, po/tr.mo, po/tr.po:
 2463 	Updated translations from translationproject.org
 2464 	[032877650fe6]
 2465 
 2466 	* plugins/sudoers/cvtsudoers_merge.c:
 2467 	defaults_var_matches() should return bool, not enum match_result.
 2468 	Remove enum match_result as it is no longer used.
 2469 	[6559769ddcd1]
 2470 
 2471 	* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c:
 2472 	Quiet two PVS-studio warnings.
 2473 	[3a7c89cff3d6]
 2474 
 2475 	* plugins/sudoers/auth/pam.c:
 2476 	Remove PAM_TTY workaround for old, buggy PAM modules. In the past,
 2477 	some PAM modules assumed that PAM_TTY was set and would misbehave
 2478 	(or crash) if not. This was primarily obsolete versions of Linux-
 2479 	PAM, so it should now be safe to remove this. Setting PAM_TTY to an
 2480 	empty string can cause its own set of issues. GitHub issue #74
 2481 	[491cb67ea43b]
 2482 
 2483 2022-01-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 2484 
 2485 	* NEWS:
 2486 	Mention fix for Bug #956 and GitHub issue #83.
 2487 	[8692b9985381]
 2488 
 2489 	* plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c,
 2490 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
 2491 	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
 2492 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c,
 2493 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
 2494 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
 2495 	plugins/sudoers/logging.c, plugins/sudoers/sudoers.h:
 2496 	Push non-interactive mode checking down into the auth methods. For
 2497 	"sudo -n" we only want to reject a command if user input is actually
 2498 	required. In the case of PAM at least, we may not need to interact
 2499 	with the user. Bug #956, GitHub issue #83
 2500 	[bc9653ffe82f]
 2501 
 2502 2022-01-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 2503 
 2504 	* plugins/sudoers/cvtsudoers_merge.c,
 2505 	plugins/sudoers/regress/cvtsudoers/sudoers1,
 2506 	plugins/sudoers/regress/cvtsudoers/sudoers2,
 2507 	plugins/sudoers/regress/cvtsudoers/sudoers3,
 2508 	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
 2509 	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
 2510 	plugins/sudoers/regress/cvtsudoers/test36.out.ok:
 2511 	userspec_overridden: fix checks when there is more than one userspec
 2512 	[199996d29f50]
 2513 
 2514 	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
 2515 	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
 2516 	plugins/sudoers/regress/cvtsudoers/test36.out.ok,
 2517 	plugins/sudoers/regress/cvtsudoers/test36.sh:
 2518 	Fix merging of global/ALL entries when each input file has a host.
 2519 	If a host is specified for the input file, cvtsudoers will bind
 2520 	global Defaults to that host and change host "ALL" in a userspec to
 2521 	the host name. However, if all the input files have matching hosts
 2522 	we can simplify the merged file by converting back to ALL after
 2523 	resolving conflicts.
 2524 	[bfdb2edfca71]
 2525 
 2526 	* LICENSE.md:
 2527 	Welcome to 2022.
 2528 	[039e8c0efd7e]
 2529 
 2530 	* docs/Makefile.in:
 2531 	LICENSE.md moved to the top-level src dir.
 2532 	[b1c2687eef9d]
 2533 
 2534 2021-12-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 2535 
 2536 	* Merge pull request #127 from Tyler887/main
 2537 
 2538 	Typo
 2539 	[c4780c2a3056]
 2540 
 2541 2021-12-22  Tyler887  <tylermageeshields@gmail.com>
 2542 
 2543 	* INSTALL.md:
 2544 	Typo
 2545 	[b650bec9f275]
 2546 
 2547 2021-12-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 2548 
 2549 	* NEWS, docs/UPGRADE.md, plugins/sudoers/policy.c, src/selinux.c,
 2550 	src/sudo.c:
 2551 	Back out changes to enable SELinux by default. This may return in a
 2552 	future release in a different form.
 2553 	[73e46fbe5c27]
 2554 
 2555 	* LICENSE.md, MANIFEST, README.md, docs/LICENSE.md:
 2556 	Move LICENSE.md out of docs and back to the top-level. GitHub
 2557 	expects it to be in the top-level directory.
 2558 	[3c62dd396aff]
 2559 
 2560 2021-12-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 2561 
 2562 	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
 2563 	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
 2564 	plugins/sudoers/regress/cvtsudoers/test35.sh:
 2565 	cvtsudoers: fix a regression when merging matching Defaults. If a
 2566 	host is specified with a sudoers file, we have to treat Defaults as
 2567 	Defaults@host checking for duplicates.
 2568 	[9db413953938]
 2569 
 2570 2021-12-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 2571 
 2572 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 2573 	add_defaults: add defs == NULL check to quiet coverity false
 2574 	positive
 2575 	[a534eee04069]
 2576 
 2577 2021-12-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 2578 
 2579 	* plugins/sudoers/cvtsudoers_merge.c,
 2580 	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
 2581 	plugins/sudoers/regress/cvtsudoers/test34.sh:
 2582 	When merging Defaults, allow a subsequent global Defaults (no
 2583 	binding) to override a prior Defaults setting with a binding.
 2584 	[0be52fa6d4d8]
 2585 
 2586 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 2587 	add_defaults: defs can never be NULL
 2588 	[9ba97823b757]
 2589 
 2590 	* plugins/sudoers/cvtsudoers_merge.c:
 2591 	Plug memory leak when making a default host-specific. We don't need
 2592 	to allocate new space for the binding list, just the members of the
 2593 	list.
 2594 	[5667d09136f2]
 2595 
 2596 2021-12-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 2597 
 2598 	* MANIFEST, examples/Makefile.in, examples/cvtsudoers.conf:
 2599 	Add an example cvtsudoers.conf file.
 2600 	[aa738148e712]
 2601 
 2602 	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
 2603 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
 2604 	Add group_file, match_local, and passwd_file to cvtsudoers.conf.
 2605 	Previously, these were only settable via command line options.
 2606 	[a7a8b0af3c42]
 2607 
 2608 2021-12-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 2609 
 2610 	* docs/TROUBLESHOOTING.md:
 2611 	Remove question about running Solaris 11 binaries on Solaris 10.
 2612 	Current versions of sudo use many APIs that are not present on
 2613 	Solaris 10. If you want a sudo Solaris 10 binary, build it on
 2614 	Solaris 10, not 11.
 2615 	[0346a46cf595]
 2616 
 2617 	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test34.out.ok,
 2618 	plugins/sudoers/regress/cvtsudoers/test34.sh:
 2619 	Add simple test for cvtsudoers merge functionality.
 2620 	[fda86b17249a]
 2621 
 2622 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
 2623 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 2624 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 2625 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 2626 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 2627 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 2628 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
 2629 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 2630 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 2631 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
 2632 	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo,
 2633 	po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, po/ja.po, po/pl.mo,
 2634 	po/pl.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
 2635 	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
 2636 	Updated translations from translationproject.org
 2637 	[edfdaac9b1e7]
 2638 
 2639 	* MANIFEST, plugins/sudoers/po/es.mo, plugins/sudoers/po/es.po:
 2640 	Add sudoers Spanish translation from translationproject.org
 2641 	[502d45c0af5f]
 2642 
 2643 2021-12-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 2644 
 2645 	* NEWS:
 2646 	Bugs #1013 and #1014
 2647 	[1a7b533c5829]
 2648 
 2649 	* lib/util/mkdir_parents.c:
 2650 	sudo_mkdir_parents: make sure the path we created is a directory For
 2651 	extra paranoia, verify that the directory we created is still a
 2652 	directory before we fchown() it.
 2653 	[75c23aaa9fca]
 2654 
 2655 	* docs/sudo.man.in, docs/sudo.mdoc.in:
 2656 	In SECURITY NOTES, clarify that PATH may be overridden by the
 2657 	policy. Bug #1014
 2658 	[4f7035d6b921]
 2659 
 2660 	* MANIFEST, config.h.in, configure, configure.ac,
 2661 	include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
 2662 	lib/util/mkdir_parents.c, lib/util/mkdirat.c, logsrvd/logsrvd.c,
 2663 	plugins/sudoers/timestamp.c, scripts/mkdep.pl:
 2664 	Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2).
 2665 	This also allows us to make path const as it should be.
 2666 	[46db77e4afb8]
 2667 
 2668 	* plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap_conf.h:
 2669 	Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set
 2670 	the options. The switch() in the sudo_ldap_set_options_table()
 2671 	function needed to be updated to treat CONF_DEREF_VAL and
 2672 	CONF_REQCERT_VAL data types as int. Fix from Dennis Filder. Bug
 2673 	#1013.
 2674 	[5f5bdf9010d7]
 2675 
 2676 2021-12-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 2677 
 2678 	* docs/SECURITY.md:
 2679 	Minor formatting tweak so we can import into the sudo web site.
 2680 	[220c647b6635]
 2681 
 2682 	* plugins/sudoers/defaults.c, plugins/sudoers/pwutil_impl.c:
 2683 	Fix CodeQL "Multiplication result converted to larger type"
 2684 	warnings.
 2685 	[a17db0b94018]
 2686 
 2687 2021-12-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 2688 
 2689 	* docs/SECURITY.md:
 2690 	Surround email addresses with angle brackets, not square backets.
 2691 	[b9514c0165f2]
 2692 
 2693 2021-12-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 2694 
 2695 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 2696 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 2697 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/fa.mo,
 2698 	po/fa.po, po/fi.mo, po/fi.po, po/ja.mo, po/ja.po, po/sr.mo,
 2699 	po/sr.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
 2700 	Updated translations from translationproject.org
 2701 	[b2815226875b]
 2702 
 2703 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 2704 	Update .pot files for 1.9.9
 2705 	[e4e903808160]
 2706 
 2707 2021-12-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 2708 
 2709 	* README.LDAP.md, docs/CONTRIBUTING.md, docs/TROUBLESHOOTING.md,
 2710 	docs/UPGRADE.md:
 2711 	Minor formatting tweaks.
 2712 	[eee91b1fc68c]
 2713 
 2714 2021-12-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 2715 
 2716 	* INSTALL, INSTALL.md, MANIFEST, README, README.LDAP, README.LDAP.md,
 2717 	README.md, docs/CONTRIBUTING.md, docs/CONTRIBUTORS,
 2718 	docs/CONTRIBUTORS.md, docs/HISTORY, docs/HISTORY.md, docs/LICENSE,
 2719 	docs/LICENSE.md, docs/Makefile.in, docs/TROUBLESHOOTING,
 2720 	docs/TROUBLESHOOTING.md, docs/UPGRADE, docs/UPGRADE.md, etc/sudo-
 2721 	logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
 2722 	Convert README and docs files to markdown. This makes things look
 2723 	better on GitHub and we can use the markdown version directly in the
 2724 	new sudo web site.
 2725 	[1cdcbce74a73]
 2726 
 2727 2021-12-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 2728 
 2729 	* docs/SECURITY.md:
 2730 	Policy -> Disclosure Policy
 2731 	[13f278869e03]
 2732 
 2733 	* Merge pull request #124 from juspence/main
 2734 
 2735 	Allow sudo -g anyone and sudo -u anyone -g anytwo
 2736 	[1a000f5aaba1]
 2737 
 2738 2021-12-04  juspence  <87657842+juspence@users.noreply.github.com>
 2739 
 2740 	* plugins/sudoers/sudoers.in:
 2741 	Allow sudo -g anyone and sudo -u anyone -g anytwo
 2742 
 2743 	When only the user (ALL) is specified explicitly, and the group is
 2744 	implied, only sudo -u works. Specifying both the user and group,
 2745 	like (ALL:ALL), is required to:
 2746 
 2747 	1) Use sudo -g by itself (with no -u user) 2) Use sudo -u and -g
 2748 	together, with a -g group that is different from the -u user's
 2749 	primary group
 2750 	[ca31aaa0b074]
 2751 
 2752 2021-12-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 2753 
 2754 	* lib/util/Makefile.in:
 2755 	Add build dir to include search path for mksiglist.h and mksigname.h
 2756 	Fixes out of tree builds on systems without sys_siglist[] or
 2757 	sys_signame[]. GitHub issue #123.
 2758 	[fccd76813052]
 2759 
 2760 2021-11-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 2761 
 2762 	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
 2763 	plugins/sudoers/regress/cvtsudoers/sudoers1,
 2764 	plugins/sudoers/regress/cvtsudoers/sudoers2,
 2765 	plugins/sudoers/regress/cvtsudoers/sudoers3:
 2766 	cvtsudoers: better merging of lists that are not exact duplicates
 2767 	When merging rules, if one list would be overridden by another,
 2768 	remove the overridden rule and continue merging.
 2769 	[19dc52bd9c6f]
 2770 
 2771 2021-11-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 2772 
 2773 	* NEWS:
 2774 	Update NEWS with latest changes.
 2775 	[fafe74e0b20f]
 2776 
 2777 2021-11-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 2778 
 2779 	* src/edit_open.c:
 2780 	dir_is_writable: don't treat EPERM from faccessat() as a fatal
 2781 	error. We can get EPERM on Linux with SELinux. GitHub issue #122.
 2782 	[25bbc56b2f6d]
 2783 
 2784 2021-11-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 2785 
 2786 	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
 2787 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
 2788 	plugins/sudoers/cvtsudoers_json.c,
 2789 	plugins/sudoers/cvtsudoers_merge.c:
 2790 	cvtsudoers: add -l option to log merge actions The "-l logfile"
 2791 	option can be used to store a log of what actions cvtsudoers took
 2792 	when merging multiple files. For example, which aliases were
 2793 	renamed, which entries were overriden or removed as duplicated.
 2794 	[fa96976882aa]
 2795 
 2796 	* NEWS, configure, configure.ac:
 2797 	Sudo 1.9.9
 2798 	[dad415a982bc]
 2799 
 2800 2021-11-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 2801 
 2802 	* MANIFEST, docs/CONTRIBUTORS, po/fa.mo, po/fa.po:
 2803 	New Persian (Farsi) translation from translationproject.org
 2804 	[3665533a7219]
 2805 
 2806 2021-11-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 2807 
 2808 	* plugins/sudoers/cvtsudoers_csv.c:
 2809 	Quiet a PVS Studio warning. The warning that need_comma is always
 2810 	false is correct but in this case it is better to use a consistent
 2811 	construct so that if the code is re-ordered no bugs are introduced.
 2812 	[5109a34444f5]
 2813 
 2814 	* lib/util/getentropy.c:
 2815 	Pass correct size to free_zero(). Coverity CID 241233
 2816 	[2ba51f57deb5]
 2817 
 2818 	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
 2819 	plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
 2820 	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/defaults.c,
 2821 	plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/gram.c,
 2822 	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
 2823 	plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c:
 2824 	Add reference counting to Defaults bindings. Previously, we checked
 2825 	that the previous entry's binding pointer was not the same while
 2826 	freeing. However, to be able to merge Defaults records we cannot
 2827 	rely on Defaults entries with the same binding being immediately
 2828 	adjacent. This removes the prev_binding checks in favor of a
 2829 	reference count which allows us to plug the memory leak in
 2830 	cvtsudoers when merging Defaults.
 2831 	[0a789516622b]
 2832 
 2833 2021-11-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 2834 
 2835 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
 2836 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
 2837 	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/parse.h:
 2838 	cvtsudoers: merge aliases when multiple sudoers files are specified
 2839 	Duplicate aliases are remove. If there are conflicting alias names,
 2840 	the conflicts are renamed by appending a numerical suffix. For
 2841 	example, if there are two SERVERS Host_Aliases, the second one will
 2842 	be renamed to SERVERS_1.
 2843 	[d9b602626b8c]
 2844 
 2845 	* plugins/sudoers/cvtsudoers_merge.c:
 2846 	cvtsudoers: merge Defaults when multiple sudoers files are specified
 2847 	If a hostname is specified with the sudoers file, it will be used to
 2848 	make the Defaults setting host-specific, if possible. Duplicate
 2849 	Defaults settings are removed and conflicts are warned about. It is
 2850 	not possible to resolve all conflicts automatically.
 2851 	[756b05304ccb]
 2852 
 2853 	* plugins/sudoers/cvtsudoers_merge.c:
 2854 	cvtsudoers: merge userspecs when multiple sudoers files are
 2855 	specified If a hostname is specified with the sudoers file, it will
 2856 	be used to make the userspec host-specific, if possible. Duplicate
 2857 	userspecs are removed but conflicting entries are not currently
 2858 	pruned.
 2859 	[643b533bb4f4]
 2860 
 2861 	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
 2862 	Document how to merge sudoers files with cvtsudoers.
 2863 	[241c3786f5a8]
 2864 
 2865 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 2866 	plugins/sudoers/parse.h,
 2867 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c:
 2868 	init_parse_tree() now takes ownership of lhost and shost, if any.
 2869 	This means that lhost and shost in struct sudoers_parse_tree are no
 2870 	longer const and that free_parse_tree() will free lhost/shost. The
 2871 	only consumer that passed in lho.st/shost was the SSSD back-end
 2872 	which has been updated to avoid a double-free.
 2873 	[650bb75666fb]
 2874 
 2875 	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_merge.c:
 2876 	cvtsudoers: use init_parse_tree() to initialize a parse tree. Also
 2877 	free the parse tree before exit.
 2878 	[9d8f8bb88192]
 2879 
 2880 	* MANIFEST, Makefile.in, etc/macos-background.png, etc/sudo-
 2881 	logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
 2882 	Add a background image for the macOS installer.
 2883 	[39889307b278]
 2884 
 2885 	* scripts/pp:
 2886 	Update PolyPkg
 2887 	[44b1d08be1b0]
 2888 
 2889 2021-11-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 2890 
 2891 	* scripts/mkpkg:
 2892 	mkpkg: handle a macOS SDK that just uses the major version. For
 2893 	example, MacOSX11.sdk instead of MacOSX11.3.sdk.
 2894 	[ce41fc5aa672]
 2895 
 2896 	* lib/util/Makefile.in:
 2897 	Add missing dependencies for timegm.
 2898 	[b20c4936504b]
 2899 
 2900 2021-11-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 2901 
 2902 	* plugins/sudoers/cvtsudoers.c:
 2903 	Add support for specifying the hostname as a prefix to the sudoers
 2904 	file. If present, the host name is copied into the struct
 2905 	sudoers_parse_tree.
 2906 	[e87e11cccb6e]
 2907 
 2908 2021-11-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 2909 
 2910 	* plugins/sudoers/cvtsudoers.c:
 2911 	cvtsudoers: parse multiple sudoers files and store them in a tail
 2912 	queue In the future the parsed files will be merged before they are
 2913 	output.
 2914 	[89c77b3f4157]
 2915 
 2916 	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
 2917 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 2918 	plugins/sudoers/parse.h:
 2919 	Add sudoers_parse_tree_list, a tail queue of struct
 2920 	sudoers_parse_tree. This will be used to store multiple parse trees
 2921 	and merge them into a single sudoers_parse_tree.
 2922 	[073ada18f18b]
 2923 
 2924 	* docs/CONTRIBUTING.md:
 2925 	Fix formatting of links.
 2926 	[df50208b3f70]
 2927 
 2928 	* MANIFEST, docs/CONTRIBUTING.md:
 2929 	Add contributing guide.
 2930 	[a99f3a0757f6]
 2931 
 2932 	* .github/workflows/codeql-analysis.yml:
 2933 	Create codeql-analysis.yml
 2934 	[efab25dab29c]
 2935 
 2936 2021-11-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 2937 
 2938 	* MANIFEST, docs/SECURITY.md:
 2939 	Add security doc, inspired by the Microsoft template.
 2940 	[0a8012f8ee35]
 2941 
 2942 	* .gitignore, .hgignore, INSTALL, MANIFEST, Makefile.in, README,
 2943 	configure, configure.ac, doc/CONTRIBUTORS, doc/HISTORY, doc/LICENSE,
 2944 	doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE,
 2945 	doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/fixman.sh,
 2946 	doc/fixmdoc.sed, doc/schema.ActiveDirectory, doc/schema.OpenLDAP,
 2947 	doc/schema.iPlanet, doc/schema.olcSudo, doc/sudo.conf.man.in,
 2948 	doc/sudo.conf.man.in.sed, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
 2949 	doc/sudo.man.in.sed, doc/sudo.mdoc.in, doc/sudo_logsrv.proto.man.in,
 2950 	doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in,
 2951 	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
 2952 	doc/sudo_logsrvd.mdoc.in, doc/sudo_plugin.man.in,
 2953 	doc/sudo_plugin.mdoc.in, doc/sudo_plugin_python.man.in,
 2954 	doc/sudo_plugin_python.mdoc.in, doc/sudo_sendlog.man.in,
 2955 	doc/sudo_sendlog.mdoc.in, doc/sudoers.ldap.man.in,
 2956 	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in,
 2957 	doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
 2958 	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
 2959 	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
 2960 	doc/visudo.mdoc.in, docs/CONTRIBUTORS, docs/HISTORY, docs/LICENSE,
 2961 	docs/Makefile.in, docs/TROUBLESHOOTING, docs/UPGRADE,
 2962 	docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/fixman.sh,
 2963 	docs/fixmdoc.sed, docs/schema.ActiveDirectory, docs/schema.OpenLDAP,
 2964 	docs/schema.iPlanet, docs/schema.olcSudo, docs/sudo.conf.man.in,
 2965 	docs/sudo.conf.man.in.sed, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
 2966 	docs/sudo.man.in.sed, docs/sudo.mdoc.in,
 2967 	docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in,
 2968 	docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
 2969 	docs/sudo_logsrvd.man.in, docs/sudo_logsrvd.mdoc.in,
 2970 	docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
 2971 	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
 2972 	docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in,
 2973 	docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
 2974 	docs/sudoers.man.in, docs/sudoers.man.in.sed, docs/sudoers.mdoc.in,
 2975 	docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in,
 2976 	docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in, docs/visudo.man.in,
 2977 	docs/visudo.mdoc.in, etc/codespell.skip:
 2978 	Rename "doc" directory to "docs" for better GitHub compatibility.
 2979 	[1268c3ae0916]
 2980 
 2981 	* lib/util/Makefile.in:
 2982 	Use $(SED), not sed, when generating mksiglist.h/mksigname.h
 2983 	[7a7b636a3f32]
 2984 
 2985 	* configure, configure.ac, lib/iolog/Makefile.in,
 2986 	lib/util/Makefile.in, logsrvd/Makefile.in,
 2987 	plugins/sudoers/Makefile.in:
 2988 	Add configure check for sha1sum and use "openssh dgst -sha1" if
 2989 	missing. Only needed when building the seed corpus zip files.
 2990 	[3c74ceba0446]
 2991 
 2992 	* include/sudo_compat.h:
 2993 	sudo_compat.h: include unistd.h regardless of OS type This helps to
 2994 	avoid issues with mismatched headers and libraries.
 2995 	[4a22435a2832]
 2996 
 2997 2021-11-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 2998 
 2999 	* plugins/sudoers/visudo.c:
 3000 	install_sudoers: fix return value when there is no temp file to
 3001 	install This can happen when no changes were made. Also preserve the
 3002 	edited temp file on error if we are unable to move it into place.
 3003 	[01c1052ac874]
 3004 
 3005 	* plugins/python/regress/testdata/check_multiple_approval_plugin_and_a
 3006 	rguments.stdout:
 3007 	Bump plugin version in test data to 1.18.
 3008 	[138b9f6a6143]
 3009 
 3010 	* plugins/sudoers/defaults.c:
 3011 	free_defs_val: free rlimits like strings (which they are).
 3012 	[ade32de829cb]
 3013 
 3014 	* plugins/sudoers/visudo.c:
 3015 	Rename {check,set}_perms variable to {check,set}_mode. Avoids a name
 3016 	clash with the set_perms() function.
 3017 	[a2dfa0d36690]
 3018 
 3019 	* src/edit_open.c:
 3020 	Avoid symbol name clash with is_writable() function variable. Rename
 3021 	"is_writable" variable to "writable".
 3022 	[a52bd106933b]
 3023 
 3024 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 3025 	Document new resource limit settings.
 3026 	[022e51bff860]
 3027 
 3028 	* doc/UPGRADE:
 3029 	Mention that the core dump size resource limit now defaults to 0.
 3030 	[22997e8008c9]
 3031 
 3032 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 3033 	include/sudo_plugin.h, src/exec.c:
 3034 	Document resource limit support in command_info[] and Bump plugin
 3035 	API minor. This is supported beginning with sudo 1.9.9 and plugin
 3036 	API 1.17.
 3037 	[2004a71a11b3]
 3038 
 3039 2021-11-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 3040 
 3041 	* config.h.in, configure, configure.ac, plugins/sudoers/defaults.c,
 3042 	src/limits.c:
 3043 	Use strtoul() on systems without strtoull(). We can assume that
 3044 	systems without strtoull() have 32-bit resource limits.
 3045 	[59c1be5a0387]
 3046 
 3047 	* src/exec.c, src/limits.c, src/sudo.c, src/sudo.h:
 3048 	Add front-end support for setting resouce limits. The special value
 3049 	"user" means preserve the invoking user's limit. The value "default"
 3050 	means don't override the default limit for the user as assigned by
 3051 	the system (PAM, loging.conf, userdb, etc).
 3052 	[7ad6961d5d72]
 3053 
 3054 	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 3055 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
 3056 	plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults,
 3057 	plugins/sudoers/policy.c:
 3058 	Add basic support for setting resource limits in sudoers. The
 3059 	default for rlimit_core is "0,0" Resource limits are passed back to
 3060 	the front-end in command_info[] when set.
 3061 	[298d5e228635]
 3062 
 3063 	* src/edit_open.c:
 3064 	switch_user_nonfatal: only define if using faccessat()
 3065 	[1a6b2c0240f5]
 3066 
 3067 2021-11-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 3068 
 3069 	* doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c:
 3070 	visudo: add -O and -P options to check/set owner and permissions.
 3071 	This can be used in conjunction with the -c option to check that the
 3072 	sudoers file ownership and permissions are correct. Bug #1007
 3073 	[1f20721148b0]
 3074 
 3075 2021-11-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 3076 
 3077 	* doc/UPGRADE:
 3078 	UPGRADE: mention SELinux behavior change.
 3079 	[0b8cef633225]
 3080 
 3081 	* src/selinux.c, src/sudo.h, src/sudo_edit.c:
 3082 	Rename selinux_setcon -> selinux_setexeccon
 3083 	[50bde2e4d922]
 3084 
 3085 	* src/selinux.c:
 3086 	In the SELinux role is "unconfined_r", disable SELinux support. We
 3087 	only want to apply SELinux to confined users. This is a bit of a
 3088 	hack as unconfined_r is specific to the targeted policy.
 3089 	[aaa8ee97f31e]
 3090 
 3091 	* src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
 3092 	src/sudo.h, src/sudo_edit.c:
 3093 	Separate out the code to compute the context from selinux_setup().
 3094 	This makes it possible to determine whether we really need to
 3095 	execute the command via the sesh helper. What was left of
 3096 	selinux_setup() is now selinux_relabel_tty() and
 3097 	selinux_audit_role_change().
 3098 	[687a81e59fdd]
 3099 
 3100 	* plugins/sudoers/policy.c, src/selinux.c, src/sudo.c:
 3101 	Pass status of selinux sudoers setting to front-end as selinux-rbac.
 3102 	The front-end uses this to decide whether or not to enable SELinux.
 3103 	If selinux-rbac is true _or_ if it is not present and selinux_role
 3104 	or selinux_type are set, SELinux support is enabled. Previously,
 3105 	SELinux support was only enabled if a role was specified.
 3106 	[2f21ae08ebbd]
 3107 
 3108 	* src/edit_open.c:
 3109 	dir_is_writable: add fallback if changing UIDs fails The SELinux
 3110 	policy may not allow uid/gid changes which will break the
 3111 	writability checks and cause sudoedit to fail.
 3112 	[5c5928a0c314]
 3113 
 3114 2021-11-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 3115 
 3116 	* scripts/mkpkg:
 3117 	Build python package on Fedora
 3118 	[7261434fc60c]
 3119 
 3120 2021-11-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 3121 
 3122 	* src/selinux.c:
 3123 	Make get_exec_context static, it is unused outside selinux.c.
 3124 	[be59f91e53dd]
 3125 
 3126 	* doc/sudo.conf.mdoc.in:
 3127 	Fix lint warning: skipping paragraph macro: Pp before Bd
 3128 	[f84297a652d8]
 3129 
 3130 2021-10-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 3131 
 3132 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 3133 	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
 3134 	Escape some minus signs ('-') as required by newer groff.
 3135 	[4a1a2d6d5c19]
 3136 
 3137 	* MANIFEST, config.h.in, configure, configure.ac,
 3138 	include/sudo_compat.h, lib/util/timegm.c,
 3139 	plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c,
 3140 	plugins/sudoers/gmtoff.c, plugins/sudoers/parse.h, scripts/mkdep.pl:
 3141 	parse_gentime: use timegm() to generate time since the epoch The
 3142 	timegm() function is non-standard but widely available. Provide an
 3143 	implementation for those systems that lack it. Bug #1006
 3144 	[3ca20dfdb44c]
 3145 
 3146 	* include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl:
 3147 	Fix pasto in gmtime_r and localtime_r macros. Also add missing
 3148 	Makefile targets for them.
 3149 	[2310e188fdd4]
 3150 
 3151 	* plugins/sudoers/gmtoff.c:
 3152 	Take daylight saving time into consideration when computing offset.
 3153 	Otherwise, the resulting time may be off by and hour, depending on
 3154 	whether DST is currently active compared to the target time.
 3155 	[20c60fe8e8fc]
 3156 
 3157 2021-10-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 3158 
 3159 	* scripts/mkpkg:
 3160 	Back out f2d82771e7dd, arm64e on macOS is still in preview state.
 3161 	Until arm64e on macOS is finalized, continue to build arm64
 3162 	packages.
 3163 	[6c3bbd6ffc3a]
 3164 
 3165 2021-10-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 3166 
 3167 	* scripts/mkpkg:
 3168 	Build arm64e ABI binaries on macOS 11 and above. We originally used
 3169 	arm64 here but the correct ABI is arm64e. The arm64 arch will be
 3170 	removed in a future release.
 3171 	[f2d82771e7dd]
 3172 
 3173 	* logsrvd/logsrvd_local.c:
 3174 	Use iolog_openat() when opening the log.json file in the I/O log
 3175 	dir.
 3176 	[9041b20b8d01]
 3177 
 3178 2021-10-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 3179 
 3180 	* logsrvd/tls_init.c:
 3181 	Use BIO_new_file() not BIO_new_fd() to read dhparams file. Older
 3182 	versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly
 3183 	include openssl/bio.h and openssl/dh.h for wolfSSL.
 3184 	[8338f58d5ba0]
 3185 
 3186 	* INSTALL, config.h.in, configure, configure.ac:
 3187 	wolfSSL not WolfSSL
 3188 	[4ee7f96ef87c]
 3189 
 3190 	* .circleci/config.yml:
 3191 	Add wolfSSL variant to continuous integration tests.
 3192 	[dbbab23e069c]
 3193 
 3194 	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
 3195 	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
 3196 	docker/ubuntu/rolling/Dockerfile:
 3197 	Add libwolfssl-dev to Debian and Ubuntu Dockerfiles Fedora does not
 3198 	appear to have an official wolfssl package.
 3199 	[12c0feaa0ebb]
 3200 
 3201 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 3202 	White space in an include file path supported by sudo 1.9.1 or
 3203 	higher.
 3204 	[9a22034de181]
 3205 
 3206 2021-10-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 3207 
 3208 	* INSTALL, config.h.in, configure, configure.ac,
 3209 	include/sudo_compat.h, lib/iolog/hostcheck.c,
 3210 	lib/util/digest_openssl.c, lib/util/getentropy.c, logsrvd/logsrvd.c,
 3211 	logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
 3212 	logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
 3213 	logsrvd/tls_init.c, plugins/sudoers/log_client.c,
 3214 	plugins/sudoers/log_client.h:
 3215 	Add support for WolfSSL's OpenSSL compatibility layer. Based on
 3216 	changes from Hayden Roche
 3217 	[568557ecb77b]
 3218 
 3219 	* lib/util/Makefile.in, plugins/sudoers/Makefile.in:
 3220 	regenerate dependencies
 3221 	[d36bf7724e49]
 3222 
 3223 	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
 3224 	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
 3225 	logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
 3226 	logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
 3227 	logsrvd/sendlog.c, logsrvd/sendlog.h:
 3228 	Move include of log_server.pb-c.h into logsrvd.h and sendlog.h This
 3229 	way there is no include file order issue with the
 3230 	PROTOBUF_C_VERSION_NUMBER check.
 3231 	[23678487ffaf]
 3232 
 3233 	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
 3234 	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
 3235 	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
 3236 	docker/ubuntu/rolling/Dockerfile:
 3237 	Add pkg-config to all Dockerfile
 3238 	[63457bb84c4d]
 3239 
 3240 2021-10-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 3241 
 3242 	* logsrvd/tls_init.c:
 3243 	Use SSL_FILETYPE_PEM with SSL_CTX_use_PrivateKey_file, not
 3244 	X509_FILETYPE_PEM While they are defined to the same value in
 3245 	OpenSSL one should not rely on this.
 3246 	[1a1557931dbf]
 3247 
 3248 2021-10-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 3249 
 3250 	* configure, configure.ac:
 3251 	Fix setting _PATH_ASAN_LIB, need to double up the square brackets.
 3252 	[98143164620a]
 3253 
 3254 	* logsrvd/sendlog.c:
 3255 	sudo_sendlog: send runenv, rungid and runuid from log.json too With
 3256 	this change, sudo_sendlog can now round-trip sudo-style I/O logs
 3257 	that use the newer log.json format without losing any information.
 3258 	[d9d3dad6cca3]
 3259 
 3260 2021-10-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 3261 
 3262 	* config.h.in, configure, configure.ac, lib/util/arc4random.c:
 3263 	arc4random: need to include sys/random.h on Solaris too. This was
 3264 	removed when Linux genentropy() was disabled.
 3265 	[18ea9b386950]
 3266 
 3267 2021-10-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 3268 
 3269 	* lib/iolog/hostcheck.c, lib/util/inet_ntop.c, logsrvd/logsrv_util.h,
 3270 	plugins/sudoers/log_client.h:
 3271 	Make sure INET_ADDRSTRLEN and INET6_ADDRSTRLEN are defined.
 3272 	[e347465e0a05]
 3273 
 3274 	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
 3275 	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
 3276 	plugins/sudoers/logging.c, plugins/sudoers/logging.h:
 3277 	Only include log_client.h if SUDOERS_LOG_CLIENT is defined.
 3278 	[c318f74cf2a8]
 3279 
 3280 	* Merge pull request #118 from larb0b/main
 3281 
 3282 	Define MAP_FAILED where relevant if undefined
 3283 	[74f3e9f1a1f4]
 3284 
 3285 2021-10-21  Larkin Nickle  <me@larbob.org>
 3286 
 3287 	* lib/util/getentropy.c, lib/util/regress/mktemp/mktemp_test.c,
 3288 	lib/util/snprintf.c:
 3289 	Define MAP_FAILED where relevant if undefined
 3290 
 3291 	On systems such as HP-UX 10.20, MAP_FAILED is not defined.
 3292 	[9f4976caa567]
 3293 
 3294 2021-10-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 3295 
 3296 	* configure, m4/libtool.m4:
 3297 	Improve macOS version detection to support macOS 11 and simplify
 3298 	legacy logic From Jeremy Huddleston Sequoia
 3299 	[f09b45ab460a]
 3300 
 3301 	* logsrvd/sendlog.c:
 3302 	sudo_sendlog: send multiple I/O log records together if possible Try
 3303 	to fill the write buffer and then send to the server instead of
 3304 	sending records one at a time.
 3305 	[0b084cd75d64]
 3306 
 3307 	* logsrvd/sendlog.c, logsrvd/sendlog.h:
 3308 	sudo_sendlog: support multiple write buffers like sudo_logsrvd
 3309 	[a46b88eff200]
 3310 
 3311 	* configure, configure.ac, lib/util/Makefile.in:
 3312 	Always link libsudo_util.so with libcrypto.so if using OpenSSL. We
 3313 	may need to use RAND_bytes() in the getentropy() emulation.
 3314 	[9c805a008d76]
 3315 
 3316 	* config.h.in, configure, configure.ac, lib/util/getentropy.c,
 3317 	plugins/sudoers/boottime.c:
 3318 	Add an explicit check for sys/sysctl.h. This test needs to be done
 3319 	after AC_LANG_WERROR to avoid including sys/sysctl.h on systems
 3320 	where it is marked as deprecated via a #warning directive.
 3321 	[d9f1f97b0f37]
 3322 
 3323 	* config.h.in, configure, configure.ac, lib/util/arc4random.c:
 3324 	Use our own getentropy() by default on Linux. The glibc getentropy()
 3325 	emulation will fail on older kernels that don't support getrandom().
 3326 	Also use sudo_fatal() instead of sending SIGKILL on getentropy()
 3327 	failure. GitHub issue #117.
 3328 	[1ca9d10ff780]
 3329 
 3330 	* lib/util/getentropy.c:
 3331 	Use the OpenSSL RAND_bytes() function if getrandom() fails.
 3332 	[5f82f6d2ea36]
 3333 
 3334 	* lib/util/Makefile.in, lib/util/arc4random_buf.c, scripts/mkdep.pl:
 3335 	Fix compilation of standalone arc4random_buf(). Apparently this code
 3336 	was never compiled anywhere.
 3337 	[a66c68c3a976]
 3338 
 3339 	* lib/util/uuid.c:
 3340 	sudo_uuid_create: no longer need a union for the uuid.
 3341 	[a9277bf0078c]
 3342 
 3343 2021-10-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 3344 
 3345 	* lib/eventlog/eventlog_free.c:
 3346 	eventlog_free: free signal_name too
 3347 	[1da686483f2a]
 3348 
 3349 	* lib/iolog/regress/fuzz/fuzz_iolog_json.dict:
 3350 	Add new log.json keywords
 3351 	[f4a30fc6c4ed]
 3352 
 3353 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c:
 3354 	fuzz_iolog_json: initialize exit_value to -1
 3355 	[bac9826b95a1]
 3356 
 3357 	* logsrvd/logsrvd.c:
 3358 	Fix potential use-after-free when calling iolog_flush_all(). We need
 3359 	to call iolog_flush_all() _before_ scheduling the commit point. If
 3360 	we fail to schedule to commit point, the closure will be freed.
 3361 	Coverity CID 220557
 3362 	[364736f15a06]
 3363 
 3364 	* logsrvd/sendlog.c:
 3365 	sendlog: use runargv from log.json if available
 3366 	[88a0f4d7bb94]
 3367 
 3368 	* logsrvd/sendlog.c:
 3369 	sudo_sendlog: send exit data in eventlog if present
 3370 	[fdacc0f68c56]
 3371 
 3372 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 3373 	logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
 3374 	No longer need to pass exit params to eventlog_exit(), use struct
 3375 	eventlog. Now that struct eventlog includes the exit parameters we
 3376 	can simplify how eventlog_exit() is called.
 3377 	[8580c0e8334d]
 3378 
 3379 	* include/sudo_eventlog.h, lib/iolog/iolog_json.c,
 3380 	lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c:
 3381 	Read command run_time, signal and exit_value from I/O log log.json
 3382 	file.
 3383 	[05223c4cca0c]
 3384 
 3385 	* logsrvd/logsrvd_local.c:
 3386 	Log the command run-time and exit status in the I/O log.
 3387 	[8b02b373f79b]
 3388 
 3389 	* lib/eventlog/eventlog.c:
 3390 	format_json: fix pasto when setting dumped_core boolean
 3391 	[ca11285c088a]
 3392 
 3393 2021-10-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 3394 
 3395 	* lib/eventlog/eventlog.c, logsrvd/logsrvd_local.c:
 3396 	Handle a missing run_time in an ExitMessage. It is now possible to
 3397 	pass a NULL run_time to eventlog_exit().
 3398 	[f3e989682931]
 3399 
 3400 2021-10-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 3401 
 3402 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 3403 	logsrvd/logsrvd.c:
 3404 	No need to flush logs before commit point if we flush after each
 3405 	write. Also document that logs are flushed before sending a commit
 3406 	point even when flushing is disabled.
 3407 	[50323241569d]
 3408 
 3409 2021-10-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 3410 
 3411 	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
 3412 	lib/iolog/iolog_conf.c, lib/iolog/iolog_flush.c,
 3413 	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
 3414 	Flush I/O logs before we send a commit point. The commit point
 3415 	message means we have written the data to disk so we should not be
 3416 	buffering it any longer. We do not currently fsync(2) the data after
 3417 	flushing, perhaps we should.
 3418 	[5233172b7531]
 3419 
 3420 	* logsrvd/logsrv_util.c:
 3421 	Do not treat a resume point of [0, 0] as an error. If the connecton
 3422 	is interrupted before sudo sends back a commit_point message,
 3423 	resuming at [0, 0] is correct. Also add a warning on unexpected EOF
 3424 	parsing the timing file.
 3425 	[105f29878ad7]
 3426 
 3427 2021-10-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 3428 
 3429 	* plugins/sudoers/sudoers.c:
 3430 	Display a more helpful message if the user tries to run "sudo cd".
 3431 	Since "cd" is a shell built-in command it cannot be run directly via
 3432 	sudo. The user either needs to spawn a shell via "sudo -s" or use
 3433 	the -D option to run a command in a specific directory.
 3434 	[4d45797dfb11]
 3435 
 3436 	* configure, configure.ac:
 3437 	Don't install sudoers.a when configured with --enable-static-
 3438 	sudoers. We already avoid installing it when --disable-shared-util
 3439 	is specified.
 3440 	[0d2022bc07cb]
 3441 
 3442 2021-10-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 3443 
 3444 	* scripts/mkpkg:
 3445 	mkpkg: preserve make exit value on exit Fixes a problem where the
 3446 	exit value from mkpkg was 0 even on error.
 3447 	[0d0f15bf10cf]
 3448 
 3449 	* plugins/sudoers/cvtsudoers_csv.c:
 3450 	Fix typos in SELinux and Solaris priv support.
 3451 	[16b9a1459f1d]
 3452 
 3453 	* MANIFEST, doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
 3454 	plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
 3455 	plugins/sudoers/cvtsudoers.h, plugins/sudoers/cvtsudoers_csv.c:
 3456 	cvtsudoers: initial support for CSV output For CSV output we double
 3457 	quotes strings that contain commas. For each literal double quote
 3458 	character present inside the string, two double quotes are output.
 3459 	[8f7763b74563]
 3460 
 3461 	* lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
 3462 	plugins/sudoers/Makefile.in:
 3463 	regenerate dependencies
 3464 	[09d11b5c7d41]
 3465 
 3466 	* docker/README, etc/codespell.ignore:
 3467 	Fix typo and avoid a codespell false positive.
 3468 	[81a365b29c3c]
 3469 
 3470 2021-10-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 3471 
 3472 	* .circleci/config.yml:
 3473 	Add build-nointercept and test-nointercept
 3474 	[d39877327ccc]
 3475 
 3476 2021-10-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 3477 
 3478 	* .circleci/config.yml:
 3479 	circleci: test multiple build options We now do separate builds with
 3480 	LDAP/SSSD enabled, logsrv client/server disabled, and static-sudoers
 3481 	enabled.
 3482 	[4d8a9b45156c]
 3483 
 3484 	* configure, configure.ac, plugins/sudoers/Makefile.in:
 3485 	Fix fuzzer build with when --enable-static-sudoers is used. This
 3486 	introduces a sudoers-specific version of LT_STATIC instead of
 3487 	appending the --tag=disable-shared to SUDOERS_LDFLAGS. I've also
 3488 	removed the -static flag as it should not be needed.
 3489 	[864a2fd4e3f7]
 3490 
 3491 2021-10-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 3492 
 3493 	* docker/README:
 3494 	Mention --security-opt=seccomp=unconfined workaround for bleeding
 3495 	edge. May be needed for Fedora rawhide and Ubuntu testing, among
 3496 	others.
 3497 	[a465fdb0a7de]
 3498 
 3499 	* configure, configure.ac:
 3500 	Try to handle the case where libasan.so is a linker script. Fixes
 3501 	check_noexec with ASAN on Fedora where libasan.so just includes the
 3502 	actual library file.
 3503 	[f96d1d0cea53]
 3504 
 3505 	* .circleci/config.yml, docker/README,
 3506 	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile:
 3507 	Enable address and undefined behavior sanitizers in CI builds. We
 3508 	need to disable leak sanitizer during "make check" because it uses
 3509 	ptrace which is not allowed for unprivileged containers.
 3510 	[9378e3856a60]
 3511 
 3512 2021-10-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 3513 
 3514 	* .circleci/config.yml:
 3515 	Switch to Ubuntu latest for circleci build.
 3516 	[1270ca1ba47d]
 3517 
 3518 	* .circleci/config.yml, docker/debian/latest/Dockerfile,
 3519 	docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile,
 3520 	docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile,
 3521 	docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
 3522 	Add build user for circleci instead of running as root.
 3523 	[27dcb5218cb2]
 3524 
 3525 	* .circleci/config.yml, MANIFEST, docker/README,
 3526 	docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
 3527 	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
 3528 	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
 3529 	docker/ubuntu/rolling/Dockerfile:
 3530 	Use circleci for continuous integegration. Build container
 3531 	descriptions are in the new docker directory.
 3532 	[d5b5b16b0624]
 3533 
 3534 2021-10-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 3535 
 3536 	* .gitignore, .hgignore:
 3537 	Update ignore file.
 3538 	[7fe8afa88e96]
 3539 
 3540 2021-10-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 3541 
 3542 	* plugins/sudoers/sudoreplay.c:
 3543 	Sync "sudo -l" output with normal sudo log format. It now prints
 3544 	runchroot and runcwd (falling back on cwd). As a result, submithost
 3545 	is now printed first, matching sudo. Also avoid printing NULL
 3546 	pointers and skip entries that don't have at least command,
 3547 	submituser and runuser set.
 3548 	[0d6b96ec88a1]
 3549 
 3550 	* lib/iolog/iolog_json.c:
 3551 	iolog_parse_json_object: optimize for large argv
 3552 	[5fa1929189a3]
 3553 
 3554 2021-09-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 3555 
 3556 	* configure, configure.ac:
 3557 	Add "-fcf-protection" to SSP_CFLAGS and SSP_LDFLAGS if supported.
 3558 	Can be disabled via --disable-hardening.
 3559 	[589507ecadf4]
 3560 
 3561 	* configure, configure.ac:
 3562 	Add "-z now" to hardened link options if supported. Can be disabled
 3563 	via --disable-hardening.
 3564 	[11ff1d86440b]
 3565 
 3566 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/editor.c,
 3567 	plugins/sudoers/regress/editor/check_editor.c,
 3568 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 3569 	plugins/sudoers/visudo.c:
 3570 	find_editor: remove the env_error argument There is no case where we
 3571 	should fail to find an editor just because the values of EDITOR,
 3572 	VISUAL and SUDO_EDITOR are unavailable. Both sudoedit and the
 3573 	"env_editor" sudoers setting are documented as falling back on the
 3574 	hard-coded list of editors in the "editors" sudoers setting. Bug
 3575 	#1000
 3576 	[caa529a0cab6]
 3577 
 3578 	* plugins/sudoers/check_aliases.c:
 3579 	Use sudo_printf(SUDO_CONV_ERROR_MSG) instead of fprintf(stderr).
 3580 	Avoids extraneous output in the fuzzer.
 3581 	[981d3abd96c7]
 3582 
 3583 	* plugins/sudoers/Makefile.in,
 3584 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 3585 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 3586 	Stub out sudo_printf() and avoid other use of stderr in fuzzers.
 3587 	This makes it possible to parse sudoers without using quiet mode,
 3588 	resulting in better coverage.
 3589 	[3215cad4174f]
 3590 
 3591 2021-09-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 3592 
 3593 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 3594 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 3595 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 3596 	lib/util/regress/fuzz/fuzz_sudo_conf.c,
 3597 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
 3598 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 3599 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 3600 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 3601 	Use a consistent version of fuzz_conversation() with all fuzzers.
 3602 	Also undo a change to fuzz_sudoers.c that snuck in to the last
 3603 	commit.
 3604 	[8a94b06302b7]
 3605 
 3606 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 3607 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 3608 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 3609 	lib/util/regress/fuzz/fuzz_sudo_conf.c,
 3610 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
 3611 	plugins/sudoers/Makefile.in,
 3612 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 3613 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 3614 	Fuzzers should not produce output. Excessive output makes the fuzzer
 3615 	runs much less efficient.
 3616 	[b9c485009c0f]
 3617 
 3618 	* logsrvd/logsrv_util.c:
 3619 	expand_buf: fix conditional for when we need to preserve existing
 3620 	data It is possible for the buffer offset to be zero when the length
 3621 	is non-zero. The proper value to use is the same as is used for the
 3622 	memcpy/memmove size. Fixes buffer corruption caused by a very long
 3623 	command line that usually results in a dropped connection.
 3624 	[59a4319b3463]
 3625 
 3626 2021-09-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 3627 
 3628 	* config.h.in, configure, configure.ac, lib/util/closefrom.c:
 3629 	Emulate closefrom() on macOS using proc_pidinfo(). This avoids
 3630 	relying on /dev/fd which may not exist in a chroot jail. Adapted
 3631 	from a change in OpenSSH by likan_999.student AT sina.com
 3632 	[2e86d4150ce5]
 3633 
 3634 2021-09-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 3635 
 3636 	* src/edit_open.c:
 3637 	Handle EMLINK and EFTYPE errno values for O_NOFOLLOW failure.
 3638 	FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
 3639 	This is only used to present the user with a more appropriate error
 3640 	message.
 3641 	[ca5499c8c40f]
 3642 
 3643 2021-09-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 3644 
 3645 	* plugins/sudoers/cvtsudoers.c:
 3646 	Fix typo in last commit, use boolean AND not bitwise.
 3647 	[685bd5d9ce6f]
 3648 
 3649 	* doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
 3650 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
 3651 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 3652 	plugins/sudoers/parse.h:
 3653 	Add the ability to filter/match by command via the -m option. For
 3654 	example "cvtsudoers -m cmd=/bin/ls" would only display entries that
 3655 	would allow /bin/ls to be allowed or denied.
 3656 	[3534a0170c59]
 3657 
 3658 2021-09-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 3659 
 3660 	* doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in,
 3661 	plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
 3662 	plugins/sudoers/cvtsudoers.h, plugins/sudoers/pwutil.c:
 3663 	Add --group-file and --passwd-file options to cvtsudoers. These are
 3664 	based on the code in testsudoers.
 3665 	[3286dd5dd0bf]
 3666 
 3667 2021-09-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 3668 
 3669 	* lib/util/mkdir_parents.c:
 3670 	Move cppcheck suppression annotation to where it needs to be.
 3671 	[17d601bc91f3]
 3672 
 3673 	* lib/util/mksigname.c:
 3674 	format string fix: print signal number as unsigned. Quiets a
 3675 	cppcheck warning; mksiglist.c already has this fixed.
 3676 	[a28b72dceec4]
 3677 
 3678 	* plugins/sudoers/ldap_util.c:
 3679 	Fix memory leak on error path if snprintf() overflows. Coverity CID
 3680 	188804
 3681 	[73872d2e2cd0]
 3682 
 3683 2021-09-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 3684 
 3685 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
 3686 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/passwd.c,
 3687 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c:
 3688 	Avoid reinitializing other auth methods.
 3689 	[af0495460943]
 3690 
 3691 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 3692 	expand_include: add bounds checking when expanding %h escape.
 3693 	[3c0ca1f0d4e5]
 3694 
 3695 	* plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 3696 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 3697 	Check snprintf() return values even if we preallocated the correct
 3698 	amount. There are no remaining unchecked snprintf() that can
 3699 	actually overflow.
 3700 	[0eaf1d4daa84]
 3701 
 3702 	* include/sudo_iolog.h, lib/iolog/iolog_nextid.c:
 3703 	iolog_nextid(): make iolog_dir argument const. We make a copy of the
 3704 	directory so there's no real reason that parameter can't be const.
 3705 	[f278847ca9aa]
 3706 
 3707 	* plugins/sudoers/ldap_util.c:
 3708 	Amend truncation fix, the real problem was the size passed to
 3709 	snprintf(). sudo_rcstr_alloc() takes a length (not a size) parameter
 3710 	so when calling snprintf() we need to add one to the length.
 3711 	[92f8a8b86d20]
 3712 
 3713 	* plugins/sudoers/ldap_util.c:
 3714 	Fix truncation of the last char of the sudoRole cn passed to
 3715 	append_default(). This string is primarily used for warning
 3716 	messages. Also check the snprintf() return value to avoid silent
 3717 	truncation. GitHub issue #115
 3718 	[22b8d7bc62f8]
 3719 
 3720 2021-09-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 3721 
 3722 	* .hgtags:
 3723 	Added tag SUDO_1_9_8p2 for changeset 9edebc604c58
 3724 	[67357c8687d3] <1.9>
 3725 
 3726 	* NEWS, configure, configure.ac:
 3727 	Sudo 1.9.8p2
 3728 	[9edebc604c58] [SUDO_1_9_8p2] <1.9>
 3729 
 3730 	* NEWS, configure, configure.ac:
 3731 	Sudo 1.9.8p2
 3732 	[f29fdeb8ae5b]
 3733 
 3734 	* etc/codespell.exclude:
 3735 	Standardize on "front-end" not "front end" in the man pages.
 3736 	[b0ad634852e7]
 3737 
 3738 	* configure, configure.ac:
 3739 	fix typo
 3740 	[4d8738449daa]
 3741 
 3742 	* logsrvd/logsrvd_journal.c:
 3743 	Reuse existing journal file for an accepted/rejected sub-command.
 3744 	Otherwise we end up with zero-length files in the incoming queue dir
 3745 	and may end up relaying one of those instead of the actual journal
 3746 	file.
 3747 	[4789371a43f3] <1.9>
 3748 
 3749 	* logsrvd/logsrvd_journal.c:
 3750 	Reuse existing journal file for an accepted/rejected sub-command.
 3751 	Otherwise we end up with zero-length files in the incoming queue dir
 3752 	and may end up relaying one of those instead of the actual journal
 3753 	file.
 3754 	[545897a2761c]
 3755 
 3756 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 3757 	Re-enable error output for the sudoers parser. It is only the alias
 3758 	and defaults warnings we need to suppress.
 3759 	[114bd7756a7c]
 3760 
 3761 	* src/exec_intercept.c:
 3762 	Add intercept_cleanup() stub for when building w/o intercept
 3763 	support.
 3764 	[bd6f32a90787]
 3765 
 3766 	* src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
 3767 	src/sudo_exec.h:
 3768 	Add intercept_cleanup() to free the closure used by
 3769 	intercept_accept_cb().
 3770 	[55f6aea8b517]
 3771 
 3772 	* plugins/sudoers/auth/pam.c:
 3773 	Don't re-initialize PAM for sub-commands.
 3774 	[41d7d61e4ac5] <1.9>
 3775 
 3776 	* plugins/sudoers/auth/pam.c:
 3777 	Don't re-initialize PAM for sub-commands.
 3778 	[faa7aec4d145]
 3779 
 3780 	* logsrvd/logsrvd_local.c:
 3781 	sudo_logsrvd: only send log ID for first command of a session There
 3782 	is no need to send the log ID for each sub-command.
 3783 	[e21b40af74f2] <1.9>
 3784 
 3785 	* logsrvd/logsrvd_local.c:
 3786 	sudo_logsrvd: only send log ID for first command of a session There
 3787 	is no need to send the log ID for each sub-command.
 3788 	[625b18c5f821]
 3789 
 3790 	* plugins/sudoers/log_client.c:
 3791 	Only store the first log id received from the server. Plugs a small
 3792 	memory leak in intercept mode if the log server sends the log ID
 3793 	again for sub-commands.
 3794 	[e20563f3e152] <1.9>
 3795 
 3796 	* plugins/sudoers/log_client.c:
 3797 	Only store the first log id received from the server. Plugs a small
 3798 	memory leak in intercept mode if the log server sends the log ID
 3799 	again for sub-commands.
 3800 	[ca2ad5b219cd]
 3801 
 3802 2021-09-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 3803 
 3804 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 3805 	fuzz_sudoers: don't warn about unknown defaults entries Some fuzzing
 3806 	inputs cause a huge number of warnings and displaying them all can
 3807 	result in the fuzz run timing out. If we disable the warnings we can
 3808 	avoid the timeout.
 3809 	[4823ee305937]
 3810 
 3811 	* plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
 3812 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 3813 	plugins/sudoers/policy.c:
 3814 	Limit paths for command, cwd and chroot to PATH_MAX bytes. This
 3815 	helps prevent the fuzzer from going off the rails.
 3816 	[9550fa76a645]
 3817 
 3818 	* plugins/sudoers/sudoers.c:
 3819 	sudo -i: missing NULL terminator when moving argv to make room for
 3820 	--login Fixes a potential crash for "sudo -i" when the target user
 3821 	has bash as the shell (which needs the --login option). Bug #998.
 3822 	[32644aae1eab] <1.9>
 3823 
 3824 	* plugins/sudoers/sudoers.c:
 3825 	sudo -i: missing NULL terminator when moving argv to make room for
 3826 	--login Fixes a potential crash for "sudo -i" when the target user
 3827 	has bash as the shell (which needs the --login option). Bug #998.
 3828 	[4b297f2ead15]
 3829 
 3830 	* lib/eventlog/eventlog.c:
 3831 	Only append argv[] to the log line if argv[0] is not NULL. It should
 3832 	not be possible to reach this point with a command defined but
 3833 	argv[] empty but it doesn't hurt to check.
 3834 	[61f9cf744673]
 3835 
 3836 2021-09-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 3837 
 3838 	* plugins/sudoers/check_aliases.c:
 3839 	Only warn about an undefined alias or a cycle a single time. There's
 3840 	no point in warning about the same problem multiple times. This
 3841 	implementation assumes a small number of warnings and so just uses a
 3842 	simple listed link.
 3843 	[4461f65d1bad]
 3844 
 3845 	* configure, configure.ac:
 3846 	Remove now-unused CHECK_INTERCEPT variable.
 3847 	[447dbf8bea48]
 3848 
 3849 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 3850 	Quiet pvs-studio false positive: V557 Array overrun is possible.
 3851 	Make the zero length check explicit so as not to confuse static (or
 3852 	human) analyzers.
 3853 	[512ab29a9f28]
 3854 
 3855 2021-09-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 3856 
 3857 	* MANIFEST, plugins/sudoers/regress/testsudoers/test17.out.ok,
 3858 	plugins/sudoers/regress/testsudoers/test17.sh:
 3859 	Test that digest matching works with LDAP sudoCommand: ALL
 3860 	[f7ec49401d4f]
 3861 
 3862 	* plugins/sudoers/ldap_util.c:
 3863 	Allow a digest to be specified with the "ALL" command for ldap/sssd
 3864 	back-ends. This has been possible with sudoers file entries since
 3865 	sudo 1.9.0 but no corresponding change was made for ldap/sssd.
 3866 	[89a30bbd7dac]
 3867 
 3868 	* lib/eventlog/eventlog.c:
 3869 	Use localtime_r() not gmtime_r() when formatting the local time.
 3870 	This is consistent with how sudo formatted time stamps prior to the
 3871 	logging code being split off into libeventlog. We only need to use
 3872 	gmtime_r() for ISO 8601 time.
 3873 	[aee6e29ba9d6]
 3874 
 3875 	* lib/eventlog/eventlog.c,
 3876 	lib/iolog/regress/iolog_path/check_iolog_path.c,
 3877 	lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
 3878 	plugins/sudoers/cvtsudoers_json.c,
 3879 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
 3880 	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
 3881 	plugins/sudoers/timestr.c:
 3882 	Check strftime(3) return value in all cases. Old versions of
 3883 	strftime(3) didn't guarantee to NUL-terminate the buffer so we
 3884 	explicitly clear the last byte of the buffer and check it.
 3885 	[bc402e4bd4d2]
 3886 
 3887 	* config.h.in, configure, configure.ac, logsrvd/tls_init.c:
 3888 	tls_init.c: use SSL_CTX_set0_tmp_dh_pkey if present. Fixes a warning
 3889 	on OpenSSL 3.0 and plugs a memory leak of dhparams on config reload.
 3890 	[02027ea86d3b]
 3891 
 3892 	* configure, configure.ac, lib/util/digest_openssl.c:
 3893 	Use the EVP digest routines instead of calling SHA2 functions
 3894 	directly. Avoids compiler warnings with OpenSSL 3.0.
 3895 	EVP_MD_CTX_new() is only available for OpenSSL 1.1 and higher--we
 3896 	will fall back to sudo's SHA2 code if necessary.
 3897 	[6fbac28175f9]
 3898 
 3899 	* configure, configure.ac:
 3900 	When using pkg-config, don't assume the names of the ssl and crypto
 3901 	libs. On the HP-UX build machines these are named libssl_pic.a and
 3902 	libcrypto_pic.a to avoid conflicting with the system libs.
 3903 	[a8eb772b3a4d]
 3904 
 3905 	* lib/util/sudo_debug.c:
 3906 	Store milliseconds in the debug file timestamp. Sometime second
 3907 	granularity is not enough.
 3908 	[1df3e75f1133]
 3909 
 3910 	* MANIFEST, config.h.in, configure, configure.ac,
 3911 	include/sudo_compat.h, lib/util/gmtime_r.c, lib/util/localtime_r.c:
 3912 	Add gmtime_r and localtime_r tests and compat if missing.
 3913 	[709671c493a3]
 3914 
 3915 	* lib/eventlog/eventlog.c, lib/iolog/iolog_path.c,
 3916 	lib/iolog/regress/iolog_path/check_iolog_path.c,
 3917 	lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
 3918 	plugins/sample_approval/sample_approval.c,
 3919 	plugins/sudoers/cvtsudoers_json.c,
 3920 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
 3921 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
 3922 	plugins/sudoers/gmtoff.c, plugins/sudoers/ldap.c,
 3923 	plugins/sudoers/parse.c, plugins/sudoers/timestr.c:
 3924 	Use gmtime_r() and localtime_r() instead of gmtime() and
 3925 	localtime().
 3926 	[5758514b25cb]
 3927 
 3928 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
 3929 	Plugin lines are for approval and audit plugins too.
 3930 	[67bb7c0687f2]
 3931 
 3932 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
 3933 	doc/sudo.mdoc.in, doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
 3934 	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 3935 	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
 3936 	doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
 3937 	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in,
 3938 	doc/visudo.mdoc.in:
 3939 	Standardize on "front-end" not "front end" in the man pages.
 3940 	[68748f8cc8a6]
 3941 
 3942 	* MANIFEST, plugins/sudoers/regress/testsudoers/test16.out.ok,
 3943 	plugins/sudoers/regress/testsudoers/test16.sh:
 3944 	Add a test to exercise Bug #994
 3945 	[eef2ece0e8d4]
 3946 
 3947 	* scripts/mkpkg:
 3948 	mkpkg: limit the number of cores used to 16
 3949 	[5b8f2aa834b8]
 3950 
 3951 2021-09-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 3952 
 3953 	* NEWS:
 3954 	fix typo
 3955 	[120b1e7d2aca]
 3956 
 3957 	* .hgtags:
 3958 	Added tag SUDO_1_9_8p1 for changeset feb396a0d60d
 3959 	[e5f560a935fc] <1.9>
 3960 
 3961 	* configure, configure.ac:
 3962 	Merge sudo 1.9.8p1 from tip
 3963 	[feb396a0d60d] [SUDO_1_9_8p1] <1.9>
 3964 
 3965 	* NEWS:
 3966 	Bug #994.
 3967 	[14ea3a741b25]
 3968 
 3969 	* plugins/sudoers/ldap_util.c:
 3970 	Always allocate a struct sudo_command for the command, even for ALL.
 3971 	This was missed in the previous set of changes, resulting in a crash
 3972 	for LDAP and SSSD rules that give sudo "ALL" privileges. Bug #994.
 3973 	[91d0379b068a]
 3974 
 3975 	* plugins/sudoers/Makefile.in:
 3976 	Add SUDOERS_LDFLAGS to FUZZ_LDFLAGS Fixes a fuzzer link error when
 3977 	building with ldap if the ldap libs are not in the default library
 3978 	search path.
 3979 	[a450881f9763]
 3980 
 3981 	* configure, configure.ac:
 3982 	Fix the OpenSSL link order for the non-pkg-config case. Since -lssl
 3983 	depends on -lcrypto, -lcrypto must be listed after -lssl. Fixes
 3984 	linking of non-dynamic OpenSSL libs.
 3985 	[787724ab6e87]
 3986 
 3987 2021-09-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 3988 
 3989 	* NEWS, configure, configure.ac:
 3990 	Sudo 1.9.8p1
 3991 	[fc8c69d55348]
 3992 
 3993 	* src/sudo_intercept_common.c:
 3994 	sudo_interposer_init: verify message type from sudo We should only
 3995 	get a HelloResponse from sudo at this point.
 3996 	[a021319260b3]
 3997 
 3998 	* include/intercept.pb-c.h, src/exec_intercept.c,
 3999 	src/intercept.pb-c.c, src/intercept.proto,
 4000 	src/sudo_intercept_common.c:
 4001 	Avoid symbol name clash to fix --enable-static-sudoers linking.
 4002 	[5cc5e415844f]
 4003 
 4004 2021-09-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 4005 
 4006 	* plugins/sudoers/defaults.c, plugins/sudoers/policy.c:
 4007 	append_defaults() should not be passed a value for boolean flags.
 4008 	The operation should simply be set to true/false. Also treat a NULL
 4009 	file as coming from the front-end. Bug #993.
 4010 	[86e69d358916]
 4011 
 4012 2021-09-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 4013 
 4014 	* configure, configure.ac, plugins/python/Makefile.in,
 4015 	scripts/mkdep.pl, src/Makefile.in:
 4016 	Teach mkdep.pl about --tag=disable-static in LTFLAGS. If static objs
 4017 	are disabled we need to add explicit dependencies for .o files. The
 4018 	OpenBSD libtool doesn't use a pic object file when linking
 4019 	executables so we need to build the non-pic objects too.
 4020 	[cdefeeb41a64]
 4021 
 4022 	* configure, configure.ac:
 4023 	Use SUDO_APPEND_LIBPATH when appending to LIBTLS and LIBMD. The
 4024 	OpenSSL pkgconfig files only include -L paths, not -R paths. Using
 4025 	SUDO_APPEND_LIBPATH ensures the rpath is set correctly so the
 4026 	binaries will run (not just link).
 4027 	[29d051972287]
 4028 
 4029 	* INSTALL, configure, configure.ac:
 4030 	Add --enable-openssl-pkgconfig-template option. This can be used to
 4031 	find the correct openssl pkg-config file if it is not named
 4032 	"openssl" (also libcrypto).
 4033 	[77cd3463cefa]
 4034 
 4035 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 4036 	Some POSIX yacc fixes for bison 3.8 yyerror() must be extern void
 4037 	declare tokens with type instead of using separate %type lines
 4038 	[c4e57f9e7df5]
 4039 
 4040 2021-09-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 4041 
 4042 	* .hgtags:
 4043 	Added tag SUDO_1_9_8 for changeset e25cff5d148b
 4044 	[4067d7a889fa] <1.9>
 4045 
 4046 	* config.h.in, configure, configure.ac, include/sudo_compat.h,
 4047 	logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
 4048 	Merge sudo 1.9.8 from tip
 4049 	[e25cff5d148b] [SUDO_1_9_8] <1.9>
 4050 
 4051 	* .gitignore, .hgignore:
 4052 	Add src/intercept.exp to ignore files.
 4053 	[4eaa182a8808]
 4054 
 4055 2021-09-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 4056 
 4057 	* plugins/sudoers/po/cs.mo:
 4058 	regen
 4059 	[8c168099301b]
 4060 
 4061 	* NEWS:
 4062 	Mention --enable-static-sudoers fix.
 4063 	[c93a42253fd0]
 4064 
 4065 	* configure, configure.ac:
 4066 	Fix typo introduced in 1.9.7 that set SUDO_LDFLAGS to
 4067 	SUDOERS_LDFLAGS. Copy pasta is not always the best kind of pasta.
 4068 	[08188442f77b]
 4069 
 4070 	* MANIFEST, configure, configure.ac, m4/sudo.m4, src/Makefile.in,
 4071 	src/intercept.exp, src/intercept.exp.in, src/sudo_intercept.c:
 4072 	sudo_intercept.so: only replace execvpe() if it is present.
 4073 	execvpe() is a GNU extension also found on *BSD (but not macOS).
 4074 	[26153ad9c6ca]
 4075 
 4076 	* NEWS:
 4077 	We now intercept more than just execve().
 4078 	[33e453f035f8]
 4079 
 4080 2021-09-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 4081 
 4082 	* src/sudo_intercept.c:
 4083 	Implement simple PATH resolution for execvp(). We want to use PATH
 4084 	from the current value of the environment, not the initial value of
 4085 	PATH when the policy was opened. This is a little different from how
 4086 	real execvp() works since we use stat() instead of just execve().
 4087 	[fae58e1962cc]
 4088 
 4089 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
 4090 	doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c:
 4091 	Add support for execl, execle, execlp, execvp, and execvpe.
 4092 	Currently, PATH traversal is handled by sudoers which uses the
 4093 	original PATH, not the one updated by the shell.
 4094 	[59dfbbd39bf6]
 4095 
 4096 2021-09-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 4097 
 4098 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 4099 	plugins/sudoers/gram.y:
 4100 	Remove conditional include of alloca.h, we don't define
 4101 	HAVE_ALLOCA_H. The configure check for alloca() was removed long ago
 4102 	but this got missed.
 4103 	[4c64529df149]
 4104 
 4105 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4106 	Define RBAC and mention incompatibility with intercept/log_subcmds.
 4107 	[a44d8f96cad6]
 4108 
 4109 2021-09-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 4110 
 4111 	* src/exec_intercept.c:
 4112 	Fix computation of the token address when handling a partial read.
 4113 	We want to treat it as an array of bytes, not an array of tokens.
 4114 	Coverity CID 240011
 4115 	[0bb3fb3315ce]
 4116 
 4117 	* plugins/sudoers/parse.c:
 4118 	Quiet a PVS-Studio format string warning.
 4119 	[4e445c646dc8]
 4120 
 4121 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 4122 	Regen .pot files.
 4123 	[4cec17bc24da]
 4124 
 4125 	* plugins/sudoers/po/cs.po:
 4126 	Updated translations from translationproject.org
 4127 	[62fdbab57411]
 4128 
 4129 2021-09-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 4130 
 4131 	* src/Makefile.in:
 4132 	regen
 4133 	[a2f37ca5473b]
 4134 
 4135 	* configure, configure.ac, lib/util/sudo_conf.c, scripts/mkdep.pl,
 4136 	src/Makefile.in, src/exec_common.c, src/exec_intercept.c:
 4137 	Do not compile intercept code if --disable-intercept is specified.
 4138 	[9d31e2822c24]
 4139 
 4140 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
 4141 	We now intercept execv() too.
 4142 	[f0eac891cb5c]
 4143 
 4144 	* INSTALL:
 4145 	INSTALL: --disable-intercept will also disable "log_subcmds"
 4146 	[55ddfdae455d]
 4147 
 4148 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/parse.c:
 4149 	Can't use intercept or log_subcmds with SELinux RBAC. SELinux policy
 4150 	will prevent the inherited socket from sudo from being used and may
 4151 	also restrict the ability to connect back to the sudo process.
 4152 	[b73409172859]
 4153 
 4154 	* m4/ax_prog_cc_for_build.m4:
 4155 	Fix typo in comment.
 4156 	[3259f09e6952]
 4157 
 4158 	* po/cs.mo, po/cs.po:
 4159 	Updated translations from translationproject.org
 4160 	[7543d0d50ee2]
 4161 
 4162 	* include/intercept.pb-c.h, src/exec_intercept.c,
 4163 	src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h,
 4164 	src/sudo_intercept_common.c:
 4165 	Switch to a 128-bit token instead of a 64-bit secret. Protobuf
 4166 	doesn't have a 128-bit type so use two u64s. We now support partial
 4167 	reads of the token.
 4168 	[e39ece25fb3b]
 4169 
 4170 2021-08-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 4171 
 4172 	* MANIFEST, lib/util/Makefile.in, lib/util/regress/uuid/uuid_test.c,
 4173 	lib/util/uuid.c:
 4174 	Fix random uuid generation, no need to convert between byte order.
 4175 	Also add regression test.
 4176 	[fd2940acffc2]
 4177 
 4178 	* include/intercept.pb-c.h, src/exec_intercept.c,
 4179 	src/intercept.pb-c.c, src/intercept.proto,
 4180 	src/sudo_intercept_common.c:
 4181 	sudo_intercept.so: send the secret immediately after connecting.
 4182 	Sending the secret out of band, before the message size is read,
 4183 	should make it harder to mount a DoS attack.
 4184 	[4c8b6577bd8c]
 4185 
 4186 	* src/sudo_intercept_common.c:
 4187 	Handle reading large messages that don't fit in a single recv(). We
 4188 	know the length of what we are receiving so just loop until we have
 4189 	it all, get EOF or an error.
 4190 	[1b8aa927ea83]
 4191 
 4192 	* configure, configure.ac:
 4193 	Add checks for -fstack-clash-protection and -Wl,-z,noexecstack We
 4194 	use -Wc,-fstack-clash-protection as the linker flag to prevent
 4195 	libtool from removing it from the link line.
 4196 	[7cd701b5039e]
 4197 
 4198 	* src/exec_intercept.c:
 4199 	Make the sudo side of the intercept socket non-blocking.
 4200 	[3fe7129ea1f2]
 4201 
 4202 	* src/exec_intercept.c:
 4203 	Handle partial read/write by dropping back into the event loop.
 4204 	[fa216d963e18]
 4205 
 4206 	* src/exec_intercept.c:
 4207 	intercept_check_policy: Fix double free introduced in last commit If
 4208 	the command is not accepted we don't rebuild command_info[] and must
 4209 	not free it. It will be freed by the policy instead.
 4210 	[8bbd2af0924b]
 4211 
 4212 2021-08-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 4213 
 4214 	* include/intercept.pb-c.h, src/exec_intercept.c,
 4215 	src/intercept.pb-c.c, src/intercept.proto,
 4216 	src/sudo_intercept_common.c:
 4217 	Update runcwd in command_info[] before passing it to the audit
 4218 	plugin. Since sudoers does rejected commands itself the runcwd will
 4219 	still not be correct for those.
 4220 	[5462a5e1d760]
 4221 
 4222 	* src/exec_preload.c:
 4223 	Fix LD_PRELOAD formatting when there is an existing LD_PRELOAD var.
 4224 	[04d8d7750ff6]
 4225 
 4226 2021-08-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 4227 
 4228 	* src/exec_intercept.c:
 4229 	intercept_check_policy: fix potential NUL dereference on the error
 4230 	path.
 4231 	[4d1b3f39ccb1]
 4232 
 4233 	* NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 4234 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 4235 	plugins/sudoers/def_data.in, plugins/sudoers/policy.c, src/exec.c,
 4236 	src/exec_common.c, src/exec_nopty.c, src/exec_pty.c, src/sudo.c,
 4237 	src/sudo.h:
 4238 	Rename log_children -> log_subcmds
 4239 	[abd73fc939c3]
 4240 
 4241 	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 4242 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 4243 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 4244 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 4245 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 4246 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
 4247 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 4248 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
 4249 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 4250 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
 4251 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 4252 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 4253 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo,
 4254 	po/eo.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ko.mo,
 4255 	po/ko.po, po/pl.mo, po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo,
 4256 	po/pt_BR.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
 4257 	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
 4258 	Updated translations from translationproject.org
 4259 	[f948528780fb]
 4260 
 4261 	* lib/util/sudo_debug.c:
 4262 	Add sudo_debug_register_v2() stub for fuzzing build.
 4263 	[ba522c0c2075]
 4264 
 4265 	* src/exec_intercept.c:
 4266 	Fix use-after-free on error. Also remove useless free of a ptr that
 4267 	is always NULL on the error path.
 4268 	[75200535be80]
 4269 
 4270 	* src/exec_common.c:
 4271 	No longer need to remap intercept fd but we do need to remap debug
 4272 	fd. The intercept fd is closed in the ctor but the debug fd will
 4273 	still be open.
 4274 	[b48125b884f3]
 4275 
 4276 	* include/sudo_debug.h, lib/util/sudo_debug.c, lib/util/util.exp.in,
 4277 	logsrvd/logsrvd.c, logsrvd/sendlog.c,
 4278 	plugins/audit_json/audit_json.c, plugins/python/sudo_python_debug.c,
 4279 	plugins/sample_approval/sample_approval.c,
 4280 	plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
 4281 	src/sesh.c, src/sudo.c, src/sudo_intercept_common.c:
 4282 	sudo_debug_register: add minfd argument to specify lowest fd number
 4283 	Use this in sudo_intercept.so to avoid allocating a low-numbered fd
 4284 	which the shell reserves for use by scripts.
 4285 	[50b23c4d0531]
 4286 
 4287 	* src/exec_intercept.c:
 4288 	Fix command name of sub-command in logs when log_children is set.
 4289 	[c1b35686d8b4]
 4290 
 4291 2021-08-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 4292 
 4293 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
 4294 	plugins/sudoers/logging.h:
 4295 	log_allowed: pass struct eventlog * instead of argv[] and envp[].
 4296 	This lets us log based on the command_info[] list passed in from the
 4297 	front-end. Previously, much of the struct eventlog was constructed
 4298 	from internal sudoers state instead.
 4299 	[4c4a7ddfeba3]
 4300 
 4301 	* include/sudo_compat.h:
 4302 	sudo_compat.h: include unistd.h on HP-UX to safely redefine
 4303 	pread/pwrite HP-UX 11.31 defines static functions for pread() and
 4304 	pwrite() which will conflict with our macros.
 4305 	[2dd64cdc261f]
 4306 
 4307 	* config.h.in, configure, configure.ac, include/intercept.pb-c.h,
 4308 	src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
 4309 	src/intercept.pb-c.c, src/intercept.proto, src/sudo_exec.h,
 4310 	src/sudo_intercept_common.c:
 4311 	Change intercept IPC to use a localhost socket instead of inherited
 4312 	fd. This allows intercept mode to work with shells that close all
 4313 	open fds upon startup. The ctor in sudo_intercept.so requests the
 4314 	port number and secret over the socket inherited from the parent
 4315 	then closes it. For each policy request, a TCP connection is made to
 4316 	the sudo parent process to perform the policy check. Child processes
 4317 	re-use the TCP socket to request the port number and secret just
 4318 	like the initial process started by sudo does.
 4319 	[7e7e4a389f11]
 4320 
 4321 	* src/exec_intercept.c:
 4322 	Add a state variable to intercept_closure, replaces policy_result.
 4323 	[60fae103a4cd]
 4324 
 4325 	* plugins/sudoers/match_command.c:
 4326 	command_matches: avoid printf("%s") of NULL in debug for sudo ALL.
 4327 	[5c81c2c32b4c]
 4328 
 4329 	* Merge pull request #111 from commodo/fix-cflags
 4330 
 4331 	lib/util/Makefile.in: use host CFLAGS and CPPFLAGS for
 4332 	mksig{name,list}
 4333 	[ee86d28da792]
 4334 
 4335 2021-08-25  Alexandru Ardelean  <ardeleanalex@gmail.com>
 4336 
 4337 	* lib/util/Makefile.in:
 4338 	lib: util: Makefile.in: use host CFLAGS and CPPFLAGS for
 4339 	mksig{name,list}
 4340 
 4341 	When cross-build support was added for mkig{name,list} was added,
 4342 	the CFLAGS and CPPFLAGS should have been updated to the
 4343 	HOSTCFLAGS/HOSTCPPFLAGS vars.
 4344 
 4345 	In a cross-build scenario, some of these flags don't match what the
 4346 	compiler can understand (because they may be architecture specific)
 4347 	and may fail the build.
 4348 
 4349 	Using the HOSTCFLAGS/HOSTCPPFLAGS works and builds successfully.
 4350 	Also the output binary works on the target.
 4351 
 4352 	This is in continuation of
 4353 	- https://github.com/sudo-project/sudo/pull/104
 4354 	- https://github.com/sudo-project/sudo/pull/109
 4355 
 4356 	Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
 4357 	[f76870e1a6c5]
 4358 
 4359 2021-08-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 4360 
 4361 	* src/exec_intercept.c:
 4362 	Fold intercept_closure_reset() into intercept_close().
 4363 	[ff00ab240672]
 4364 
 4365 	* src/exec_preload.c:
 4366 	Fix typo that caused SUDO_INTERCEPT_FD to overwrite LD_PRELOAD.
 4367 	[e4cd1043c7bb]
 4368 
 4369 	* src/exec_preload.c:
 4370 	Fix off-by-one that could result in duplicate SUDO_INTERCEPT_FD
 4371 	vars.
 4372 	[9044d0dff708]
 4373 
 4374 	* src/sudo_intercept.c:
 4375 	Fix typo in macOS execv change.
 4376 	[1c637d909382]
 4377 
 4378 2021-08-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 4379 
 4380 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
 4381 	doc/sudoers.mdoc.in, src/intercept.exp, src/sudo_intercept.c:
 4382 	Add execv(3) support to sudo_intercept.so. This allows intercept to
 4383 	work with csh which uses execv(3) not execve(2).
 4384 	[690ebf72b6f8]
 4385 
 4386 2021-08-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 4387 
 4388 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudoers.man.in,
 4389 	doc/sudoers.mdoc.in:
 4390 	Sync the list of functions trapped by sudo_noexec.so.
 4391 	[b1f7799209ff]
 4392 
 4393 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
 4394 	Add a Debug example for sudo_intercept.so Don't try to enumerate all
 4395 	the sudo programs that support debugging since all of them do.
 4396 	[9c1201eaaca2]
 4397 
 4398 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4399 	Update sudoers Debug example to match the debug changes from sudo
 4400 	1.8.12.
 4401 	[7c831aa9b6d5]
 4402 
 4403 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
 4404 	sudo_intercept.so only intercepts execve(2) for now.
 4405 	[7314abc72fb9]
 4406 
 4407 	* plugins/sudoers/parse.c:
 4408 	Fix formatting for bound defaults with multiple entries in the
 4409 	binding. The entries in the binding were separated with " ," instead
 4410 	of ", ".
 4411 	[14442701f793]
 4412 
 4413 	* MANIFEST, src/Makefile.in, src/intercept.exp:
 4414 	Add exports file for sudo_intercept.so that only exports execve()
 4415 	[ac97417435ab]
 4416 
 4417 	* src/Makefile.in, src/sudo_intercept.c, src/sudo_intercept_common.c:
 4418 	Add some debugging to the sudo_intercept.so.
 4419 	[2dee003b5cc7]
 4420 
 4421 	* config.h.in, configure, configure.ac:
 4422 	Use AC_FUNC_FSEEKO instead of AC_CHECK_FUNCS_ONCE([fseeko]). This
 4423 	will define _LARGEFILE_SOURCE, if needed, to make the prototype
 4424 	visible on older systems.
 4425 	[3f4314f6a795]
 4426 
 4427 2021-08-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 4428 
 4429 	* config.h.in, configure, configure.ac, include/sudo_compat.h:
 4430 	We still need the pread/pwrite hack for HP-UX 11.11 at least. This
 4431 	time around, avoid defining _LARGEFILE64_SOURCE and just declare
 4432 	pread64/pwrite64 ourselves.
 4433 	[66e01b14a10f]
 4434 
 4435 	* include/sudo_compat.h:
 4436 	Fix prototypes for sudo_pread() and sudo_pwrite().
 4437 	[15acfc576a71]
 4438 
 4439 	* src/exec_intercept.c:
 4440 	intercept_fd_cb: store the passed fd in newfd, not fd only affects
 4441 	the old BSD-style fd passing code, not POSIX-style.
 4442 	[4b13aa4593ba]
 4443 
 4444 	* lib/util/Makefile.in:
 4445 	Fix mksiglist and mksigname dependencies.
 4446 	[31519cc5ec2b]
 4447 
 4448 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4449 	set-user-ID and set-group-ID not set user-ID and set group-ID.
 4450 	[0ddf5fedc896]
 4451 
 4452 	* NEWS:
 4453 	The fix for bug #989 will make sudo 1.9.8. Also mention
 4454 	intercept_authenticate and intercept_allow_setid.
 4455 	[fa8b7444486b]
 4456 
 4457 	* plugins/sudoers/po/sudoers.pot:
 4458 	regen
 4459 	[c8993c070218]
 4460 
 4461 	* .gitignore, .hgignore, MANIFEST, aclocal.m4, configure,
 4462 	configure.ac, lib/util/Makefile.in, lib/util/mksiglist.c,
 4463 	lib/util/mksiglist.h, lib/util/mksigname.c, lib/util/mksigname.h,
 4464 	lib/util/sys_siglist.h, lib/util/sys_signame.h,
 4465 	m4/ax_prog_cc_for_build.m4:
 4466 	Cross-build support for mksigname and mksiglist We must build these
 4467 	with the host C compiler but use the target preprocessor to generate
 4468 	the output.
 4469 	[bf2919b63fb9]
 4470 
 4471 2021-08-19  a1346054  <36859588+a1346054@users.noreply.github.com>
 4472 
 4473 	* .clang-format, INSTALL, MANIFEST, autogen.sh, doc/LICENSE,
 4474 	etc/sudo.pp, examples/Makefile.in:
 4475 	Minor cleanup (#110)
 4476 
 4477 	* fix trivial shell script issues
 4478 	* remove trailing whitespace
 4479 	[f9d4de3dee50]
 4480 
 4481 2021-08-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 4482 
 4483 	* logsrvd/logsrvd_conf.c, plugins/sudoers/check.c,
 4484 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/exptilde.c,
 4485 	plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
 4486 	plugins/sudoers/mkdefaults, plugins/sudoers/policy.c,
 4487 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 4488 	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
 4489 	plugins/sudoers/tsdump.c:
 4490 	Replace messages like "unknown foo: %s" with "unknown foo %s". The
 4491 	colon really doesn't belong there; we generally use a colon to
 4492 	separate a message from the warning detail.
 4493 	[a1b99c8821ae]
 4494 
 4495 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4496 	log_server_peer_cert and log_server_peer_key are not required by
 4497 	default. They are only required if sudo_logsrvd has tls_checkpeer
 4498 	enabled.
 4499 	[0d9099ce5d74]
 4500 
 4501 	* logsrvd/logsrvd_conf.c:
 4502 	Sync warning messages with sudoers/logging.c Avoids 3 translation
 4503 	strings that were effectively duplicated.
 4504 	[eb058a820998]
 4505 
 4506 2021-08-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 4507 
 4508 	* lib/protobuf-c/Makefile.in, src/Makefile.in:
 4509 	regen
 4510 	[ab9d4b22d7cb]
 4511 
 4512 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
 4513 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 4514 	plugins/sudoers/match_command.c, plugins/sudoers/parse.c,
 4515 	plugins/sudoers/parse.h,
 4516 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 4517 	Add intercept_allow_setid sudoers option, disabled by default. With
 4518 	this change, a shell in intercept mode cannot run a setuid or setgid
 4519 	binary by default. On most systems, the dynamic loader will ignore
 4520 	LD_PRELOAD for setuid/setgid binaries such as sudo which would
 4521 	effectively disable intercept mode.
 4522 	[cdb876f62882]
 4523 
 4524 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 4525 	plugins/sudoers/match.c:
 4526 	Always allocate a struct sudo_command for the command, even for ALL.
 4527 	Previously we special-cased handling of ALL but this complicates
 4528 	some upcoming changes.
 4529 	[d552109d739c]
 4530 
 4531 2021-08-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 4532 
 4533 	* etc/codespell.exclude:
 4534 	Update TAGS_CHANGED macro based on parse.h
 4535 	[261e4bad3f55]
 4536 
 4537 	* doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in,
 4538 	doc/sudoers.mdoc.in:
 4539 	Better document the limitations of intercept mode. Also mention
 4540 	log_children under "Preventing shell escapes"
 4541 	[0dfca8d0672d]
 4542 
 4543 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 4544 	Update .pot files for 1.9.8.
 4545 	[ed2582c37765]
 4546 
 4547 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4548 	Try to clarify log_server_peer_key and log_server_peer_cert. These
 4549 	are client-side not server-side.
 4550 	[ffa4ee3e2557]
 4551 
 4552 	* logsrvd/logsrvd_conf.c:
 4553 	Print the section when warning about an illegal key in the conf
 4554 	file. This should make it easier to tell when a setting is present
 4555 	in the wrong section.
 4556 	[8150a7775155]
 4557 
 4558 2021-08-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 4559 
 4560 	* lib/eventlog/eventlog.c:
 4561 	new_logline: limit offset to two significant digits after the
 4562 	decimal Now instead of TSID=0001L3@5.168230749 we would log
 4563 	TSID=0001L3@5.16.
 4564 	[089f7a1285cb]
 4565 
 4566 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 4567 	logsrvd/logsrvd_journal.c:
 4568 	Set umask to be less restrictive before creating parent directories.
 4569 	Otherwise we could end up creating them with a more restrictive mode
 4570 	than indended. Coverity CID 221592
 4571 	[1bbb3621106a]
 4572 
 4573 	* lib/eventlog/eventlog.c:
 4574 	new_logline: handle case where evlog is NULL
 4575 	[e14ded2179e8]
 4576 
 4577 	* logsrvd/logsrvd_local.c:
 4578 	store_alert_local: fix memory leak on error path Coverity CID 238642
 4579 	[2a3c7fb50c38]
 4580 
 4581 	* plugins/sudoers/audit.c:
 4582 	log_server_accept: fix memory leak of evlog when logging a sub-
 4583 	command. Coverity CID 238643
 4584 	[36a7325b3dc2]
 4585 
 4586 	* src/exec_intercept.c:
 4587 	Fix memory leak when client requests secret. Move closure allocation
 4588 	closer to where it is used.
 4589 	[773ffe0cb216]
 4590 
 4591 	* logsrvd/logsrvd_local.c:
 4592 	store_accept_local: fix return value on error
 4593 	[de0d06a1ade2]
 4594 
 4595 2021-08-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 4596 
 4597 	* lib/eventlog/eventlog.c:
 4598 	Cast iolog_offset.tv_sec to long long for %lld printf format. Quiets
 4599 	a compiler warning on systems where tv_sec in struct timeval is not
 4600 	long long.
 4601 	[54d757357a00]
 4602 
 4603 	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
 4604 	lib/iolog/iolog_timing.c, plugins/sudoers/sudoreplay.c:
 4605 	Add support for an optional offset when parsing the ID to replay.
 4606 	The offset is a suffix in the form of @sec[.nanosec]
 4607 	[f8cda41ea0ae]
 4608 
 4609 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 4610 	logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
 4611 	For intercepted commands, log an offset into the current I/O log.
 4612 	This can be used with sudoreplay to jump to when a specific command
 4613 	was executed within a session log.
 4614 	[fd9431d7c878]
 4615 
 4616 	* logsrvd/logsrvd_local.c:
 4617 	Don't overwrite closure->evlog for sub-commands.
 4618 	[925c97582b1d]
 4619 
 4620 	* config.h.in, configure, configure.ac, include/sudo_compat.h:
 4621 	Older Solaris has getusershell() et al but does not declare it.
 4622 	[df4cd6a5e07f]
 4623 
 4624 	* src/exec_intercept.c, src/exec_nopty.c, src/exec_pty.c,
 4625 	src/sudo_intercept_common.c:
 4626 	Add missing stdint.h and sudo_rand.h includes. Needed for
 4627 	arc4random() and uin64_t.
 4628 	[47fd965524fe]
 4629 
 4630 	* include/intercept.pb-c.h, src/exec_intercept.c, src/exec_nopty.c,
 4631 	src/exec_pty.c, src/intercept.pb-c.c, src/intercept.proto,
 4632 	src/sudo_exec.h, src/sudo_intercept_common.c:
 4633 	Pass a secret value to sudo_intercept.so and verify after policy
 4634 	check. The goal is to make it harder for someone to have a fake
 4635 	policy checker. This will not stop a determined adversary since the
 4636 	secret is present in the address space of the running process.
 4637 	[7938c63384df]
 4638 
 4639 2021-08-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 4640 
 4641 	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_intercept.c:
 4642 	Split off intercept code into exec_intercept.c.
 4643 	[2c05715c4885]
 4644 
 4645 	* scripts/mkpkg:
 4646 	Add trivial support for FreeBSD packages. The actual FreeBSD port
 4647 	supports multiple options but this is sufficient for testing
 4648 	purposes.
 4649 	[6bb8a1cdf26c]
 4650 
 4651 	* scripts/pp:
 4652 	FreeBSD: Set default directory and file mode if not specified in
 4653 	%files Otherwise, a mode of 0 will be used, potentially rendering
 4654 	the system unusable.
 4655 	[a3be86a5f85f]
 4656 
 4657 	* plugins/sudoers/logging.c:
 4658 	Use same check for intercepted commands as log_server_accept().
 4659 	Previously, log_server_reject() and log_server_alert() just checked
 4660 	whether client_closure has been set.
 4661 	[41177f7c32f4]
 4662 
 4663 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
 4664 	plugins/sudoers/log_client.c:
 4665 	Call shutdown() on sockets before closing() if they are connected.
 4666 	This should ensure that the other side sees any queued data before
 4667 	the connection is dropped.
 4668 	[beaafc6c17cf]
 4669 
 4670 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
 4671 	plugins/sudoers/log_client.c:
 4672 	If SSL_shutdown() returns 0 it needs to be called one more time.
 4673 	[52bb0acfb659]
 4674 
 4675 	* plugins/sudoers/editor.c:
 4676 	resolve_editor: sudoers_gc_remove(editor) before freeing it.
 4677 	[534cc939264f]
 4678 
 4679 2021-08-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 4680 
 4681 	* lib/util/mksigname.h, lib/util/siglist.in:
 4682 	Sync siglist.in with the generated files. The change to prefer
 4683 	SIGSYS over SIGUNUSED wasn't made to siglist.in. Also, mksigname.c
 4684 	doesn't need to explicitly set sudo_sys_signame[0].
 4685 	[c331b05f8fc5]
 4686 
 4687 	* plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
 4688 	plugins/sudoers/gc.c, plugins/sudoers/sudoers.c,
 4689 	plugins/sudoers/sudoers.h:
 4690 	Add garbage collection to resolve_editor(). Fixes a leak when
 4691 	evaluating the policy multiple times if sudoedit is set.
 4692 	[ab011d864e87]
 4693 
 4694 2021-08-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 4695 
 4696 	* src/exec_common.c:
 4697 	Fix compilation when configure option --disable-shared is specified.
 4698 	[98687e01c8e4]
 4699 
 4700 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/check.c,
 4701 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 4702 	plugins/sudoers/def_data.in, plugins/sudoers/policy.c,
 4703 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 4704 	Add intercept_authenticate sudoers option, defaults to false. By
 4705 	default, sudoers will not require authentication of commands run via
 4706 	an intercepted session. To require authenticaton of subsequent
 4707 	commands, enable intercept_authenticate in sudoers.
 4708 	[b428c75da1ad]
 4709 
 4710 	* config.h.in, configure, configure.ac, src/exec.c,
 4711 	src/sudo_intercept_common.c:
 4712 	If msg_control is not present in struct msghdr use msg_accrights
 4713 	instead. Fixes building on Solaris and probably others. It is
 4714 	possible to expose msg_control on Solaris but this requires a
 4715 	specific set of feature flag defines which can cause other
 4716 	complications.
 4717 	[6ee77b869a8c]
 4718 
 4719 	* configure, configure.ac, src/exec_preload.c:
 4720 	Require that our dso be first in the list to make sure it takes
 4721 	effect. Otherwise, another dso could take precedence and ours would
 4722 	not be run.
 4723 	[58ba4086357c]
 4724 
 4725 	* configure, configure.ac, pathnames.h.in, src/Makefile.in,
 4726 	src/exec_preload.c:
 4727 	If building with address sanitizer make sure its DSO is first.
 4728 	Address sanitizer requires that it be preloaded before any other DSO
 4729 	in LD_PRELOAD. This should not be required for clang, which links in
 4730 	asan statically by default.
 4731 	[a812062f42a8]
 4732 
 4733 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
 4734 	Plug some memory leaks when sudoers_policy_main is called multiple
 4735 	times. These would get cleaned up a policy close time but we don't
 4736 	want to bloat sudo's memory footprint when running a shell with
 4737 	multiple commands.
 4738 	[7fee001ffeae]
 4739 
 4740 	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c,
 4741 	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h,
 4742 	plugins/sudoers/logging.c:
 4743 	Fix logging intercepted commands to a log server in sudoers. Only
 4744 	available when the server supports the subcommands capability.
 4745 	[5975770561de]
 4746 
 4747 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
 4748 	plugins/sudoers/logging.h:
 4749 	Use a separate uuid for intercepted commands. We use the uuid to
 4750 	match the command with its exit status.
 4751 	[467f0db6e2c6]
 4752 
 4753 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
 4754 	Avoid some double frees in the fuzzer Now that sudoers free old
 4755 	values of NewArgv and command_info the fuzzer needs to reset those
 4756 	values. Otherwise we end up with stashed values that have already
 4757 	been garbage collected.
 4758 	[2a1b5808d272]
 4759 
 4760 	* NEWS, configure, configure.ac:
 4761 	Sudo 1.9.8
 4762 	[bc96c8f95abf]
 4763 
 4764 	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
 4765 	plugins/sudoers/cvtsudoers_json.c,
 4766 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/def_data.c,
 4767 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 4768 	plugins/sudoers/fmtsudoers.c, plugins/sudoers/gram.c,
 4769 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 4770 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 4771 	plugins/sudoers/policy.c, plugins/sudoers/toke.c,
 4772 	plugins/sudoers/toke.l:
 4773 	Add "intercept" Defaults setting to allow interception of sub-
 4774 	commands. This causes "intercept" to be set to true in
 4775 	command_info[] which the sudo front-end will use to determine
 4776 	whether or not to intercept attempts to run further commands, such
 4777 	as from a shell. Also add "log_children" which will use the same
 4778 	mechanism but only log (audit) further commands.
 4779 	[f42e11c0fde9]
 4780 
 4781 	* INSTALL, configure, configure.ac, doc/sudo.conf.man.in,
 4782 	doc/sudo.conf.mdoc.in, examples/sudo.conf.in, include/sudo_conf.h,
 4783 	lib/util/sudo_conf.c, lib/util/util.exp.in, pathnames.h.in,
 4784 	src/Makefile.in, src/exec.c, src/exec_common.c, src/selinux.c,
 4785 	src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
 4786 	Add support for loading the sudo_intercept.so DSO.
 4787 	[47d84cc8a8ed]
 4788 
 4789 	* include/sudo_compat.h, src/exec.c, src/exec_common.c,
 4790 	src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c, src/selinux.c,
 4791 	src/sesh.c, src/sudo_exec.h:
 4792 	Allocate a socketpair to communicate with sudo_intercept.so over.
 4793 	This is used for the intercept and log_children options.
 4794 	[b40091760952]
 4795 
 4796 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/pam.c,
 4797 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 4798 	plugins/sudoers/file.c, plugins/sudoers/ldap.c,
 4799 	plugins/sudoers/ldap_util.c, plugins/sudoers/policy.c,
 4800 	plugins/sudoers/regress/fuzz/fuzz_policy.c, plugins/sudoers/sssd.c,
 4801 	plugins/sudoers/sudo_ldap.h, plugins/sudoers/sudoers.c,
 4802 	plugins/sudoers/sudoers.h:
 4803 	Make it possible to call the sudoers policy check function multiple
 4804 	times. We need to reset the Defaults values to their original state.
 4805 	[3187e87d7fb6]
 4806 
 4807 	* plugins/sudoers/set_perms.c:
 4808 	Allow set_perms(PERM_INITIAL) to be called more than once. If the
 4809 	perm stack depth is non-zero when set_perms(PERM_INITIAL) is called,
 4810 	rewind it first and re-initialize the stack depth to 0. Fixes a
 4811 	user-after-free bug if set_perms(PERM_INITIAL) is called multiple
 4812 	times.
 4813 	[fdf9a2e07eb1]
 4814 
 4815 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
 4816 	plugins/sudoers/logging.h:
 4817 	Use run_argv and run_envp passed into the audit plugin for event
 4818 	logging. Previously we used NewArgv[] and env_get() but now that
 4819 	logging is performed via an audit plugin we should use the values
 4820 	passed in.
 4821 	[d8e031fc2389]
 4822 
 4823 	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
 4824 	include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
 4825 	lib/logsrv/log_server.proto, logsrvd/logsrvd.c:
 4826 	Allow multiple accept/reject messages during a logsrv conversation.
 4827 	The log server now advertises a subcommands flag if it supports
 4828 	logging subcommands (e.g. commands run from a sudo-spawned program
 4829 	like a shell). The client should only log additional commands during
 4830 	a session if this flag is set in the ServerHello message.
 4831 	[5b88982604e8]
 4832 
 4833 	* MANIFEST, Makefile.in, configure, configure.ac,
 4834 	lib/logsrv/Makefile.in, lib/logsrv/protobuf-c.c,
 4835 	lib/protobuf-c/Makefile.in, lib/protobuf-c/protobuf-c.c:
 4836 	Add separate convenience lib for protobuf-c We need to use it for
 4837 	sudo <-> sudo_intercept.so communication.
 4838 	[9529d7f9db18]
 4839 
 4840 	* MANIFEST, include/intercept.pb-c.h, src/Makefile.in,
 4841 	src/intercept.pb-c.c, src/intercept.proto:
 4842 	Define protocol for sudo <-> sudo_intercept.so communication. Uses
 4843 	google protocol buffers.
 4844 	[139ba292e226]
 4845 
 4846 	* src/exec.c, src/sudo.c, src/sudo.h:
 4847 	Implement the sudo side of the sudo_intercept.so communication.
 4848 	[4a7face9ed17]
 4849 
 4850 	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
 4851 	src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c:
 4852 	Implement sudo_intercept.so. Uses protobuf to talk to main sudo
 4853 	process over a socketpair.
 4854 	[fc21ae0f663e]
 4855 
 4856 	* src/sudo.c, src/sudo.h:
 4857 	Add return values for most of the plugin function wrappers that
 4858 	returned void. Previously, they would just exit if there was an
 4859 	error. Now the error is passed back up the stack so we can use them
 4860 	in sudo_intercept.so.
 4861 	[87cb4b0e7dff]
 4862 
 4863 	* src/sudo.c:
 4864 	Reduce the number of function args passed to plugin wrappers. This
 4865 	makes sudo_settings, user_info, submit_argv, submit_envp and
 4866 	submit_optind global. This will be required for calling the wrapper
 4867 	from outside of sudo.c where we may not have access to those
 4868 	variables.
 4869 	[525bffcf911c]
 4870 
 4871 	* src/exec.c, src/sudo.c, src/sudo.h:
 4872 	Call the approval plugin after the policy plugin accepts a command.
 4873 	Previously, for intercepted commands we only called the policy
 4874 	plugin.
 4875 	[4df18aaa8708]
 4876 
 4877 	* src/exec.c:
 4878 	Take control of the tty and save its settings before doing a policy
 4879 	check. Otherwise the policy plugin won't be able to read the
 4880 	password.
 4881 	[6a422974d472]
 4882 
 4883 	* MANIFEST, src/Makefile.in, src/exec_common.c, src/exec_preload.c,
 4884 	src/sudo_exec.h, src/sudo_intercept.c, src/sudo_intercept_common.c:
 4885 	Move preload_dso() to its own file and rename to sudo_preload_dso().
 4886 	It now takes an intercept fd as an optional argument instead of a
 4887 	list of extra variables to add. This lets us check whether it is
 4888 	already set to the expected value (and add it if not).
 4889 	sudo_intercept.so now uses sudo_preload_dso() to make sure that
 4890 	LD_PRELOAD and SUDO_INTERCEPT_FD are set properly before executing.
 4891 	[447e96378d01]
 4892 
 4893 	* src/exec_preload.c, src/sudo_intercept_common.c:
 4894 	Add debug support to sudo_intercept.so
 4895 	[586ea125cebb]
 4896 
 4897 	* src/exec.c, src/exec_nopty.c, src/exec_pty.c:
 4898 	Make the log_children option only log and not check policy.
 4899 	[0524c7e87174]
 4900 
 4901 	* plugins/sudoers/prompt.c:
 4902 	expand_prompt: use correct strlcpy() size parameter The available
 4903 	size passed to strlcpy() was computed incorrectly. Switch to
 4904 	updating the length after writing to the new prompt instead of
 4905 	computing it each time. The actual buffer size is computed and
 4906 	allocated correctly so there is no real consequence to this bug.
 4907 	Found by Qualys.
 4908 	[c03f1c2f8f35]
 4909 
 4910 2021-08-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 4911 
 4912 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 4913 	examples/sudo_logsrvd.conf:
 4914 	The tls_verify setting only affects server behavior, not the client.
 4915 	Originally, there was a flag in the ServerHello message to indicate
 4916 	that the client should verify the server cert, but this was removed
 4917 	TLS was moved to a separate port. Client validation of the server
 4918 	certificate is now configured in the sudoers file instead.
 4919 	[344b51f3eee3]
 4920 
 4921 2021-08-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 4922 
 4923 	* scripts/mkpkg:
 4924 	On macOS, don't disable tty tickets and set password timeout to 0.
 4925 	This more closely matches the options used by the macOS version of
 4926 	sudo.
 4927 	[bd21c492921c]
 4928 
 4929 	* plugins/sudoers/find_path.c:
 4930 	Add some debugging info to find_path()
 4931 	[dd7aebb432d6]
 4932 
 4933 2021-07-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 4934 
 4935 	* lib/iolog/iolog_mkdtemp.c:
 4936 	iolog_mkdtemp: umask must not be more restrictive than the file
 4937 	modes. We need this even though we will be calling mkdtemp() since
 4938 	the umask affects the mode of any parent directories.
 4939 	[c545b3369eae]
 4940 
 4941 2021-07-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 4942 
 4943 	* plugins/sudoers/visudo.c:
 4944 	Plug memory leak in error path when sudoers cannot be opened.
 4945 	[3df6b32149b8]
 4946 
 4947 	* plugins/sudoers/defaults.c:
 4948 	Trying to use "+=" or "-=" operators on a non-list is an error.
 4949 	Previously, they were simply treated as "=" for non-lists.
 4950 	[3e0d47d0b4ea]
 4951 
 4952 	* src/regress/net_ifs/check_net_ifs.c:
 4953 	Plug a memory leak in check_net_ifs found by address sanitizer.
 4954 	[bff1ad993476]
 4955 
 4956 	* configure, configure.ac:
 4957 	Prefix sanitizer and fuzzer options with -XCClinker in ASAN_LDFLAGS.
 4958 	Otherwise libtool may ignore the options when linking.
 4959 	[ed1120f3813d]
 4960 
 4961 2021-07-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 4962 
 4963 	* logsrvd/tls_init.c:
 4964 	Display the correct error message if X509_verify_cert() fails. We
 4965 	must use X509_STORE_CTX_get_error() and
 4966 	X509_verify_cert_error_string() instead of the generic OpenSSL error
 4967 	functions.
 4968 	[778bbbe68e28]
 4969 
 4970 	* lib/eventlog/eventlog.c:
 4971 	In new_logline check for NULL args->reason for EVLOG_RAW. This can't
 4972 	happen in practice since we never set EVLOG_RAW without passing in a
 4973 	reason. Coverity CID 237142 237143
 4974 	[83f9038151db]
 4975 
 4976 	* lib/eventlog/eventlog.c:
 4977 	format_json: don't dereference evlog if it is NULL. Also silence a
 4978 	PVS Studio false positive.
 4979 	[150039f65d26]
 4980 
 4981 2021-07-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 4982 
 4983 	* .hgtags:
 4984 	Added tag SUDO_1_9_7p2 for changeset 590e06825ec4
 4985 	[cf3865846c94] <1.9>
 4986 
 4987 	* configure, configure.ac:
 4988 	Bump version to 1.9.7p2
 4989 	[590e06825ec4] [SUDO_1_9_7p2] <1.9>
 4990 
 4991 	* configure, configure.ac:
 4992 	Bump version to 1.9.7p2
 4993 	[388bf6af8434]
 4994 
 4995 	* NEWS:
 4996 	Sudo 1.9.7p2
 4997 	[c3bd2eb0d779] <1.9>
 4998 
 4999 	* NEWS:
 5000 	Sudo 1.9.7p2
 5001 	[153a6c96a8ec]
 5002 
 5003 	* config.h.in, configure, configure.ac, include/sudo_compat.h,
 5004 	logsrvd/tls_client.c, logsrvd/tls_init.c,
 5005 	plugins/sudoers/log_client.c:
 5006 	Use TLS_method() instead of TLS_client_method() throughout. OpenSSL
 5007 	returns an error for SSL_accept() if TLS_client_method() was used to
 5008 	generate the context (LibreSSL doesn't care).
 5009 
 5010 	Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
 5011 	were used in the TLS client and server initialization code
 5012 	respectively. This was refactored in sudo 1.9.7 to allow the code to
 5013 	be shared. Bug #988
 5014 	[f2bf4aca30d4] <1.9>
 5015 
 5016 	* config.h.in, configure, configure.ac, include/sudo_compat.h,
 5017 	logsrvd/tls_client.c, logsrvd/tls_init.c,
 5018 	plugins/sudoers/log_client.c:
 5019 	Use TLS_method() instead of TLS_client_method() throughout. OpenSSL
 5020 	returns an error for SSL_accept() if TLS_client_method() was used to
 5021 	generate the context (LibreSSL doesn't care).
 5022 
 5023 	Prior to sudo 1.9.7, TLS_client_method() and TLS_server_method()
 5024 	were used in the TLS client and server initialization code
 5025 	respectively. This was refactored in sudo 1.9.7 to allow the code to
 5026 	be shared. Bug #988
 5027 	[1ca00726b4d6]
 5028 
 5029 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 5030 	Only replace getaddrinfo for
 5031 	FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue
 5032 	on SCO which uses inline functions in the header files which call
 5033 	the actual, versioned, library function.
 5034 	[f010d83f0168] <1.9>
 5035 
 5036 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 5037 	Only replace getaddrinfo for
 5038 	FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION. This works around an issue
 5039 	on SCO which uses inline functions in the header files which call
 5040 	the actual, versioned, library function.
 5041 	[64cbf884b7f9]
 5042 
 5043 2021-07-26  MertsA  <andrewmerts@gmail.com>
 5044 
 5045 	* src/utmp.c:
 5046 	Rewind utmp file pointer after searching for entry (#108)
 5047 
 5048 	getutline() advances the file pointer until it matches or reaches
 5049 	EOF. pututline() starts from the current position in utmp. This
 5050 	rewinds the file pointer to the beginning to avoid allocating
 5051 	additional spurious utmp entries.
 5052 	[af1463026fd1] <1.9>
 5053 
 5054 	* src/utmp.c:
 5055 	Rewind utmp file pointer after searching for entry (#108)
 5056 
 5057 	getutline() advances the file pointer until it matches or reaches
 5058 	EOF. pututline() starts from the current position in utmp. This
 5059 	rewinds the file pointer to the beginning to avoid allocating
 5060 	additional spurious utmp entries.
 5061 	[142555f7a47e]
 5062 
 5063 2021-07-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 5064 
 5065 	* configure, configure.ac, m4/sudo.m4:
 5066 	Use AC_CACHE_CHECK in place of AC_MSG_CHECKING + AC_CACHE_VAL where
 5067 	possible.
 5068 	[7b0fb8de8276]
 5069 
 5070 	* config.h.in, configure, configure.ac, include/sudo_compat.h:
 5071 	Add configure check for va_copy instead of using #ifdef This
 5072 	prevents the va_copy compat #define from being used if sudo_compat.h
 5073 	is somehow included before stdarg.h.
 5074 	[6d283753e47b] <1.9>
 5075 
 5076 	* config.h.in, configure, configure.ac, include/sudo_compat.h:
 5077 	Add configure check for va_copy instead of using #ifdef This
 5078 	prevents the va_copy compat #define from being used if sudo_compat.h
 5079 	is somehow included before stdarg.h.
 5080 	[fcfd53b859ac]
 5081 
 5082 2021-07-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 5083 
 5084 	* src/limits.c:
 5085 	Avoid using RLIM_INFINITY for the nofile soft limit to prevent
 5086 	closefrom_fallback() from closing too many file descriptors.
 5087 	[edbcd5c82d4d] <1.9>
 5088 
 5089 	* src/limits.c:
 5090 	Avoid using RLIM_INFINITY for the nofile soft limit to prevent
 5091 	closefrom_fallback() from closing too many file descriptors.
 5092 	[e807ca9bfb6a]
 5093 
 5094 	* plugins/sudoers/logging.c:
 5095 	Include signal.h for SIG2STR_MAX and sig2str().
 5096 	[ad17a1be07e2]
 5097 
 5098 2021-07-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 5099 
 5100 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 5101 	logsrvd/iolog_writer.c, plugins/sudoers/logging.c,
 5102 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
 5103 	Create a UUID and log it in the JSON version of the event log.
 5104 	[8a1ad98fac51]
 5105 
 5106 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 5107 	logsrvd/logsrvd_local.c, plugins/sudoers/logging.c:
 5108 	Remove unused info_cb and info arguments from eventlog_exit()
 5109 	[c614ef1afa12]
 5110 
 5111 2021-07-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 5112 
 5113 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c:
 5114 	Add support for logging exit status events. For sudo-formatted logs,
 5115 	this is a record with "EXIT=number" and potentially "SIGNAL=name"
 5116 	after the command. For JSON-format logs, a new "exit" record is
 5117 	logged which contains an "exit_value" and potentially "signal" and
 5118 	"core_dumped". JSON-format logs now incude a UUID to associate the
 5119 	"exit" record with the "accept" record.
 5120 	[52e40ae4b79a]
 5121 
 5122 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
 5123 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 5124 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 5125 	plugins/sudoers/policy.c,
 5126 	plugins/sudoers/regress/fuzz/fuzz_policy.c:
 5127 	Add log_exit_status sudoers option to log when a command exits. This
 5128 	option defaults to off.
 5129 	[cac3ca7ad193]
 5130 
 5131 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 5132 	examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
 5133 	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_local.c:
 5134 	Add log_exit setting in the sudo_logsrvd.conf eventlog stanza This
 5135 	causes sudo_logsrvd to log a record with the exit status or
 5136 	terminating signal in response to an ExitMessage.
 5137 	[1a15f676974a]
 5138 
 5139 2021-07-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 5140 
 5141 	* plugins/python/python_plugin_common.c:
 5142 	Check that the python module we actually loaded is what we intended.
 5143 	This is intended to provide a more useful error message if the user
 5144 	defines a module which conflicts with a system python module. For
 5145 	example, a module called test.py would conflicts with the system
 5146 	python test module.
 5147 	[345523b6e87d] <1.9>
 5148 
 5149 	* plugins/python/python_plugin_common.c:
 5150 	Check that the python module we actually loaded is what we intended.
 5151 	This is intended to provide a more useful error message if the user
 5152 	defines a module which conflicts with a system python module. For
 5153 	example, a module called test.py would conflicts with the system
 5154 	python test module.
 5155 	[0676191e4741]
 5156 
 5157 2021-07-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 5158 
 5159 	* doc/CONTRIBUTORS:
 5160 	Mention that xkcd inspired the sandwich logo.
 5161 	[c7839328e21f]
 5162 
 5163 	* doc/HISTORY:
 5164 	Mention log server and fuzzers under Quest contributions.
 5165 	[f4a081f75cd0]
 5166 
 5167 2021-06-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 5168 
 5169 	* src/sesh.c, src/sudo.c, src/sudo_edit.c:
 5170 	Don't assume that the number of groups returned by getgroups() is
 5171 	static. On systems where getgroups() returns results based on more
 5172 	than just the per-process group vector in the kernel it is possible
 5173 	for the number of groups to change in between invocations. Based on
 5174 	GitHub PR #106 from Pierre-Olivier Martel.
 5175 	[832fa2480024] <1.9>
 5176 
 5177 	* src/sesh.c, src/sudo.c, src/sudo_edit.c:
 5178 	Don't assume that the number of groups returned by getgroups() is
 5179 	static. On systems where getgroups() returns results based on more
 5180 	than just the per-process group vector in the kernel it is possible
 5181 	for the number of groups to change in between invocations. Based on
 5182 	GitHub PR #106 from Pierre-Olivier Martel.
 5183 	[dbc7a173a7b8]
 5184 
 5185 	* doc/Makefile.in:
 5186 	Use "mandoc -Tlint -Wwarning" instead of -Wstyle. The style checks
 5187 	now include "referenced manual not found" warnings which is not
 5188 	helpful.
 5189 	[251757f22498]
 5190 
 5191 2021-06-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 5192 
 5193 	* logsrvd/Makefile.in, src/Makefile.in:
 5194 	regen
 5195 	[c6a21b385d57]
 5196 
 5197 2021-06-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 5198 
 5199 	* lib/fuzzstub/fuzzstub.c:
 5200 	Change ms from size_t to long. Avoids a spurious test failure on
 5201 	Solaris 9
 5202 	[5e204b959000] <1.9>
 5203 
 5204 	* lib/fuzzstub/fuzzstub.c:
 5205 	Change ms from size_t to long. Avoids a spurious test failure on
 5206 	Solaris 9
 5207 	[c26f8d233ea9]
 5208 
 5209 	* plugins/sudoers/interfaces.c, src/net_ifs.c:
 5210 	Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes
 5211 	compilation on Solaris 9.
 5212 	[d05bca21f145] <1.9>
 5213 
 5214 	* plugins/sudoers/interfaces.c, src/net_ifs.c:
 5215 	Move definition of INADDR_NONE from interfaces.c to net_ifs.c. Fixes
 5216 	compilation on Solaris 9.
 5217 	[9da2276cf944]
 5218 
 5219 2021-06-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 5220 
 5221 	* logsrvd/logsrvd.c:
 5222 	Fix dead store found by clang analyzer.
 5223 	[5c85aeef651e]
 5224 
 5225 	* logsrvd/logsrvd_conf.c:
 5226 	Fix prefix skipping when the prefix is embedded and not separate.
 5227 	This doesn't currently matter since the progname and the ": " are
 5228 	stored in separate messages. Found by clang analyzer.
 5229 	[321e90e1b347]
 5230 
 5231 	* logsrvd/logsrvd_relay.c:
 5232 	Remove dead store found by clang analyzer.
 5233 	[5fd56f26e1ba]
 5234 
 5235 2021-06-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 5236 
 5237 	* plugins/audit_json/audit_json.c:
 5238 	Make sure we store an octal number (like umask) as a string. JSON
 5239 	doesn't (portably) support octal numbers with a leading zero.
 5240 	[a0c8392f2f7a] <1.9>
 5241 
 5242 	* plugins/audit_json/audit_json.c:
 5243 	Make sure we store an octal number (like umask) as a string. JSON
 5244 	doesn't (portably) support octal numbers with a leading zero.
 5245 	[3ac37bb42f1e]
 5246 
 5247 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 5248 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 5249 	Replace logsrvd_is_early() with logsrvd_warn_stderr(). This is now
 5250 	defined in logsrvd_conf.c which removes a dependency on another
 5251 	compilation unit for the fuzzer.
 5252 	[3594cf3ec397]
 5253 
 5254 2021-06-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 5255 
 5256 	* logsrvd/logsrvd_local.c:
 5257 	Silence a compiler warning on Solaris.
 5258 	[fd9ba461b601]
 5259 
 5260 	* logsrvd/logsrvd.c:
 5261 	Reduce scope of errstr variable so it is only declared for OpenSSL.
 5262 	[eebe09a17f4b]
 5263 
 5264 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 5265 	regen
 5266 	[05b8391c6d13]
 5267 
 5268 	* logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
 5269 	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
 5270 	logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
 5271 	logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_init.c:
 5272 	Use sudo_warnx?() instead of sudo_debug_printf for errors. We now
 5273 	hook the warn functions so the messages are logged. The messages
 5274 	still show up in the debug log too.
 5275 	[9e25dc71b4cc]
 5276 
 5277 2021-06-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 5278 
 5279 	* MANIFEST, config.h.in, configure, configure.ac,
 5280 	include/sudo_compat.h, lib/util/Makefile.in,
 5281 	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/vsyslog.c,
 5282 	scripts/mkdep.pl:
 5283 	Remove vsyslog(3) emulation, it is no longer used.
 5284 	[7d1b78c2037a]
 5285 
 5286 2021-06-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 5287 
 5288 	* logsrvd/logsrvd_conf.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 5289 	If logsrvd_config not set fall back to using stderr for warnings.
 5290 	Also fix fuzz_logsrvd_conf link error.
 5291 	[eeaafe1b3e09]
 5292 
 5293 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 5294 	examples/sudo_logsrvd.conf, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
 5295 	logsrvd/logsrvd_conf.c:
 5296 	Add support for logging server warning/error messages. We can use
 5297 	sudo_warn_set_conversation() to set a conversation function that
 5298 	either writes to a log file or calls syslog().
 5299 	[5d8e13f053d0]
 5300 
 5301 2021-06-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 5302 
 5303 	* .hgtags:
 5304 	Added tag SUDO_1_9_7p1 for changeset d936a99e842d
 5305 	[9bc246c519f3] <1.9>
 5306 
 5307 	* Merge sudo 1.9.7p1 from tip
 5308 	[d936a99e842d] [SUDO_1_9_7p1] <1.9>
 5309 
 5310 	* NEWS, configure, configure.ac:
 5311 	Sudo 1.9.7p1
 5312 	[29f478993ef3]
 5313 
 5314 2021-06-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 5315 
 5316 	* plugins/audit_json/audit_json.c:
 5317 	Check arrays that are passed in for NULL before using them.
 5318 	[925ba5b0f2cb]
 5319 
 5320 	* configure, configure.ac:
 5321 	Disable nss_search()-based group lookups on HP-UX for now. There is
 5322 	a crash when "group: compat" is used in /etc/nsswitch.conf that I
 5323 	haven't been able to debug. Since HP-UX doesn't ship the appropriate
 5324 	headers it is likely that there is a mismatch between
 5325 	include/compat/nss_dbdefs.h and what HP actually uses.
 5326 	[28b00005c785]
 5327 
 5328 2021-06-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 5329 
 5330 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
 5331 	Remove logsrvd closure ERROR state and use a boolean flag instead.
 5332 	Fixes a bug where we would not insert a journal file that failed to
 5333 	relay into the queue because its state was changed from CONNECTING
 5334 	to ERROR after failing to connect.
 5335 	[638285a4bedb]
 5336 
 5337 	* include/compat/nss_dbdefs.h, lib/util/getgrouplist.c:
 5338 	Add NSS_TRYAGAIN and correct buflen in struct nss_XbyY_buf_t. Add
 5339 	some function argument names. Also use struct nss_db_state * instead
 5340 	of void * in nss_db_root_t. We don't define struct nss_db_state but
 5341 	since it is a pointer all we need is a forward declaration.
 5342 	[bc848fb97671]
 5343 
 5344 2021-06-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 5345 
 5346 	* lib/fuzzstub/fuzzstub.c, lib/iolog/Makefile.in,
 5347 	lib/util/Makefile.in, logsrvd/Makefile.in:
 5348 	Make sure we link with libsudo_util *after* libfuzzstub. This only
 5349 	affects builds with a static libsudo_util. Also fix a warning on HP-
 5350 	UX about main not being public.
 5351 	[18ff1f108c4e]
 5352 
 5353 	* MANIFEST, lib/util/Makefile.in,
 5354 	lib/util/regress/getgrouplist/getgids.c:
 5355 	Add getgids utility to simular "id -G" using sudo_getgrouplist2()
 5356 	[aed11065818d]
 5357 
 5358 	* lib/util/getgrouplist.c:
 5359 	Make sure we don't read or write past the end of the group buffer.
 5360 	We need to leave room for the terminating NULL in gr_mem. It is
 5361 	possible for gbm->numgids > gbm->maxgids if we ran out of room.
 5362 	[25a3ee849fd4]
 5363 
 5364 2021-06-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 5365 
 5366 	* lib/util/getgrouplist.c:
 5367 	Add some debugging to sudo_getgrouplist2().
 5368 	[4d79e92c8ee8]
 5369 
 5370 2021-06-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 5371 
 5372 	* src/load_plugins.c:
 5373 	Fix some debug_decl typos and remove an unneeded cast.
 5374 	[fafa91ac3def]
 5375 
 5376 	* plugins/sudoers/defaults.h:
 5377 	T_TIMEOUT is not a bitwise flag so doesn't need to be a power of 2.
 5378 	[66019af6d642]
 5379 
 5380 2021-05-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 5381 
 5382 	* src/load_plugins.c:
 5383 	sudo_stat_plugin(): set errno but do not warn if plugin path too
 5384 	long. The caller will display the warning (using errno) so there is
 5385 	no need to do it twice.
 5386 	[c8614b374a35]
 5387 
 5388 2021-05-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 5389 
 5390 	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
 5391 	sudoreplay does not parse sudoers to find the value of iolog_dir.
 5392 	The default value for the I/O log directory is set at build time.
 5393 	[3cf72612e992]
 5394 
 5395 	* plugins/sudoers/policy.c:
 5396 	Fix group list ref leak in sudoers_policy_store_result() on error
 5397 	path.
 5398 	[34785448a275]
 5399 
 5400 2021-05-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 5401 
 5402 	* plugins/sudoers/policy.c:
 5403 	Update comment to match reality.
 5404 	[ec3e0a40d1ec]
 5405 
 5406 2021-05-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 5407 
 5408 	* configure, configure.ac, scripts/ltmain.sh, src/Makefile.in:
 5409 	Build sudo_noexec.so as a module on systems other then Darwin. On
 5410 	Darwin, shared modules and shared libraries are not interchangable
 5411 	and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it
 5412 	must be a library, not a module. We must relax the requirement that
 5413 	libraries begin with a "lib" prefix to work around this difference.
 5414 	This does mean you must use sudo's libtool on Darwin (macOS) but
 5415 	that is already a requirement on other systems (notably HP-UX and
 5416 	SCO) due to a number of libtool patches we require that haven't be
 5417 	accepted upstream. This is a different fix for PR #102.
 5418 	[2e5454c56d3c]
 5419 
 5420 	* configure, configure.ac:
 5421 	Use -Wno-deprecated-declarations on macOS This quiets warnings about
 5422 	LDAP and audit libraries being deprecated. We will use them until
 5423 	they are removed in a future version of macOS.
 5424 	[6fbdf644865c]
 5425 
 5426 2021-05-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 5427 
 5428 	* scripts/mkpkg:
 5429 	Use /usr/bin/cc on FreeBSD and macOS.
 5430 	[7d6bcea0e544]
 5431 
 5432 	* plugins/sudoers/log_client.c:
 5433 	Don't include errno in "unable to connect to log server" message.
 5434 	There should be a more specific message, usually with an error
 5435 	string, displayed earlier.
 5436 	[e599f9b0fd1c]
 5437 
 5438 	* src/ttyname.c:
 5439 	Fix compiler warning on FreeBSD.
 5440 	[2c6fc866fb5b]
 5441 
 5442 	* lib/iolog/hostcheck.c:
 5443 	Explicitly include netinet/in.h for struct sockaddr_in and
 5444 	sockaddr+_in6. Fixes a compilation problem on FreeBSD.
 5445 	[2277c8f37c34]
 5446 
 5447 2021-05-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 5448 
 5449 	* .hgtags:
 5450 	Added tag SUDO_1_9_7 for changeset f0ce54d4288c
 5451 	[58968ec7a457] <1.9>
 5452 
 5453 	* Merge sudo 1.9.7 from tip
 5454 	[f0ce54d4288c] [SUDO_1_9_7] <1.9>
 5455 
 5456 2021-05-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 5457 
 5458 	* plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po:
 5459 	Updated translations from translationproject.org
 5460 	[3d6d49097b98]
 5461 
 5462 	* plugins/sudoers/log_client.c:
 5463 	Better warning when close function is passed a non-terminal signal.
 5464 	[8b8628249e4d]
 5465 
 5466 	* logsrvd/logsrvd_local.c:
 5467 	Remove line causing store_suspend_local() to return false on
 5468 	success. This is something that should have been removed as part of
 5469 	the local I/O logging refactor.
 5470 	[e8ae1e61b8b2]
 5471 
 5472 	* src/exec_pty.c:
 5473 	Don't set the command status in the closure when the command is
 5474 	suspended. This should only be set for signals that terminate the
 5475 	process. Fixes a bug where the sudo front-end could call the plugin
 5476 	close function with a non-terminal signal argument.
 5477 	[a95024bfb6e8]
 5478 
 5479 2021-05-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 5480 
 5481 	* plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c:
 5482 	Quiet -Wshadow warnings from gcc.
 5483 	[7ff2985ba650]
 5484 
 5485 	* NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5486 	The -g option may also be used with any group the target user
 5487 	belongs to. The description in the Runas_Spec section incorrectly
 5488 	stated that the -g option could not be used if no runas group was
 5489 	set. Bug #975.
 5490 	[67d1948d1aa8]
 5491 
 5492 	* configure, configure.ac:
 5493 	Remove redundant "configuring Sudo version X.YY" line. We now
 5494 	display this along with the summary info at the end.
 5495 	[0d7c908f8d4c]
 5496 
 5497 	* configure, configure.ac:
 5498 	Don't check for -Wl,-z,relro twice.
 5499 	[a30dce71fb26]
 5500 
 5501 2021-05-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 5502 
 5503 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 5504 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 5505 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
 5506 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 5507 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
 5508 	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
 5509 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
 5510 	Updated translations from translationproject.org
 5511 	[9303a20fe480]
 5512 
 5513 	* scripts/mkpkg:
 5514 	Build python plugin for RHEL 6 as well.
 5515 	[edaa6ec0e255]
 5516 
 5517 	* configure, configure.ac:
 5518 	Remove shell-style quotes in configure warning/error/notice
 5519 	messages. Square bracket quotes are used, no need for shell-style
 5520 	double quotes.
 5521 	[e6de284df511]
 5522 
 5523 	* NEWS, configure, configure.ac:
 5524 	Summarize configure settings after all tests have run. This makes it
 5525 	a lot easier to see what features have been enabled.
 5526 	[12ea96affed5]
 5527 
 5528 2021-05-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 5529 
 5530 	* INSTALL, configure, configure.ac:
 5531 	Remove --with-efence option, there are better options available.
 5532 	[78fd5ceb2c52]
 5533 
 5534 	* NEWS:
 5535 	Move misplaced changes into the 1.9.7 section where they belong.
 5536 	[1519f7a4669b]
 5537 
 5538 	* lib/util/regress/sudo_conf/conf_test.c:
 5539 	Awful hack to pass on macOS where group_source=dynamic by default.
 5540 	[b038bfab8c34]
 5541 
 5542 	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
 5543 	plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
 5544 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 5545 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 5546 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 5547 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 5548 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 5549 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
 5550 	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
 5551 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/ca.mo,
 5552 	po/ca.po, po/it.mo, po/it.po, po/sr.mo, po/sr.po:
 5553 	Updated translations from translationproject.org
 5554 	[7b156da85d13]
 5555 
 5556 	* NEWS:
 5557 	Document late stage 1.9.7 changes.
 5558 	[28756df7dcb4]
 5559 
 5560 	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
 5561 	logsrvd/sendlog.c, logsrvd/sendlog.h:
 5562 	sudo_sendlog: rename -m (max-time) to -s (stop-after).
 5563 	[4f016111b242]
 5564 
 5565 	* logsrvd/logsrv_util.c, logsrvd/logsrvd.c, logsrvd/logsrvd_journal.c:
 5566 	Update closure->elapsed_time in journal_seek(). Otherwise the commit
 5567 	point messages won't be accurate when restarting.
 5568 	[6cd4db44b8ee]
 5569 
 5570 	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
 5571 	logsrvd/sendlog.c, logsrvd/sendlog.h:
 5572 	Add "-m elapsed" option to specify the max elapsed time of records
 5573 	to send. Useful for testing the ability of the server to handle
 5574 	restarted log transfers.
 5575 	[cd9c9235e320]
 5576 
 5577 2021-05-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 5578 
 5579 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
 5580 	Disable reading from client or relay when sending error to client.
 5581 	We treat an error from the relay as fatal and must stop processing
 5582 	data from both client and relay to make sure we don't get out of
 5583 	sync.
 5584 	[258f9691b3d9]
 5585 
 5586 	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd_local.c:
 5587 	Fix I/O log restart of locally-store logs. This got broken a while
 5588 	ago when evlog in struct connection_closure was changed to a
 5589 	pointer.
 5590 	[8b59122891f9]
 5591 
 5592 	* scripts/pp:
 5593 	Fix detection of the volatile flag when other flags are present.
 5594 	Otherwise flags fields like "volatile,ignore-other" will be ignored
 5595 	by the Debian and BSD back ends.
 5596 	[0d120b9eab71]
 5597 
 5598 	* src/limits.c:
 5599 	Fix debug message when prctl(PR_SET_DUMPABLE, 0, 0, 0, 0) fails.
 5600 	GitHub issue #101
 5601 	[7d266c174457]
 5602 
 5603 	* logsrvd/logsrvd_relay.c, logsrvd/sendlog.c, logsrvd/tls_client.c,
 5604 	logsrvd/tls_common.h, plugins/sudoers/log_client.c:
 5605 	Don't hard-code the TLS connect timeout, use normal connect timeout.
 5606 	For sudo_logsrvd, this is the relay connect_timeout setting. For
 5607 	sudoers, this is the log_server_timeout setting.
 5608 	[49e29f187f5a]
 5609 
 5610 2021-05-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 5611 
 5612 	* logsrvd/logsrvd_queue.c:
 5613 	Add missing closedir(3) in logsrvd_queue_scan(). Coverity CID 221591
 5614 	[e9745c64a721]
 5615 
 5616 	* NEWS:
 5617 	Mention "log_server_verify" bug fix.
 5618 	[a70060c34e7a]
 5619 
 5620 	* configure, configure.ac, doc/sudo_logsrvd.conf.man.in,
 5621 	doc/sudo_logsrvd.conf.mdoc.in, examples/sudo_logsrvd.conf,
 5622 	m4/sudo.m4, pathnames.h.in:
 5623 	Rename logsrvd log dir to /var/log/sudo_logsrvd.
 5624 	[fb979be9927e]
 5625 
 5626 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 5627 	examples/sudo_logsrvd.conf, logsrvd/logsrvd.h,
 5628 	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_queue.c:
 5629 	Make the failed relay retry interval configurable. This is the
 5630 	amount of time to wait before trying to resend a journal to the
 5631 	relay server after a connection error.
 5632 	[cbc04201a63e]
 5633 
 5634 2021-05-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 5635 
 5636 	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
 5637 	logsrvd/logsrvd_journal.c, logsrvd/logsrvd_queue.c,
 5638 	logsrvd/logsrvd_relay.c:
 5639 	Send outgoing messages to the relay server on startup. Also attempt
 5640 	to retry messages that could not be relayed periodically.
 5641 	[7ed12983af85]
 5642 
 5643 	* lib/util/fatal.c:
 5644 	Avoid clobbering errno in warning().
 5645 	[3282a7db7f51]
 5646 
 5647 	* logsrvd/logsrvd_relay.c:
 5648 	Set relay name string to NULL after dropping the reference.
 5649 	Otherwise it is possible to decrement the reference more than once.
 5650 	[245d4e60ea21]
 5651 
 5652 2021-04-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 5653 
 5654 	* plugins/sudoers/iolog.c:
 5655 	Fix cut & pasto that prevented the verify_server option from being
 5656 	set. The "log_server_verify" setting passed from the policy plugin
 5657 	was applied to the "keepalive" option instead of "verify_server".
 5658 	From Krisztian Kovacs.
 5659 	[06f716981ad0]
 5660 
 5661 2021-04-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 5662 
 5663 	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in,
 5664 	logsrvd/logsrvd.c:
 5665 	Write client and server information to debug file on SIGUSR1 This
 5666 	can be used to debug client problems such as a connection not being
 5667 	closed as expected.
 5668 	[e6e3a4ba02f4]
 5669 
 5670 	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in:
 5671 	Document journal file directories in store_first mode.
 5672 	[a08de0c20127]
 5673 
 5674 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c:
 5675 	Create journal files in an incoming directory, move to outgoing when
 5676 	complete. This will make it possible to process completed journal
 5677 	files periodically if the relay server is down.
 5678 	[5ced00c6eb7e]
 5679 
 5680 	* logsrvd/logsrvd_relay.c:
 5681 	Add missing connection_close() call for relay-only connections. For
 5682 	an immediate relay we will close the connection when the client
 5683 	disconnects (or there is a timeout). However, for store-and-forward
 5684 	mode the client has already disconnected at the time we are
 5685 	relaying.
 5686 	[e51e98489c6d]
 5687 
 5688 2021-04-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 5689 
 5690 	* plugins/sudoers/po/sudoers.pot:
 5691 	regen
 5692 	[4aa3f848b223]
 5693 
 5694 	* logsrvd/logsrvd_conf.c:
 5695 	Replace non-ascii characters in warning string.
 5696 	[5e99ac170a15]
 5697 
 5698 	* lib/util/regress/getgrouplist/getgrouplist_test.c,
 5699 	lib/util/regress/tailq/hltq_test.c,
 5700 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 5701 	plugins/sudoers/regress/editor/check_editor.c,
 5702 	plugins/sudoers/regress/exptilde/check_exptilde.c,
 5703 	plugins/sudoers/regress/parser/check_base64.c,
 5704 	plugins/sudoers/regress/parser/check_fill.c,
 5705 	plugins/sudoers/regress/parser/check_gentime.c,
 5706 	plugins/sudoers/regress/parser/check_hexchar.c,
 5707 	plugins/sudoers/regress/starttime/check_starttime.c,
 5708 	plugins/sudoers/regress/unescape/check_unesc.c:
 5709 	Quiet clang analyzer false positive in regress tests.
 5710 	[190ad1f287d8]
 5711 
 5712 	* MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
 5713 	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_local.c:
 5714 	Move local iolog log functions to logsrvd_local.c
 5715 	[e16e2a1d8209]
 5716 
 5717 	* logsrvd/logsrvd_relay.c:
 5718 	Better client error reporting on relay server connection error. More
 5719 	detailed error messages may be found in the debug log.
 5720 	[d0807790327d]
 5721 
 5722 	* logsrvd/logsrvd.c:
 5723 	Update debug pid string when sudo_logsrvd becomes a daemon.
 5724 	[33069e2da7d5]
 5725 
 5726 2021-04-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 5727 
 5728 	* logsrvd/logsrvd.c:
 5729 	Must call SSL_shutdown() before closing the underlying socket. This
 5730 	got broken by some code rearrangement when relay mode was added.
 5731 	[a3a8c4d10565]
 5732 
 5733 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
 5734 	Recover if the client or relay server closes the TLS connection
 5735 	uncleanly. The other end of the connection should perform a proper
 5736 	TLS shutdown but as long as we are in the correct state there is no
 5737 	need to treat this as a user-visible error.
 5738 	[90887bc2235f]
 5739 
 5740 	* NEWS, aclocal.m4, configure, configure.ac:
 5741 	Sudo 1.9.7
 5742 	[c1ea457eca11]
 5743 
 5744 	* MANIFEST, plugins/python/Makefile.in, plugins/python/lsan_suppr.txt:
 5745 	Add a suppression file for the libpython leaks. This is a big hammer
 5746 	but it seems like the best we can do for now. Allows "make check" to
 5747 	succeed when address sanitizer is used.
 5748 	[4500cd1e835e]
 5749 
 5750 2021-04-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 5751 
 5752 	* plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
 5753 	plugins/sudoers/regress/editor/check_editor.c:
 5754 	When spliting EDITOR check for escaped quote characters. Also add
 5755 	check_editor to sudoers "make check".
 5756 	[0d8001299358]
 5757 
 5758 2021-04-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 5759 
 5760 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/editor.c,
 5761 	plugins/sudoers/regress/editor/check_editor.c:
 5762 	Treat a lone backslash at the end of a string as a literal
 5763 	backslash. GitHub issue #99
 5764 	[40a53e523003]
 5765 
 5766 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in:
 5767 	Fix typo.
 5768 	[614379733a17]
 5769 
 5770 2021-04-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 5771 
 5772 	* plugins/python/pyhelpers.c:
 5773 	Avoid a potential NULL dereference when mutating args_str. Coverit
 5774 	CID 221401
 5775 	[69f3c7f8e524]
 5776 
 5777 	* logsrvd/logsrvd_journal.c:
 5778 	Avoid calling fread() with a NUL buffer if msg_len is 0. Coverity
 5779 	CID 221399
 5780 	[ed605b7a3186]
 5781 
 5782 	* logsrvd/logsrvd.c:
 5783 	Set a restrictive umask so new files are only read/write by owner.
 5784 	Coverity CID 221402
 5785 	[595465e4baa2]
 5786 
 5787 	* logsrvd/logsrvd.c:
 5788 	In connection_closure_free() only close sock if it is not -1. When
 5789 	relaying from a journal there will be no socket. Coverity CID 221403
 5790 	[fd4f27067c3f]
 5791 
 5792 	* logsrvd/logsrvd.c:
 5793 	Avoid potential NULL dereference in get_free_buf(). Coverity CID
 5794 	221400
 5795 	[6cb5491bf812]
 5796 
 5797 	* logsrvd/logsrvd.c, logsrvd/logsrvd_relay.c:
 5798 	Remove some now-dead code in the error path. Coverity CID 221397 and
 5799 	221398
 5800 	[edc860f72f98]
 5801 
 5802 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c,
 5803 	logsrvd/logsrvd_relay.c:
 5804 	Use function pointers for each client message type instead of
 5805 	conditionals. This separats out the message handler from the
 5806 	functions that store or relay the message contents.
 5807 	[f596480880fa]
 5808 
 5809 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
 5810 	Add enqueue_error_message() helper function. Formats and enqueues an
 5811 	error message and enables the write event.
 5812 	[122bd89fe5e3]
 5813 
 5814 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c,
 5815 	logsrvd/logsrvd_relay.c:
 5816 	Forward the journaled entry after it has been stored locally.
 5817 	[a187d5a7ea28]
 5818 
 5819 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_journal.c:
 5820 	Stash the value of the store_first config setting in
 5821 	connection_closure. If the configuration changes it should not
 5822 	affect a connection that is already in progress.
 5823 	[6617c2b7ece5]
 5824 
 5825 	* MANIFEST, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
 5826 	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 5827 	logsrvd/logsrvd_journal.c, logsrvd/logsrvd_relay.c:
 5828 	Journal messages to disk when store_first is set in the relay
 5829 	section. Instead of forwarding messages immediately, they are
 5830 	journaled locally in wire format. This will be used to implement
 5831 	relay store-and-forward mode.
 5832 	[aa0c537258e7]
 5833 
 5834 	* INSTALL, configure, configure.ac, doc/sudo_logsrvd.conf.man.in,
 5835 	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.mdoc.in,
 5836 	logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, m4/sudo.m4,
 5837 	pathnames.h.in:
 5838 	Add configuration for sudo_logsrvd store-and-forward mode. Adds
 5839 	"relay_dir" and "store_first" settings to sudo_logsrvd.conf in the
 5840 	[relay] section. Also adds a --with-relaydir configure argument to
 5841 	change the default value (usually /var/log/logsrvd-relay.
 5842 	[6f064ed6d20e]
 5843 
 5844 	* src/signal.c:
 5845 	Make sure SIGCHLD is not ignored when sudo is executed. If SIGCHLD
 5846 	is ignored there is a race condition between when the process is
 5847 	executed and when the SIGCHLD handler is installed. This fixes the
 5848 	bug described by GitHub PR #98
 5849 	[b4c91a0f72e7]
 5850 
 5851 2021-04-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 5852 
 5853 	* config.h.in, configure, configure.ac:
 5854 	Remove the HP-UX 11.0 pread64() hack, it causes problems on modern
 5855 	HP-UX.
 5856 	[fea8ebd0b88d]
 5857 
 5858 	* src/limits.c:
 5859 	Add minimum value to consider when overriding resource limits.
 5860 	Currently only used for RLIMIT_DATA and RLIMIT_AS.
 5861 
 5862 	This works around a problem on HP-UX where setting RLIMIT_DATA
 5863 	changes the resource limits for both 32-bit and 64-bit processes.
 5864 	HP-UX processes start out with RLIMIT_DATA set based on the values
 5865 	of the maxdsiz and maxdsiz_64bit kernel tunables, depending on
 5866 	whether they are 32-bit or 64-bit. By default this limit is 1GB for
 5867 	32-bit processes and 4GB for 64-bit. However, once RLIMIT_DATA is
 5868 	changed, it does not appear to be possible to restore the old
 5869 	values. This can result in a 64-bit process that is executed by a
 5870 	32-bit shell getting the 32-bit RLIMIT_DATA instead of the 64-bit
 5871 	one. Bug #973
 5872 	[8778a27abfaf]
 5873 
 5874 2021-04-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 5875 
 5876 	* logsrvd/logsrvd_relay.c:
 5877 	Don't use msg_len as a length after converting it to network byte
 5878 	order.
 5879 	[3f2496be1130]
 5880 
 5881 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
 5882 	Use the packed message buffer when relaying if possible. There's no
 5883 	need to rebuild the message buffer for anything but RestartMessage
 5884 	and ClientHello.
 5885 	[903fa50f48c9]
 5886 
 5887 2021-04-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 5888 
 5889 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
 5890 	Allocate the data buffer in get_free_buf() too. We always know the
 5891 	size of the data buffer we need at allocation time.
 5892 	[c02dc245aa40]
 5893 
 5894 2021-04-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 5895 
 5896 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c:
 5897 	Relay ChangeWindowSize and CommandSuspend events too.
 5898 	[cb20a1de47e3]
 5899 
 5900 2021-04-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 5901 
 5902 	* plugins/python/pyhelpers.c, plugins/python/regress/testdata/check_ex
 5903 	ample_debugging_c_calls@diag.log, plugins/python/regress/testdata/ch
 5904 	eck_example_debugging_c_calls@info.log, plugins/python/regress/testd
 5905 	ata/check_example_group_plugin_is_able_to_debug.log:
 5906 	Regenerate test output with python 3.10a7 Also adjust debug tests so
 5907 	they pass on older python versions
 5908 	[03aeda971872]
 5909 
 5910 	* configure, m4/python.m4:
 5911 	determine Python (3.10) version number correctly. from upstream
 5912 	automake
 5913 	[1f4136509aca]
 5914 
 5915 	* MANIFEST, aclocal.m4, m4/python.m4, m4/runlog.m4:
 5916 	Move python.m4 and runlog.m4 to the m4 directory. Previously they
 5917 	were inline in aclocal.m4.
 5918 	[6ec4c92539a7]
 5919 
 5920 2021-04-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 5921 
 5922 	* configure, configure.ac:
 5923 	Add hiuxmpp where we have hpux for special cases. Also move the HP-
 5924 	UX 11.00 pread(2) workaround into the section where pread(2) is
 5925 	tested for, not before it.
 5926 	[f6cc1820e0fb]
 5927 
 5928 	* etc/sudo-logsrvd.pp, etc/sudo-python.pp:
 5929 	Only replace the last instance of "sudo" in example and doc dir.
 5930 	Otherwise we end up with weird paths for a prefix like /opt/sudo.
 5931 	[113bdf79f00f]
 5932 
 5933 2021-04-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 5934 
 5935 	* doc/sudoers.ldap.mdoc.in:
 5936 	Fix lint warning.
 5937 	[aa4a4f0b0da1]
 5938 
 5939 	* doc/sudo_logsrvd.man.in, doc/sudo_logsrvd.mdoc.in:
 5940 	Mention relay mode and update TLS example.
 5941 	[a50a23542c05]
 5942 
 5943 	* etc/sudo-logsrvd.pp, etc/sudo.pp:
 5944 	If libssl_dep was not passed in, use ldd to determine its value.
 5945 	Normally, mkpkg will figure this out, but if the user does "make
 5946 	package" outside of the mkpkg script, libssl_dep will not be set.
 5947 	[87329797daca]
 5948 
 5949 2021-04-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 5950 
 5951 	* INSTALL, configure, configure.ac, doc/UPGRADE:
 5952 	Enable the use of OpenSSL if log client/server not disabled. This
 5953 	adds a dependency on OpenSSL unless it is explicitly disabled
 5954 	(--disable-openssl) or the sudo log client and server are disabled
 5955 	(--disable-log-client and --disable-log-server).
 5956 	[618f504240d2]
 5957 
 5958 2021-04-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 5959 
 5960 	* etc/codespell.skip:
 5961 	configure aux scripts moved to the scripts directory
 5962 	[1cfcbfd128ed]
 5963 
 5964 	* logsrvd/Makefile.in, logsrvd/logsrvd_conf.c:
 5965 	Set logsrvd_config to NULL in logsrvd_conf_cleanup() after freeing
 5966 	it. Fixes a double free in fuzz_logsrvd_conf (but not sudo_logsrvd
 5967 	itself). Also fix linking fuzz_logsrvd_conf with OpenSSL.
 5968 	[ad78729467d4]
 5969 
 5970 	* logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
 5971 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
 5972 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
 5973 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
 5974 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
 5975 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6,
 5976 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
 5977 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict:
 5978 	Update sudo_logsrvd.conf fuzzer to match configuration changes.
 5979 	[85ae32ce6f44]
 5980 
 5981 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 5982 	examples/sudo_logsrvd.conf:
 5983 	Document relay configuration changes.
 5984 	[d66eb842a6ef]
 5985 
 5986 2021-04-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 5987 
 5988 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 5989 	logsrvd/logsrvd_relay.c:
 5990 	Move relay configuration into its own section and add TLS options.
 5991 	TLS options in the relay section will be used if specified,
 5992 	otherwise the TLS options from the server section are used.
 5993 	[0695e9b9b067]
 5994 
 5995 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 5996 	logsrvd/logsrvd_relay.c:
 5997 	Add "server" and "relay" to getters/callbacks specific to server and
 5998 	relay.
 5999 	[618b4fa5325c]
 6000 
 6001 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 6002 	logsrvd/logsrvd_relay.c:
 6003 	Remove struct logsrvd_tls_config. Now that the SSL context is
 6004 	initialized in logsrvd_conf.c there's no need to export TLS
 6005 	configuration other than tls_check_peer.
 6006 	[4fb0fdc417e1]
 6007 
 6008 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
 6009 	logsrvd/logsrvd_relay.c:
 6010 	No longer need struct logsrvd_tls_runtime, use SSL_CTX instead.
 6011 	[61e0bdf1499d]
 6012 
 6013 	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
 6014 	Move allocation of the TLS context to logsrvd_conf_apply(). This way
 6015 	we get certificate errors at configuration time, not after. It also
 6016 	means that a change to the config file that renders the TLS settings
 6017 	invalid will no longer cause the server to exit. The new config will
 6018 	just be ignored as if there was a syntax error.
 6019 	[352ecb58618f]
 6020 
 6021 	* logsrvd/tls_init.c:
 6022 	Only initialize the SSL library once.
 6023 	[e17215eec1d6]
 6024 
 6025 2021-04-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 6026 
 6027 	* plugins/sudoers/timestamp.c:
 6028 	Sanity check struct timespec in timestamp file. Coverity CID 220564
 6029 	[68dfceeb105e]
 6030 
 6031 	* plugins/sudoers/timestamp.c:
 6032 	Check lseek(fd, 0, SEEK_CUR) for -1 return value. Not actually
 6033 	possible in practice. Coverity CID 220568.
 6034 	[27105922d3be]
 6035 
 6036 	* src/net_ifs.c:
 6037 	Check for NULL ifa->ifa_addr and ifa->ifa_netmask in both loops.
 6038 	[373961966099]
 6039 
 6040 2021-04-07  Radovan Sroka  <rsroka@redhat.com>
 6041 
 6042 	* src/sudo_edit.c:
 6043 	Fixed bad condition for sesh args
 6044 
 6045 	In selinux_edit_copy_tfiles() when there is only one file and the
 6046 	open() fails then number of arguments is lower than expected. Sudo
 6047 	should return error with or without "Defaults !sudoedit_checkdir"
 6048 	set.
 6049 
 6050 	This was found with regression testing of CVE-2021-23240.
 6051 
 6052 	Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 6053 	[947ce862c0bf]
 6054 
 6055 2021-04-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 6056 
 6057 	* src/net_ifs.c:
 6058 	Plug memory leak on overflow; Coverity CID 220556
 6059 	[86b71e5dec5c]
 6060 
 6061 	* logsrvd/logsrvd.c:
 6062 	In schedule_commit_point() do not free the closure on error. It is
 6063 	the caller's responsibility to free resources on error. Coverity CID
 6064 	220557
 6065 	[e6629496ab03]
 6066 
 6067 	* plugins/sudoers/pwutil.c,
 6068 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6069 	Cast NULL terminator argument to char * when calling sudo_mkgrent().
 6070 	Avoids a portability issue on systems where NULL is not a pointer.
 6071 	[cdb9cf0ad2ea]
 6072 
 6073 	* logsrvd/tls_init.c:
 6074 	Rename LOGSRVD_DEFAULT_CIPHER_LST13 to DEFAULT_CIPHER_LST13
 6075 	[a5d7da05cf09]
 6076 
 6077 	* logsrvd/tls_client.c:
 6078 	Include string.h for strerror(3) prototype.
 6079 	[57f5cfe43a89]
 6080 
 6081 	* logsrvd/logsrvd_relay.c:
 6082 	Move connect_relay_tls() so we don't need a prototype for it. Fixes
 6083 	a warning when sudo is not configured to use OpenSSL.
 6084 	[0c73cfebf32b]
 6085 
 6086 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 6087 	examples/sudo_logsrvd.conf:
 6088 	Document relay and connect_timeout server settings.
 6089 	[a101d54b451e]
 6090 
 6091 	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrv_util.h,
 6092 	logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_client.c,
 6093 	logsrvd/tls_common.h:
 6094 	Move common TLS client code to tls_client.c and use it in sendlog.c.
 6095 	[5334b6c4bef8]
 6096 
 6097 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
 6098 	Rename listen_address -> server_address and add reference counting.
 6099 	This will be used by the upcoming relay mode.
 6100 	[f8ef9c83c3c8]
 6101 
 6102 	* logsrvd/logsrvd.c:
 6103 	Try to send an error message to client for some client_msg_cb()
 6104 	failures.
 6105 	[0805636e8114]
 6106 
 6107 	* logsrvd/logsrvd.c:
 6108 	Split most of server_commit_cb() out into schedule_commit_point().
 6109 	This allows it to be used by the relay code too.
 6110 	[c985c2f9e5d5]
 6111 
 6112 	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
 6113 	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c:
 6114 	Add a relay mode to sudo_logsrvd where it forwards instead of
 6115 	stores. Relay hosts are be specified in the server section of
 6116 	sudo_logsrvd.conf.
 6117 	[071c231e76a9]
 6118 
 6119 	* logsrvd/Makefile.in, logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c,
 6120 	logsrvd/sendlog.c, logsrvd/tls_common.h:
 6121 	Add support for relaying to another sudo_logsrvd via TLS.
 6122 	[c47397ce4098]
 6123 
 6124 	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
 6125 	lib/util/rcstr.c, lib/util/util.exp.in, plugins/sudoers/Makefile.in,
 6126 	plugins/sudoers/alias.c, plugins/sudoers/check_aliases.c,
 6127 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
 6128 	plugins/sudoers/gram.y, plugins/sudoers/ldap.c,
 6129 	plugins/sudoers/ldap_util.c, plugins/sudoers/rcstr.c,
 6130 	plugins/sudoers/sssd.c, plugins/sudoers/sudoers.h,
 6131 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 6132 	plugins/sudoers/visudo.c:
 6133 	Move reference-counted string code from sudoers to libsudo_util. It
 6134 	will be used by sudo_logsrvd too.
 6135 	[d228aaf9b6fa]
 6136 
 6137 	* logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c, logsrvd/logsrvd_relay.c:
 6138 	Add sa_host to struct server_address as a ref counted string. Also
 6139 	convert sa_str to ref counted string.
 6140 	[4e8abb84c11d]
 6141 
 6142 	* logsrvd/logsrvd_conf.c:
 6143 	Don't allow a wildcard address for the relay parameter.
 6144 	[4a80d18d025b]
 6145 
 6146 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
 6147 	Add logsrvd_conf_cleanup() to free the conf data structures on exit.
 6148 	There is no longer a need to do anything in shutdown_cb() other than
 6149 	break out of the event loop.
 6150 	[9e4d7456fb7a]
 6151 
 6152 	* src/tgetpass.c:
 6153 	Set user group list when executing the askpass helper. Under normal
 6154 	circumstances the existing group list will match the list fetched by
 6155 	sudo. However, if sudo is executed by a process that has changed the
 6156 	group list via setgroups(2) and "group_source" in sudo.conf is set
 6157 	to "dynamic" it is possible for them to be different.
 6158 
 6159 	If group_source in sudo.conf is set to "dynamic" it is possible for
 6160 	the group list
 6161 	[2b1d4ffb9cf6]
 6162 
 6163 	* logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
 6164 	Use a tailq of write buffers instead of a single one per connection.
 6165 	This allows us to queue up multiple messages for writing like the
 6166 	sudoers client supports. Currently, each connection has its own free
 6167 	list. In the future we may want a single free list with low and high
 6168 	water marks.
 6169 	[b5df1b4d79c7]
 6170 
 6171 	* configure.ac:
 6172 	Increase autoconf minimum version to 2.70. Some of the macros
 6173 	deprecated in 2.70 are required by older versions. For example,
 6174 	AC_PROG_CC now does the work of AC_PROG_CC_STDC. Bug #972
 6175 	[223a584b6241]
 6176 
 6177 	* MANIFEST, Makefile.in, config.guess, config.sub, configure,
 6178 	configure.ac, doc/Makefile.in, examples/Makefile.in,
 6179 	include/Makefile.in, install-sh, lib/util/Makefile.in,
 6180 	lib/zlib/Makefile.in, logsrvd/Makefile.in, ltmain.sh,
 6181 	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
 6182 	plugins/python/Makefile.in, plugins/sample/Makefile.in,
 6183 	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
 6184 	plugins/system_group/Makefile.in, scripts/config.guess,
 6185 	scripts/config.sub, scripts/install-sh, scripts/ltmain.sh,
 6186 	src/Makefile.in:
 6187 	Move autoconf auxiliary files to the scripts directory.
 6188 	[5ea8182c11d9]
 6189 
 6190 2021-04-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 6191 
 6192 	* doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
 6193 	Document SUCCESS=return support in sudoers nsswitch.conf entries.
 6194 	Based on a patch from Dennis Filder. Bug #971.
 6195 	[1d631d1b6244]
 6196 
 6197 2021-04-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 6198 
 6199 	* plugins/sudoers/audit.c:
 6200 	Move log_server_accept() out from under the #ifdef
 6201 	SUDOERS_LOG_CLIENT Fixes a link error when sudo is configured with
 6202 	--disable-log-client.
 6203 	[1bb7efdbddd5]
 6204 
 6205 2021-04-01  Radovan Sroka  <rsroka@redhat.com>
 6206 
 6207 	* src/selinux.c:
 6208 	Removed depricated security_context_t
 6209 
 6210 	Signed-off-by: Radovan Sroka <rsroka@redhat.com>
 6211 	[14aba55909fc]
 6212 
 6213 2021-03-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 6214 
 6215 	* logsrvd/sendlog.c:
 6216 	Return NULL if init_tls_client_context() fails. Otherwise, we will
 6217 	call SSL_new with a freed SSL context. Bug #970
 6218 	[5fbadce88524]
 6219 
 6220 2021-03-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 6221 
 6222 	* src/parse_args.c:
 6223 	Use separate getopt config for sudoedit. Avoids a problem where the
 6224 	user gets an exclusive usage error message when using a sudo-
 6225 	specific option. GitHub issue #95
 6226 	[b6207568e50a]
 6227 
 6228 	* src/parse_args.c, src/sudo_usage.h.in:
 6229 	Add -h and -V to sudoedit usage and customize help output for
 6230 	sudoedit. Also add missing -B option to usage strings.
 6231 	[0d8fa214f8c3]
 6232 
 6233 	* src/parse_args.c:
 6234 	Don't report a usage error for "sudo -V". GitHub issue #95
 6235 	[a18573251751]
 6236 
 6237 	* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
 6238 	Do not include parent directories in rpm and deb files. Fixes a
 6239 	directory conflict with the AIX sudo rpm package. Other deb/rpm
 6240 	packages were not affected because parent dirs are omitted for a
 6241 	prefix of /usr.
 6242 	[f7d8db9670bb]
 6243 
 6244 2021-03-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 6245 
 6246 	* src/net_ifs.c:
 6247 	SCO OpenServer uses SIOCGIFANUM, not SIOCGIFNUM. On OpenServer,
 6248 	SIOCGIFNUM is the number of network interfaces, not the number of
 6249 	ifreq structs.
 6250 	[a992ea37b071]
 6251 
 6252 2021-03-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 6253 
 6254 	* src/net_ifs.c:
 6255 	Add support for HP-UX SIOCGLIFNUM and SIOCGLIFCONF ioctls. We need
 6256 	to use both SIOCGIFCONF and SIOCGLIFCONF since SIOCGLIFCONF only
 6257 	returns IPv6 addresses.
 6258 	[7a53304872b9]
 6259 
 6260 2021-03-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 6261 
 6262 	* src/net_ifs.c:
 6263 	Move get_net_ifs stub to the top and remove unused INET_ADDRSTRLEN
 6264 	def.
 6265 	[15bb7bc0ecb8]
 6266 
 6267 	* src/net_ifs.c:
 6268 	No longer need ifr_tmp variable, just reuse ifr. Now that we store
 6269 	the string version of the address before fetching the netmask we can
 6270 	just re-use ifr. This simplifies things and is safer since if there
 6271 	is space for the address there must also be space for the mask.
 6272 	[89ade84d0a6d]
 6273 
 6274 	* src/net_ifs.c:
 6275 	SCO OpenServer 5 returns a bogus value for SIOCGIFNUM. Gleaned from
 6276 	sendmail.
 6277 	[0616f2103f0b]
 6278 
 6279 	* src/net_ifs.c:
 6280 	Use SIOCGSIZIFCONF or SIOCGIFNUM where available. Still falls back
 6281 	to a loop if not but now maxes out at 2048 interfaces instead of
 6282 	potentially looping forever.
 6283 	[f19cd2f827d5]
 6284 
 6285 	* configure, configure.ac, src/net_ifs.c:
 6286 	Remove support for obsolete ISC UNIX and MIPS RISC/OS systems. They
 6287 	were getting in the way of net_its.c simplification.
 6288 	[4e2b7ce2fb7b]
 6289 
 6290 2021-03-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 6291 
 6292 	* src/net_ifs.c:
 6293 	Use SIOCGLIFCONF to get interface list where supported (Solaris).
 6294 	HP-UX has a SIOCGLIFCONF but it is incompatible (and appears to only
 6295 	return IPv6 addresses). Also add IPv6 support using SIOCGIFCONF
 6296 	(probably AIX only) and make sure ifr_tmpbuf[] is properly aligned.
 6297 	[d2eebba41618]
 6298 
 6299 	* MANIFEST, src/Makefile.in, src/regress/net_ifs/check_net_ifs.c:
 6300 	Add simple regress check to display the network interfaces found.
 6301 	[6c1a5a50056e]
 6302 
 6303 2021-03-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 6304 
 6305 	* INSTALL:
 6306 	Suggest clang 11 or higher, some fuzzers may hang when used with
 6307 	clang 10.
 6308 	[abcf94949ca2]
 6309 
 6310 2021-03-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 6311 
 6312 	* MANIFEST, logsrvd/Makefile.in,
 6313 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.dict:
 6314 	Add dictionary file for fuzz_logsrvd_conf.
 6315 	[f9e154751a5f]
 6316 
 6317 	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
 6318 	include/Makefile.in, lib/eventlog/Makefile.in,
 6319 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 6320 	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
 6321 	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
 6322 	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
 6323 	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
 6324 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
 6325 	src/Makefile.in:
 6326 	Add a new "fuzz" target that executes the fuzzers for 8192 runs
 6327 	each. To run indefinately, set FUZZ_RUNS=-1, e.g. "make FUZZ_RUNS=-1
 6328 	fuzz"
 6329 	[5fd3d7e9430f]
 6330 
 6331 	* MANIFEST, lib/iolog/Makefile.in,
 6332 	lib/iolog/regress/corpus/log_json/id.json,
 6333 	lib/iolog/regress/corpus/log_json/ls.json,
 6334 	lib/iolog/regress/corpus/log_json/mailq.json,
 6335 	lib/iolog/regress/corpus/log_json/make.json,
 6336 	lib/iolog/regress/corpus/log_json/pkg_add.json,
 6337 	lib/iolog/regress/corpus/log_json/pkg_delete.json,
 6338 	lib/iolog/regress/corpus/log_json/printenv.json,
 6339 	lib/iolog/regress/corpus/log_legacy/id.log,
 6340 	lib/iolog/regress/corpus/log_legacy/ls.log,
 6341 	lib/iolog/regress/corpus/log_legacy/mailq.log,
 6342 	lib/iolog/regress/corpus/log_legacy/make.log,
 6343 	lib/iolog/regress/corpus/log_legacy/pkg_add.log,
 6344 	lib/iolog/regress/corpus/log_legacy/pkg_delete.log,
 6345 	lib/iolog/regress/corpus/log_legacy/printenv.log,
 6346 	lib/iolog/regress/corpus/seed/log_json/id.json,
 6347 	lib/iolog/regress/corpus/seed/log_json/ls.json,
 6348 	lib/iolog/regress/corpus/seed/log_json/mailq.json,
 6349 	lib/iolog/regress/corpus/seed/log_json/make.json,
 6350 	lib/iolog/regress/corpus/seed/log_json/pkg_add.json,
 6351 	lib/iolog/regress/corpus/seed/log_json/pkg_delete.json,
 6352 	lib/iolog/regress/corpus/seed/log_json/printenv.json,
 6353 	lib/iolog/regress/corpus/seed/log_legacy/id.log,
 6354 	lib/iolog/regress/corpus/seed/log_legacy/ls.log,
 6355 	lib/iolog/regress/corpus/seed/log_legacy/mailq.log,
 6356 	lib/iolog/regress/corpus/seed/log_legacy/make.log,
 6357 	lib/iolog/regress/corpus/seed/log_legacy/pkg_add.log,
 6358 	lib/iolog/regress/corpus/seed/log_legacy/pkg_delete.log,
 6359 	lib/iolog/regress/corpus/seed/log_legacy/printenv.log,
 6360 	lib/iolog/regress/corpus/seed/timing/timing.1,
 6361 	lib/iolog/regress/corpus/seed/timing/timing.2,
 6362 	lib/iolog/regress/corpus/seed/timing/timing.3,
 6363 	lib/iolog/regress/corpus/seed/timing/timing.4,
 6364 	lib/iolog/regress/corpus/timing/timing.1,
 6365 	lib/iolog/regress/corpus/timing/timing.2,
 6366 	lib/iolog/regress/corpus/timing/timing.3,
 6367 	lib/iolog/regress/corpus/timing/timing.4, lib/util/Makefile.in,
 6368 	lib/util/regress/corpus/seed/sudo_conf/sudo.conf.1,
 6369 	lib/util/regress/corpus/seed/sudo_conf/sudo.conf.2,
 6370 	lib/util/regress/corpus/seed/sudo_conf/sudo.conf.3,
 6371 	lib/util/regress/corpus/sudo_conf/sudo.conf.1,
 6372 	lib/util/regress/corpus/sudo_conf/sudo.conf.2,
 6373 	lib/util/regress/corpus/sudo_conf/sudo.conf.3, logsrvd/Makefile.in,
 6374 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1,
 6375 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2,
 6376 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3,
 6377 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4,
 6378 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5,
 6379 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6,
 6380 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.1,
 6381 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.2,
 6382 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.3,
 6383 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.4,
 6384 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.5,
 6385 	logsrvd/regress/corpus/seed/logsrvd_conf/logsrvd.conf.6,
 6386 	plugins/sudoers/Makefile.in,
 6387 	plugins/sudoers/regress/corpus/policy/policy.1,
 6388 	plugins/sudoers/regress/corpus/policy/policy.2,
 6389 	plugins/sudoers/regress/corpus/policy/policy.3,
 6390 	plugins/sudoers/regress/corpus/policy/policy.4,
 6391 	plugins/sudoers/regress/corpus/policy/policy.5,
 6392 	plugins/sudoers/regress/corpus/seed/policy/policy.1,
 6393 	plugins/sudoers/regress/corpus/seed/policy/policy.2,
 6394 	plugins/sudoers/regress/corpus/seed/policy/policy.3,
 6395 	plugins/sudoers/regress/corpus/seed/policy/policy.4,
 6396 	plugins/sudoers/regress/corpus/seed/policy/policy.5:
 6397 	Move corpus files to a seed subdirectory.
 6398 	[ba6dd7f30d22]
 6399 
 6400 	* lib/fuzzstub/fuzzstub.c:
 6401 	We can now rely on LLVMFuzzerTestOneInput to flush stdout.
 6402 	[f20f353eeb87]
 6403 
 6404 	* plugins/sudoers/Makefile.in:
 6405 	Fix fuzz_sudoers output comparison when fuzzing is enabled.
 6406 	libFuzzer outputs additional info to stderr that our stub doesn't.
 6407 	[49434e4eceaa]
 6408 
 6409 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 6410 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 6411 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 6412 	lib/util/regress/fuzz/fuzz_sudo_conf.c,
 6413 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
 6414 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 6415 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 6416 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 6417 	Flush stdout before successful return from LLVMFuzzerTestOneInput().
 6418 	Fixes a problem with diag lines from libFuzzer being interspersed
 6419 	with test output.
 6420 	[f0b701120128]
 6421 
 6422 	* configure, configure.ac:
 6423 	Use --allow-multiple-definition to work around an issue with ld.lld.
 6424 	For fuzz_policy we redefine getaddrinfo/freeaddrinfo to work around
 6425 	a DNS timeout problem with name resolution and CIfuzz. However, this
 6426 	causes a link failure when sanitizers are enabled on systems that
 6427 	use ld.lld as their linker. Use a big hammer to avoid the link
 6428 	error.
 6429 	[2b9df5329c0e]
 6430 
 6431 	* MANIFEST, plugins/sudoers/Makefile.in,
 6432 	plugins/sudoers/testsudoers.c, plugins/sudoers/testsudoers_pwutil.c,
 6433 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
 6434 	Do not redefine system group and passwd functions for testsudoers.
 6435 	Instead, prefix the replacements with "testsudoers_" and use a
 6436 	custom pwutil backend so they get used.
 6437 	[6bfd2f8d01c0]
 6438 
 6439 	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
 6440 	include/Makefile.in, lib/eventlog/Makefile.in,
 6441 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 6442 	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
 6443 	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
 6444 	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
 6445 	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
 6446 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
 6447 	src/Makefile.in:
 6448 	Rename "fuzz" makefile target to "check-fuzzer". It's purpose is to
 6449 	run the fuzzers are part of a normal "make check" to avoid bit rot,
 6450 	not to perform a fuzzer run. The fuzz_logsrvd_conf fuzzer was not
 6451 	wired up to "make check" previously.
 6452 	[01c03ccfd3f0]
 6453 
 6454 2021-03-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 6455 
 6456 	* .hgtags:
 6457 	Added tag SUDO_1_9_6p1 for changeset 055f2a618604
 6458 	[5376bc9e3b85] <1.9>
 6459 
 6460 	* Merge sudo 1.9.6p1 from tip
 6461 	[055f2a618604] [SUDO_1_9_6p1] <1.9>
 6462 
 6463 	* NEWS, configure, configure.ac:
 6464 	Sudo 1.9.6p1
 6465 	[93d95d3f23b1]
 6466 
 6467 2021-03-15  Alexandru Ardelean  <aardelean@deviqon.com>
 6468 
 6469 	* plugins/sudoers/policy.c:
 6470 	plugins: sudoers: policy: add MODE_IMPLIED_SHELL to RUN_VALID_FLAGS
 6471 
 6472 	Since this flag isn't set, the sudo_mode variable gets invalidated
 6473 	and running the 'sudo' command seems to error out with message
 6474 	'sudoers_policy_check: invalid mode flags from sudo front end:
 6475 	0x80001"'
 6476 	[b98b418f1997]
 6477 
 6478 2021-03-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 6479 
 6480 	* .hgtags:
 6481 	Added tag SUDO_1_9_6 for changeset e3e96490e48f
 6482 	[2e377fa2b87c] <1.9>
 6483 
 6484 	* config.guess, config.sub:
 6485 	Merge sudo 1.9.6 from tip
 6486 	[e3e96490e48f] [SUDO_1_9_6] <1.9>
 6487 
 6488 	* NEWS:
 6489 	fix typo
 6490 	[c7367647bd7c]
 6491 
 6492 2021-03-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 6493 
 6494 	* NEWS:
 6495 	Bug #968
 6496 	[e08853fca88e]
 6497 
 6498 	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
 6499 	logsrvd/sendlog.c, logsrvd/sendlog.h, logsrvd/tls_common.h,
 6500 	logsrvd/tls_init.c:
 6501 	Move common TLS initialization code to tls_init.c.
 6502 	[118c7d41ad48]
 6503 
 6504 	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po, po/tr.mo,
 6505 	po/tr.po:
 6506 	Updated translations from translationproject.org
 6507 	[cbc05710d6ba]
 6508 
 6509 	* plugins/sudoers/Makefile.in, plugins/sudoers/gram.c:
 6510 	Use HAVE_STDINT_H instead of trying to guess based on
 6511 	__STDC_VERSION__. Fixes compilation with pre-C99 headers when the
 6512 	compiler supports C99.
 6513 	[05ebf79d02c7]
 6514 
 6515 	* include/sudo_compat.h, lib/util/secure_path.c:
 6516 	Remove compatibility defines for POSIX sys/stat.h macros. Modern
 6517 	systems have them and we no longer support pre-POSIX systems. This
 6518 	fixes potential redefinition of the macros if sys/stat.h is included
 6519 	after sudo_compat.h. Bug #968.
 6520 	[d10d0b9b60e1]
 6521 
 6522 	* lib/eventlog/logwrap.c,
 6523 	plugins/python/python_plugin_approval_multi.inc,
 6524 	plugins/python/python_plugin_audit_multi.inc,
 6525 	plugins/python/python_plugin_io_multi.inc, src/get_pty.c:
 6526 	Quiet a few Solaris Studio compiler warnings.
 6527 	[1d82509f2e44]
 6528 
 6529 	* configure, configure.ac:
 6530 	Add -Wno-unknown-pragmas along with -Wall. We don't want warnings
 6531 	about unknown pragmas in system headers.
 6532 	[ac15fa0e3d95]
 6533 
 6534 	* scripts/pp:
 6535 	Solaris 11.4 removed /usr/bin/optisa, use /usr/bin/isainfo instead.
 6536 	[97d8bb91cf02]
 6537 
 6538 2021-03-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 6539 
 6540 	* configure, configure.ac:
 6541 	Compare OS name against freebsd* and netbsd* not freebsd and netbsd.
 6542 	Fixes an issue on NetBSD where host_os starts with netbsdelf.
 6543 	[2e813d52a7d6]
 6544 
 6545 	* plugins/sudoers/Makefile.in:
 6546 	Add @SUDOERS_LIBS@ to FUZZ_LIBS for -lutil on FreeBSD and NetBSD
 6547 	[38a7b3a9eb90]
 6548 
 6549 	* lib/util/Makefile.in, plugins/python/Makefile.in, src/Makefile.in:
 6550 	Set locale for all "make check" targets.
 6551 	[1a80048486d4]
 6552 
 6553 2021-03-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 6554 
 6555 	* configure, configure.ac:
 6556 	AIX 6.1 may have a broken fmemopen(). We only use it for the fuzzers
 6557 	so ignore it for AIX < 7.1.
 6558 	[ad909c1479ff]
 6559 
 6560 2021-03-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 6561 
 6562 	* scripts/pp:
 6563 	Only put specific directories in the ROOT section of the AIX
 6564 	package. Previously, /usr and /opt were placed in USR and everything
 6565 	else went in ROOT. Now, only /dev, /etc, /sbin and /var go in ROOT.
 6566 	[6f1fbe8fea31]
 6567 
 6568 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
 6569 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 6570 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 6571 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 6572 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 6573 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 6574 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
 6575 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 6576 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
 6577 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 6578 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 6579 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 6580 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
 6581 	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
 6582 	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/ja.mo,
 6583 	po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo,
 6584 	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
 6585 	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
 6586 	Updated translations from translationproject.org
 6587 	[53c17c8d56e9]
 6588 
 6589 2021-03-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 6590 
 6591 	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
 6592 	Remove unused tls parameter, we now use a per-address tls flag.
 6593 	[2be727a37b9c]
 6594 
 6595 2021-03-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 6596 
 6597 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 6598 	Document double escaping of backslashes. Bug #961.
 6599 	[ae51e4899555]
 6600 
 6601 	* NEWS, configure, configure.ac:
 6602 	No longer need to define _DARWIN_UNLIMITED_GETGROUPS on macOS. We
 6603 	now define _DARWIN_C_SOURCE which accomplishes the same thing.
 6604 	[c233df4c1ae4]
 6605 
 6606 	* plugins/sudoers/auth/pam.c:
 6607 	Fix a potential use-after-free in conversation function. The prompt
 6608 	passed in to sudo_pam_verify() will be freed later by
 6609 	check_user_interactive() so we need to reset the stashed value. From
 6610 	Pavel Heimlich. Bug #967.
 6611 	[86bc6ee3c493]
 6612 
 6613 	* plugins/sudoers/pwutil.c:
 6614 	No need to update cp after storing gr->gr_name, it is not used,
 6615 	Coverity CID 219314
 6616 	[27bace364dc9]
 6617 
 6618 2021-03-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 6619 
 6620 	* NEWS:
 6621 	Mention GitHub issue #56.
 6622 	[47b8b9fac52b]
 6623 
 6624 	* plugins/sudoers/po/sudoers.pot:
 6625 	regen
 6626 	[923899bcc63d]
 6627 
 6628 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 6629 	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h:
 6630 	Log peer address in sudo_logsrvd JSON-format logs. The peer that
 6631 	connected to us might not be the same host where the log entry
 6632 	originated.
 6633 	[4e2488efaf97]
 6634 
 6635 	* NEWS, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
 6636 	lib/util/sudo_conf.c:
 6637 	Make "group_source=dynamic" the default on macOS. Recent versions of
 6638 	macOS do not reliably return all of a user's non-local groups via
 6639 	getgroups(2), even when _DARWIN_UNLIMITED_GETGROUPS is defined. Bug
 6640 	#946.
 6641 	[491720b06a68]
 6642 
 6643 	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 6644 	lib/util/Makefile.in, logsrvd/Makefile.in,
 6645 	plugins/sudoers/Makefile.in:
 6646 	For regess/fuzz set LC_ALL to C.UTF-8 if possible, falling back on
 6647 	C. Works around a crash in leak sanitizer when the locale is set to
 6648 	C and TLS support is enabled.
 6649 	[4345912b9bd8]
 6650 
 6651 2021-03-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 6652 
 6653 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 6654 	Initialize the lbuf used by sudoers_trace_print() in init_lexer().
 6655 	Free the old buffer if there is one, otherwise it would never be
 6656 	freed.
 6657 	[1893ecc06718]
 6658 
 6659 	* lib/util/lbuf.c:
 6660 	In sudo_lbuf_destroy(), reset error, len and size.
 6661 	[7a6f980c2215]
 6662 
 6663 	* NEWS:
 6664 	Mention the integer overflow check in store_timespec().
 6665 	[f41519e1dae9]
 6666 
 6667 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6668 	In find_path() stub only make a copy in outfile if returning FOUND.
 6669 	Fixed a recently-introduced memory leak in the fuzzer.
 6670 	[2045b1afc0b5]
 6671 
 6672 2021-02-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 6673 
 6674 	* lib/util/sudo_debug.c:
 6675 	Disable debug code for FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION It
 6676 	will not be used and just confuses the coverage stats.
 6677 	[3307c855b77d]
 6678 
 6679 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6680 	Expand stub getaddrinfo() to resolve "localhost".
 6681 	[e1035616ad99]
 6682 
 6683 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6684 	Improve fuzz_policy coverage and set defaults in setdefs not parse.
 6685 	Now exercises session open/close and set additional defaults to
 6686 	exercise more code paths.
 6687 	[2843a0b930fd]
 6688 
 6689 	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c:
 6690 	Improve SUDOERS_NAME_MATCH support. Now supports digests and
 6691 	performs better directory matching.
 6692 	[2f2d63596256]
 6693 
 6694 	* plugins/sudoers/policy.c:
 6695 	Add MODE_CHECK to LIST_VALID_FLAGS, fixes "sudo -l command".
 6696 	[eff4cbe95d75]
 6697 
 6698 2021-02-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 6699 
 6700 	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
 6701 	lib/iolog/iolog_clearerr.c, lib/iolog/iolog_close.c,
 6702 	lib/iolog/iolog_eof.c, lib/iolog/iolog_fileio.c,
 6703 	lib/iolog/iolog_gets.c, lib/iolog/iolog_mkdirs.c,
 6704 	lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c,
 6705 	lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c,
 6706 	lib/iolog/iolog_openat.c, lib/iolog/iolog_read.c,
 6707 	lib/iolog/iolog_seek.c, lib/iolog/iolog_swapids.c,
 6708 	lib/iolog/iolog_util.c, lib/iolog/iolog_write.c,
 6709 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c, logsrvd/iolog_writer.c,
 6710 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 6711 	Split iolog_fileio.c into multiple files.
 6712 	[9b7c4f1b781f]
 6713 
 6714 	* plugins/sudoers/defaults.c:
 6715 	Correct the integer overflow check in store_timespec(). Fixes oss-
 6716 	fuzz issue #31463
 6717 	[3765d5c4ecd3]
 6718 
 6719 	* plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok:
 6720 	Update file that was missed in test27 changes.
 6721 	[5824f54afa88]
 6722 
 6723 	* MANIFEST, include/sudo_iolog.h, lib/iolog/Makefile.in,
 6724 	lib/iolog/iolog_conf.c, lib/iolog/iolog_fileio.c,
 6725 	lib/iolog/iolog_loginfo.c:
 6726 	Break out I/O log config handling into iolog_conf.c.
 6727 	[546f503f9bb4]
 6728 
 6729 	* lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 6730 	logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
 6731 	regen Makefile.in
 6732 	[43c54f94e9c8]
 6733 
 6734 	* examples/Makefile.in, lib/eventlog/Makefile.in,
 6735 	plugins/sudoers/Makefile.in:
 6736 	Add some missing files to the clean target
 6737 	[20754fec5ff1]
 6738 
 6739 	* plugins/sudoers/regress/sudoers/test27.in,
 6740 	plugins/sudoers/regress/sudoers/test27.json.ok,
 6741 	plugins/sudoers/regress/sudoers/test27.ldif.ok,
 6742 	plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok,
 6743 	plugins/sudoers/regress/sudoers/test27.out.ok,
 6744 	plugins/sudoers/regress/sudoers/test27.toke.ok:
 6745 	Add netgroup check to sudoers test27
 6746 	[1b45a6794b2d]
 6747 
 6748 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
 6749 	Sync with fuzz_sudoers changes.
 6750 	[1481cef048ad]
 6751 
 6752 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6753 	Fuzz with runuser and rungroup specified too.
 6754 	[2d8ceb465cea]
 6755 
 6756 	* MANIFEST, plugins/sudoers/regress/sudoers/test27.in,
 6757 	plugins/sudoers/regress/sudoers/test27.json.ok,
 6758 	plugins/sudoers/regress/sudoers/test27.ldif.ok,
 6759 	plugins/sudoers/regress/sudoers/test27.ldif2sudo.ok,
 6760 	plugins/sudoers/regress/sudoers/test27.out.ok,
 6761 	plugins/sudoers/regress/sudoers/test27.toke.ok:
 6762 	Add test to exercise RunasSpec without a RunasUser.
 6763 	[ee22ac488aca]
 6764 
 6765 	* MANIFEST, plugins/sudoers/regress/sudoers/test22.sudo.ok,
 6766 	plugins/sudoers/regress/sudoers/test23.sudo.ok,
 6767 	plugins/sudoers/regress/sudoers/test24.sudo.ok,
 6768 	plugins/sudoers/regress/sudoers/test26.sudo.ok:
 6769 	Remove unused regress files.
 6770 	[71d943734bb8]
 6771 
 6772 	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 6773 	Don't try to run getters if we failed to parse the config file.
 6774 	[734bb56c24ed]
 6775 
 6776 2021-02-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 6777 
 6778 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6779 	Add a stub getaddrinfo(3) to avoid a DNS timeout in CIfuzz.
 6780 	[5f725de1e3ad]
 6781 
 6782 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6783 	Fix runchroot, runcwd, tty_tickets. Add timestampowner.
 6784 	[d8a945bea98d]
 6785 
 6786 	* plugins/sudoers/policy.c:
 6787 	Only add command_info to garbage collector on successful return.
 6788 	Otherwise it will be freed on failure.
 6789 	[c3d0461efaa1]
 6790 
 6791 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6792 	Add user millert to group sudo, which is often the exempt group.
 6793 	[fac833a2cf3b]
 6794 
 6795 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6796 	Add some defaults settings in sudo_file_parse(). We don't have a
 6797 	real policy file but we still want to exercise callbacks in
 6798 	sudoers.c.
 6799 	[9f3d3f668973]
 6800 
 6801 	* plugins/sudoers/sudoers.c:
 6802 	Do not free sudo_user.iolog_{file,path} in sudo_user_free(). They
 6803 	are not dynamically allocated.
 6804 	[59c102ba67cf]
 6805 
 6806 	* lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
 6807 	Remove unnecessary warnings, we want to fail silently.
 6808 	[4b1ee5dd2cb4]
 6809 
 6810 	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 6811 	No longer need to stub out eventlog config functions.
 6812 	[08c40b6a63c9]
 6813 
 6814 	* MANIFEST, logsrvd/Makefile.in,
 6815 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.4,
 6816 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.5,
 6817 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.6,
 6818 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 6819 	Call public getters in logsrvd.conf fuzzer and add to corpus. Now
 6820 	exercises the syslog config erorr path.
 6821 	[0b314e4e0696]
 6822 
 6823 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6824 	Add more passes to policy fuzzer Now execises list, list other user
 6825 	and show_version.
 6826 	[21a1cc9665ec]
 6827 
 6828 	* plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
 6829 	plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6830 	Implement sudoers_policy_deregister_hooks() Register/deregister
 6831 	hooks in fuzz_policy and also call show_version().
 6832 	[8849644a75de]
 6833 
 6834 	* plugins/sudoers/regress/fuzz/fuzz_policy.c,
 6835 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 6836 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 6837 	Add sudoers debug register/deregister.
 6838 	[5fba9b19c6fa]
 6839 
 6840 	* plugins/sudoers/defaults.c:
 6841 	Remove unnecessary break statement.
 6842 	[aa18c2957f82]
 6843 
 6844 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok,
 6845 	plugins/sudoers/regress/sudoers/test14.in,
 6846 	plugins/sudoers/regress/sudoers/test14.json.ok,
 6847 	plugins/sudoers/regress/sudoers/test14.ldif.ok,
 6848 	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
 6849 	plugins/sudoers/regress/sudoers/test14.out.ok,
 6850 	plugins/sudoers/regress/sudoers/test14.toke.ok:
 6851 	Include a sha384 digest in the test corpus.
 6852 	[6c405febff10]
 6853 
 6854 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6855 	Parse sudoers file in the C locale.
 6856 	[82d6afbe499b]
 6857 
 6858 	* MANIFEST, plugins/sudoers/regress/sudoers/test26.in,
 6859 	plugins/sudoers/regress/sudoers/test26.json.ok,
 6860 	plugins/sudoers/regress/sudoers/test26.ldif.ok,
 6861 	plugins/sudoers/regress/sudoers/test26.ldif2sudo.ok,
 6862 	plugins/sudoers/regress/sudoers/test26.out.ok,
 6863 	plugins/sudoers/regress/sudoers/test26.sudo.ok,
 6864 	plugins/sudoers/regress/sudoers/test26.toke.ok:
 6865 	Add regress test with all current Defaults settings. Currently skips
 6866 	SELinux and Solaris privilege settings.
 6867 	[79e82a58ccde]
 6868 
 6869 2021-02-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 6870 
 6871 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
 6872 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_hooks.c:
 6873 	Move env hooks into sudoers_hooks.c.
 6874 	[7296d05b9206]
 6875 
 6876 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6877 	No need to call check_defaults() and check_aliases() in quiet mode.
 6878 	[0d0f93849388]
 6879 
 6880 	* plugins/sudoers/gc.c:
 6881 	sudoers_gc_init() is not currently used
 6882 	[e74d2870ae25]
 6883 
 6884 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/fmtsudoers.c,
 6885 	plugins/sudoers/fmtsudoers_cvt.c:
 6886 	Split fmtsudoers.c into the parts used by sudoers plugin and
 6887 	cvtsudoers. Only testsudoers and cvtsudoers use the full set of
 6888 	formatting functions.
 6889 	[8c57e80ae655]
 6890 
 6891 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6892 	Check defaults settings too.
 6893 	[7dc7d66f47e7]
 6894 
 6895 	* MANIFEST, plugins/sudoers/Makefile.in,
 6896 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 6897 	plugins/sudoers/regress/fuzz/fuzz_stubs.c,
 6898 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 6899 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 6900 	Add fuzzer-specific stubs source file.
 6901 	[815c28958d42]
 6902 
 6903 	* Makefile.in:
 6904 	Do not overwrite existing ChangeLog file if there is no hg/git dir.
 6905 	We don't want "make install" from a source tarball to nuke the
 6906 	ChangeLog.
 6907 	[f7aba6a01d85]
 6908 
 6909 	* lib/iolog/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
 6910 	plugins/sudoers/Makefile.in:
 6911 	Remove fuzzer targets in "make clean"
 6912 	[25b068bc254b]
 6913 
 6914 	* .gitignore, .hgignore:
 6915 	Ignore fuzzer targets
 6916 	[d920254ce731]
 6917 
 6918 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 6919 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 6920 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 6921 	lib/util/regress/fuzz/fuzz_sudo_conf.c,
 6922 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 6923 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 6924 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 6925 	Set program name in fuzzers so we get consisten warnings.
 6926 	[1ee4b5478d1c]
 6927 
 6928 	* plugins/sudoers/Makefile.in,
 6929 	plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6930 	Use real eventlog config fuctions instead of stubs.
 6931 	[eed6fc4df1f6]
 6932 
 6933 	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
 6934 	lib/iolog/iolog_loginfo.c:
 6935 	Move iolog info log writing to iolog_loginfo.c
 6936 	[292915dae440]
 6937 
 6938 	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_loginfo.c,
 6939 	lib/iolog/iolog_timing.c, lib/iolog/iolog_util.c,
 6940 	lib/iolog/regress/iolog_timing/check_iolog_timing.c,
 6941 	lib/iolog/regress/iolog_util/check_iolog_util.c:
 6942 	Split iolog_util.c into iolog_loginfo.c and iolog_timing.c. Also
 6943 	rename check_iolog_util -> check_iolog_timing.
 6944 	[5b5249e4aa96]
 6945 
 6946 	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_legacy.c,
 6947 	lib/iolog/iolog_util.c:
 6948 	Move legacy I/O log info file parsing to iolog_legacy.c
 6949 	[94b767bb56c7]
 6950 
 6951 	* MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
 6952 	lib/eventlog/eventlog.c, lib/eventlog/eventlog_conf.c:
 6953 	Move eventlog config code into eventlog_conf.c
 6954 	[656d65215e50]
 6955 
 6956 	* MANIFEST, lib/eventlog/Makefile.in, lib/eventlog/eventlog.c,
 6957 	lib/eventlog/eventlog_free.c:
 6958 	Move eventlog_free() into its own file.
 6959 	[a5ff36ac0ebb]
 6960 
 6961 	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 6962 	Stub out eventlog and iolog configuration setters.
 6963 	[cc32ba7436cd]
 6964 
 6965 	* MANIFEST, plugins/sudoers/defaults.c,
 6966 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 6967 	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
 6968 	Update Defaults settings after parsing sudoers. Also stub out
 6969 	dump_defaults when fuzzing as it is not used.
 6970 	[fa1e7c7b42c2]
 6971 
 6972 	* plugins/sudoers/Makefile.in, plugins/sudoers/b64_decode.c,
 6973 	plugins/sudoers/b64_encode.c, plugins/sudoers/base64.c:
 6974 	Split base64 encode/decode functions into separate source files.
 6975 	They are independent functions.
 6976 	[ab0904c5122c]
 6977 
 6978 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 6979 	fuzz_printf and fuzz_conversation can be stubs.
 6980 	[9b11c9a3f3c3]
 6981 
 6982 2021-02-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 6983 
 6984 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6985 	Exercise tilde expansion if used in runcwd or runchroot.
 6986 	[a6f0995c6a55]
 6987 
 6988 	* plugins/sudoers/check_aliases.c:
 6989 	Move alias checking code out of visudo.c and into check_aliases.c.
 6990 	[5c0a91978441]
 6991 
 6992 	* plugins/sudoers/Makefile.in,
 6993 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 6994 	Check aliases in fuzz_sudoers if the policy parsed correctly.
 6995 	[b272e634f204]
 6996 
 6997 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/parse.h,
 6998 	plugins/sudoers/visudo.c:
 6999 	Move alias checking code out of visudo.c and into check_aliases.c.
 7000 	[b9c23c958935]
 7001 
 7002 	* plugins/sudoers/Makefile.in,
 7003 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7004 	We don't need to link fuzz_sudoers with file.c.
 7005 	[4fcd15e8cdcf]
 7006 
 7007 	* lib/iolog/regress/fuzz/fuzz_iolog_json.dict,
 7008 	lib/util/regress/fuzz/fuzz_sudo_conf.dict,
 7009 	plugins/sudoers/regress/fuzz/fuzz_policy.dict,
 7010 	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
 7011 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict:
 7012 	Strings in dictionary files need to be quoted.
 7013 	[8a95ea335d2d]
 7014 
 7015 	* MANIFEST, lib/iolog/Makefile.in,
 7016 	lib/iolog/regress/fuzz/fuzz_iolog_json.dict, lib/util/Makefile.in,
 7017 	lib/util/regress/fuzz/fuzz_sudo_conf.dict,
 7018 	plugins/sudoers/Makefile.in,
 7019 	plugins/sudoers/regress/fuzz/fuzz_policy.dict,
 7020 	plugins/sudoers/regress/fuzz/fuzz_sudoers.dict,
 7021 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.dict:
 7022 	Add dictionary files for fuzzers where possible.
 7023 	[4d9147fd50fd]
 7024 
 7025 2021-02-22  Todd C. Miller  <Todd.Miller@sudo.ws>
 7026 
 7027 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7028 	Also free safe_cmnd so it doesn't leak.
 7029 	[5071a1ffa5d0]
 7030 
 7031 	* plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c:
 7032 	Return NOT_FOUND from the set_cmnd_path() stub since we don't set
 7033 	user_cmnd. The purpose of set_cmnd_path() is to reset user_cmnd
 7034 	based on a new runchroot. For the stub version we don't modify
 7035 	user_cmnd and so must not return a status of FOUND. Fixes oss-fuzz
 7036 	issue #31250 which only affected the fuzzer and not sudo.
 7037 	[36fe416668df]
 7038 
 7039 	* plugins/sudoers/Makefile.in,
 7040 	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
 7041 	Fix fuzz_sudoers output matching.
 7042 	[6cec1e5aa799]
 7043 
 7044 	* lib/fuzzstub/fuzzstub.c:
 7045 	Print "running" and "executed" lines to stderr like libfuzzer does.
 7046 	[b76b7a4a6ff3]
 7047 
 7048 	* plugins/sudoers/pwutil_impl.c:
 7049 	Support passing sudo_make_gidlist_item() an array of gids. The gids
 7050 	are formatted as strings, not gid_t.
 7051 	[d1608f63ae91]
 7052 
 7053 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7054 	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok:
 7055 	Prime user/group cached and set the interface list. Also match
 7056 	parsed policy against multiple users.
 7057 	[ec19b5658a2a]
 7058 
 7059 	* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.h:
 7060 	Add sudo_mkgrent(), to be used to prime the group cache in
 7061 	tests/fuzzers.
 7062 	[333f0887abbc]
 7063 
 7064 2021-02-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 7065 
 7066 	* plugins/sudoers/Makefile.in,
 7067 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7068 	Perform matching in fuzz_sudoers for inputs that parse correctly.
 7069 	The fuzzer now exercised the normal match code as well as the
 7070 	pseudo-command (list, validate, etc) match code. Privileges are also
 7071 	listed for well-formed sudoers file.
 7072 	[8caf505d7341]
 7073 
 7074 	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
 7075 	plugins/sudoers/parse.h:
 7076 	Add back SUDOERS_NAME_MATCH and enable it when fuzzing. This avoids
 7077 	the test environment from influencing sudoers matching.
 7078 	[496b3a7184a8]
 7079 
 7080 	* plugins/sudoers/match_command.c:
 7081 	Add missing globfree(3) in command_matches_glob() when matching a
 7082 	directory.
 7083 	[1d6d28d6eb61]
 7084 
 7085 2021-02-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 7086 
 7087 	* lib/util/sudo_dso.c:
 7088 	Add support on AIX for loading plugins that are .a (not .so) files.
 7089 	It is possible to specify the member name in parens after the path,
 7090 	e.g. sudoers.a(shr.o) for 32-bit or sudoers.a(shr_64.o) for 64-bit.
 7091 	If no member is specified in the path and dlopen() fails with
 7092 	ENOEXEC, try again with an explicit member, either shr.o or
 7093 	shr_64.o.
 7094 	[90d975989148]
 7095 
 7096 	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
 7097 	include/Makefile.in, lib/eventlog/Makefile.in,
 7098 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 7099 	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
 7100 	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
 7101 	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
 7102 	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
 7103 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
 7104 	src/Makefile.in:
 7105 	Add clean rules to .PHONY target.
 7106 	[dea3468f3f7b]
 7107 
 7108 2021-02-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 7109 
 7110 	* Makefile.in, doc/Makefile.in, examples/Makefile.in,
 7111 	include/Makefile.in, lib/eventlog/Makefile.in,
 7112 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 7113 	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
 7114 	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
 7115 	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
 7116 	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
 7117 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
 7118 	src/Makefile.in:
 7119 	Add install-fuzz Makefile target to install the fuzzers and seed
 7120 	corpus. The FUZZ_DESTDIR make variable needs to be set in the
 7121 	environment or on the command line.
 7122 	[89c4dc1e8cb0]
 7123 
 7124 	* plugins/sudoers/Makefile.in:
 7125 	Only display fuzz_policy output if the fuzzer exits with an error.
 7126 	[c6927227be4a]
 7127 
 7128 	* plugins/sudoers/regress/corpus/policy/policy.1,
 7129 	plugins/sudoers/regress/fuzz/fuzz_policy.c:
 7130 	Call list, validate and invalidate entry points too. We need a
 7131 	separate open/close for each one.
 7132 	[fbbc5bdb4541]
 7133 
 7134 	* INSTALL, configure, configure.ac:
 7135 	Add --disable-ssp configure option. This allows for disabling
 7136 	-fstack-protector without turning off the other hardening options.
 7137 	[1d9ca18e4fa9]
 7138 
 7139 	* lib/util/regress/getdelim/getdelim_test.c:
 7140 	Test the error case by closing the underlying fd. Note that we don't
 7141 	use ferror() here since our getdelim() has no way to set the error
 7142 	flag if there is a memory allocation error.
 7143 	[df0464968e2c]
 7144 
 7145 	* lib/util/regress/getdelim/getdelim_test.c:
 7146 	Test the case where getdelim() must reallocate the buffer.
 7147 	Reproduces Bug #960.
 7148 	[df4dbc0830be]
 7149 
 7150 	* lib/eventlog/eventlog.c:
 7151 	When logging JSON to syslog, wrap the contents in a "sudo" object.
 7152 	This makes it easier for log parsers to identify what is a sudo log
 7153 	entry.
 7154 	[2c96aeaabc8e]
 7155 
 7156 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 7157 	Restore the check for sudoers_policy.close == NULL. The fuzzers run
 7158 	as part of "make check" too in which case NO_LEAKS won't be defined
 7159 	and the close function will be set to NULL.
 7160 	[8418ff5f6dfb]
 7161 
 7162 	* lib/iolog/iolog_json.c:
 7163 	Use %td when printing the difference of two pointers.
 7164 	[608de9ab3902]
 7165 
 7166 	* plugins/sudoers/parse.c:
 7167 	Don't print a NULL as a string if role/type/privs/limitprivs is not
 7168 	set. We can't rely on printf("%s", NULL) not crashing.
 7169 	[4a04efbcbff9]
 7170 
 7171 	* plugins/sudoers/sudoers.c:
 7172 	Fix compilation error on Solaris introduced with sudo_user_free().
 7173 	[0ce4e0ac807e]
 7174 
 7175 2021-02-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 7176 
 7177 	* NEWS:
 7178 	Bug #960.
 7179 	[82303f217d8b]
 7180 
 7181 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7182 	Distinguish between EOF and error using feof(3), not ferror(3). Our
 7183 	getdelim(3) emulation won't set the error flag if the error is due
 7184 	to an allocation failure. This explains the premature EOF without
 7185 	error seen in Bug #960.
 7186 	[5a70875f92fa]
 7187 
 7188 	* lib/util/getdelim.c:
 7189 	Reset end pointer when reallocing the line buffer in getdelim().
 7190 	Fixes excessive memory allocations for long lines. Bug #960.
 7191 	[d6dd6893b38a]
 7192 
 7193 	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 7194 	plugins/sudoers/Makefile.in:
 7195 	Remove duplicated MALLOC_OPTIONS and MALLOC_CONF env variables.
 7196 	[2f7695aadad9]
 7197 
 7198 	* lib/iolog/iolog_json.c:
 7199 	On parse error, display line and column instead of the offending
 7200 	line.
 7201 	[bbda04a5b05d]
 7202 
 7203 	* logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
 7204 	regen
 7205 	[20e093fd76f0]
 7206 
 7207 	* NEWS, configure, configure.ac:
 7208 	Sudo 1.9.6
 7209 	[1c76fe52426f]
 7210 
 7211 2021-02-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 7212 
 7213 	* lib/iolog/iolog_json.c, lib/iolog/iolog_util.c:
 7214 	Pass I/O log memory allocation errors up to the caller.
 7215 	[4777add71679]
 7216 
 7217 	* INSTALL, config.h.in, configure, configure.ac, doc/sudoers.man.in,
 7218 	doc/sudoers.mdoc.in, pathnames.h.in, plugins/sudoers/def_data.c,
 7219 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 7220 	plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c:
 7221 	Add admin_flag sudoers option and make --enable-admin-flag take a
 7222 	path. It is now possible to disable the Ubuntu admin flag in sudoers
 7223 	or change its location. GitHub issue #56
 7224 	[d77c3876fa95]
 7225 
 7226 	* plugins/sudoers/exptilde.c,
 7227 	plugins/sudoers/regress/exptilde/check_exptilde.c:
 7228 	Fix tilde expansion of paths with no user like ~/foo. The '/'
 7229 	separator was missing in the resulting path.
 7230 	[dbba61f76d6c]
 7231 
 7232 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, lib/util/sudo_conf.c,
 7233 	plugins/sudoers/policy.c:
 7234 	Limit max_groups in sudo.conf to 1024. The max_groups setting should
 7235 	no longer be needed anyway.
 7236 	[aee7843e0c7d]
 7237 
 7238 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
 7239 	In sudoers_policy_close() call sudoers_cleanup() instead of
 7240 	sudo_user_free(). If we didn't call sudoers_policy_main() due to an
 7241 	early error there may be more things to clean up.
 7242 	[683d69d84aa6]
 7243 
 7244 	* plugins/sudoers/policy.c:
 7245 	Check for invalid flag combinations from front-end for all cases.
 7246 	The checks are now performed in the check_policy, list, validate and
 7247 	invalidate functions instead of as part of the open function. We
 7248 	can't perform the checks in open because we don't yet know what
 7249 	operation is going to be performed.
 7250 	[b09105b3bb42]
 7251 
 7252 	* plugins/sudoers/policy.c,
 7253 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 7254 	plugins/sudoers/sudoers.c:
 7255 	Always dynamically allocate user_cmnd, it is freed in
 7256 	sudo_user_free(). Instead of setting user_cmnd in the policy
 7257 	functions, always set argv. Calling sudoers_policy_main() with argc
 7258 	of 0 is no longer allowed.
 7259 	[820f1f4e5c44]
 7260 
 7261 	* plugins/sudoers/policy.c:
 7262 	No need for sudoers_cleanup() in sudoers_policy_invalidate(). The
 7263 	sudoers close() function is now called even for "sudo -k". Also no
 7264 	need to set user_cmnd, it is not used in this code path.
 7265 	[c2c9832c32f4]
 7266 
 7267 2021-02-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 7268 
 7269 	* MANIFEST, logsrvd/Makefile.in, logsrvd/logsrvd_conf.c,
 7270 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.1,
 7271 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.2,
 7272 	logsrvd/regress/corpus/logsrvd_conf/logsrvd.conf.3,
 7273 	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
 7274 	Add simple fuzzer for sudo_logsrvd.conf parser.
 7275 	[8b5cd9e24656]
 7276 
 7277 	* lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
 7278 	Fix unlinking of timing temp file.
 7279 	[8b0ce6d777c8]
 7280 
 7281 	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 7282 	plugins/python/Makefile.in, plugins/sudoers/Makefile.in:
 7283 	Set MALLOC_OPTIONS and MALLOC_CONF for all regress targets.
 7284 	[47e8b85d1d9a]
 7285 
 7286 	* MANIFEST, lib/util/Makefile.in,
 7287 	lib/util/regress/corpus/sudo_conf/sudo.conf.1,
 7288 	lib/util/regress/corpus/sudo_conf/sudo.conf.2,
 7289 	lib/util/regress/corpus/sudo_conf/sudo.conf.3,
 7290 	lib/util/regress/fuzz/fuzz_sudo_conf.c:
 7291 	Add simple fuzzer for sudo.conf parser.
 7292 	[8a530402f936]
 7293 
 7294 	* plugins/sudoers/policy.c,
 7295 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 7296 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 7297 	Free struct sudo_user in sudoers_policy_close() and
 7298 	sudoers_cleanup(). Also, do not NULL out the close function if
 7299 	NO_LEAKS is defined.
 7300 	[f3fbf78e6e41]
 7301 
 7302 	* MANIFEST, lib/iolog/Makefile.in,
 7303 	lib/iolog/regress/corpus/log_legacy/id,
 7304 	lib/iolog/regress/corpus/log_legacy/id.log,
 7305 	lib/iolog/regress/corpus/log_legacy/ls,
 7306 	lib/iolog/regress/corpus/log_legacy/ls.log,
 7307 	lib/iolog/regress/corpus/log_legacy/mailq,
 7308 	lib/iolog/regress/corpus/log_legacy/mailq.log,
 7309 	lib/iolog/regress/corpus/log_legacy/make,
 7310 	lib/iolog/regress/corpus/log_legacy/make.log,
 7311 	lib/iolog/regress/corpus/log_legacy/pkg_add,
 7312 	lib/iolog/regress/corpus/log_legacy/pkg_add.log,
 7313 	lib/iolog/regress/corpus/log_legacy/pkg_delete,
 7314 	lib/iolog/regress/corpus/log_legacy/pkg_delete.log,
 7315 	lib/iolog/regress/corpus/log_legacy/printenv,
 7316 	lib/iolog/regress/corpus/log_legacy/printenv.log,
 7317 	plugins/sudoers/Makefile.in:
 7318 	For "make fuzz" only fuzz the seed corpus. This way we avoid files
 7319 	generated by the fuzzer itself.
 7320 	[42ace1dec313]
 7321 
 7322 2021-02-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 7323 
 7324 	* plugins/sudoers/env.c, plugins/sudoers/gc.c,
 7325 	plugins/sudoers/policy.c,
 7326 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 7327 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 7328 	Fix sudoers garbage collection and run it in policy fuzzer.
 7329 	[c0d572fd9921]
 7330 
 7331 	* .github/workflows/main.yml:
 7332 	Rename master -> main
 7333 	[57000edd1aff]
 7334 
 7335 	* plugins/sudoers/policy.c:
 7336 	Do not include errno string for invalid params from front-end.
 7337 	[2d0b55b3041f]
 7338 
 7339 	* plugins/sudoers/parse.c, plugins/sudoers/policy.c,
 7340 	plugins/sudoers/regress/fuzz/fuzz_policy.c:
 7341 	Always dynamically allocate user_role, user_type, user_privs,
 7342 	user_limitprivs
 7343 	[f5992824219d]
 7344 
 7345 	* plugins/sudoers/policy.c:
 7346 	Remove dead code, front-end does not set runas_privs or
 7347 	runas_limitprivs
 7348 	[6ce3da323452]
 7349 
 7350 	* plugins/sudoers/iolog.c:
 7351 	Plug memory leak if there are duplicate user_info or command_info
 7352 	entries.
 7353 	[21865246a4dc]
 7354 
 7355 2021-02-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 7356 
 7357 	* .github/workflows/main.yml:
 7358 	Add CIFuzz workflow to run fuzzers on push or PR.
 7359 	https://google.github.io/oss-fuzz/getting-started/continuous-
 7360 	integration/
 7361 	[47f1c8015ec5]
 7362 
 7363 	* plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_policy.c,
 7364 	plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
 7365 	Move create_admin_success_flag() to timestamp.c.
 7366 	[0675f230288c]
 7367 
 7368 	* configure, configure.ac:
 7369 	Error out if fuzzer/sanitizer enabled but not supported by the
 7370 	compiler.
 7371 	[289afba93f79]
 7372 
 7373 	* plugins/sudoers/regress/fuzz/fuzz_policy.c:
 7374 	The push() function was not updating the size after reallocating.
 7375 	[e089aaeee3b2]
 7376 
 7377 	* plugins/sudoers/pwutil_impl.c, src/sudo.c:
 7378 	If sudo_getgrouplist2() returns -1, clamp ngroups based on
 7379 	max_groups. The ngroups parameter is an out parameter that is filled
 7380 	in with the actual number of groups, which may be less than the
 7381 	static number allocated when max_groups is set in sudo.conf. Fixes a
 7382 	potential out of bounds read found by LLVM libFuzzer.
 7383 	[a26461ccf891]
 7384 
 7385 2021-02-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 7386 
 7387 	* plugins/sudoers/policy.c:
 7388 	Reset sudoers path, owner and mode before parsing plugin arguments.
 7389 	This is only needed when calling sudoers_policy_deserialize_info()
 7390 	more than once, which is true for the policy fuzzer.
 7391 	[a25a6210f48c]
 7392 
 7393 	* plugins/sudoers/sudoers.c:
 7394 	Cleanup sudoers sources on denial and error too.
 7395 	[454b7adcfa21]
 7396 
 7397 	* plugins/sudoers/pwutil.c:
 7398 	Fix sudo_getgrgid reference count bug when gid doesn't exist. This
 7399 	one was missed when the other user/group lookup functions were
 7400 	fixed.
 7401 	[20e3fad6768b]
 7402 
 7403 	* plugins/sudoers/policy.c:
 7404 	Plug memory leak if there are duplicate user_info entries.
 7405 	[b8ddcfa0a051]
 7406 
 7407 	* MANIFEST, plugins/sudoers/Makefile.in,
 7408 	plugins/sudoers/regress/corpus/policy/policy.1,
 7409 	plugins/sudoers/regress/corpus/policy/policy.2,
 7410 	plugins/sudoers/regress/corpus/policy/policy.3,
 7411 	plugins/sudoers/regress/corpus/policy/policy.4,
 7412 	plugins/sudoers/regress/corpus/policy/policy.5,
 7413 	plugins/sudoers/regress/fuzz/fuzz_policy.c,
 7414 	plugins/sudoers/sudoers.c:
 7415 	Fuzz sudoers policy module API. Includes a test case to reproduce
 7416 	CVE-2021-3156.
 7417 	[576d065759cf]
 7418 
 7419 	* lib/iolog/Makefile.in, plugins/sudoers/Makefile.in:
 7420 	Make fuzz targets depend on fuzzer stub library. We really want a
 7421 	dependency on $(LIB_FUZZING_ENGINE) but that could be a flag like
 7422 	"-fsanitize=fuzzer" instead of a path.
 7423 	[0963418f1cf9]
 7424 
 7425 	* lib/util/Makefile.in:
 7426 	regen
 7427 	[dd872eceb19e]
 7428 
 7429 	* MANIFEST, plugins/sudoers/Makefile.in:
 7430 	Move audit.c from libparsesudoers to the sudoers module itself. Now
 7431 	that audit.c contains the audit module it doesn't belong in
 7432 	libparsesudoers.
 7433 	[3df4f6e10f54]
 7434 
 7435 	* configure, configure.ac:
 7436 	Do not pass AX_APPEND_FLAG more than a single flag. GitHub issue #92
 7437 	[ed9ccdd41231]
 7438 
 7439 2021-02-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 7440 
 7441 	* lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 7442 	logsrvd/Makefile.in, plugins/sudoers/Makefile.in:
 7443 	Fix up some .la file library dependencies. libsudo_iolog.la already
 7444 	depends on libsudo_util.la and libsudo_eventlog.la so we don't need
 7445 	to list those explicitly when libsudo_iolog.la is listed.
 7446 	[d8b55cf698b5]
 7447 
 7448 	* lib/eventlog/eventlog.c, lib/util/Makefile.in, lib/util/progname.c,
 7449 	lib/util/regress/progname/progname_test.c, lib/util/sudo_conf.c,
 7450 	lib/util/util.exp.in, plugins/sudoers/audit.c,
 7451 	plugins/sudoers/find_path.c, plugins/sudoers/iolog.c,
 7452 	plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c,
 7453 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 7454 	src/sudo_edit.c, src/sudo_noexec.c:
 7455 	Use sudo_basename() instead of doing the equivalent manually.
 7456 	[67e2b5d68a73]
 7457 
 7458 	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
 7459 	lib/util/basename.c, lib/util/util.exp.in:
 7460 	Add a GNU-compatible version of basename(3). Unlike POSIX
 7461 	basename(3), the GNU variant does not modify its argument. Note that
 7462 	basename of a path ending in "/" returns an empty string.
 7463 	[693e1d39718a]
 7464 
 7465 2021-02-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 7466 
 7467 	* lib/iolog/iolog_fileio.c:
 7468 	feof(3) returns non-zero at EOF, not necessarily 1. On Illumos at
 7469 	least it returns a value other than 1.
 7470 	[fc2242fe7c6e]
 7471 
 7472 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7473 	Portable workaround for getdelim(3) implementations modify buf on
 7474 	EOF. We should assume that the contents of buf are undefined when
 7475 	getdelim(3) returns -1. We now peek ahead one char and skip the
 7476 	getdelim(3) call if EOF is detected. This will preserve the original
 7477 	value of the last line.
 7478 	[1e353f05a0fa]
 7479 
 7480 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7481 	Some getdelim(3) implementations write a NUL to the buffer on EOF.
 7482 	AIX and Illumos appear to have this behavior. We now preserve the
 7483 	first character of the buffer on EOF to work around this. Fixes
 7484 	reporting of syntax errors on the last line of a file.
 7485 	[22611c14c1d1]
 7486 
 7487 	* plugins/sudoers/Makefile.in:
 7488 	Fuzz the example sudoers file, not the default one. The default
 7489 	sudoers uses @includedir which can result in different output,
 7490 	depending on the permissions of /etc/sudoers.d.
 7491 	[1b325a1d0e0a]
 7492 
 7493 	* configure, configure.ac:
 7494 	illumos has a broken fmemopen(3), don't use it.
 7495 	[d297ee0339e6]
 7496 
 7497 2021-02-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 7498 
 7499 	* config.h.in, configure, configure.ac, include/sudo_compat.h:
 7500 	Add configure check for SSIZE_MAX
 7501 	[ca7699154705]
 7502 
 7503 	* lib/iolog/iolog_json.c:
 7504 	Suppress PVS Studio false positives.
 7505 	[6d8fcec047e5]
 7506 
 7507 	* src/sesh.c:
 7508 	Silence a clang analyzer false positive.
 7509 	[8bc3e89f6fbb]
 7510 
 7511 	* plugins/sudoers/toke_util.c:
 7512 	Silence a clang analyzer false positive.
 7513 	[2489166fc372]
 7514 
 7515 	* lib/fuzzstub/fuzzstub.c:
 7516 	Fix CID 217123, size check always false on 64-bit systems.
 7517 	[3c018b5d43a8]
 7518 
 7519 	* plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7520 	Make open_sudoers() always return NULL like fuzz_sudoers.c
 7521 	[042de90307ae]
 7522 
 7523 	* plugins/sudoers/regress/sudoers/test4.toke.ok,
 7524 	plugins/sudoers/regress/sudoers/test5.toke.ok,
 7525 	plugins/sudoers/regress/sudoers/test7.toke.ok,
 7526 	plugins/sudoers/regress/sudoers/test8.toke.ok:
 7527 	Update *.toke.ok now that lexer doesn't call sudoerserror() itself.
 7528 	[d60c0d33b5b4]
 7529 
 7530 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 7531 	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
 7532 	plugins/sudoers/toke.h, plugins/sudoers/toke.l:
 7533 	The lexer now sets an error string before returning ERROR. The
 7534 	parser will use that when reporting on an ERROR state. This prevents
 7535 	the lexer from reporting errors about tokens that are not actually
 7536 	consumed by the parser and we don't have to worry about both the
 7537 	lexer and the parser reporting errors. It also means we only get one
 7538 	error per sudoers line.
 7539 	[7ffb0d28862f]
 7540 
 7541 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 7542 	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
 7543 	plugins/sudoers/toke.l:
 7544 	Go back to storing the last error file/line in sudoerserrorf(). This
 7545 	is still the best way to avoid displaying more than one error per
 7546 	line.
 7547 	[21da59d69c5f]
 7548 
 7549 	* configure, configure.ac:
 7550 	Add -fsanitize=fuzzer-no-link to ASAN_LDFLAGS too, not just
 7551 	ASAN_CFLAGS.
 7552 	[d3c719c72d79]
 7553 
 7554 	* MANIFEST, Makefile.in, doc/Makefile.in, examples/Makefile.in,
 7555 	include/Makefile.in, lib/eventlog/Makefile.in,
 7556 	lib/fuzzstub/Makefile.in, lib/iolog/Makefile.in,
 7557 	lib/logsrv/Makefile.in, lib/util/Makefile.in, lib/zlib/Makefile.in,
 7558 	logsrvd/Makefile.in, plugins/audit_json/Makefile.in,
 7559 	plugins/group_file/Makefile.in, plugins/python/Makefile.in,
 7560 	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
 7561 	plugins/sudoers/Makefile.in,
 7562 	plugins/sudoers/regress/fuzz/fuzz_sudoers.out.ok,
 7563 	plugins/system_group/Makefile.in, src/Makefile.in:
 7564 	Add fuzz Makefile target and run fuzzer corpus in make check.
 7565 	[a66085f05dea]
 7566 
 7567 2021-02-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 7568 
 7569 	* MANIFEST, Makefile.in, configure, configure.ac,
 7570 	lib/fuzzstub/Makefile.in, lib/fuzzstub/fuzzstub.c,
 7571 	lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 7572 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 7573 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 7574 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7575 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7576 	Add stub library that just feeds files to the fuzzing target. This
 7577 	will allow the fuzzers to be run as part of "make check".
 7578 	[aa8fda20c3f8]
 7579 
 7580 	* scripts/mkpkg:
 7581 	Append to CFLAGS and LDFLAGS instead of overriding them when adding
 7582 	-m64.
 7583 	[d02cf3c28198]
 7584 
 7585 	* config.h.in, configure, configure.ac,
 7586 	lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 7587 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 7588 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 7589 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7590 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7591 	Fall back to a temp file if fmemopen() is not available().
 7592 	[87f804b98c18]
 7593 
 7594 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 7595 	Add missing return statement when NO_LEAKS is not defined.
 7596 	[25b8e1041b62]
 7597 
 7598 	* lib/eventlog/Makefile.in:
 7599 	Remove remnants of liblogsrv.
 7600 	[5030114bb12f]
 7601 
 7602 	* INSTALL, configure, configure.ac, lib/iolog/Makefile.in,
 7603 	plugins/sudoers/Makefile.in:
 7604 	Add --enable-fuzzer-linker and --enable-fuzzer-engine options. These
 7605 	will allow the fuzzers to be built as part of oss-fuzz.
 7606 	[c3176bd8b95b]
 7607 
 7608 2021-02-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 7609 
 7610 	* .gitignore, .hgignore:
 7611 	Sync ignore files.
 7612 	[ddf136d412f7]
 7613 
 7614 	* plugins/sudoers/Makefile.in:
 7615 	Fix linking of sudoers fuzzers with static libsudo_util.
 7616 	[86d07a5a671d]
 7617 
 7618 	* INSTALL, configure, configure.ac, lib/iolog/Makefile.in,
 7619 	plugins/sudoers/Makefile.in:
 7620 	Add --enable-fuzzer option to use when building fuzzers
 7621 	[01e31362c2b0]
 7622 
 7623 	* INSTALL, configure, configure.ac:
 7624 	Replace --enable-asan with --enable-sanitizer It is not possible to
 7625 	set the sanitizer flags at configure time.
 7626 	[115d869e1d55]
 7627 
 7628 2021-02-06  Anton Bershanskiy  <45960703+bershanskiy@users.noreply.github.com>
 7629 
 7630 	* src/copy_file.c:
 7631 	Fix comment typo in src/copy_file.c
 7632 	[60dbf6da4712]
 7633 
 7634 2021-02-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 7635 
 7636 	* lib/iolog/Makefile.in, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 7637 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
 7638 	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
 7639 	plugins/sudoers/Makefile.in,
 7640 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7641 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7642 	Build (but don't run) fuzzers as part of "make check". Uses a stub
 7643 	to make it possible to link w/o libfuzzer. The goal is to ensure the
 7644 	fuzzers are always buildable and avoid bit rot.
 7645 	[9186e252b8bf]
 7646 
 7647 	* lib/iolog/Makefile.in, plugins/sudoers/Makefile.in:
 7648 	Add libsudo_eventlog.la as a dependency of libsudo_iolog.la No
 7649 	longer need to link against libsudo_eventlog.la in sudoers.
 7650 	[508097f86035]
 7651 
 7652 2021-02-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 7653 
 7654 	* MANIFEST, lib/iolog/regress/corpus/log_json/id.json,
 7655 	lib/iolog/regress/corpus/log_json/ls.json,
 7656 	lib/iolog/regress/corpus/log_json/mailq.json,
 7657 	lib/iolog/regress/corpus/log_json/make.json,
 7658 	lib/iolog/regress/corpus/log_json/pkg_add.json,
 7659 	lib/iolog/regress/corpus/log_json/pkg_delete.json,
 7660 	lib/iolog/regress/corpus/log_json/printenv.json,
 7661 	lib/iolog/regress/corpus/log_legacy/id,
 7662 	lib/iolog/regress/corpus/log_legacy/ls,
 7663 	lib/iolog/regress/corpus/log_legacy/mailq,
 7664 	lib/iolog/regress/corpus/log_legacy/make,
 7665 	lib/iolog/regress/corpus/log_legacy/pkg_add,
 7666 	lib/iolog/regress/corpus/log_legacy/pkg_delete,
 7667 	lib/iolog/regress/corpus/log_legacy/printenv,
 7668 	lib/iolog/regress/corpus/timing/timing.1,
 7669 	lib/iolog/regress/corpus/timing/timing.2,
 7670 	lib/iolog/regress/corpus/timing/timing.3,
 7671 	lib/iolog/regress/corpus/timing/timing.4:
 7672 	Add more test files for fuzzers.
 7673 	[22256acfbe23]
 7674 
 7675 2021-02-05  Daniel Milnes  <thebeanogamer@gmail.com>
 7676 
 7677 	* doc/sudo.mdoc.in:
 7678 	Fix the typo in the mdoc
 7679 	[e0ad7f93e678]
 7680 
 7681 	* doc/sudo.man.in:
 7682 	Fix a tiny typo in the Sudo manpage
 7683 	[d52c308677bf]
 7684 
 7685 2021-02-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 7686 
 7687 	* MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_timing.c:
 7688 	fuzzer for I/O log timing files
 7689 	[7b32f8eecfd6]
 7690 
 7691 	* lib/iolog/iolog_json.c:
 7692 	In JSON, name/value pairs must be separated by a comma. Previously
 7693 	we didn't require the comma to be there.
 7694 	[bb70cecf6360]
 7695 
 7696 	* lib/iolog/iolog_json.c:
 7697 	Detect integer overflow when converting JSON_ARRAY to string vector.
 7698 	Extremely unlikely to happen but better safe than sorry.
 7699 	[60a7a4d3a1d8]
 7700 
 7701 2021-02-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 7702 
 7703 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7704 	Only strip double quotes from an include path if len >= 2. Found
 7705 	locally using libfuzzer/oss-fuzz.
 7706 	[274d0a05081b]
 7707 
 7708 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7709 	Don't allow the sudoers fuzzer to open include files. If we allow
 7710 	the fuzzer to choose include paths it will include random files in
 7711 	the file system. This leads to bug reports that cannot be
 7712 	reproduced.
 7713 	[b8ffce94f30a]
 7714 
 7715 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7716 	If getdelim() returns a string with embedded NULs, truncate on first
 7717 	one. This should avoid some issues with the fuzzer.
 7718 	[e90e61d4bb0e]
 7719 
 7720 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7721 	Reallocate the buffer correctly when appending a newline. Fixes a
 7722 	potential buffer overflow introduced in the last commit.
 7723 	[50b0f77aed5f]
 7724 
 7725 	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
 7726 	plugins/sudoers/gram.y:
 7727 	Don't free the alias name in alias_add() if the alias already
 7728 	exists. We need to be able to display it using alias_error(). Only
 7729 	free what we actually allocated in alias_add() on error and let the
 7730 	caller handle cleanup. Note that we cannot completely fill in the
 7731 	alias until it is inserted. Otherwise, we will have modified the
 7732 	file and members parameters even if there was an error. As a result,
 7733 	we have to remove those from the leak list after alias_add(), not
 7734 	before.
 7735 	[6a920646d7d1]
 7736 
 7737 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7738 	Fix NUL termination when parsing a sudoers file with no ending
 7739 	newline. oss-fuzz issue #30252
 7740 	[5c75d8e15966]
 7741 
 7742 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7743 	sudoersrestart() does not reset state to INITIAL, do it in
 7744 	init_lexer(). Fixes spurious errors from fuzz_sudoers, which calls
 7745 	the parser multiple times.
 7746 	[bf2c1c3b82e6]
 7747 
 7748 	* plugins/sudoers/regress/parser/check_fill.c, plugins/sudoers/toke.c,
 7749 	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
 7750 	plugins/sudoers/toke_util.c:
 7751 	Push lexer leak tracking down into check_fill.c. This lets us track
 7752 	things correctly when buffers are realloc()d. Rewrote fill() and
 7753 	append() to be more readable.
 7754 	[a1e61a4a7aad]
 7755 
 7756 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7757 	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
 7758 	Use sudoersrestart() in fuzz_sudoers.c Since we run the parser
 7759 	multiple times we need to restart it each time.
 7760 	[64792d363f62]
 7761 
 7762 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7763 	Parser needs user_shost for the %h escape in @include expansion.
 7764 	Fixes oss-fuzz issue #30238
 7765 	[b043e413be31]
 7766 
 7767 	* INSTALL:
 7768 	The --disable-leaks option is not recommended for production use.
 7769 	[cb37a56f4e99]
 7770 
 7771 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 7772 	Remove options from the leak list before freeing them. Should fix
 7773 	oss-fuzz issue #30236
 7774 	[1ee6dac8c027]
 7775 
 7776 	* MANIFEST, include/sudo_iolog.h, lib/iolog/iolog_util.c,
 7777 	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c:
 7778 	Add fuzzer for legacy I/O log info file.
 7779 	[3f4ed83660ca]
 7780 
 7781 	* doc/Makefile.in, plugins/sudoers/Makefile.in:
 7782 	Fix uninstall target; there were missing line continuation chars.
 7783 	GitHub issue #87
 7784 	[02cffb51c15c]
 7785 
 7786 2021-02-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 7787 
 7788 	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/parse_ldif.c:
 7789 	Don't close fp in sudoers_parse_ldif() The caller should be the one
 7790 	to handle this.
 7791 	[e8d830851379]
 7792 
 7793 	* .gitignore, .hgignore:
 7794 	Update ignore files.
 7795 	[0c8245d8097c]
 7796 
 7797 	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
 7798 	plugins/sudoers/gram.y:
 7799 	Got back to calling alias_free() on alias_add() failure. We now need
 7800 	to remove the name and members from the leak list
 7801 	*before* calling alias_add() since alias_add() will consume them for
 7802 	both success and failure.
 7803 	[65c95a84f8ca]
 7804 
 7805 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7806 	close sudoersin, not fp, and reset it to be safe
 7807 	[f616d1c7c09a]
 7808 
 7809 	* lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 7810 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7811 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7812 	Add missing fclose(3) of fmemopen(3) stream; it does not modify the
 7813 	data.
 7814 	[9207901dcccd]
 7815 
 7816 	* lib/iolog/iolog_json.c:
 7817 	Check for unexpected value after checking the name, not before.
 7818 	[6f973cc4378d]
 7819 
 7820 	* lib/util/progname.c:
 7821 	Allow getprogname() to succeed as long as __progname is present.
 7822 	Also simplify the progname code so we only need a single
 7823 	implementation.
 7824 	[300a29bd117e]
 7825 
 7826 	* lib/iolog/iolog_json.c:
 7827 	Fix potential leak of evlog->runuser. Also warn if we find an
 7828 	unexpected JSON type.
 7829 	[0ec615b3d4e0]
 7830 
 7831 2021-02-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 7832 
 7833 	* plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7834 	Parse into a local parse_tree and add missing cleanup. Since
 7835 	parsed_policy is for the sudoers parser we should declare our own.
 7836 	[c418d65e7bb4]
 7837 
 7838 	* plugins/sudoers/regress/fuzz/fuzz_sudoers.c:
 7839 	Call init_parser() after parsing to clean up completely.
 7840 	[2063d26ab401]
 7841 
 7842 	* MANIFEST, plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 7843 	plugins/sudoers/regress/sudoers/test25.in,
 7844 	plugins/sudoers/regress/sudoers/test25.json.ok,
 7845 	plugins/sudoers/regress/sudoers/test25.ldif.ok,
 7846 	plugins/sudoers/regress/sudoers/test25.out.ok,
 7847 	plugins/sudoers/regress/sudoers/test25.toke.ok,
 7848 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 7849 	plugins/sudoers/toke_util.c:
 7850 	Plug a few more parser leaks.
 7851 	[c9478efdd65d]
 7852 
 7853 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 7854 	Make parser_leak_remove(type, NULL) a no-op.
 7855 	[7699e99a028a]
 7856 
 7857 	* MANIFEST, lib/iolog/regress/fuzz/fuzz_iolog_json.c,
 7858 	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
 7859 	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c:
 7860 	Add initial fuzzers to be used by oss-fuzz. These are not yet hooked
 7861 	up to the sudo build.
 7862 	[5593a755f359]
 7863 
 7864 	* plugins/sudoers/gc.c, plugins/sudoers/sudoers.h:
 7865 	Garbage collect unused gc_remove() function.
 7866 	[ff561edd846e]
 7867 
 7868 	* plugins/sudoers/Makefile.in,
 7869 	plugins/sudoers/regress/testsudoers/test11.sh,
 7870 	plugins/sudoers/regress/testsudoers/test12.sh,
 7871 	plugins/sudoers/regress/testsudoers/test13.sh,
 7872 	plugins/sudoers/regress/testsudoers/test4.sh,
 7873 	plugins/sudoers/regress/testsudoers/test5.sh:
 7874 	The parser should be leak free, re-enable leak detection in ASAN.
 7875 	[a89599540a5a]
 7876 
 7877 	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
 7878 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 7879 	plugins/sudoers/parse.h, plugins/sudoers/toke.c,
 7880 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
 7881 	Add garbage collection to the sudoers parser to clean up on error.
 7882 	This makes it possible to avoid memory leaks when there is a parse
 7883 	error.
 7884 	[ef739da324bb]
 7885 
 7886 2021-01-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 7887 
 7888 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 7889 	plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
 7890 	plugins/sudoers/parse.h, plugins/sudoers/sssd.c,
 7891 	plugins/sudoers/sudo_ldap.h:
 7892 	Move new_member_all to ldap_util.c, it is only used by ldap/sssd.
 7893 	[9df2efb6956a]
 7894 
 7895 2021-01-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 7896 
 7897 	* lib/iolog/iolog_json.c:
 7898 	Fix crashes trying to parse invalid JSON. Found locally using
 7899 	libfuzzer/oss-fuzz.
 7900 	[b74c8c260d60]
 7901 
 7902 	* lib/iolog/iolog_json.c:
 7903 	Plug memory leak if a key is listed more than once in the log.json
 7904 	file.
 7905 	[764ef247f13e]
 7906 
 7907 	* lib/iolog/regress/iolog_json/check_iolog_json.c:
 7908 	Fix crash when file does not exist.
 7909 	[55a46b75e6ed]
 7910 
 7911 	* plugins/sudoers/gentime.c:
 7912 	Strict tz offset parsing. Fixes an out of bounds read found locally
 7913 	using libfuzzer/oss-fuzz.
 7914 	[72266f1af75d]
 7915 
 7916 	* plugins/sudoers/ldap_util.c:
 7917 	Don't leak memory for duplicate command options. The last option
 7918 	wins but we also now warn about the duplicate. Found locally using
 7919 	libfuzzer/oss-fuzz.
 7920 	[f1cd342e62f7]
 7921 
 7922 	* plugins/sudoers/ldap_util.c:
 7923 	Copy command options when converting a sudoRole with multiple
 7924 	sudoCommands. A sudoRole with multiple sudoCommands is converted to
 7925 	a privilege with multiple cmndspecs. However, we were not copying
 7926 	some of the command options to subsequent cmndspecs in the list.
 7927 	[d8309574a756]
 7928 
 7929 	* plugins/sudoers/parse_ldif.c:
 7930 	Fix memory leak if the last line is folded. Fixes issue 30080 by
 7931 	ClusterFuzz-External
 7932 	[404f38aa19a6]
 7933 
 7934 	* INSTALL, configure, configure.ac:
 7935 	Add --disable-leaks configure option. This enables the extra freeing
 7936 	of memory before exit also enabled by --enable-asan. To be used by
 7937 	oss-fuzz.
 7938 	[faddd42273a4]
 7939 
 7940 	* plugins/sudoers/gentime.c:
 7941 	Stricter parsing of generalized time. Fixes potential out of bounds
 7942 	read found by libfuzzer/oss-fuzz.
 7943 	[4548e29ea5e0]
 7944 
 7945 2021-01-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 7946 
 7947 	* plugins/sudoers/parse_ldif.c:
 7948 	Don't bother calling ldif_to_sudoers() if there are no roles to
 7949 	convert.
 7950 	[242394d46fb1]
 7951 
 7952 	* lib/iolog/iolog_json.c:
 7953 	In json_stack_push() treat stack exhaustion like memory allocation
 7954 	failure. Return NULL instead of treating as a fatal error. This
 7955 	should make life a little easier for oss-fuzz.
 7956 	[84c7c3b7971a]
 7957 
 7958 	* plugins/sudoers/sudoers.c:
 7959 	Update comment about return values for resolve_host().
 7960 	[0e92fe582db1]
 7961 
 7962 	* plugins/sudoers/logging.c, plugins/sudoers/policy.c:
 7963 	Fix NO_ROOT_MAILER, broken by the eventlog refactor in sudo 1.9.4.
 7964 	init_eventlog_config() is called immediately after initializing the
 7965 	Defaults settings, which is before struct sudo_user is setup. This
 7966 	adds a call to eventlog_set_mailuid() if NO_ROOT_MAILER is defined
 7967 	after the invoking user is determined. Reported by Roman Fiedler.
 7968 	[e0d4f196ba02]
 7969 
 7970 2021-01-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 7971 
 7972 	* MANIFEST:
 7973 	Add plugins/sudoers/strvec_join.c
 7974 	[1dfeb8ab9fdb]
 7975 
 7976 	* plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.c:
 7977 	Fix compilation on systems without a native strlcpy() function.
 7978 	[7b28feb4350a]
 7979 
 7980 	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
 7981 	Break up the long help string into multiple printf() statements. AIX
 7982 	xlc compiler doesn't like cpp directives in between strings. Also
 7983 	fixes a complaint from cppcheck and makes translation easier.
 7984 	[e55b4061f598]
 7985 
 7986 	* plugins/sudoers/regress/unescape/check_unesc.c,
 7987 	plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.h:
 7988 	strvec_join: free result on error and actually use separator char
 7989 	[801546807a8a]
 7990 
 7991 2021-01-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 7992 
 7993 	* plugins/sudoers/Makefile.in,
 7994 	plugins/sudoers/regress/unescape/check_unesc.c:
 7995 	Test strvec_join() using strlcpy_unesc(). Emulates an overflow like:
 7996 	sudoedit -s '\' `perl -e 'print "A" x 65536'`
 7997 	[8d9a063adde5]
 7998 
 7999 	* plugins/sudoers/Makefile.in, plugins/sudoers/strvec_join.c,
 8000 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 8001 	Refactor code to flatten an argument vector into a string. This is
 8002 	used when building up the user_args string.
 8003 	[a6ae655d91a1]
 8004 
 8005 	* MANIFEST, plugins/sudoers/Makefile.in,
 8006 	plugins/sudoers/regress/unescape/check_unesc.c,
 8007 	plugins/sudoers/strlcpy_unesc.c, plugins/sudoers/sudoers.c,
 8008 	plugins/sudoers/sudoers.h:
 8009 	Add strlcpy_unescape() function to undo escaping from front-end.
 8010 	Includes unit test.
 8011 	[abfaa390d275]
 8012 
 8013 	* plugins/sudoers/parse_ldif.c:
 8014 	Add missing check for reallocarray() failure. Found by OSS-Fuzz.
 8015 	[fcda06966ed7]
 8016 
 8017 2021-01-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 8018 
 8019 	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
 8020 	plugins/python/python_convmessage.c,
 8021 	plugins/python/sudo_python_module.c:
 8022 	Remove Py_SSIZE2SIZE to quiet cppcheck warnings. Tuple size cannot
 8023 	be negative and we already handle the case where it is zero.
 8024 	[d6ec5e558a0e]
 8025 
 8026 	* src/parse_args.c:
 8027 	The program name may now only be "sudo" or "sudoedit". We no longer
 8028 	need to check for any string that ends in "edit".
 8029 	[caed524c6ba0]
 8030 
 8031 2021-01-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 8032 
 8033 	* .hgtags:
 8034 	Added tag SUDO_1_9_5p2 for changeset 83685ffbc4df
 8035 	[74a2ddc3e4a4] <1.9>
 8036 
 8037 	* Merge sudo 1.9.5p2 from tip
 8038 	[83685ffbc4df] [SUDO_1_9_5p2] <1.9>
 8039 
 8040 	* plugins/sudoers/timestamp.c:
 8041 	Fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL.
 8042 	We want to zero the struct starting at flags, not type (which was
 8043 	just set). Found by Qualys.
 8044 	[09f98816fc89]
 8045 
 8046 	* src/parse_args.c:
 8047 	Don't assume that argv is allocated as a single flat buffer. While
 8048 	this is how the kernel behaves it is not a portable assumption. The
 8049 	assumption may also be violated if getopt_long(3) permutes
 8050 	arguments. Found by Qualys.
 8051 	[c125fbe68783]
 8052 
 8053 	* NEWS, configure, configure.ac:
 8054 	Sudo 1.9.5p2
 8055 	[89a357d8da4e]
 8056 
 8057 	* src/parse_args.c:
 8058 	Reset valid_flags to MODE_NONINTERACTIVE for sudoedit. This is
 8059 	consistent with how the -e option is handled. Also reject -H and -P
 8060 	flags for sudoedit as was done in sudo 1.7. Found by Qualys, this is
 8061 	part of the fix for CVE-2021-3156.
 8062 	[9b97f1787804]
 8063 
 8064 	* plugins/sudoers/policy.c:
 8065 	Add sudoedit flag checks in plugin that are consistent with front-
 8066 	end. Don't assume the sudo front-end is sending reasonable mode
 8067 	flags. These checks need to be kept consistent between the sudo
 8068 	front-end and the sudoers plugin.
 8069 	[a97dc92eae6b]
 8070 
 8071 	* plugins/sudoers/sudoers.c:
 8072 	Fix potential buffer overflow when unescaping backslashes in
 8073 	user_args. Also, do not try to unescaping backslashes unless in run
 8074 	mode *and* we are running the command via a shell. Found by Qualys,
 8075 	this fixes CVE-2021-3156.
 8076 	[049ad90590be]
 8077 
 8078 2021-01-22  Fabrice Fontaine  <fontaine.fabrice@gmail.com>
 8079 
 8080 	* lib/eventlog/Makefile.in:
 8081 	lib/eventlog/Makefile.in: fix static build without closefrom
 8082 
 8083 	Since version 1.9.4 and https://github.com/sudo-
 8084 	project/sudo/commit/bd1ca79cca827a92e904f022e49df121931d4ff5, when
 8085 	closefrom is not available, libsudo_eventlog.a depends on
 8086 	libsudo_util.a. So reflect this dependency in the libtool file to
 8087 	avoid the following static build failure of logsrvd:
 8088 
 8089 	/bin/bash ../libtool --tag=disable-static --mode=link
 8090 	/home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
 8091 	linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o
 8092 	logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z,relro
 8093 	../lib/iolog/libsudo_iolog.la ../lib/eventlog/libsudo_eventlog.la
 8094 	../lib/logsrv/liblogsrv.la /bin/bash ../libtool --tag=disable-static
 8095 	--mode=link
 8096 	/home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
 8097 	linux-gcc -o sudo_sendlog logsrv_util.o sendlog.o -static -Wl,--
 8098 	enable-new-dtags -Wl,-z,relro ../lib/iolog/libsudo_iolog.la
 8099 	../lib/eventlog/libsudo_eventlog.la ../lib/logsrv/liblogsrv.la
 8100 	libtool: link:
 8101 	/home/buildroot/autobuild/instance-1/output-1/host/bin/powerpc-
 8102 	linux-gcc -o sudo_logsrvd logsrv_util.o iolog_writer.o logsrvd.o
 8103 	logsrvd_conf.o -static -Wl,--enable-new-dtags -Wl,-z -Wl,relro
 8104 	../lib/iolog/.libs/libsudo_iolog.a /home/buildroot/autobuild/instanc
 8105 	e-1/output-1/build/sudo-1.9.5p1/lib/util/.libs/libsudo_util.a
 8106 	-lpthread -lz ../lib/eventlog/.libs/libsudo_eventlog.a
 8107 	../lib/logsrv/.libs/liblogsrv.a
 8108 	/home/buildroot/autobuild/instance-1/output-1/host/opt/ext-
 8109 	toolchain/bin/../lib/gcc/powerpc-buildroot-linux-
 8110 	uclibc/8.3.0/../../../../powerpc-buildroot-linux-uclibc/bin/ld:
 8111 	../lib/eventlog/.libs/libsudo_eventlog.a(eventlog.o): in function
 8112 	`send_mail.constprop.1': eventlog.c:(.text+0x149c): undefined
 8113 	reference to `sudo_closefrom' collect2: error: ld returned 1 exit
 8114 	status
 8115 
 8116 	Fixes:
 8117 	 - http://autobuild.buildroot.org/results/515b45f876fa9de03c9235f86017f
 8118 	4dc10eb3b54
 8119 
 8120 	Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 8121 	[4e42d276c336]
 8122 
 8123 2021-01-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 8124 
 8125 	* plugins/sudoers/log_client.c:
 8126 	Do not add an unfinished write buffer to the queue if it is already
 8127 	present. In client_msg_cb() we only remove a buffer from the queue
 8128 	when it is finished. Inserting the buf again can cause a cycle in
 8129 	the queue.
 8130 	[b398dcc0933d]
 8131 
 8132 2021-01-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 8133 
 8134 	* plugins/sudoers/log_client.c:
 8135 	Fix problem when SSL_read() returns SSL_ERROR_WANT_WRITE. This can
 8136 	happen when the socket cannot be written to immediately. We need to
 8137 	set the read_instead_of_write flag in that case, _not_
 8138 	write_instead_of_read. Also sync comments with sendlog.c. Bug #954
 8139 	[e4239bb932aa]
 8140 
 8141 2021-01-18  Pavel Březina  <pbrezina@redhat.com>
 8142 
 8143 	* plugins/sudoers/auth/pam.c:
 8144 	pam: pass KRB5CCNAME to pam_authenticate environment if available
 8145 
 8146 	If a PAM module wants to authenticate user using GSSAPI, the
 8147 	authentication is broken if non-default ccache name is used in
 8148 	KRB5CCNAME environment variable.
 8149 
 8150 	One way to mitigate this would be to add this to env_keep, but this
 8151 	also makes the variable available in the executed command which may
 8152 	not be always desirable.
 8153 
 8154 	This patch sets KRB5CCNAME for pam_authenticate only, if it is
 8155 	available and not yet set.
 8156 	[90aba6ba6e03]
 8157 
 8158 2021-01-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 8159 
 8160 	* lib/util/progname.c:
 8161 	Fix setprogname() emulation on systems without it. For fully-
 8162 	qualified paths, store the string starting after the last slash, not
 8163 	at the slash itself.
 8164 	[111fde52d116]
 8165 
 8166 2021-01-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 8167 
 8168 	* .hgtags:
 8169 	Added tag SUDO_1_9_5p1 for changeset 3a873a732416
 8170 	[e837c76279bc] <1.9>
 8171 
 8172 	* Merge sudo 1.9.5p1 from tip
 8173 	[3a873a732416] [SUDO_1_9_5p1] <1.9>
 8174 
 8175 	* NEWS, configure, configure.ac:
 8176 	Sudo 1.9.5p1
 8177 	[2dbbab94d4b6]
 8178 
 8179 	* src/sudo_edit.c:
 8180 	Run the editor with the user's real and effective uid and gid. Fixes
 8181 	a bug introduced in sudo 1.9.5 where the editor was run setuid root
 8182 	unless SELinux RBAC was in use.
 8183 	[30fe53c07aa7]
 8184 
 8185 	* NEWS:
 8186 	fix typo
 8187 	[52e7767881ba]
 8188 
 8189 	* src/copy_file.c, src/edit_open.c:
 8190 	Add casts to quiet two warnings on Solaris.
 8191 	[f76126f6d68d]
 8192 
 8193 2021-01-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 8194 
 8195 	* .hgtags:
 8196 	Added tag SUDO_1_9_5 for changeset 4059f5520d9d
 8197 	[ee76c8a938de] <1.9>
 8198 
 8199 	* Merge sudo 1.9.5 from tip
 8200 	[4059f5520d9d] [SUDO_1_9_5] <1.9>
 8201 
 8202 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 8203 	Update .pot files for 1.9.5.
 8204 	[49dae07bda23]
 8205 
 8206 2021-01-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 8207 
 8208 	* NEWS, configure, configure.ac, doc/LICENSE, etc/sudo-logsrvd.pp,
 8209 	etc/sudo-python.pp, etc/sudo.pp:
 8210 	Sudo 1.9.5
 8211 	[3a0e500981a8]
 8212 
 8213 	* doc/sudoers.man.in, doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
 8214 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 8215 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
 8216 	plugins/sudoers/policy.c:
 8217 	Allow SELinux support to be disabled via the sudoers file. Defaults
 8218 	to true if sudo is built with SELinux support and SELinux is not
 8219 	disabled on the system.
 8220 	[c457eaae8692]
 8221 
 8222 2021-01-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 8223 
 8224 	* plugins/python/python_importblocker.c:
 8225 	Add a comment to verify_import() to clarify its purpose.
 8226 	[30ef680f4104]
 8227 
 8228 	* lib/eventlog/eventlog.c, lib/util/arc4random.c,
 8229 	lib/util/sudo_debug.c, plugins/audit_json/audit_json.c,
 8230 	plugins/python/python_convmessage.c, plugins/sudoers/auth/pam.c,
 8231 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
 8232 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
 8233 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 8234 	plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
 8235 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 8236 	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c,
 8237 	src/exec_common.c, src/sesh.c, src/sudo.c, src/sudo_edit.c:
 8238 	Suppress PVS Studio false positives.
 8239 	[077f46549351]
 8240 
 8241 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 8242 	Plug a memory leak in sudoerserrorf().
 8243 	[a3c14cf0283e]
 8244 
 8245 	* plugins/sudoers/editor.c, plugins/sudoers/fmtsudoers.c,
 8246 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 8247 	plugins/sudoers/ldap_util.c, plugins/sudoers/parse.h,
 8248 	plugins/sudoers/starttime.c, plugins/sudoers/tsgetgrpw.c,
 8249 	src/ttyname.c:
 8250 	Quiet a few harmless cppcheck warnings.
 8251 	[ab123790b3fd]
 8252 
 8253 	* src/copy_file.c, src/sudo_edit.c:
 8254 	In sudoedit, use sudo_check_temp_file() for non-SELinux too.
 8255 	[b5d5bd506487]
 8256 
 8257 	* MANIFEST, src/Makefile.in, src/edit_open.c, src/sesh.c,
 8258 	src/sudo_edit.c, src/sudo_edit.h, src/sudo_exec.h:
 8259 	Move safe open code out of sudo_edit.c and into edit_open.c.
 8260 	[108fcca05798]
 8261 
 8262 	* src/Makefile.in, src/edit_open.c, src/sesh.c, src/sudo_edit.c,
 8263 	src/sudo_edit.h:
 8264 	Add directory writability checks for SELinux RBAC sudoedit. These
 8265 	were never added to the SELinux RBAC path.
 8266 	[0d4f28b5a8e2]
 8267 
 8268 	* src/edit_open.c, src/exec.c, src/exec_pty.c, src/sesh.c, src/sudo.c,
 8269 	src/sudo.h, src/sudo_edit.c, src/sudo_edit.h, src/tgetpass.c:
 8270 	Add struct sudo_cred to hold the invoking or runas user credentials.
 8271 	We can use this when we need to pass around credential info instead
 8272 	of the user_details and command_details structs.
 8273 	[20594f3f00c1]
 8274 
 8275 	* src/edit_open.c, src/sesh.c, src/sudo_edit.c, src/sudo_edit.h:
 8276 	Rename run_cred -> cur_cred and stash existing creds in
 8277 	set_tmpdir(). For sudo_edit_open() et al what we need is a copy of
 8278 	the current cred to restore after dir_is_writable() changes to the
 8279 	user cred.
 8280 	[dcfce8a11282]
 8281 
 8282 	* configure, configure.ac, include/sudo_compat.h, lib/util/progname.c:
 8283 	Add setprogname(3) for those without it.
 8284 	[e2f1d1ecedb0]
 8285 
 8286 	* src/sesh.c, src/sudo_edit.c:
 8287 	Split up sesh_sudoedit() so it is organized more like sudo_edit.c.
 8288 	The new sesh_edit_create_tfiles() and sesh_edit_copy_tfiles()
 8289 	functions are analogous to sudo_edit_create_tfiles() and
 8290 	sudo_edit_copy_tfiles(). Also use "sudoedit" in the warning/error
 8291 	messages from sesh_sudoedit(). Otherwise, the user gets a mix of
 8292 	messages from sudoedit and sesh.
 8293 	[5510be4b2129]
 8294 
 8295 	* Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 8296 	lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
 8297 	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
 8298 	plugins/python/Makefile.in, plugins/sample/Makefile.in,
 8299 	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
 8300 	plugins/system_group/Makefile.in, src/Makefile.in:
 8301 	Remove the --force option from the cppcheck args, it causes errors.
 8302 	[57f2ad72e874]
 8303 
 8304 	* include/sudo_util.h, lib/util/progname.c, lib/util/util.exp.in,
 8305 	src/sudo.c:
 8306 	For sudo, only allow "sudo" or "sudoedit" as the program name. The
 8307 	program name is also used when matching Debug lines in sudo.conf. We
 8308 	don't want the user to be able to influence sudo.conf Debug
 8309 	matching. The string "sudoedit" is treated the same as "sudo" in
 8310 	sudo.conf. Problem reported by Matthias Gerstner of SUSE.
 8311 	[1d32c53859f9]
 8312 
 8313 	* lib/iolog/iolog_fileio.c, lib/util/sudo_debug.c,
 8314 	plugins/group_file/getgrent.c, plugins/sudoers/linux_audit.c,
 8315 	plugins/sudoers/tsgetgrpw.c:
 8316 	Check the return value of fcntl() when setting FD_CLOEXEC. This
 8317 	should never fail unless the fd is invalid. Problem reported by
 8318 	Matthias Gerstner of SUSE.
 8319 	[f1ca39a0d870]
 8320 
 8321 	* src/sudo_edit.c:
 8322 	Fix potential directory existing info leak in sudoedit. When
 8323 	creating a new file, sudoedit checks to make sure the parent
 8324 	directory exists so it can provide the user with a sensible error
 8325 	message. However, this could be used to test for the existence of
 8326 	directories not normally accessible to the user by pointing to them
 8327 	with a symbolic link when the parent directory is controlled by the
 8328 	user. Problem reported by Matthias Gerstner of SUSE.
 8329 	[ea19d0073c02]
 8330 
 8331 	* src/copy_file.c, src/sesh.c, src/sudo_edit.c, src/sudo_exec.h:
 8332 	Add security checks before using temp files for SELinux RBAC
 8333 	sudoedit. Otherwise, it may be possible for the user running
 8334 	sudoedit to replace the newly-created temporary files with a
 8335 	symbolic link and have sudoedit set the owner of an arbitrary file.
 8336 	Problem reported by Matthias Gerstner of SUSE.
 8337 	[8fcb36ef422a]
 8338 
 8339 	* plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 8340 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 8341 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
 8342 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
 8343 	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ko.mo,
 8344 	po/ko.po, po/sr.mo, po/sr.po, po/sv.mo, po/sv.po:
 8345 	Updated translations from translationproject.org
 8346 	[e68c92c767f1]
 8347 
 8348 2021-01-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 8349 
 8350 	* plugins/sudoers/sudoers.c:
 8351 	Use debug_return_int() not debug_return_bool() to return -1. Found
 8352 	by PVS Studio.
 8353 	[f1f67ca51aeb]
 8354 
 8355 	* plugins/sudoers/logging.c:
 8356 	Fix a crash introduced in 1.9.4 when running "sudo -i" as an unknown
 8357 	user.
 8358 	[d1a3f0f4d0f9]
 8359 
 8360 2021-01-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 8361 
 8362 	* plugins/sudoers/check.c:
 8363 	Make sure lecture file is a regular file before reading it.
 8364 	[c9c68eff1e45]
 8365 
 8366 2021-01-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 8367 
 8368 	* Makefile.in, lib/eventlog/Makefile.in, lib/iolog/Makefile.in,
 8369 	lib/logsrv/Makefile.in, lib/util/Makefile.in, logsrvd/Makefile.in,
 8370 	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
 8371 	plugins/group_file/plugin_test.c, plugins/python/Makefile.in,
 8372 	plugins/sample/Makefile.in, plugins/sample_approval/Makefile.in,
 8373 	plugins/sudoers/Makefile.in, plugins/sudoers/parse.h,
 8374 	plugins/system_group/Makefile.in, src/Makefile.in:
 8375 	Minor fixes pointed out by cppcheck. Also add
 8376 	compareBoolExpressionWithInt to suppression list.
 8377 	[52316819700e]
 8378 
 8379 	* logsrvd/logsrvd.c:
 8380 	Avoid potential use after free with eventlog-only connections.
 8381 	Coverity CID 215884.
 8382 	[cca5cffabe42]
 8383 
 8384 	* src/exec.c:
 8385 	Cannot do direct exec of a command when SELinux RBAC is enabled.
 8386 	[2706b0fc1451]
 8387 
 8388 	* MANIFEST, configure, configure.ac, include/sudo_compat.h,
 8389 	lib/util/Makefile.in, lib/util/pread.c, lib/util/pwrite.c,
 8390 	scripts/mkdep.pl:
 8391 	Add emulation of pread(3) and pwrite(3) for systems without them.
 8392 	This makes it possible to remove some ugly #ifdefs and only affects
 8393 	very old systems.
 8394 	[1c2a31bda598]
 8395 
 8396 	* lib/iolog/iolog_fileio.c, plugins/sudoers/match_command.c,
 8397 	plugins/sudoers/timestamp.c:
 8398 	Remove #ifdefs around code using pread(3) and pwrite(3).
 8399 	[3830fdf650df]
 8400 
 8401 	* plugins/sudoers/Makefile.in:
 8402 	Regen now that ldap.c and sssd.c no longer need gram.h
 8403 	[5cc4e107f301]
 8404 
 8405 2020-12-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 8406 
 8407 	* lib/util/fatal.c:
 8408 	Fix deregistration of a callback that is not at the head of the
 8409 	list. The SLIST_FOREACH_PREVPTR macro doesn't work the way I thought
 8410 	it did. Just store our own prev pointer and use that instead.
 8411 	[04c290fe1fcb]
 8412 
 8413 2020-12-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 8414 
 8415 	* src/net_ifs.c:
 8416 	Fix the buffer size parameter when serializing the interface list.
 8417 	Problem reported by Matthias Gerstner of SUSE.
 8418 	[b0cae3ac8e46]
 8419 
 8420 2020-12-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 8421 
 8422 	* .hgtags:
 8423 	Added tag SUDO_1_9_4p2 for changeset 8aed5221ede9
 8424 	[a74faf363dbb] <1.9>
 8425 
 8426 	* merge sudo 1.9.4p2 from tip
 8427 	[8aed5221ede9] [SUDO_1_9_4p2] <1.9>
 8428 
 8429 	* NEWS, configure, configure.ac:
 8430 	Sudo 1.9.4p2
 8431 	[8bb8ec358990]
 8432 
 8433 	* plugins/sudoers/sudoers.c:
 8434 	The runas user must be set before applying runas-based Defaults.
 8435 	This effectively backs out changeset f738f5ac5350, which made it
 8436 	possible to log the command when an invalid user was specified. The
 8437 	policy plugin API doesn't supply the command until the check
 8438 	function, at which point we've already denied the command due to the
 8439 	invalid user. Bug #951.
 8440 	[8a415f555cf9]
 8441 
 8442 2020-12-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 8443 
 8444 	* etc/uncrustify-small.cfg, etc/uncrustify.cfg:
 8445 	Don't enable mod_remove_empty_return We like to use an empty return
 8446 	for stub functions.
 8447 	[018ef129dc24]
 8448 
 8449 2020-12-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 8450 
 8451 	* .hgtags:
 8452 	Added tag SUDO_1_9_4p1 for changeset 8f65fd9f0f57
 8453 	[e27e424f9f56] <1.9>
 8454 
 8455 	* merge sudo 1.9.4p1 from tip
 8456 	[8f65fd9f0f57] [SUDO_1_9_4p1] <1.9>
 8457 
 8458 	* plugins/sudoers/policy.c:
 8459 	The lower bounds for the "closefrom" option is 3, not 4. This is a
 8460 	regression introduced in sudo 1.8.9 with the strtonum() conversion.
 8461 	Bug #950.
 8462 	[fb06603b9a12]
 8463 
 8464 2020-12-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 8465 
 8466 	* NEWS, configure, configure.ac:
 8467 	Sudo 1.9.4p1
 8468 	[59c37ec1a128]
 8469 
 8470 2020-12-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 8471 
 8472 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 8473 	Direct execution of a command is incompatible with using a log
 8474 	server.
 8475 	[91afbbde217a]
 8476 
 8477 	* plugins/sudoers/audit.c:
 8478 	Set sudoers_audit.close to NULL if not using a log server.
 8479 	[231abb92a3b2]
 8480 
 8481 2020-12-08  Todd C. Miller  <Todd.Miller@sudo.ws>
 8482 
 8483 	* config.guess, config.h.in, config.sub, configure, configure.ac:
 8484 	Regenerate configure script with autoconf 2.71. Also fix some
 8485 	warnings from the new version.
 8486 	[cd1c7615e861]
 8487 
 8488 2020-12-07  Todd C. Miller  <Todd.Miller@sudo.ws>
 8489 
 8490 	* config.h.in, configure, configure.ac, src/sudo.c:
 8491 	Define _DARWIN_UNLIMITED_GETGROUPS on macOS to suport > 16 groups.
 8492 	On macOS 10.6 and above, getgroups(2) can return more than
 8493 	NGROUPS_MAX if _DARWIN_UNLIMITED_GETGROUPS or _DARWIN_C_SOURCE is
 8494 	defined. Bug #946
 8495 	[2e7d3c3cf18b]
 8496 
 8497 2020-12-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 8498 
 8499 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, examples/sudo.conf.in:
 8500 	Comment out the default plugin lines in the example sudo.conf. Fixes
 8501 	a problem when there are multiple versions of sudo installed and not
 8502 	all suport the audit plugin, such as on macOS. GitHub issue #75
 8503 	[aaed5d7a3471]
 8504 
 8505 	* plugins/sudoers/logging.c, plugins/sudoers/policy.c,
 8506 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 8507 	Store the user-provided runas user and group name in struct
 8508 	sudo_user. This makes it available for event logging in case the
 8509 	name doesn't resolve.
 8510 	[98d70ba8a2a6]
 8511 
 8512 	* plugins/sudoers/logging.c:
 8513 	Log submit group to event log.
 8514 	[3e7ace99f7f8]
 8515 
 8516 	* plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
 8517 	plugins/sudoers/sudoers.h:
 8518 	Store iolog_path in struct sudo_user for use in the event log.
 8519 	[35bc39ec8ad5]
 8520 
 8521 2020-12-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 8522 
 8523 	* plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
 8524 	Defer lookup of runas user until sudoers_main() for better logging.
 8525 	The log message now includes user info and the command attempted.
 8526 	[f738f5ac5350]
 8527 
 8528 	* lib/eventlog/eventlog.c:
 8529 	Don't assume that just because command is non-NULL, argv is non-
 8530 	NULL.
 8531 	[4fac4ae88e4e]
 8532 
 8533 	* plugins/sudoers/logging.c:
 8534 	Fix a crash introduced in 1.9.4 when running command as an unknown
 8535 	user. Bug #948
 8536 	[8b24c140ec7c]
 8537 
 8538 2020-12-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 8539 
 8540 	* logsrvd/logsrvd.c:
 8541 	When shutting down the server, close non-I/O log connections
 8542 	immediately. Avoids a timeout during server shutdown while the
 8543 	server waits for active connections to close.
 8544 	[26bfda2c8f67]
 8545 
 8546 	* src/sudo.c:
 8547 	Audit errors from policy_init_session(), audit_accept(), and
 8548 	audit_reject().
 8549 	[638e583754ac]
 8550 
 8551 	* src/sudo.c:
 8552 	Do not run the command if the audit accept function fails. Also add
 8553 	warnings if the audit reject or error functions fail.
 8554 	[ca94ef438961]
 8555 
 8556 	* plugins/sudoers/log_client.c:
 8557 	Reduce the number of error messages when we can't connect to the
 8558 	audit server. Add the error string to "unable to connect to log
 8559 	server" instead of using an extra error message for the connect(2)
 8560 	failure.
 8561 	[25ac7ac5bfdf]
 8562 
 8563 	* plugins/sudoers/log_client.c:
 8564 	Use correct error message when the TLS connection is dropped. Was:
 8565 	"recv: Unknown error 0", now: "lost connection to log server".
 8566 	[5c3f319b1f75]
 8567 
 8568 2020-12-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 8569 
 8570 	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
 8571 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 8572 	plugins/sudoers/parse.h:
 8573 	Change alias_add() to return bool and set errno on failure. This
 8574 	fixes a localization problem where the error message could have been
 8575 	reported in the wrong locale.
 8576 	[1859fe3da40c]
 8577 
 8578 2020-11-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 8579 
 8580 	* lib/eventlog/eventlog.c:
 8581 	Fix build when configured using --without-sendmail Bug #947
 8582 	[41db1aad85bb]
 8583 
 8584 2020-11-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 8585 
 8586 	* .hgtags:
 8587 	Added tag SUDO_1_9_4 for changeset 74705fb3b956
 8588 	[45a5e742496e] <1.9>
 8589 
 8590 	* merge sudo 1.9.4 from tip
 8591 	[74705fb3b956] [SUDO_1_9_4] <1.9>
 8592 
 8593 	* plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 8594 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 8595 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 8596 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/hr.mo,
 8597 	po/hr.po:
 8598 	Updated translations from translationproject.org
 8599 	[96a5cfe3c66b]
 8600 
 8601 2020-11-24  Todd C. Miller  <Todd.Miller@sudo.ws>
 8602 
 8603 	* NEWS:
 8604 	sudo_logsrvd.conf pid_file change.
 8605 	[fdc0276c7e0e]
 8606 
 8607 	* logsrvd/logsrvd.c:
 8608 	Don't try to unlink a NULL pointer.
 8609 	[95babad9636a]
 8610 
 8611 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 8612 	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
 8613 	If pid_file is set to an empty value, disable the use of a pid file.
 8614 	[d4462105ab4b]
 8615 
 8616 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
 8617 	logsrvd/logsrvd.c:
 8618 	Don't overwrite sudo_logsrvd.pid if it is a symbolic link.
 8619 	[d79f97a0a533]
 8620 
 8621 	* INSTALL, configure, configure.ac, etc/codespell.exclude,
 8622 	plugins/sudoers/env.c:
 8623 	Fix typo detected by codespell 2.0.0 Also avoid some new false
 8624 	positives
 8625 	[d973f44e2396]
 8626 
 8627 2020-11-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 8628 
 8629 	* etc/uncrustify-small.cfg, etc/uncrustify.cfg,
 8630 	plugins/python/regress/testhelpers.h, plugins/sudoers/env.c,
 8631 	plugins/sudoers/sudo_ldap_conf.h:
 8632 	Set pp_ignore_define_body=false in uncrustify config. Need to work
 8633 	around a bug that produces closed brace errors, see
 8634 	https://github.com/uncrustify/uncrustify/issues/2569
 8635 	[5e4692fca707]
 8636 
 8637 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
 8638 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 8639 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 8640 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 8641 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 8642 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 8643 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
 8644 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 8645 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 8646 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo,
 8647 	po/hr.po, po/it.mo, po/it.po:
 8648 	Updated translations from translationproject.org
 8649 	[156162e6e07e]
 8650 
 8651 2020-11-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 8652 
 8653 	* lib/util/sudo_conf.c:
 8654 	Fix calling sudo_conf_read() multiple times with different
 8655 	conf_types. The change to reinitialize the configuration data when
 8656 	sudo_conf_read() is called again didn't take into account that sudo
 8657 	calls sudo_conf_read() twice--once for the debug info and once for
 8658 	everything else.
 8659 	[b6869b7da3c2]
 8660 
 8661 2020-11-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 8662 
 8663 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
 8664 	Don't free the private copy of the environment until the close
 8665 	function. We may need to use it when logging from the audit reject
 8666 	function.
 8667 	[5118eb5797fb]
 8668 
 8669 	* plugins/sudoers/log_client.c:
 8670 	It is possible for evlog->argv or evlog->envp to be NULL.
 8671 	[798ff96301bf]
 8672 
 8673 	* src/exec_pty.c, src/sudo.c, src/sudo.h:
 8674 	Pass command_info[] to audit plugin on I/O log plugin reject or
 8675 	error. The audit plugin should cope with a NULL command_info but
 8676 	there's no reason not to pass the info when we have it.
 8677 	[e361897d0192]
 8678 
 8679 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 8680 	plugins/sudoers/audit.c:
 8681 	For the audit plugin, command_info may be NULL. Fixes a NULL
 8682 	dereference in sudoers_audit when an I/O logging plugin rejects
 8683 	input/output or returns an error.
 8684 	[9abee774e7e1]
 8685 
 8686 	* plugins/sudoers/defaults.c:
 8687 	Add missing initialization of def_log_format to sudo.
 8688 	[8c824f6dcfdd]
 8689 
 8690 2020-11-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 8691 
 8692 	* config.h.in, configure, configure.ac:
 8693 	Newer LibreSSL has SSL_CTX_set_ciphersuites but it is not enabled.
 8694 	Add a check for the function declaration in openssl/ssl.h.
 8695 	[d6d0665572ec]
 8696 
 8697 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 8698 	Event log data is sent to sudo_logsrvd even when not I/O logging.
 8699 	[d720f4ad3d40]
 8700 
 8701 2020-11-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 8702 
 8703 	* plugins/sudoers/po/sudoers.pot:
 8704 	Regenerate sudoers.pot for 1.9.4
 8705 	[127283726e97]
 8706 
 8707 	* NEWS, configure, configure.ac:
 8708 	Update for sudo 1.9.4.
 8709 	[2cb747911aef]
 8710 
 8711 	* plugins/sudoers/audit.c:
 8712 	Update struct eventlog based on command_info[] from front-end. The
 8713 	I/O log path is not known until the I/O log plugins have run and
 8714 	other plugins may alter the execution environment.
 8715 	[3ad14a88052e]
 8716 
 8717 	* plugins/sudoers/alias.c, plugins/sudoers/gram.c,
 8718 	plugins/sudoers/gram.y, plugins/sudoers/logging.h,
 8719 	plugins/sudoers/regress/testsudoers/test13.out.ok,
 8720 	plugins/sudoers/toke.h:
 8721 	Add sudoerserrorf(), a printf-style yyerror() function. Use this to
 8722 	display a better error message when using a reserved work in an
 8723 	alias definition.
 8724 	[1bb3915f61b6]
 8725 
 8726 2020-11-13  Todd C. Miller  <Todd.Miller@sudo.ws>
 8727 
 8728 	* scripts/mkpkg:
 8729 	Build universal binaries on macOS 11.0 and higher. The resulting
 8730 	package should work on Macs based on Apple Silicon.
 8731 	[91cdeda79e66]
 8732 
 8733 2020-11-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 8734 
 8735 	* plugins/sudoers/editor.c:
 8736 	Support EDITOR environment variable that includes quotes. Quote
 8737 	support is limited to the beginning of a word. Also handles
 8738 	characters escaped with a backslash.
 8739 	[ebb7f3c6240c]
 8740 
 8741 2020-11-11  Todd C. Miller  <Todd.Miller@sudo.ws>
 8742 
 8743 	* plugins/python/Makefile.in, plugins/python/pyhelpers.c,
 8744 	plugins/python/python_plugin_common.c,
 8745 	plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
 8746 	check_example_debugging_c_calls@diag.log, plugins/python/regress/tes
 8747 	tdata/check_example_debugging_c_calls@info.log, plugins/python/regre
 8748 	ss/testdata/check_example_debugging_plugin@info.log, plugins/python/
 8749 	regress/testdata/check_example_debugging_py_calls@diag.log, plugins/
 8750 	python/regress/testdata/check_example_debugging_py_calls@info.log, p
 8751 	lugins/python/regress/testdata/check_example_group_plugin_is_able_to
 8752 	_debug.log, plugins/python/regress/testdata/check_example_io_plugin_
 8753 	command_log.stored, plugins/python/regress/testdata/check_example_io
 8754 	_plugin_command_log_multiple1.stored, plugins/python/regress/testdat
 8755 	a/check_example_io_plugin_command_log_multiple2.stored, plugins/pyth
 8756 	on/regress/testdata/check_example_io_plugin_failed_to_start_command.
 8757 	stored, plugins/python/regress/testdata/check_example_io_plugin_fail
 8758 	s_with_python_backtrace.stderr, plugins/python/regress/testdata/chec
 8759 	k_example_policy_plugin_validate_invalidate.log, plugins/python/regr
 8760 	ess/testdata/check_loading_fails_not_owned_by_root.stderr, plugins/p
 8761 	ython/regress/testdata/check_loading_fails_wrong_classname.stderr, p
 8762 	lugins/python/regress/testdata/check_loading_fails_wrong_path.stderr
 8763 	, plugins/python/regress/testdata/check_multiple_approval_plugin_and
 8764 	_arguments.stdout, plugins/python/regress/testdata/check_python_plug
 8765 	ins_do_not_affect_each_other.stdout,
 8766 	plugins/python/regress/testhelpers.c,
 8767 	plugins/python/regress/testhelpers.h:
 8768 	Back out regex use in python tests, filter the output instead. This
 8769 	makes it possible to regenerate the test output again. Also adds an
 8770 	update_test_data target to the Makefile.
 8771 	[3837f51a8072]
 8772 
 8773 	* plugins/sudoers/ldap.c:
 8774 	Ignore sudoNotBefore and sudoNotAfter unless ldap.conf contains
 8775 	SUDOERS_TIMED This is consistent with the pre-1.8.24 behavior. Bug
 8776 	#945
 8777 	[d1e1bb5a6cc1]
 8778 
 8779 	* src/sudo.c:
 8780 	Stay setuid until just before executing the command. Fixes a problem
 8781 	with pam_xauth which checks effective and real uids to get the real
 8782 	identity of the user.
 8783 	[2c6fef0107c8]
 8784 
 8785 2020-11-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 8786 
 8787 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 8788 	plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
 8789 	plugins/sudoers/parse.h, plugins/sudoers/sssd.c:
 8790 	Introduce new_member_all() for code that doesn't include gram.h. The
 8791 	ldap and sssd back-ends no longer require gram.h which fixes a
 8792 	compilation issue with IBM LDAP.
 8793 	[1729532cda27]
 8794 
 8795 	* lib/util/sudo_conf.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c:
 8796 	On SIGHUP, deregister the old debug instance before registering a
 8797 	new one. Otherwise, if debugging is enabled we will get an extra log
 8798 	instance each time sudo_logsrvd reeives SIGHUP which results in
 8799 	duplicate lines in the debug log.
 8800 	[538633994d8a]
 8801 
 8802 2020-11-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 8803 
 8804 	* plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
 8805 	Refactor code to format the client message after the hello.
 8806 	[12d29d129166]
 8807 
 8808 	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
 8809 	include/log_server.pb-c.h, lib/eventlog/eventlog.c,
 8810 	lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
 8811 	logsrvd/iolog_writer.c, logsrvd/logsrvd.c,
 8812 	plugins/sudoers/log_client.c:
 8813 	Add info_msgs to AlertMessage and populate it. This lets us log
 8814 	eventlog info along with the alert if it is available.
 8815 	[493a047a4463]
 8816 
 8817 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
 8818 	plugins/sudoers/logging.h:
 8819 	Use sudoers_to_eventlog() and init_log_details() in
 8820 	sudoers_audit_accept(). log_deserialize_info() can be private to
 8821 	iolog.c again.
 8822 	[0b4e03904f3d]
 8823 
 8824 	* plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
 8825 	plugins/sudoers/iolog.c, plugins/sudoers/log_client.c,
 8826 	plugins/sudoers/log_client.h, plugins/sudoers/logging.c,
 8827 	plugins/sudoers/logging.h:
 8828 	Log reject and alert messages to the log server if one is defined.
 8829 	[087cf87d10af]
 8830 
 8831 	* plugins/sudoers/logging.c:
 8832 	Treat an authentication failure as a reject, not an alert. This
 8833 	matters when logging via sudo_logsrvd. It also lets us remove a
 8834 	special case in vlog_warning().
 8835 	[ae489d3f20a8]
 8836 
 8837 	* MANIFEST, config.h.in, configure, configure.ac,
 8838 	plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
 8839 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
 8840 	plugins/sudoers/iolog_plugin.h, plugins/sudoers/log_client.c,
 8841 	plugins/sudoers/sudoers.c:
 8842 	Rename iolog_client -> log_client. The logsrvd client code is now
 8843 	used for more than just I/O logging.
 8844 	[ea47ce43bbee]
 8845 
 8846 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
 8847 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_plugin.h,
 8848 	plugins/sudoers/log_client.c, plugins/sudoers/log_client.h:
 8849 	Rename iolog_plugin.h to log_client.h. It is no longer I/O log
 8850 	specific and is used by sudoers_audit too.
 8851 	[cde784a59490]
 8852 
 8853 	* configure, configure.ac:
 8854 	Remove hack to define YYTOKENTYPE, it breaks newer bison.
 8855 	[8b919ef33db7]
 8856 
 8857 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h:
 8858 	Regenerate with bison 3.7.3
 8859 	[9fb81b933c43]
 8860 
 8861 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c:
 8862 	Use struct eventlog *evlog, not struct eventlog *details.
 8863 	[a9b5f3c2902f]
 8864 
 8865 2020-11-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 8866 
 8867 	* lib/eventlog/eventlog.c:
 8868 	For logsrvd AlertMessages, evlog will be NULL.
 8869 	[d048f7b429d5]
 8870 
 8871 	* lib/eventlog/eventlog.c:
 8872 	Append errstr to reason for alert and reject events if specified.
 8873 	Previously, we logged the error string separately but this is not
 8874 	consistent with how it is logged in other formats.
 8875 	[68c76e530248]
 8876 
 8877 	* plugins/sudoers/logging.c:
 8878 	Fix cut & pasto in debug subsystem.
 8879 	[c39dd60b6d2d]
 8880 
 8881 2020-11-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 8882 
 8883 	* plugins/sudoers/iolog_client.c:
 8884 	Refactor code to format InfoMesage array into fmt_info_messages().
 8885 	Add free_info_messages() to free the array.
 8886 	[e6223d325c77]
 8887 
 8888 	* plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
 8889 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
 8890 	plugins/sudoers/iolog_plugin.h:
 8891 	Log accept messages in sudoers_audit if not I/O logging.
 8892 	[cdb5c443c97d]
 8893 
 8894 	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
 8895 	plugins/sudoers/iolog_plugin.h:
 8896 	Refactor sudoers_io_open_remote() into log_server_open(). Also
 8897 	rename client_close() to log_server_close(). This keeps more of the
 8898 	client code details out of iolog.c and will be used when logging
 8899 	accept messages from the audit plugin.
 8900 	[e3f6ba6768b8]
 8901 
 8902 	* plugins/sudoers/iolog.c:
 8903 	Move argv and envp setting into iolog_deserialize_info().
 8904 	[613b97f1d7bc]
 8905 
 8906 	* logsrvd/logsrvd.c:
 8907 	Avoid early return in handle_accept() if expect_iobufs not set.
 8908 	[918adc8234f0]
 8909 
 8910 2020-11-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 8911 
 8912 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 8913 	include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
 8914 	e_approval_plugin_and_arguments.stdout, src/exec.c,
 8915 	src/load_plugins.c:
 8916 	Add event_alloc to the audit plugin API. The sudoers audit plugin
 8917 	will use this to communicate with sudo_logsrvd.
 8918 	[c2fc2911476b]
 8919 
 8920 	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
 8921 	Set server_name before initiating TLS connection so verify function
 8922 	works. Fixes a crash in the SSL_VERIFY_PEER callback. Also call
 8923 	inet_ntop(3) with addr pointer, not sockaddr pointer so we get the
 8924 	correct IP address.
 8925 	[7a7dcebbe889]
 8926 
 8927 	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers_ldif.c,
 8928 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 8929 	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 8930 	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
 8931 	plugins/sudoers/parse.h,
 8932 	plugins/sudoers/regress/sudoers/test18.toke.ok,
 8933 	plugins/sudoers/regress/sudoers/test2.ldif.ok,
 8934 	plugins/sudoers/regress/sudoers/test3.ldif.ok,
 8935 	plugins/sudoers/regress/sudoers/test6.ldif.ok,
 8936 	plugins/sudoers/regress/visudo/test2.err.ok,
 8937 	plugins/sudoers/regress/visudo/test3.err.ok,
 8938 	plugins/sudoers/visudo.c:
 8939 	Store column number for aliases, defaults and userspecs too. This is
 8940 	used to provided the column number along with the line number in
 8941 	error messages. For aliases we store the column of the alias name,
 8942 	not the value since that is what visudo generally needs.
 8943 	[1c9d86b88517]
 8944 
 8945 2020-11-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 8946 
 8947 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 8948 	plugins/sudoers/regress/testsudoers/test11.out.ok,
 8949 	plugins/sudoers/regress/testsudoers/test12.out.ok,
 8950 	plugins/sudoers/regress/testsudoers/test13.out.ok:
 8951 	Display column number in parse error messages too. Bug #841
 8952 	[0aea28dec8f2]
 8953 
 8954 	* plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
 8955 	Move tls initialized flag into client_closure. We may call
 8956 	tls_init() from multiple places in the future so a static
 8957 	initialized flag will cause problems.
 8958 	[00b2b02c24c5]
 8959 
 8960 	* plugins/sudoers/cvtsudoers_json.c:
 8961 	Fix -Wshadow warnings caused by json enum member.
 8962 	[ea336980bb6a]
 8963 
 8964 2020-10-30  Todd C. Miller  <Todd.Miller@sudo.ws>
 8965 
 8966 	* ABOUT-NLS, INSTALL, NEWS, configure.ac, doc/UPGRADE,
 8967 	doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, doc/sudo_plugin.man.in,
 8968 	doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.man.in,
 8969 	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 8970 	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
 8971 	doc/visudo.man.in, doc/visudo.mdoc.in, examples/sudo.conf.in,
 8972 	include/compat/getaddrinfo.h, install-sh, lib/util/getaddrinfo.c,
 8973 	lib/util/getentropy.c, lib/util/regress/sudo_conf/test1.in,
 8974 	lib/util/regress/sudo_parseln/test1.in,
 8975 	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/strtoid.c,
 8976 	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
 8977 	m4/sudo.m4, plugins/group_file/group_file.c,
 8978 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
 8979 	plugins/sudoers/auth/passwd.c, plugins/sudoers/cvtsudoers.c,
 8980 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
 8981 	plugins/sudoers/editor.c, plugins/sudoers/env.c,
 8982 	plugins/sudoers/find_path.c, plugins/sudoers/gram.y,
 8983 	plugins/sudoers/group_plugin.c, plugins/sudoers/iolog_client.c,
 8984 	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
 8985 	plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c,
 8986 	plugins/sudoers/visudo.c, src/load_plugins.c, src/sudo.c,
 8987 	src/sudo_noexec.c, src/tgetpass.c:
 8988 	Apply Google inclusive language guidelines. Also replace backwards
 8989 	with backward.
 8990 	[678fbce6054f]
 8991 
 8992 2020-10-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 8993 
 8994 	* doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
 8995 	Refernce IBM LDAP libs, not Tivoli since that is how it is packaged.
 8996 	We still use Tivoli when talking about the server itself but refer
 8997 	to it as the "IBM Tivoli Directory Server".
 8998 	[9f97a7e6b67a]
 8999 
 9000 	* doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in:
 9001 	Add a newline before "This option is ..."
 9002 	[853f819f0241]
 9003 
 9004 	* doc/sudoers.man.in:
 9005 	regen
 9006 	[8b29097f2cd1]
 9007 
 9008 2020-10-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 9009 
 9010 	* lib/eventlog/regress/logwrap/check_wrap.c,
 9011 	lib/eventlog/regress/logwrap/check_wrap.in,
 9012 	lib/eventlog/regress/logwrap/check_wrap.out.ok:
 9013 	Test eventlog_writeln() when word wrap is disabled.
 9014 	[73acb7fbef59]
 9015 
 9016 	* configure, configure.ac:
 9017 	Bison generates an extra enum containing the parser tokens. This
 9018 	conflicts with the IBM ldap.h at least. Prevent it from being
 9019 	exposed by defining YYTOKENTYPE.
 9020 	[f3445ad76687]
 9021 
 9022 	* configure, configure.ac:
 9023 	IBM LDAP packages use a lib64 directory for 64-bit libraries. We
 9024 	need to add this to LDFLAGS so the linker is able to find the
 9025 	correct libs when building 64-bit binaries.
 9026 	[701b83f6cd13]
 9027 
 9028 	* config.h.in, configure, configure.ac, plugins/sudoers/ldap.c:
 9029 	Use ssl_err2string() in message on ldap_ssl_client_init() failure.
 9030 	Displaying SSL reason code directly is not user-friendly.
 9031 	[aaf272403f3e]
 9032 
 9033 2020-10-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 9034 
 9035 	* lib/eventlog/eventlog.c:
 9036 	For JSON logs, write the most important log elements first. This is
 9037 	important for syslog where the record could be truncated.
 9038 	[58fc957c41bb]
 9039 
 9040 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
 9041 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 9042 	plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
 9043 	Add log_format sudoers setting to select sudo or json format logs.
 9044 	Defaults to sudo-format logs.
 9045 	[2936d2750af0]
 9046 
 9047 	* include/sudo_json.h, lib/eventlog/eventlog.c, lib/util/json.c:
 9048 	Support "minimal" JSON which skips all non-essention whitespace.
 9049 	This replaces the old "compact" mode which is only used for syslog.
 9050 	[be07bca67019]
 9051 
 9052 	* plugins/sudoers/logging.c:
 9053 	Don't warn about log failure more than once.
 9054 	[b4dc59a58d1d]
 9055 
 9056 2020-10-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 9057 
 9058 	* lib/eventlog/eventlog.c:
 9059 	Check for fdopen(3) failure in send_mail().
 9060 	[e08b17bf26ce]
 9061 
 9062 	* MANIFEST, include/sudo_eventlog.h, lib/eventlog/Makefile.in,
 9063 	lib/eventlog/eventlog.c, lib/eventlog/logwrap.c,
 9064 	lib/eventlog/regress/logwrap/check_wrap.c,
 9065 	lib/eventlog/regress/logwrap/check_wrap.in,
 9066 	lib/eventlog/regress/logwrap/check_wrap.out.ok,
 9067 	plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
 9068 	plugins/sudoers/logging.h, plugins/sudoers/logwrap.c,
 9069 	plugins/sudoers/regress/logging/check_wrap.c,
 9070 	plugins/sudoers/regress/logging/check_wrap.in,
 9071 	plugins/sudoers/regress/logging/check_wrap.out.ok,
 9072 	plugins/sudoers/sudoers.c:
 9073 	Add support for file log line wrapping in libeventlog.
 9074 	[935c30cf7633]
 9075 
 9076 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 9077 	logsrvd/logsrvd_conf.c, plugins/sudoers/defaults.c,
 9078 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 9079 	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
 9080 	plugins/sudoers/testsudoers.c:
 9081 	Use real setters for the eventlog config. This makes it possible to
 9082 	have a base config that the callers can modify instead of replacing
 9083 	the config wholesale.
 9084 	[2ca1e7d376c2]
 9085 
 9086 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 9087 	plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
 9088 	plugins/sudoers/defaults.c, plugins/sudoers/locale.c,
 9089 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 9090 	plugins/sudoers/policy.c, plugins/sudoers/stubs.c,
 9091 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
 9092 	Use libeventlog in sudoers instead of doing our own logging.
 9093 	[d8306755201a]
 9094 
 9095 	* lib/eventlog/eventlog.c, plugins/sudoers/logging.c:
 9096 	Log the short version of the tty in sudoers-format logs. This is
 9097 	consistent with historical practice.
 9098 	[69440e4659a8]
 9099 
 9100 	* lib/eventlog/eventlog.c:
 9101 	Add default values in eventlog_setconf().
 9102 	[582d359a8ec0]
 9103 
 9104 	* include/sudo_eventlog.h, lib/eventlog/Makefile.in,
 9105 	lib/eventlog/eventlog.c, logsrvd/logsrvd.c,
 9106 	plugins/sudoers/Makefile.in, plugins/sudoers/defaults.c,
 9107 	plugins/sudoers/logging.h:
 9108 	Add support for mailing eventlog entries and for logging raw
 9109 	messages. These will be used by the sudoers plugin.
 9110 	[acab8209ddd0]
 9111 
 9112 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
 9113 	lib/iolog/iolog_fileio.c:
 9114 	If no JSON callback is provided, store the contents of struct
 9115 	eventlog. This moves the JSON formatting of struct eventlog out of
 9116 	libsudo_iolog and into libsudo_eventlog where it belongs.
 9117 	[260a7ec65485]
 9118 
 9119 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c:
 9120 	struct eventlog contains submit_time, no need to pass it in
 9121 	directly.
 9122 	[a3ac404e6a59]
 9123 
 9124 	* include/sudo_eventlog.h, lib/eventlog/eventlog.c, logsrvd/logsrvd.c:
 9125 	Add an errstr argument to eventlog_alert().
 9126 	[e2afd2f1c092]
 9127 
 9128 	* plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
 9129 	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
 9130 	Make a copy of the strings stored in iolog_details and struct
 9131 	eventlog. Previously, we just made the strings const and relied on
 9132 	the front-end not changing them. Now the sudoers I/O log plugin
 9133 	behavior is consistent with the policy plugin.
 9134 	[406632298bd5]
 9135 
 9136 	* plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
 9137 	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
 9138 	Use struct eventlog in iolog_details.
 9139 	[c22e05f420fe]
 9140 
 9141 	* include/sudo_eventlog.h, include/sudo_iolog.h,
 9142 	lib/eventlog/eventlog.c, lib/iolog/Makefile.in,
 9143 	lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
 9144 	lib/iolog/iolog_util.c, logsrvd/Makefile.in, logsrvd/iolog_writer.c,
 9145 	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
 9146 	logsrvd/sendlog.h, plugins/sudoers/Makefile.in,
 9147 	plugins/sudoers/iolog.c,
 9148 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
 9149 	plugins/sudoers/sudoreplay.c:
 9150 	Use struct eventlog in place of struct iolog_info.
 9151 	[9fef7a5f077b]
 9152 
 9153 	* logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
 9154 	No longer need eventlog-related getters in logsrvd.c
 9155 	[e3ab80a9a892]
 9156 
 9157 	* MANIFEST, logsrvd/Makefile.in, logsrvd/eventlog.c,
 9158 	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
 9159 	logsrvd/logsrvd_conf.c:
 9160 	Use libeventlog in sudo_logsrvd.
 9161 	[3dd22be50c30]
 9162 
 9163 	* MANIFEST, Makefile.in, configure, configure.ac,
 9164 	include/sudo_eventlog.h, lib/eventlog/Makefile.in,
 9165 	lib/eventlog/eventlog.c, logsrvd/logsrvd.h:
 9166 	Refactor eventlog code into a library
 9167 	[2e02c25be009]
 9168 
 9169 2020-10-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 9170 
 9171 	* lib/iolog/Makefile.in, lib/logsrv/Makefile.in, lib/util/Makefile.in,
 9172 	logsrvd/Makefile.in, plugins/python/Makefile.in,
 9173 	plugins/sudoers/Makefile.in, src/Makefile.in:
 9174 	regen Makefiles
 9175 	[d9064a0c53ae]
 9176 
 9177 	* scripts/mkpkg:
 9178 	Build 64-bit binaries on HP-UX ia64
 9179 	[3f8b599e7d7f]
 9180 
 9181 2020-10-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 9182 
 9183 	* plugins/sudoers/Makefile.in:
 9184 	Explicitly set umask when running tests. Some tests create files
 9185 	that must not be world-writable.
 9186 	[9186ea1d2696]
 9187 
 9188 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 9189 	plugins/sudoers/sudoers.h:
 9190 	sudoers_policy_store() -> sudoers_policy_store_result()
 9191 	[3dad5322916b]
 9192 
 9193 2020-10-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 9194 
 9195 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 9196 	plugins/sudoers/sudoers.h:
 9197 	Rename sudoers_policy_exec_setup() -> sudoers_policy_store(). It is
 9198 	called even when there is no command to execute. Also pass in status
 9199 	of whether or not the command was accepted.
 9200 	[a0ded23e81c4]
 9201 
 9202 2020-10-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 9203 
 9204 	* plugins/sudoers/Makefile.in,
 9205 	plugins/sudoers/regress/cvtsudoers/test1.sh,
 9206 	plugins/sudoers/regress/cvtsudoers/test10.sh,
 9207 	plugins/sudoers/regress/cvtsudoers/test11.sh,
 9208 	plugins/sudoers/regress/cvtsudoers/test12.sh,
 9209 	plugins/sudoers/regress/cvtsudoers/test13.sh,
 9210 	plugins/sudoers/regress/cvtsudoers/test14.sh,
 9211 	plugins/sudoers/regress/cvtsudoers/test15.sh,
 9212 	plugins/sudoers/regress/cvtsudoers/test16.sh,
 9213 	plugins/sudoers/regress/cvtsudoers/test17.sh,
 9214 	plugins/sudoers/regress/cvtsudoers/test18.sh,
 9215 	plugins/sudoers/regress/cvtsudoers/test19.sh,
 9216 	plugins/sudoers/regress/cvtsudoers/test2.sh,
 9217 	plugins/sudoers/regress/cvtsudoers/test20.sh,
 9218 	plugins/sudoers/regress/cvtsudoers/test21.sh,
 9219 	plugins/sudoers/regress/cvtsudoers/test22.sh,
 9220 	plugins/sudoers/regress/cvtsudoers/test23.sh,
 9221 	plugins/sudoers/regress/cvtsudoers/test24.sh,
 9222 	plugins/sudoers/regress/cvtsudoers/test25.sh,
 9223 	plugins/sudoers/regress/cvtsudoers/test26.sh,
 9224 	plugins/sudoers/regress/cvtsudoers/test27.sh,
 9225 	plugins/sudoers/regress/cvtsudoers/test28.sh,
 9226 	plugins/sudoers/regress/cvtsudoers/test29.sh,
 9227 	plugins/sudoers/regress/cvtsudoers/test3.sh,
 9228 	plugins/sudoers/regress/cvtsudoers/test30.sh,
 9229 	plugins/sudoers/regress/cvtsudoers/test31.sh,
 9230 	plugins/sudoers/regress/cvtsudoers/test32.sh,
 9231 	plugins/sudoers/regress/cvtsudoers/test33.sh,
 9232 	plugins/sudoers/regress/cvtsudoers/test4.sh,
 9233 	plugins/sudoers/regress/cvtsudoers/test5.sh,
 9234 	plugins/sudoers/regress/cvtsudoers/test6.sh,
 9235 	plugins/sudoers/regress/cvtsudoers/test7.sh,
 9236 	plugins/sudoers/regress/cvtsudoers/test8.sh,
 9237 	plugins/sudoers/regress/cvtsudoers/test9.sh,
 9238 	plugins/sudoers/regress/testsudoers/test1.sh,
 9239 	plugins/sudoers/regress/testsudoers/test10.sh,
 9240 	plugins/sudoers/regress/testsudoers/test11.sh,
 9241 	plugins/sudoers/regress/testsudoers/test12.sh,
 9242 	plugins/sudoers/regress/testsudoers/test13.sh,
 9243 	plugins/sudoers/regress/testsudoers/test14.sh,
 9244 	plugins/sudoers/regress/testsudoers/test15.sh,
 9245 	plugins/sudoers/regress/testsudoers/test2.sh,
 9246 	plugins/sudoers/regress/testsudoers/test3.sh,
 9247 	plugins/sudoers/regress/testsudoers/test4.sh,
 9248 	plugins/sudoers/regress/testsudoers/test5.sh,
 9249 	plugins/sudoers/regress/testsudoers/test6.sh,
 9250 	plugins/sudoers/regress/testsudoers/test7.sh,
 9251 	plugins/sudoers/regress/testsudoers/test8.sh,
 9252 	plugins/sudoers/regress/testsudoers/test9.sh,
 9253 	plugins/sudoers/regress/visudo/test1.sh,
 9254 	plugins/sudoers/regress/visudo/test10.sh,
 9255 	plugins/sudoers/regress/visudo/test2.sh,
 9256 	plugins/sudoers/regress/visudo/test3.sh,
 9257 	plugins/sudoers/regress/visudo/test4.sh,
 9258 	plugins/sudoers/regress/visudo/test5.sh,
 9259 	plugins/sudoers/regress/visudo/test6.sh,
 9260 	plugins/sudoers/regress/visudo/test7.sh,
 9261 	plugins/sudoers/regress/visudo/test8.sh,
 9262 	plugins/sudoers/regress/visudo/test9.sh:
 9263 	Pass path to testsudoers, visudo or cvtsudoers in the environment.
 9264 	Falls back on the unqualified command if the environment variable is
 9265 	not set.
 9266 	[a7b8c413b66d]
 9267 
 9268 2020-10-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 9269 
 9270 	* plugins/sudoers/sssd.c:
 9271 	Init cmnds to NULL in rule_to_priv() so we don't free a bogus
 9272 	pointer. In the sssd backend, the rule_to_priv() cleanup code
 9273 	assumes cmnds can be passed to fn_free_values(), which was not the
 9274 	case if we receive an error getting values for "sudoCommand". This
 9275 	is a regression introduced in sudo 1.9.1. Fix from Ron Bowes. GitHub
 9276 	issue #67.
 9277 	[a3fe4615f039]
 9278 
 9279 2020-10-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 9280 
 9281 	* plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
 9282 	plugins/sudoers/parse.h:
 9283 	Pass runchroot to match_digest() too. We use the open fd for the
 9284 	actual I/O but having runchroot makes it possible to report the
 9285 	correct file name in error messages.
 9286 	[2e1d142e2fe5]
 9287 
 9288 2020-10-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 9289 
 9290 	* NEWS:
 9291 	GitHub issue #61 was fixed in sudo 1.9.3.
 9292 	[55e54b3111f0]
 9293 
 9294 2020-09-29  Todd C. Miller  <Todd.Miller@sudo.ws>
 9295 
 9296 	* plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
 9297 	Fix indentation of enum def_tuple.
 9298 	[237db08cc1a3]
 9299 
 9300 2020-09-28  Todd C. Miller  <Todd.Miller@sudo.ws>
 9301 
 9302 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9303 	Remove special case EOF handling; lines now always end in a newline.
 9304 	Previously we needed to emulate some of the state transitions that
 9305 	happen at end-of-line at end-of-file as well. Those are no longer
 9306 	needed now that we are guaranteed to always have a newline at the
 9307 	end.
 9308 	[4c0c21b081f7]
 9309 
 9310 2020-09-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 9311 
 9312 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9313 	Increment sudolinebuf.size after realloc().
 9314 	[b871905c3442]
 9315 
 9316 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 9317 	plugins/sudoers/gram.y,
 9318 	plugins/sudoers/regress/sudoers/test13.toke.ok,
 9319 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9320 	Add a newline at end of line if one is missing. This is simpler than
 9321 	having to support entries that end at EOF too.
 9322 	[cb335acb1064]
 9323 
 9324 	* MANIFEST, plugins/sudoers/regress/testsudoers/test14.out.ok,
 9325 	plugins/sudoers/regress/testsudoers/test14.sh,
 9326 	plugins/sudoers/regress/testsudoers/test15.out.ok,
 9327 	plugins/sudoers/regress/testsudoers/test15.sh:
 9328 	Add tests for entries without a newline.
 9329 	[98a50d8301a8]
 9330 
 9331 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9332 	Fix handling of a command spec without a newline at the end. For
 9333 	include files, we may need to inject a newline token now that the
 9334 	grammar requires lines to end with a newline or EOF. There is no END
 9335 	(EOF) token processed after popping off an include file since
 9336 	everything is just treated as one big file.
 9337 	[3e6c62ea7237]
 9338 
 9339 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9340 	Mark sudoerserror() messages for translation.
 9341 	[d6a173cea48b]
 9342 
 9343 	* plugins/sudoers/regress/sudoers/test8.toke.ok,
 9344 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9345 	Fix line number accounting when a string contains a newline. Strings
 9346 	are not allowed to span multiple lines without a continuation
 9347 	character. Also provide a better error message if we are in the
 9348 	middle of a string and hit EOF.
 9349 	[cf34b0a3beba]
 9350 
 9351 2020-09-26  Todd C. Miller  <Todd.Miller@sudo.ws>
 9352 
 9353 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 9354 	plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
 9355 	plugins/sudoers/toke.l:
 9356 	Use sudoerschar (yychar) instead of last_token. The parser already
 9357 	provides a way to examing the last token processed, we don't need to
 9358 	add our own.
 9359 	[ba35fe36bd56]
 9360 
 9361 2020-09-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 9362 
 9363 	* lib/util/closefrom.c, lib/util/getentropy.c, lib/util/pipe2.c,
 9364 	lib/util/term.c, lib/util/ttyname_dev.c, plugins/sudoers/auth/pam.c,
 9365 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/env.c,
 9366 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
 9367 	plugins/sudoers/gmtoff.c, plugins/sudoers/locale.c,
 9368 	plugins/sudoers/logging.h, plugins/sudoers/policy.c,
 9369 	plugins/sudoers/starttime.c, plugins/sudoers/sudoers.c,
 9370 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 9371 	plugins/system_group/system_group.c, src/load_plugins.c, src/sudo.c,
 9372 	src/sudo_plugin_int.h, src/tgetpass.c, src/ttyname.c:
 9373 	Fix -Wshadow warnings.
 9374 	[5480e97a1160]
 9375 
 9376 	* configure, configure.ac:
 9377 	Add -Wshadow to warning flags if the compiler supports it.
 9378 	[6f29b5ebc2b8]
 9379 
 9380 	* MANIFEST, plugins/sudoers/regress/testsudoers/test13.out.ok,
 9381 	plugins/sudoers/regress/testsudoers/test13.sh:
 9382 	Add test for syntax error when defining an alias using a reserved
 9383 	word.
 9384 	[4c90b3952ed1]
 9385 
 9386 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 9387 	Fix pasto, TIMEOUT not CMND_TIMEOUT.
 9388 	[842ad3a578f2]
 9389 
 9390 	* NEWS, doc/UPGRADE, doc/sudoers.man.in, doc/sudoers.man.in.sed,
 9391 	doc/sudoers.mdoc.in:
 9392 	Document reserved words that cannot be used as alias names. Bug #941
 9393 	[4b37a2174cd2]
 9394 
 9395 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 9396 	plugins/sudoers/sudoers_version.h:
 9397 	Detect when a reserved word is used when declaring an alias. Now
 9398 	instead of "syntax error, unexpected CHROOT, expecting ALIAS" the
 9399 	message is "syntax error, reserved word used as an alias name" Bug
 9400 	#941
 9401 	[dfc55de5526c]
 9402 
 9403 2020-09-23  Todd C. Miller  <Todd.Miller@sudo.ws>
 9404 
 9405 	* .hgtags:
 9406 	Added tag SUDO_1_9_3p1 for changeset 02c47b39359e
 9407 	[23bf4d95356d] <1.9>
 9408 
 9409 	* merge sudo 1.9.3p1 from tip
 9410 	[02c47b39359e] [SUDO_1_9_3p1] <1.9>
 9411 
 9412 	* plugins/sudoers/sudoers.c:
 9413 	Fix potential NULL deref in debug code.
 9414 	[c6b8910ac7dc]
 9415 
 9416 	* plugins/sudoers/getspwuid.c:
 9417 	Close the passwd db before calling getpwnam_shadow(3). Otherwise, we
 9418 	will get the non-shadow passwd entry ("*") since we called
 9419 	setpassent(3) earlier to keep the passwd db open.
 9420 	[71ee5e16e4c5]
 9421 
 9422 	* configure, configure.ac:
 9423 	Fix configure test for crypt(3) when it is present in libc. Fixes a
 9424 	regression introduced in sudo 1.9.3.
 9425 	[0d77733de667]
 9426 
 9427 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
 9428 	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
 9429 	Add SLOG_AUDIT flag for log_warningx() to also audit the message.
 9430 	This lets us combine audit_failure() and log_warningx() calls with
 9431 	the same message.
 9432 	[23a8a5eab2ff]
 9433 
 9434 	* plugins/sudoers/sudoers.c:
 9435 	Log when user-specified command line options are rejected by
 9436 	sudoers. We already audit those but in some cases they were not
 9437 	logged as well.
 9438 	[30d991993763]
 9439 
 9440 	* NEWS, configure, configure.ac:
 9441 	Update for sudo 1.9.3p1
 9442 	[0cbbb7608c3f]
 9443 
 9444 2020-09-21  Todd C. Miller  <Todd.Miller@sudo.ws>
 9445 
 9446 	* .hgtags:
 9447 	Added tag SUDO_1_9_3 for changeset bdd40c087bec
 9448 	[eca7e986d20f] <1.9>
 9449 
 9450 	* merge sudo 1.9.3 from tip
 9451 	[bdd40c087bec] [SUDO_1_9_3] <1.9>
 9452 
 9453 2020-09-20  Todd C. Miller  <Todd.Miller@sudo.ws>
 9454 
 9455 	* configure, configure.ac:
 9456 	Move warning about plaintext password to the end of configure. It is
 9457 	unlikely to be noticed at the beginning of the output.
 9458 	[b3b5abcedc73]
 9459 
 9460 2020-09-19  Todd C. Miller  <Todd.Miller@sudo.ws>
 9461 
 9462 	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 9463 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 9464 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 9465 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 9466 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 9467 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
 9468 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 9469 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 9470 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 9471 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/eo.mo,
 9472 	po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po:
 9473 	Updated translations from translationproject.org
 9474 	[54b5484b2756]
 9475 
 9476 2020-09-18  Todd C. Miller  <Todd.Miller@sudo.ws>
 9477 
 9478 	* config.h.in, configure, configure.ac, plugins/sudoers/auth/passwd.c:
 9479 	Use a simple string compare on systems without crypt(3). This is
 9480 	only used on systems without PAM, BSD authentication or AIX
 9481 	authentication. Bug #940.
 9482 	[aed39197f364]
 9483 
 9484 	* src/utmp.c:
 9485 	Fix typo in last commit.
 9486 	[30a77a50f7b2]
 9487 
 9488 2020-09-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 9489 
 9490 	* src/sudo_edit.c:
 9491 	Only use faccessat(3) if AT_EACCESS is defined. Apparently Android
 9492 	(bionic) has faccessat() but not AT_EACCESS. Bug #940.
 9493 	[18604919a023]
 9494 
 9495 	* src/utmp.c:
 9496 	Guard use of ttyslot() with HAVE_TTYSLOT, fix guard for
 9497 	utmp_setid(). This should make it easier to compile sudo on Android
 9498 	which doesn't provide a way to write to the utmp file. Bug #940.
 9499 	[69fe5b8426cd]
 9500 
 9501 2020-09-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 9502 
 9503 	* po/zh_CN.mo, po/zh_CN.po:
 9504 	Updated translations from translationproject.org
 9505 	[ef72535d71a5]
 9506 
 9507 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
 9508 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 9509 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 9510 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 9511 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
 9512 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 9513 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 9514 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 9515 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 9516 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
 9517 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 9518 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
 9519 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 9520 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
 9521 	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
 9522 	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/it.mo,
 9523 	po/it.po, po/ja.mo, po/ja.po, po/pl.mo, po/pl.po, po/pt.mo,
 9524 	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo, po/sr.po, po/tr.mo,
 9525 	po/tr.po, po/uk.mo, po/uk.po, po/zh_TW.mo, po/zh_TW.po:
 9526 	Updated translations from translationproject.org
 9527 	[48fdb293a803]
 9528 
 9529 	* configure, configure.ac, plugins/sudoers/po/sudoers.pot:
 9530 	Back out sudo 1.9.3b1 version change.
 9531 	[70cee88da8b1]
 9532 
 9533 2020-09-14  Todd C. Miller  <Todd.Miller@sudo.ws>
 9534 
 9535 	* NEWS, configure, configure.ac, plugins/sudoers/defaults.c,
 9536 	plugins/sudoers/po/sudoers.pot:
 9537 	Fix typo in warning for T_CHPATH, list '~' not '*' twice. Bug #938
 9538 	[d516bebe9644]
 9539 
 9540 2020-09-12  Todd C. Miller  <Todd.Miller@sudo.ws>
 9541 
 9542 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
 9543 	Update .pot files for 1.9.3.
 9544 	[47cedd231dd6]
 9545 
 9546 2020-09-10  Todd C. Miller  <Todd.Miller@sudo.ws>
 9547 
 9548 	* plugins/sudoers/iolog_client.c:
 9549 	Add missing check for strdup() failure. Coverity CID 214243
 9550 	[86cf4da0cd81]
 9551 
 9552 	* examples/sudoers:
 9553 	Sync example sudoers with manual page.
 9554 	[1ccf32907f11]
 9555 
 9556 2020-09-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 9557 
 9558 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
 9559 	Add simple runchroot and runcwd examples. Also document the
 9560 	limitation of command-based Defaults settings.
 9561 	[6a610884670c]
 9562 
 9563 	* plugins/sudoers/sudoers.c:
 9564 	Add callback for runchroot Defaults and require password -D/-R
 9565 	checks. Using a command-based Default for runchroot will still only
 9566 	work for paths that exist both in and outside the chroot.
 9567 	[a50148e16b89]
 9568 
 9569 	* plugins/sudoers/defaults.c, plugins/sudoers/match.c,
 9570 	plugins/sudoers/match_command.c, plugins/sudoers/parse.c,
 9571 	plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
 9572 	plugins/sudoers/testsudoers.c:
 9573 	Pass a struct to the match functions to track the resolved command.
 9574 	This makes it possible to update user_cmnd and cmnd_status modified
 9575 	by per-rule CHROOT settings.
 9576 	[c71faa1f5ea1]
 9577 
 9578 	* plugins/sudoers/defaults.c, plugins/sudoers/editor.c,
 9579 	plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
 9580 	plugins/sudoers/match.c, plugins/sudoers/match_command.c,
 9581 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 9582 	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
 9583 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
 9584 	Take the chroot into account when search for the command. This could
 9585 	a a user-specific chroot via the -R option, a runchroot Defaults
 9586 	value, or a per-command CHROOT spec in the sudoers rule.
 9587 	[d8765611b48c]
 9588 
 9589 2020-09-06  Todd C. Miller  <Todd.Miller@sudo.ws>
 9590 
 9591 	* configure, configure.ac:
 9592 	Remove closefrom_fallback() from lib/util/util.exp. It is a static
 9593 	function and should not be exported.
 9594 	[dc09dc563197]
 9595 
 9596 2020-09-06  Evan Anderson  <evan@eaanderson.com>
 9597 
 9598 	* configure, m4/sudo.m4:
 9599 	configure: Fix runstatedir handling for distros that do not support
 9600 	it
 9601 
 9602 	runstatedir was added in yet-to-be released autoconf 2.70. Some
 9603 	distros are shipping this addition in their autoconf packages, but
 9604 	others, such as Fedora, are not. This causes the rundir variable to
 9605 	be set incorrectly if the configure script is regenerated with an
 9606 	unpatched autoconf since the runstatedir variable set is deleted
 9607 	after regeneration. This change works around that problem by
 9608 	checking that runstatedir is non-empty before potentially using it
 9609 	to set the rundir variable
 9610 	[35c1eb25dd9d]
 9611 
 9612 2020-09-05  Todd C. Miller  <Todd.Miller@sudo.ws>
 9613 
 9614 	* lib/util/Makefile.in:
 9615 	We need to link with NET_LIBS for gai_strerror() on some systems.
 9616 	From Tim Rice
 9617 	[b10aeb7ec2ed]
 9618 
 9619 	* ltmain.sh:
 9620 	Fix sco library versioning; fallout from frebsd-elf reorg. From Tim
 9621 	Rice
 9622 	[072a37c2d3cb]
 9623 
 9624 	* configure, configure.ac:
 9625 	SVR4/5 fixes and long password support for OpenServer 6 & 5. From
 9626 	Tim Rice
 9627 	[8622970c77c3]
 9628 
 9629 	* lib/logsrv/protobuf-c.c:
 9630 	Use config.h to handle systems without inline function support.
 9631 	[1ba5301de713]
 9632 
 9633 	* configure, configure.ac:
 9634 	Prefer dlopen() over shl_load() on HP-UX 11.11 and higher.
 9635 	[065316970f79]
 9636 
 9637 	* include/sudo_fatal.h, lib/util/fatal.c:
 9638 	Define sudo_warn_setlocale_t and use sudo_conv_t in sudo_fatal.h.
 9639 	Works around a bug in older versions of the HP ANSI C compiler and
 9640 	results in more readable code.
 9641 	[0e53ec783100]
 9642 
 9643 	* configure, configure.ac:
 9644 	HP-UX cc may not allow __declspec(dllexport) to be used in
 9645 	conjunction with "#pragma HP_DEFINED_EXTERNAL" when redefining
 9646 	standard libc functions.
 9647 	[7190082c3a09]
 9648 
 9649 2020-09-04  Todd C. Miller  <Todd.Miller@sudo.ws>
 9650 
 9651 	* configure, configure.ac:
 9652 	Fix check for hiding unexported symbols on HP-UX. We need to pass
 9653 	the -b option to the compiler, not just the linker, so it will
 9654 	choose the PIC C runtime.
 9655 	[bc1b9351cbce]
 9656 
 9657 	* src/regress/ttyname/check_ttyname.c:
 9658 	Check that the files are character devices before comparing st_rdev.
 9659 	[d9f8b730d131]
 9660 
 9661 	* src/regress/ttyname/check_ttyname.c:
 9662 	Fix regress when ttyname(3) returns the same device under a
 9663 	different name. On systems that have both new and old pty names we
 9664 	can end up with a name mismatch even though the underlying device is
 9665 	the same.
 9666 	[3760f44d81d4]
 9667 
 9668 	* plugins/sudoers/regress/testsudoers/test3.sh:
 9669 	Use the same pattern of redefining TESTDIR as test10.sh. Adapted
 9670 	from a diff from Tim Rice.
 9671 	[378590625bfd]
 9672 
 9673 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
 9674 	Rename sa_len -> sa_size to avoid a conflict on UnixWare and others.
 9675 	On some systems, sa_len is a #define for 4.4BSD compatibility.
 9676 	[a369d15175dd]
 9677 
 9678 	* plugins/sudoers/pwutil.c:
 9679 	Include strings.h for strcasecmp(3). From Tim Rice
 9680 	[27be3ee47426]
 9681 
 9682 	* lib/util/getentropy.c:
 9683 	Add missing #ifdef HAVE_CLOCK_GETTIME in getentropy_fallback() From
 9684 	Tim Rice
 9685 	[4bdcf1048196]
 9686 
 9687 	* plugins/sudoers/Makefile.in:
 9688 	Regen for check_exptilde.o
 9689 	[b3e2a87b5144]
 9690 
 9691 	* lib/util/Makefile.in, scripts/mkdep.pl:
 9692 	Add missing dependency info for cfmakeraw.lo in lib/util/Makefile.in
 9693 	From Tim Rice
 9694 	[18d953844745]
 9695 
 9696 	* plugins/sudoers/auth/pam.c:
 9697 	Be consistent and use __hpux not __hpux__ like the rest of sudo.
 9698 	[dd5ef59dc980]
 9699 
 9700 	* lib/logsrv/protobuf-c.c:
 9701 	Replace "static inline" with "static __inline" for older compilers.
 9702 	[a09412277d0f]
 9703 
 9704 	* MANIFEST, include/log_server.pb-c.h, lib/logsrv/Makefile.in,
 9705 	lib/logsrv/log_server.pb-c.c, logsrvd/eventlog.c,
 9706 	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/sendlog.c,
 9707 	plugins/sudoers/iolog_client.c, scripts/unanon:
 9708 	Post-process protoc-c files to avoid depending on anonymous unions.
 9709 	Based on a patch from Michael Osipov. GitHub issue #60
 9710 	[13ab1ec22477]
 9711 
 9712 	* src/preload.c:
 9713 	Add sudoers_audit to sudo_sudoers_plugin_symbols[] array. Fixes
 9714 	loading of sudoers_audit when configured with --enable-static-
 9715 	sudoers. GitHub issue #61
 9716 	[f0bd4b5cd7b3]
 9717 
 9718 2020-09-03  Todd C. Miller  <Todd.Miller@sudo.ws>
 9719 
 9720 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 9721 	Fix copy and paste error; Coverity CID 214191
 9722 	[49044d66dffc]
 9723 
 9724 	* plugins/sudoers/visudo.c:
 9725 	Fix memory leak on error found by the clang 10.01 analyzer.
 9726 	[12de4dd014eb]
 9727 
 9728 	* src/limits.c:
 9729 	Use correct size for curlim and maxlim.
 9730 	[1fc6aea5ece0]
 9731 
 9732 	* configure, configure.ac, doc/Makefile.in:
 9733 	Only install man pages for logsrvd and python plugin if we build
 9734 	them. GitHub issue #58
 9735 	[e92799dd4886]
 9736 
 9737 	* Makefile.in, configure, configure.ac, doc/Makefile.in:
 9738 	Remove obsolete mansrcdir variable, add _SRC suffix to LOGSRV and
 9739 	LOGSRVD
 9740 	[aa9c0f8cb227]
 9741 
 9742 2020-09-02  Todd C. Miller  <Todd.Miller@sudo.ws>
 9743 
 9744 	* logsrvd/eventlog.c, plugins/sudoers/logging.c:
 9745 	If the command was run in a chroot, add it to the log.
 9746 	[0cda78f7ed40]
 9747 
 9748 	* MANIFEST, plugins/sudoers/regress/testsudoers/test12.out.ok,
 9749 	plugins/sudoers/regress/testsudoers/test12.sh:
 9750 	Add test of multiple syntax errors. Where possible, the portion of
 9751 	the line before the error should be still be interpreted.
 9752 	[3af61a54586f]
 9753 
 9754 	* logsrvd/eventlog.c, logsrvd/iolog_writer.c,
 9755 	plugins/sudoers/logging.c, plugins/sudoers/policy.c,
 9756 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 9757 	Log the runcwd not submitcwd in the sudo-style log file. The log
 9758 	entry should reflect the working directory the command actually ran
 9759 	in.
 9760 	[a477dee74683]
 9761 
 9762 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 9763 	Fix error recovery in a privilege after a ':' separator.
 9764 	[02c4b5872a38]
 9765 
 9766 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 9767 	Initialize runchroot and runcwd in init_options()
 9768 	[13bebf71955d]
 9769 
 9770 	* MANIFEST:
 9771 	Fix path to check_exptilde.c
 9772 	[7dc831cbd59d]
 9773 
 9774 	* include/log_server.pb-c.h, include/protobuf-c/protobuf-c.h,
 9775 	lib/logsrv/protobuf-c.c:
 9776 	Update to protobuf-c 1.3.3
 9777 	[22a88bccb611]
 9778 
 9779 2020-09-01  Todd C. Miller  <Todd.Miller@sudo.ws>
 9780 
 9781 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h:
 9782 	Regenerate the parser with "bison -y" for verbose syntax error
 9783 	messages.
 9784 	[e1530c5b8960]
 9785 
 9786 	* NEWS:
 9787 	Add chroot/chdir changes.
 9788 	[9367855da7d1]
 9789 
 9790 	* doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudo_plugin.man.in,
 9791 	doc/sudo_plugin.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 9792 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
 9793 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 9794 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 9795 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 9796 	plugins/sudoers/sudoers.h, src/parse_args.c, src/sudo_usage.h.in:
 9797 	Support "*" for CWD/CHROOT to allow user to specify cwd or chroot.
 9798 	Adds two new command line options, -D (--chdir) and -R (--chroot)
 9799 	that can only be used when sudoers sets runcwd or runchroot to "*".
 9800 	[afeb73867b66]
 9801 
 9802 	* MANIFEST, lib/util/Makefile.in, plugins/sudoers/Makefile.in,
 9803 	plugins/sudoers/exptilde.c,
 9804 	plugins/sudoers/regress/exptilde/check_exptilde.c:
 9805 	Unit test for exptilde
 9806 	[f0d7b0031fea]
 9807 
 9808 	* MANIFEST, plugins/sudoers/cvtsudoers_json.c,
 9809 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
 9810 	plugins/sudoers/ldap_util.c, plugins/sudoers/parse.c,
 9811 	plugins/sudoers/regress/sudoers/test24.in,
 9812 	plugins/sudoers/regress/sudoers/test24.json.ok,
 9813 	plugins/sudoers/regress/sudoers/test24.ldif.ok,
 9814 	plugins/sudoers/regress/sudoers/test24.ldif2sudo.ok,
 9815 	plugins/sudoers/regress/sudoers/test24.out.ok,
 9816 	plugins/sudoers/regress/sudoers/test24.sudo.ok,
 9817 	plugins/sudoers/regress/sudoers/test24.toke.ok:
 9818 	Add support for runchroot and runcwd to "sudo -l" and cvtsudoers.
 9819 	[9f5ecd22d822]
 9820 
 9821 	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c,
 9822 	lib/iolog/iolog_json.c, lib/iolog/iolog_util.c,
 9823 	logsrvd/iolog_writer.c, logsrvd/logsrvd.h, plugins/sudoers/iolog.c,
 9824 	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
 9825 	Read/write runchroot and runcwd entries in the JSON event log.
 9826 	[3edb8305abe9]
 9827 
 9828 	* MANIFEST, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 9829 	plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
 9830 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 9831 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 9832 	plugins/sudoers/exptilde.c, plugins/sudoers/gram.c,
 9833 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 9834 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 9835 	plugins/sudoers/policy.c,
 9836 	plugins/sudoers/regress/sudoers/test1.toke.ok,
 9837 	plugins/sudoers/regress/sudoers/test11.toke.ok,
 9838 	plugins/sudoers/regress/sudoers/test12.toke.ok,
 9839 	plugins/sudoers/regress/sudoers/test13.toke.ok,
 9840 	plugins/sudoers/regress/sudoers/test14.toke.ok,
 9841 	plugins/sudoers/regress/sudoers/test15.toke.ok,
 9842 	plugins/sudoers/regress/sudoers/test16.toke.ok,
 9843 	plugins/sudoers/regress/sudoers/test17.toke.ok,
 9844 	plugins/sudoers/regress/sudoers/test18.toke.ok,
 9845 	plugins/sudoers/regress/sudoers/test19.toke.ok,
 9846 	plugins/sudoers/regress/sudoers/test22.toke.ok,
 9847 	plugins/sudoers/regress/sudoers/test3.toke.ok,
 9848 	plugins/sudoers/regress/sudoers/test4.toke.ok,
 9849 	plugins/sudoers/regress/sudoers/test6.toke.ok,
 9850 	plugins/sudoers/regress/sudoers/test8.toke.ok,
 9851 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_version.h,
 9852 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 9853 	Add CHROOT and CWD sudoers options. Also matching runchroot and
 9854 	runcwd Defaults settings.
 9855 	[2f0aca92c360]
 9856 
 9857 2020-08-31  Todd C. Miller  <Todd.Miller@sudo.ws>
 9858 
 9859 	* NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 9860 	include/sudo_plugin.h, plugins/python/regress/testdata/check_multipl
 9861 	e_approval_plugin_and_arguments.stdout, src/exec.c, src/limits.c,
 9862 	src/sudo.c, src/sudo.h:
 9863 	Pass resource limits values to the plugin in user_info[] Sudo resets
 9864 	the resource limits early in its execution so the plugin cannot tell
 9865 	what the original limits were itself.
 9866 	[64957c5875f3]
 9867 
 9868 	* doc/Makefile.in, doc/sudo_logsrvd.man.in,
 9869 	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
 9870 	lib/logsrv/Makefile.in, lib/util/cfmakeraw.c, lib/util/fchmodat.c,
 9871 	lib/util/fstatat.c, lib/util/getdelim.c, lib/util/getusershell.c,
 9872 	lib/util/openat.c, lib/util/regress/getdelim/getdelim_test.c,
 9873 	lib/util/regress/strsig/strsig_test.c,
 9874 	lib/util/regress/strtofoo/strtobool_test.c,
 9875 	lib/util/regress/strtofoo/strtoid_test.c,
 9876 	lib/util/regress/strtofoo/strtomode_test.c,
 9877 	lib/util/regress/strtofoo/strtonum_test.c,
 9878 	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c,
 9879 	lib/util/strtoid.c, lib/util/strtonum.c, lib/util/term.c,
 9880 	lib/util/unlinkat.c, logsrvd/Makefile.in, logsrvd/eventlog.c,
 9881 	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
 9882 	plugins/python/Makefile.in, plugins/python/pyhelpers.c,
 9883 	plugins/python/pyhelpers.h, plugins/python/python_baseplugin.c,
 9884 	plugins/python/python_convmessage.c,
 9885 	plugins/python/python_importblocker.c,
 9886 	plugins/python/python_loghandler.c,
 9887 	plugins/python/python_plugin_approval.c,
 9888 	plugins/python/python_plugin_audit.c,
 9889 	plugins/python/python_plugin_common.c,
 9890 	plugins/python/python_plugin_common.h,
 9891 	plugins/python/python_plugin_group.c,
 9892 	plugins/python/python_plugin_io.c,
 9893 	plugins/python/python_plugin_policy.c,
 9894 	plugins/python/sudo_python_debug.c,
 9895 	plugins/python/sudo_python_module.c,
 9896 	plugins/python/sudo_python_module.h, plugins/sudoers/fmtsudoers.c,
 9897 	plugins/sudoers/group_plugin.c, plugins/sudoers/ldap_conf.c,
 9898 	plugins/sudoers/parse.c, plugins/sudoers/parse_ldif.c,
 9899 	plugins/sudoers/set_perms.c, plugins/sudoers/starttime.c,
 9900 	plugins/sudoers/tsdump.c, src/exec_monitor.c, src/exec_nopty.c,
 9901 	src/limits.c, src/ttyname.c:
 9902 	Update copyright year on some files where it was out of date.
 9903 	[2086262cd012]
 9904 
 9905 2020-08-27  Todd C. Miller  <Todd.Miller@sudo.ws>
 9906 
 9907 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/visudo.man.in,
 9908 	doc/visudo.mdoc.in:
 9909 	Refer to "syntax error" instead of "parse error". This is the term
 9910 	the parser uses when there is an actual error.
 9911 	[7134b6869432]
 9912 
 9913 	* plugins/sudoers/visudo.c:
 9914 	Remove superfluous "parse error in sudoers near line N" message. The
 9915 	sudoers parser now produces better syntax error messages so we don't
 9916 	need visudo to print its own.
 9917 	[9c32131fb6ac]
 9918 
 9919 	* plugins/sudoers/visudo.c:
 9920 	Don't override errorfile and errorlineno set by check_aliases(). Now
 9921 	that alias parsing stores the file and line number, visudo can use
 9922 	that information to go to the line with an error when re-editing.
 9923 	[896d1f73ca02]
 9924 
 9925 2020-08-25  Todd C. Miller  <Todd.Miller@sudo.ws>
 9926 
 9927 	* config.h.in, configure, configure.ac, lib/util/sig2str.c,
 9928 	lib/util/str2sig.c:
 9929 	Use sigabbrev_np(3) to access signal abbreviations if supported.
 9930 	glibc-2.32 has removed sys_sigabbrev[], we can use sigabbrev_np(3)
 9931 	instead.
 9932 	[e30482f26924]
 9933 
 9934 2020-08-17  Todd C. Miller  <Todd.Miller@sudo.ws>
 9935 
 9936 	* NEWS:
 9937 	Briefly describe how to restore historical parse error behavior.
 9938 	[1ede927d99b3]
 9939 
 9940 	* NEWS, doc/UPGRADE:
 9941 	Mention eof-of-line terminator and plugin argument changes.
 9942 	[96cd7a3477fa]
 9943 
 9944 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, src/load_plugins.c:
 9945 	Fix sudoers_policy plugin options when sudoers_audit is not listed.
 9946 	As of sudo 1.9.1 the sudoers file is opened by the audit plugin, not
 9947 	the policy plugin. As a result, plugin options set for
 9948 	sudoers_policy have no effect. If sudoers_policy has plugin options
 9949 	in sudo.conf and sudoers_audit is not listed, move the options to
 9950 	sudoers_audit so they will have an effect.
 9951 	[839a9a9c0cc3]
 9952 
 9953 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/file.c,
 9954 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
 9955 	sudoers error recovery can be configured via an "error_recovery"
 9956 	setting. This setting is an argument to the sudoers plugin, similar
 9957 	to how sudoers_file, sudoers_mode, sudoers_uid, etc. are
 9958 	implemented. The default value is true.
 9959 	[86f7059f9e45]
 9960 
 9961 	* plugins/sudoers/regress/testsudoers/test11.sh:
 9962 	Make this test pass with bison's verbose error messages.
 9963 	[a2a8e4ca3f63]
 9964 
 9965 2020-08-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 9966 
 9967 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 9968 	Recover from a syntax error after the ':' in a privilege spec. For
 9969 	compound privilege specs, don't throw away the entire thing if we
 9970 	have a syntax error, only the part after the error is encountered.
 9971 	[d6ef4e6ca624]
 9972 
 9973 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 9974 	plugins/sudoers/regress/sudoers/test5.toke.ok:
 9975 	Add explicit end-of-line matching in the parser for better error
 9976 	messages. A valid line in sudoers must end in a newline or EOF.
 9977 	Previously, it was possible (though not documented) to have multiple
 9978 	user specs on a single line. Now, each must be on its own line.
 9979 	[9f513e9b10ee]
 9980 
 9981 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 9982 	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
 9983 	plugins/sudoers/toke.l:
 9984 	Add NOMATCH token and use it in the lexer for an unmatched pattern.
 9985 	The ERROR token is now only used for errors detected by the lexer
 9986 	and for which we've already printed an error. This lets us remove
 9987 	the hack in sudoerserror() and just check last_token to determine
 9988 	whether or not to display the error.
 9989 	[0ca11ad5b7f3]
 9990 
 9991 2020-08-15  Todd C. Miller  <Todd.Miller@sudo.ws>
 9992 
 9993 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 9994 	Enable error recovery for syntax erorrs that don't end with a
 9995 	newline. A syntax error on the last line of a sudoers file with no
 9996 	trailing newline is now recoverable.
 9997 	[020f76d7f369]
 9998 
 9999 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10000 	plugins/sudoers/regress/testsudoers/test11.out.ok:
10001 	Add error recovery for unexpected tokens after include/includedir.
10002 	[1aedd819916d]
10003 
10004 	* NEWS:
10005 	Sudo 1.9.3 changes so far.
10006 	[bc6c6321a065]
10007 
10008 	* configure, configure.ac:
10009 	sudo 1.9.3
10010 	[432950d9f778]
10011 
10012 2020-08-14  Todd C. Miller  <Todd.Miller@sudo.ws>
10013 
10014 	* scripts/pp:
10015 	Format the macOS minor version number with two digits. This way we
10016 	get consistent 4-digit version numbers even for macOS verions like
10017 	10.3 or 11.0 where the minor number is a single digit. For example.
10018 	10.3 will be formatted as 1003 and 11.0 will be 1100.
10019 	[7f48e10be9ae]
10020 
10021 2020-08-13  Todd C. Miller  <Todd.Miller@sudo.ws>
10022 
10023 	* lib/zlib/infback.c, lib/zlib/inflate.c:
10024 	Add missing ZFALLTHROUGH and use spaces not tabs.
10025 	[4b1c71cfb8a9]
10026 
10027 	* scripts/pp:
10028 	Fix probe for macOS Big Sur "sw_vers -productName" now returns
10029 	"macOS", not "Mac OS X"
10030 	[4caad8ca5b0c]
10031 
10032 2020-08-12  Todd C. Miller  <Todd.Miller@sudo.ws>
10033 
10034 	* plugins/python/pyhelpers.c, plugins/python/python_plugin_common.h,
10035 	plugins/python/sudo_python_module.c, src/parse_args.c,
10036 	src/selinux.c:
10037 	Fix some warnings from pvs-studio
10038 	[fa83bb619209]
10039 
10040 	* Makefile.in, lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
10041 	lib/util/aix.c, lib/util/sudo_debug.c, logsrvd/logsrvd.c,
10042 	logsrvd/sendlog.c, plugins/audit_json/audit_json.c,
10043 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/fwtk.c,
10044 	plugins/sudoers/auth/securid5.c, plugins/sudoers/bsm_audit.c,
10045 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_json.c,
10046 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/env.c,
10047 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
10048 	plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
10049 	plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
10050 	plugins/sudoers/parse.c, plugins/sudoers/policy.c,
10051 	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
10052 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
10053 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
10054 	src/copy_file.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
10055 	src/exec_nopty.c, src/exec_pty.c, src/load_plugins.c,
10056 	src/parse_args.c, src/selinux.c, src/sesh.c, src/solaris.c,
10057 	src/sudo.c, src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
10058 	Fix some warnings from pvs-studio
10059 	[164a51c446da]
10060 
10061 	* plugins/sudoers/ldap.c, plugins/sudoers/ldap_util.c,
10062 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
10063 	plugins/sudoers/sssd.c:
10064 	Use angle quotes when including gram.h and def_data.c. Otherwise, we
10065 	can include the wrong file when doing an out-of-source build when
10066 	configured using --with-devel.
10067 	[105e52a86e22]
10068 
10069 	* lib/util/fatal.c, lib/util/regress/fnmatch/fnm_test.c,
10070 	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
10071 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog_client.c,
10072 	plugins/sudoers/logging.c, plugins/sudoers/match.c,
10073 	plugins/sudoers/match_command.c, plugins/sudoers/sudoers.c,
10074 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
10075 	src/parse_args.c:
10076 	Move inclusion of compat headers up with the system headers. Now
10077 	that sudo_dso_public is defined in config.h we don't need
10078 	sudo_compat.h before including the compat headers.
10079 	[da2103ee7ba8]
10080 
10081 	* config.h.in, configure.ac, include/compat/fnmatch.h,
10082 	include/compat/getaddrinfo.h, include/compat/getopt.h,
10083 	include/compat/glob.h, include/compat/sha2.h, include/sudo_compat.h,
10084 	include/sudo_conf.h, include/sudo_debug.h, include/sudo_digest.h,
10085 	include/sudo_dso.h, include/sudo_event.h, include/sudo_fatal.h,
10086 	include/sudo_json.h, include/sudo_lbuf.h, include/sudo_rand.h,
10087 	include/sudo_util.h, lib/iolog/regress/host_port/host_port_test.c,
10088 	lib/iolog/regress/iolog_json/check_iolog_json.c,
10089 	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
10090 	lib/iolog/regress/iolog_path/check_iolog_path.c,
10091 	lib/iolog/regress/iolog_util/check_iolog_util.c,
10092 	lib/util/mksiglist.c, lib/util/mksigname.c,
10093 	lib/util/regress/fnmatch/fnm_test.c,
10094 	lib/util/regress/getdelim/getdelim_test.c,
10095 	lib/util/regress/getgrouplist/getgrouplist_test.c,
10096 	lib/util/regress/glob/globtest.c,
10097 	lib/util/regress/mktemp/mktemp_test.c,
10098 	lib/util/regress/parse_gids/parse_gids_test.c,
10099 	lib/util/regress/progname/progname_test.c,
10100 	lib/util/regress/strsig/strsig_test.c,
10101 	lib/util/regress/strsplit/strsplit_test.c,
10102 	lib/util/regress/strtofoo/strtobool_test.c,
10103 	lib/util/regress/strtofoo/strtoid_test.c,
10104 	lib/util/regress/strtofoo/strtomode_test.c,
10105 	lib/util/regress/strtofoo/strtonum_test.c,
10106 	lib/util/regress/sudo_conf/conf_test.c,
10107 	lib/util/regress/sudo_parseln/parseln_test.c,
10108 	lib/util/regress/tailq/hltq_test.c,
10109 	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/term.c,
10110 	logsrvd/logsrvd.c, logsrvd/sendlog.c,
10111 	plugins/audit_json/audit_json.c, plugins/group_file/group_file.c,
10112 	plugins/group_file/plugin_test.c,
10113 	plugins/python/python_plugin_approval.c,
10114 	plugins/python/python_plugin_audit.c,
10115 	plugins/python/python_plugin_group.c,
10116 	plugins/python/python_plugin_io.c,
10117 	plugins/python/python_plugin_policy.c,
10118 	plugins/sample/sample_plugin.c,
10119 	plugins/sample_approval/sample_approval.c, plugins/sudoers/audit.c,
10120 	plugins/sudoers/cvtsudoers.c, plugins/sudoers/iolog.c,
10121 	plugins/sudoers/policy.c,
10122 	plugins/sudoers/regress/check_symbols/check_symbols.c,
10123 	plugins/sudoers/regress/env_match/check_env_pattern.c,
10124 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
10125 	plugins/sudoers/regress/logging/check_wrap.c,
10126 	plugins/sudoers/regress/parser/check_addr.c,
10127 	plugins/sudoers/regress/parser/check_base64.c,
10128 	plugins/sudoers/regress/parser/check_digest.c,
10129 	plugins/sudoers/regress/parser/check_fill.c,
10130 	plugins/sudoers/regress/parser/check_gentime.c,
10131 	plugins/sudoers/regress/parser/check_hexchar.c,
10132 	plugins/sudoers/regress/starttime/check_starttime.c,
10133 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
10134 	plugins/sudoers/testsudoers.c, plugins/sudoers/tsdump.c,
10135 	plugins/sudoers/visudo.c, plugins/system_group/system_group.c,
10136 	src/env_hooks.c, src/regress/noexec/check_noexec.c,
10137 	src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.c,
10138 	src/sudo_noexec.c:
10139 	Rename __dso_public -> sudo_dso_public and move to config.h.
10140 	[12550ec04e3a]
10141 
10142 	* lib/iolog/host_port.c, lib/iolog/iolog_fileio.c,
10143 	lib/iolog/iolog_json.c, lib/iolog/iolog_path.c,
10144 	lib/iolog/iolog_util.c, lib/util/ttyname_dev.c, logsrvd/eventlog.c,
10145 	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c, logsrvd/logsrvd.c,
10146 	logsrvd/logsrvd_conf.c, logsrvd/sendlog.c,
10147 	plugins/audit_json/audit_json.c, plugins/sample/sample_plugin.c,
10148 	plugins/sample_approval/sample_approval.c, plugins/sudoers/locale.c,
10149 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
10150 	src/net_ifs.c, src/sesh.c, src/sudo.h:
10151 	We no longer need to include sudo_gettext.h before sudo_compat.h
10152 	[660770ab7e7b]
10153 
10154 	* .gitignore, .hgignore:
10155 	Add *.map to the ignore file.
10156 	[e96b46d418db]
10157 
10158 2020-08-11  Todd C. Miller  <Todd.Miller@sudo.ws>
10159 
10160 	* etc/uncrustify.cfg:
10161 	Update to uncrustify 0.71.0
10162 	[dabd7b24c0d9]
10163 
10164 	* doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.man.in,
10165 	doc/sudoers.mdoc.in:
10166 	Mention visudo in sudo(8) and document sudoers error recovery.
10167 	[44acd34811fb]
10168 
10169 2020-08-10  Todd C. Miller  <Todd.Miller@sudo.ws>
10170 
10171 	* MANIFEST, config.h.in, configure, configure.ac,
10172 	include/sudo_compat.h, lib/util/Makefile.in, lib/util/freezero.c,
10173 	lib/util/getentropy.c, plugins/sudoers/auth/aix_auth.c,
10174 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
10175 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
10176 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
10177 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
10178 	scripts/mkdep.pl, src/conversation.c:
10179 	Use OpenBSD-compatible freezero() in place of explicit_bzero() +
10180 	free()
10181 	[af0a9ed1e259]
10182 
10183 	* MANIFEST, config.h.in, configure, configure.ac,
10184 	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
10185 	include/sudo_compat.h, include/sudo_plugin.h, lib/util/Makefile.in,
10186 	lib/util/arc4random.c, lib/util/explicit_bzero.c,
10187 	lib/util/getentropy.c, lib/util/memset_s.c, lib/util/sha2.c,
10188 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
10189 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
10190 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
10191 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
10192 	plugins/sudoers/auth/sudo_auth.c, scripts/mkdep.pl,
10193 	src/conversation.c:
10194 	Switch from memset_s() -> explicit_bzero(). memset_s() (and all of
10195 	Annex K) is likely to be removed from the a future version of the
10196 	standard.
10197 	[c0f81ef1ee3c]
10198 
10199 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
10200 	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
10201 	plugins/sudoers/toke.l:
10202 	Define YYERROR_VERBOSE for bison and rename COMMENT -> '\n' This
10203 	results in better error messages when there is a parse error
10204 	[7ba896f285a9]
10205 
10206 	* plugins/sudoers/mkdefaults:
10207 	Some minor cleanup. Use ntuples instead of tuple_last Strip leading
10208 	and trailing double quotes using a single gsub() ntuples will never
10209 	be zero so don't bother checking No need to explicitly close files
10210 	in END
10211 	[b841147900df]
10212 
10213 2020-08-07  Todd C. Miller  <Todd.Miller@sudo.ws>
10214 
10215 	* lib/util/event.c, plugins/sudoers/cvtsudoers_pwutil.c,
10216 	plugins/sudoers/defaults.c, plugins/sudoers/linux_audit.c,
10217 	plugins/sudoers/logging.c, plugins/sudoers/pwutil.c,
10218 	plugins/sudoers/pwutil_impl.c, src/selinux.c:
10219 	Quiet some clang 10 analyzer warnings.
10220 	[4147311f6278]
10221 
10222 	* logsrvd/sendlog.c:
10223 	Refactor freeing of InfoMessage list into free_info_messages(). Also
10224 	fixes a false positive from the clang analyzer.
10225 	[25a6f0035a33]
10226 
10227 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
10228 	plugins/sudoers/gram.y,
10229 	plugins/sudoers/regress/testsudoers/test11.out.ok,
10230 	plugins/sudoers/regress/testsudoers/test11.sh:
10231 	Require that a @include line end with a newline or EOF. We now parse
10232 	the entire line before reading the include file. This is less
10233 	surprising behavior and results in better error messages.
10234 	[ad6a2c991db6]
10235 
10236 	* plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
10237 	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
10238 	plugins/sudoers/regress/sudoers/test1.out.ok,
10239 	plugins/sudoers/regress/sudoers/test10.out.ok,
10240 	plugins/sudoers/regress/sudoers/test11.out.ok,
10241 	plugins/sudoers/regress/sudoers/test12.out.ok,
10242 	plugins/sudoers/regress/sudoers/test13.out.ok,
10243 	plugins/sudoers/regress/sudoers/test14.out.ok,
10244 	plugins/sudoers/regress/sudoers/test15.out.ok,
10245 	plugins/sudoers/regress/sudoers/test16.out.ok,
10246 	plugins/sudoers/regress/sudoers/test17.out.ok,
10247 	plugins/sudoers/regress/sudoers/test18.out.ok,
10248 	plugins/sudoers/regress/sudoers/test18.toke.ok,
10249 	plugins/sudoers/regress/sudoers/test19.out.ok,
10250 	plugins/sudoers/regress/sudoers/test2.out.ok,
10251 	plugins/sudoers/regress/sudoers/test20.out.ok,
10252 	plugins/sudoers/regress/sudoers/test21.out.ok,
10253 	plugins/sudoers/regress/sudoers/test22.out.ok,
10254 	plugins/sudoers/regress/sudoers/test23.out.ok,
10255 	plugins/sudoers/regress/sudoers/test3.out.ok,
10256 	plugins/sudoers/regress/sudoers/test4.out.ok,
10257 	plugins/sudoers/regress/sudoers/test4.toke.ok,
10258 	plugins/sudoers/regress/sudoers/test5.out.ok,
10259 	plugins/sudoers/regress/sudoers/test5.toke.ok,
10260 	plugins/sudoers/regress/sudoers/test6.out.ok,
10261 	plugins/sudoers/regress/sudoers/test7.out.ok,
10262 	plugins/sudoers/regress/sudoers/test7.toke.ok,
10263 	plugins/sudoers/regress/sudoers/test8.out.ok,
10264 	plugins/sudoers/regress/sudoers/test8.toke.ok,
10265 	plugins/sudoers/regress/sudoers/test9.out.ok,
10266 	plugins/sudoers/regress/testsudoers/test1.out.ok,
10267 	plugins/sudoers/regress/testsudoers/test10.out.ok,
10268 	plugins/sudoers/regress/testsudoers/test11.out.ok,
10269 	plugins/sudoers/regress/testsudoers/test2.out.ok,
10270 	plugins/sudoers/regress/testsudoers/test3.out.ok,
10271 	plugins/sudoers/regress/testsudoers/test4.out.ok,
10272 	plugins/sudoers/regress/testsudoers/test5.out.ok,
10273 	plugins/sudoers/regress/testsudoers/test6.out.ok,
10274 	plugins/sudoers/regress/testsudoers/test7.out.ok,
10275 	plugins/sudoers/regress/testsudoers/test8.out.ok,
10276 	plugins/sudoers/regress/testsudoers/test9.out.ok,
10277 	plugins/sudoers/regress/visudo/test2.err.ok,
10278 	plugins/sudoers/regress/visudo/test3.err.ok,
10279 	plugins/sudoers/regress/visudo/test8.err.ok,
10280 	plugins/sudoers/regress/visudo/test8.sh,
10281 	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
10282 	plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
10283 	Display more specific parser error messages when possible.
10284 	[91dd5d67bb83]
10285 
10286 	* plugins/sudoers/file.c:
10287 	Let the sudoers parser recover after a parse error. We currently
10288 	just discard the line with the error.
10289 	[712537665215]
10290 
10291 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10292 	plugins/sudoers/regress/testsudoers/test11.out.ok,
10293 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
10294 	plugins/sudoers/toke.l:
10295 	Keep track of the position of the current token for error messages.
10296 	[a5f6bd38267e]
10297 
10298 2020-08-06  Todd C. Miller  <Todd.Miller@sudo.ws>
10299 
10300 	* plugins/sudoers/Makefile.in:
10301 	regen
10302 	[28026a042255]
10303 
10304 	* plugins/sample_approval/sample_approval.exp:
10305 	Sync sample_approval.exp with sample_approval.c
10306 	[e810da8a6772]
10307 
10308 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10309 	plugins/sudoers/regress/testsudoers/test11.out.ok,
10310 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
10311 	plugins/sudoers/toke.l:
10312 	Store the current line in our own buffer for better error messages.
10313 	[33b2042e0028]
10314 
10315 2020-08-05  Todd C. Miller  <Todd.Miller@sudo.ws>
10316 
10317 	* etc/sudo-logsrvd.pp, etc/sudo.pp, scripts/mkpkg:
10318 	Fix libssl dependency on Debian-based systems. Older systems may
10319 	still have libssl1.0.0, not libssl1.1.
10320 	[0de802ec595a]
10321 
10322 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10323 	Add workaround for yyless() not resetting yy_at_bol.
10324 	[5defcd893f6a]
10325 
10326 2020-08-03  Todd C. Miller  <Todd.Miller@sudo.ws>
10327 
10328 	* configure, configure.ac:
10329 	Always use a linker script to hide symbols if it is supported. We
10330 	use this even if the compiler has symbol visibility support so we
10331 	will notice mismatches between the exports file and __dso_public
10332 	annotations in the source code.
10333 	[1679ac3124b1]
10334 
10335 	* MANIFEST, configure, configure.ac, plugins/python/python_plugin.exp,
10336 	plugins/python/python_plugin.exp.in:
10337 	Rename python_plugin.exp.in -> python_plugin.exp There is nothing
10338 	dynamic in this file.
10339 	[f34cc08c026c]
10340 
10341 	* MANIFEST, configure, configure.ac,
10342 	plugins/python/python_plugin.exp.in,
10343 	plugins/python/python_plugin_approval_multi.inc,
10344 	plugins/python/python_plugin_audit_multi.inc:
10345 	Add missing python_plugin.exp.in file and remove unneeded
10346 	__dso_public This fixes building the python plugin on systems where
10347 	the compiler doesn't support symbol hiding (but wherethe linker
10348 	does).
10349 	[e0305faf8282]
10350 
10351 2020-08-02  Todd C. Miller  <Todd.Miller@sudo.ws>
10352 
10353 	* plugins/sudoers/mkdefaults:
10354 	Use "foo in bar" syntax for testing existence of a key.
10355 	[0807ae0db0a7]
10356 
10357 	* plugins/sudoers/Makefile.in, plugins/sudoers/toke.c:
10358 	Replace /*FALLTHROUGH*/ in generated code.
10359 	[a7590ec10b16]
10360 
10361 2020-08-01  Todd C. Miller  <Todd.Miller@sudo.ws>
10362 
10363 	* lib/zlib/infback.c, lib/zlib/inflate.c, lib/zlib/zconf.h.in:
10364 	Add ZFALLTHROUGH macro to use instead of /* FALLTHROUGH */ comments.
10365 	[92ec8a466095]
10366 
10367 	* config.h.in, configure, configure.ac, include/sudo_compat.h,
10368 	lib/util/arc4random_buf.c, lib/util/glob.c, lib/util/snprintf.c,
10369 	lib/util/strtonum.c, logsrvd/sendlog.c, plugins/python/pyhelpers.c,
10370 	plugins/sudoers/auth/pam.c, plugins/sudoers/check.c,
10371 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/defaults.c,
10372 	plugins/sudoers/fmtsudoers.c, plugins/sudoers/ldap_util.c,
10373 	plugins/sudoers/match.c, plugins/sudoers/parse_ldif.c,
10374 	plugins/sudoers/sssd.c, plugins/sudoers/sudo_printf.c,
10375 	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
10376 	plugins/sudoers/visudo.c, src/conversation.c, src/exec_monitor.c,
10377 	src/exec_pty.c, src/parse_args.c, src/regress/noexec/check_noexec.c,
10378 	src/tgetpass.c:
10379 	Use the fallthrough attribute instead of /* FALLTHROUGH */ comments.
10380 	[ce33e87ddfd6]
10381 
10382 2020-07-30  Todd C. Miller  <Todd.Miller@sudo.ws>
10383 
10384 	* plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
10385 	plugins/sudoers/def_data.h, plugins/sudoers/mkdefaults:
10386 	Rewrite mkdefaults in awk.
10387 	[f069ca4eae59]
10388 
10389 2020-07-22  Todd C. Miller  <Todd.Miller@sudo.ws>
10390 
10391 	* doc/CONTRIBUTORS:
10392 	Update translators.
10393 	[5252e2d1a61a]
10394 
10395 	* doc/sudo.man.in, doc/sudo.mdoc.in, src/copy_file.c:
10396 	Prompt user before truncating a file to zero bytes. Bug #922.
10397 	[8bfaa57d5bd4]
10398 
10399 2020-07-21  Todd C. Miller  <Todd.Miller@sudo.ws>
10400 
10401 	* .hgtags:
10402 	Added tag SUDO_1_9_2 for changeset a411d532a5f4
10403 	[84e81d1fe48f] <1.9>
10404 
10405 	* merge sudo 1.9.2 from tip
10406 	[a411d532a5f4] [SUDO_1_9_2] <1.9>
10407 
10408 2020-07-21  kuberlog  <collinalexbell@gmail.com>
10409 
10410 	* config.h.in, configure.ac:
10411 	configure.ac: fix documentation about lecture
10412 	[382c2809eda1]
10413 
10414 2020-07-19  Todd C. Miller  <Todd.Miller@sudo.ws>
10415 
10416 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
10417 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
10418 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
10419 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
10420 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
10421 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
10422 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
10423 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
10424 	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
10425 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
10426 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
10427 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
10428 	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/ja.mo,
10429 	po/ja.po, po/ko.mo, po/ko.po, po/pl.mo, po/pl.po, po/pt.mo,
10430 	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/ro.mo, po/ro.po, po/tr.mo,
10431 	po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo,
10432 	po/zh_TW.po:
10433 	Updated translations from translationproject.org
10434 	[74fbf2ca39e1]
10435 
10436 2020-07-16  Todd C. Miller  <Todd.Miller@sudo.ws>
10437 
10438 	* configure, configure.ac:
10439 	Handle openssl where there is no separate libcrypto pkgconfig file.
10440 	In this case, just use the full openssl libs to get the sha2
10441 	functions.
10442 	[f724510bb416]
10443 
10444 	* INSTALL, configure, configure.ac:
10445 	Ignore --enable-gcrypt if --enable-openssl is also specified.
10446 	[39d493d7e549]
10447 
10448 2020-07-15  Todd C. Miller  <Todd.Miller@sudo.ws>
10449 
10450 	* NEWS, configure, configure.ac:
10451 	Sudo 1.9.2
10452 	[9af764b239c2]
10453 
10454 	* config.h.in, configure, configure.ac:
10455 	Fix some warnings displayed by autoconf 2.69b This fixes the missing
10456 	HAVE_GSSAPI_GSSAPI_H define in config.h.in. TODO: replace
10457 	shadow_funcs variable in function checks with literals
10458 	[9d8f67e1f8fe]
10459 
10460 2020-07-12  Todd C. Miller  <Todd.Miller@sudo.ws>
10461 
10462 	* plugins/sudoers/audit.c:
10463 	Initialize sudo_conv and sudo_printf in sudoers_audit_open(). We
10464 	will need them if there is an error parsing sudoers and leaving them
10465 	unset can result in NULL deref. Also set the text domain to
10466 	"sudoers" like we do for the policy and I/O logging open functions.
10467 	Bug #934.
10468 	[e88919ff4900]
10469 
10470 2020-07-11  Todd C. Miller  <Todd.Miller@sudo.ws>
10471 
10472 	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
10473 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
10474 	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po, po/it.mo,
10475 	po/it.po, po/ko.mo, po/ko.po, po/ro.mo, po/ro.po:
10476 	Updated translations from translationproject.org
10477 	[2488a1479208]
10478 
10479 2020-07-06  Todd C. Miller  <Todd.Miller@sudo.ws>
10480 
10481 	* plugins/sudoers/sudoers.exp:
10482 	Export sudoers_audit symbol for compilers without symbol visibility.
10483 	[081f6729cb38]
10484 
10485 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
10486 	Document the contents of the log.json file.
10487 	[b1ea749fffc2]
10488 
10489 	* lib/iolog/iolog_fileio.c:
10490 	Fix typo, runas_uid should be runas_gid.
10491 	[7b2c0fd84a60]
10492 
10493 	* examples/sudo.conf.in:
10494 	Add sudoers_audit line for completeness, matching the documentation.
10495 	When sudoers is loaded as a policy plugin, it will be loaded
10496 	automatically as an audit plugin. Listing it explicitly in the
10497 	default sudo.conf file helps bring attention to the fact that
10498 	sudoers now supports the audit plugin type.
10499 	[7145a02ed280]
10500 
10501 	* plugins/sudoers/defaults.c:
10502 	Add some debugging statements around Defaults lookup.
10503 	[b95e2a9b6555]
10504 
10505 	* plugins/sudoers/sudoers.in:
10506 	Replace #includedir with @includedir in default sudoers file.
10507 	[d18945ec728e]
10508 
10509 2020-06-26  Todd C. Miller  <Todd.Miller@sudo.ws>
10510 
10511 	* configure, m4/libtool.m4:
10512 	Allow HP-UX share libs and modules to link against static libs.
10513 	hppa64 and ia64 use PIC by default
10514 	[0553c60b922a]
10515 
10516 2020-06-25  Todd C. Miller  <Todd.Miller@sudo.ws>
10517 
10518 	* configure, configure.ac:
10519 	Use pkg-config to find the openssl cflags and libs if possible. We
10520 	support linking against static openssl libs too.
10521 	[55442f4fea5e]
10522 
10523 2020-06-24  Todd C. Miller  <Todd.Miller@sudo.ws>
10524 
10525 	* scripts/pp:
10526 	Fix parsing of /etc/redhat-release on RHEL 8. RedHat dropped the
10527 	word "server" from the release name in redhat-release which results
10528 	in the awk script printing the wrong field. Instead of using awk,
10529 	just use sed to pull out the version number immediately following
10530 	the word "release".
10531 	[a283acb4622a]
10532 
10533 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
10534 	regen without `scare quotes'
10535 	[31f021892137]
10536 
10537 	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
10538 	src/parse_args.c, src/sudo.c:
10539 	Replace or remove use of `scare quotes' These don't translate well
10540 	and look odd in many fonts.
10541 	[3c7fa8f93543]
10542 
10543 2020-06-20  Todd C. Miller  <Todd.Miller@sudo.ws>
10544 
10545 	* lib/zlib/infback.c, lib/zlib/inflate.c:
10546 	Add FALLTHROUGH comments to quiet -Wimplicit-fallthrough
10547 	[f724957b7cae]
10548 
10549 	* src/solaris.c:
10550 	Fix implicit fallthrough warning and add break to default cases.
10551 	[74d8c68eb160]
10552 
10553 	* configure, configure.ac, m4/ax_func_snprintf.m4, m4/sudo.m4:
10554 	Fix some warnings from configure test programs.
10555 	[6cff0cdb066a]
10556 
10557 	* configure, configure.ac:
10558 	Add -Wimplicit-fallthrough to --enable-warnings if available. Note
10559 	that clang 10 has support for -Wimplicit-fallthrough in C code but
10560 	doesn't recognize lint-style FALLTHROUGH comments like gcc does so
10561 	we can't use it.
10562 	[cf70a1ab3ea9]
10563 
10564 	* configure, configure.ac:
10565 	Drop old test for -lcposix for ISC Unix.
10566 	[1bfd474c8819]
10567 
10568 2020-06-19  Todd C. Miller  <Todd.Miller@sudo.ws>
10569 
10570 	* README:
10571 	Mention sudo-blog announce list.
10572 	[526dc0cc1e83]
10573 
10574 	* NEWS:
10575 	Bugs #860 and #917 were fixed in 1.9.0.
10576 	[51a347785dbf]
10577 
10578 2020-06-18  Todd C. Miller  <Todd.Miller@sudo.ws>
10579 
10580 	* .hgtags:
10581 	Added tag SUDO_1_9_1 for changeset 06b47089122a
10582 	[94c1c10ddbbd] <1.9>
10583 
10584 	* merge sudo 1.9.1 from tip
10585 	[06b47089122a] [SUDO_1_9_1] <1.9>
10586 
10587 	* plugins/sudoers/po/sudoers.pot:
10588 	regen to fix a typo
10589 	[9755e76fcd8b]
10590 
10591 	* MANIFEST, lib/iolog/Makefile.in,
10592 	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c:
10593 	Add regress test to catch swapids() bug when called by
10594 	iolog_mkdtemp()
10595 	[deff1dc2f144]
10596 
10597 	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po, po/ro.mo,
10598 	po/ro.po:
10599 	Updated translations from translationproject.org
10600 	[9007c89029ea]
10601 
10602 2020-06-16  Todd C. Miller  <Todd.Miller@sudo.ws>
10603 
10604 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
10605 	Document the order in which the plugin open/close functions are
10606 	called.
10607 	[48ec66882e1a]
10608 
10609 	* NEWS, lib/iolog/iolog_fileio.c:
10610 	Fix a typo that prevented swapids() from restoring the original gid.
10611 	This led to a regression when the iolog_file setting ends in six or
10612 	more X's or when the I/O logs are stored on NFS.
10613 	[522d8ec470cb]
10614 
10615 2020-06-15  Todd C. Miller  <Todd.Miller@sudo.ws>
10616 
10617 	* src/exec_monitor.c, src/exec_pty.c, src/get_pty.c, src/sudo.h,
10618 	src/sudo_exec.h:
10619 	Replace master/slave in code with leader/follower.
10620 	[230f5343d961]
10621 
10622 	* NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in, examples/sudoers,
10623 	plugins/sudoers/regress/cvtsudoers/sudoers,
10624 	plugins/sudoers/regress/cvtsudoers/sudoers.defs,
10625 	plugins/sudoers/regress/cvtsudoers/test13.out.ok,
10626 	plugins/sudoers/regress/cvtsudoers/test19.out.ok,
10627 	plugins/sudoers/regress/visudo/test6.sh:
10628 	Replace terms master and blacklist in docs and examples.
10629 	[2908ac6c0fe0]
10630 
10631 	* NEWS:
10632 	Bug #929
10633 	[c1f5a01d1af6]
10634 
10635 2020-06-14  Todd C. Miller  <Todd.Miller@sudo.ws>
10636 
10637 	* src/sudo_edit.c:
10638 	Clean up temporary sudoedit files on success; Bug #929 This is a
10639 	regression introduced in sudo 1.9.0.
10640 	[2bc4822b7382]
10641 
10642 2020-06-12  Todd C. Miller  <Todd.Miller@sudo.ws>
10643 
10644 	* NEWS:
10645 	New Romanian translation
10646 	[fd753dfa0a84]
10647 
10648 2020-06-11  Todd C. Miller  <Todd.Miller@sudo.ws>
10649 
10650 	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
10651 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
10652 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
10653 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
10654 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
10655 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
10656 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
10657 	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
10658 	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
10659 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
10660 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
10661 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
10662 	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fi.mo,
10663 	po/fi.po, po/fr.mo, po/fr.po, po/hr.mo, po/hr.po, po/pl.mo,
10664 	po/pl.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo,
10665 	po/sv.po, po/tr.mo, po/tr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
10666 	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
10667 	Updated translations from translationproject.org
10668 	[570aacc81015]
10669 
10670 	* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/ro.mo,
10671 	plugins/sudoers/po/ro.po, po/ro.mo, po/ro.po:
10672 	Romanian translation from translationproject.org.
10673 	[1e277907378e]
10674 
10675 	* NEWS:
10676 	Add missing entry for the LDAP/SSSD sudoHost regression. Also add
10677 	new Romanian translation
10678 	[624eb5e8e612]
10679 
10680 2020-06-07  Todd C. Miller  <Todd.Miller@sudo.ws>
10681 
10682 	* plugins/sudoers/sudoers.c:
10683 	Fix a typo in the audit string when "sudo -E" is not allowed.
10684 	[85bcb3b1f7d8]
10685 
10686 2020-06-06  Todd C. Miller  <Todd.Miller@sudo.ws>
10687 
10688 	* plugins/python/regress/testhelpers.c:
10689 	Check asprintf() return value.
10690 	[456bb2d7c37f]
10691 
10692 	* scripts/mkpkg:
10693 	Prefer the python3 in /usr/bin on Solaris. The /opt/csw version, if
10694 	it exists, may be a 32-bit version which we can't link with. Also
10695 	handle the case where the /usr/bin/python3 link is missing.
10696 	[2ed7715e6b2e]
10697 
10698 	* config.h.in, configure, configure.ac, include/sudo_compat.h:
10699 	Declare getdelim(3) if it exists in libc but is not prototyped in
10700 	stdio.h. This can happen on systems with a gcc packages that was
10701 	built on and older versions of the OS where getdelim(3) was not
10702 	present.
10703 	[e78803280641]
10704 
10705 	* aclocal.m4, configure, configure.ac:
10706 	For python3-config, only use -I and -L/-l from --cflags and
10707 	--ldflags output. Otherwise we may get other flags used to build
10708 	python that conflict with what sudo uses.
10709 	[7a8d3c5fd2ae]
10710 
10711 	* scripts/mkpkg:
10712 	Build 64-bit binaries and the python package on Solaris 11 and
10713 	above. No longer prefer the Solaris Studio C compiler over gcc, it
10714 	causes issues with the Python plugin.
10715 	[a92f9641bd07]
10716 
10717 	* logsrvd/sendlog.c:
10718 	Fix memory leak on error in fmt_info_messages().
10719 	[511ac9ba6819]
10720 
10721 	* NEWS:
10722 	Update for 1.9.1b1
10723 	[562b0add8e04]
10724 
10725 2020-06-05  Todd C. Miller  <Todd.Miller@sudo.ws>
10726 
10727 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
10728 	regen for sudo 1.9.1
10729 	[8960aceb2519]
10730 
10731 2020-06-04  Todd C. Miller  <Todd.Miller@sudo.ws>
10732 
10733 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
10734 	plugins/sudoers/logging.h:
10735 	Add basic support for reject and error audit events to sudoers. This
10736 	is only used when logging events from plugins other than sudoers,
10737 	such as an approval plugin. With this change, if an approval plugin
10738 	rejects the command the denial will be logged in the sudoers log
10739 	file using the message from the approval plugin.
10740 	[c7abc39b0e37]
10741 
10742 	* plugins/sudoers/bsm_audit.c, plugins/sudoers/solaris_audit.c,
10743 	scripts/mkpkg:
10744 	Fix Solaris and BSM audit warnings. Use BSM audit on Illumos, which
10745 	lacks Solaris audit.
10746 	[3844e8a24f59]
10747 
10748 	* plugins/sudoers/policy.c:
10749 	Track whether the session was opened in sudoers. In
10750 	sudoers_policy_close() only warn about being unable to run the
10751 	command if we actually opened the session (and thus passed all
10752 	approval plugins).
10753 	[f99b434d121b]
10754 
10755 	* src/sudo.c:
10756 	Only display an error in the built-in policy close if command is
10757 	set. If a policy or approval plugin denies the command,
10758 	command_details will not have been filled out.
10759 	[245024004df2]
10760 
10761 	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
10762 	plugins/sudoers/sssd.c:
10763 	Avoid passing NULL to printf in match debug code for LDAP/SSSD. The
10764 	file name in struct userspec was not set for the LDAP and SSSD
10765 	backends. There is no actual file in this case so set the name to
10766 	LDAP/SSSD. Also add a guard to make sure we don't try to print NULL
10767 	in sudoers_lookup_check() if name is left unset.
10768 	[240efcda496e]
10769 
10770 2020-06-03  Todd C. Miller  <Todd.Miller@sudo.ws>
10771 
10772 	* plugins/sudoers/linux_audit.c, plugins/sudoers/linux_audit.h:
10773 	Add missing const to linux_audit_command()'s argv function argument.
10774 	[cb219f1ccb6e]
10775 
10776 	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
10777 	When converting LDAP to sudoers, ignore entries with no sudoHost
10778 	attribute. Otherwise, sudo_ldap_role_to_priv() will treat a NULL
10779 	host list as as the "ALL" wildcard. This regression was introduced
10780 	in sudo 1.8.23, which was the first version to convert LDAP sudoRole
10781 	objects to sudoers internal data structures. Thanks to Andreas
10782 	Mueller for reporting and debugging this problem.
10783 	[484d0d3b892e]
10784 
10785 2020-06-02  Todd C. Miller  <Todd.Miller@sudo.ws>
10786 
10787 	* doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in, src/load_plugins.c:
10788 	Load the sudoers module as an audit plugin if loaded as a policy
10789 	plugin. Now that logging of successful commands is performed by
10790 	sudoers as an audit plugin we need to load sudoers_audit if
10791 	sudoers_policy is also loaded. Otherwise, accpted commands will not
10792 	be logged.
10793 	[f20bee20f4c7]
10794 
10795 	* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
10796 	plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
10797 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
10798 	plugins/sudoers/policy.c, plugins/sudoers/solaris_audit.c,
10799 	plugins/sudoers/solaris_audit.h, plugins/sudoers/sudoers.c,
10800 	plugins/sudoers/sudoers.h:
10801 	Defer logging of the successful command until approval plugins have
10802 	run. This adds audit plugin support to the sudoers module, currently
10803 	only used for accept events. As a result, the sudoers file is now
10804 	initially parsed as an audit plugin.
10805 	[552c13bd0287]
10806 
10807 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
10808 	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
10809 	include/sudo_plugin.h, plugins/audit_json/audit_json.c,
10810 	plugins/python/sudo_python_module.c, src/sudo.c:
10811 	Add support for "accept" audit events sent by the sudo front-end.
10812 	With this change, the sudo front-end will send an "accept" audit
10813 	event to the audit plugins after all the I/O logging plugins have
10814 	been initialized. This can be used by an audit plugin that does not
10815 	care about the result of the individual policy and approval plugins
10816 	and only wants to receive a single "accept" event if all policy and
10817 	approval plugins have succeeded. The plugin_type argument for events
10818 	sent by the front-end is SUDO_FRONT_END (0).
10819 	[6b3cb94fedb9]
10820 
10821 	* src/exec_pty.c:
10822 	If event loop fails due to ENXIO, remove /dev/tty events and
10823 	recover. This fixes an issue on Solaris 11.4 (and probably others)
10824 	with "sudo reboot" when I/O logging is enabled. Previously, sudo
10825 	would kill the command if it was still running after the event loop
10826 	terminated, leaving the system in a half-dead state.
10827 	[e12e3040b067]
10828 
10829 2020-06-01  Todd C. Miller  <Todd.Miller@sudo.ws>
10830 
10831 	* src/exec_pty.c:
10832 	Don't try to suspend sudo if the user's tty has gone away. Fixes a
10833 	problem on Solaris 11.4 (and possibly others) where sudo continually
10834 	tries to put itself in the background after the user's terminal has
10835 	been revoked.
10836 	[92f172b46b9c]
10837 
10838 	* src/exec_pty.c:
10839 	Back out WIP code that was mistakenly committed.
10840 	[41f57239b2c4]
10841 
10842 	* scripts/mkpkg:
10843 	Don't enable BSM audit on Solaris 10, it is missing AUE_sudo
10844 	[3b32087b1ed3]
10845 
10846 	* src/exec_pty.c, src/get_pty.c:
10847 	On Solaris 11.4 the openpty(3) prototype lives in termios.h.
10848 	[d6e353e8b9df]
10849 
10850 	* plugins/sudoers/solaris_audit.c:
10851 	Add missing stdlib.h include and fix solaris_audit_failure() error
10852 	return.
10853 	[5748d8fd24c4]
10854 
10855 	* scripts/mkpkg:
10856 	Use Solaris audit for Solaris 11, not BSM audit. BSM audit is no
10857 	longer supported in Solaris 11.4.
10858 	[01f2189f439d]
10859 
10860 2020-05-26  Todd C. Miller  <Todd.Miller@sudo.ws>
10861 
10862 	* src/exec.c:
10863 	Check audit plugins for a close function too before execing command
10864 	directly. We cannot exec the command directly if any of the policy
10865 	or audit plugins use a close function.
10866 	[5aa6db56ce32]
10867 
10868 2020-05-22  Todd C. Miller  <Todd.Miller@sudo.ws>
10869 
10870 	* NEWS:
10871 	Mention Bug #927.
10872 	[0fd9e757d80b]
10873 
10874 2020-05-20  Todd C. Miller  <Todd.Miller@sudo.ws>
10875 
10876 	* configure, configure.ac, m4/sudo.m4:
10877 	Add basic support for --runstatedir If the user specifies
10878 	--runstatedir but not --with-rundir, use runstatdir as the parent
10879 	directory of the sudo rundir.
10880 
10881 	In the future we may deprecate --with-rundir in favor of
10882 	--runstatedir but that will require changes for systems with no
10883 	/var/run directory.
10884 	[14879831fe6e]
10885 
10886 	* MANIFEST, NEWS, doc/sudoers.man.in, doc/sudoers.mdoc.in,
10887 	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
10888 	plugins/sudoers/gram.y,
10889 	plugins/sudoers/regress/testsudoers/test10.out.ok,
10890 	plugins/sudoers/regress/testsudoers/test10.sh,
10891 	plugins/sudoers/regress/testsudoers/test11.out.ok,
10892 	plugins/sudoers/regress/testsudoers/test11.sh,
10893 	plugins/sudoers/regress/testsudoers/test2.out.ok,
10894 	plugins/sudoers/regress/testsudoers/test2.sh,
10895 	plugins/sudoers/regress/testsudoers/test3.out.ok,
10896 	plugins/sudoers/regress/testsudoers/test3.sh,
10897 	plugins/sudoers/regress/testsudoers/test4.sh,
10898 	plugins/sudoers/regress/testsudoers/test5.sh,
10899 	plugins/sudoers/regress/testsudoers/test8.out.ok,
10900 	plugins/sudoers/regress/testsudoers/test8.sh,
10901 	plugins/sudoers/regress/testsudoers/test9.out.ok,
10902 	plugins/sudoers/regress/testsudoers/test9.sh,
10903 	plugins/sudoers/sudoers_version.h, plugins/sudoers/testsudoers.c,
10904 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
10905 	plugins/sudoers/toke.l:
10906 	Add support for @include and @includedir These are less confusing
10907 	than #include and #includedir when the hash character is also the
10908 	comment character.
10909 
10910 	This commit also adds real parsing of include directives as opposed
10911 	to the pure lexer approach used previously. As a result, it is now
10912 	possible to include files with spaces by either using a double-
10913 	quoted string or escaping the space characters with a backslash.
10914 	[c422a5c8ea5d]
10915 
10916 2020-05-19  Todd C. Miller  <Todd.Miller@sudo.ws>
10917 
10918 	* lib/iolog/iolog_fileio.c:
10919 	In iolog_openat() enable the write bit on pre-existing files if
10920 	needed. This prevents problems caused by the change to strip the
10921 	write bit from the timing file when it is finished.
10922 	[a6b0da3f7b94]
10923 
10924 	* plugins/sudoers/visudo.c:
10925 	In visudo check that an include file is regular file before using
10926 	it. Avoids a generic "input in flex scanner failed" error message.
10927 	[287d90d359a6]
10928 
10929 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10930 	Fix a memory leak on error when including a file or directory.
10931 	[02db03f7b565]
10932 
10933 2020-05-18  Todd C. Miller  <Todd.Miller@sudo.ws>
10934 
10935 	* NEWS, configure, configure.ac:
10936 	Sudo 1.9.1
10937 	[57a1a5f05500]
10938 
10939 	* doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
10940 	plugins/sudoers/sudoreplay.c:
10941 	Add a follow option (-F) to support replaying a live session. By
10942 	default, sudoreplay will exit when it reaches the end of the timing
10943 	file. With the -F option, it will keep going until the timing file
10944 	is finished and its write bit is cleared.
10945 	[12ab27768cad]
10946 
10947 	* include/sudo_iolog.h, lib/iolog/iolog_fileio.c:
10948 	Add iolog_clearerr() that acts like clearerr(3). Works for both
10949 	compressed and uncompressed I/O logs.
10950 	[c83b88285c2c]
10951 
10952 	* plugins/sudoers/iolog.c:
10953 	Clear the write bit from the I/O log timing file when it is
10954 	complete. This matches the behavior of sudo_logsrvd.
10955 	[0bc8a012db26]
10956 
10957 	* logsrvd/logsrvd.c, logsrvd/sendlog.c:
10958 	Use PACKAGE_VERSION instead of 0.1 as the client and server version.
10959 	[d1e3ac049cf7]
10960 
10961 	* lib/util/Makefile.in, lib/util/aix.c, lib/util/fatal.c,
10962 	lib/util/getusershell.c, lib/util/gidlist.c, lib/util/json.c,
10963 	lib/util/mkdir_parents.c, lib/util/strsignal.c, lib/util/strtoid.c,
10964 	lib/util/strtomode.c, lib/util/strtonum.c, lib/util/sudo_conf.c,
10965 	lib/util/sudo_debug.c:
10966 	Set DEFAULT_TEXT_DOMAIN in lib/util's Makefile not individual .c
10967 	files. We no longer need to include sudo_gettext.h before
10968 	sudo_compat.h
10969 	[ead9b6a434b8]
10970 
10971 	* lib/iolog/iolog_fileio.c, lib/iolog/iolog_json.c,
10972 	lib/iolog/iolog_path.c, lib/iolog/iolog_util.c,
10973 	lib/iolog/regress/host_port/host_port_test.c,
10974 	lib/iolog/regress/iolog_json/check_iolog_json.c,
10975 	lib/iolog/regress/iolog_path/check_iolog_path.c,
10976 	lib/iolog/regress/iolog_util/check_iolog_util.c,
10977 	lib/util/digest_gcrypt.c, lib/util/event.c, lib/util/event_select.c,
10978 	lib/util/fnmatch.c, lib/util/getaddrinfo.c, lib/util/getcwd.c,
10979 	lib/util/getdelim.c, lib/util/getgrouplist.c,
10980 	lib/util/getopt_long.c, lib/util/glob.c, lib/util/inet_pton.c,
10981 	lib/util/json.c, lib/util/key_val.c, lib/util/lbuf.c,
10982 	lib/util/locking.c, lib/util/mkdir_parents.c, lib/util/mktemp.c,
10983 	lib/util/parseln.c, lib/util/progname.c, lib/util/pw_dup.c,
10984 	lib/util/regress/fnmatch/fnm_test.c,
10985 	lib/util/regress/getdelim/getdelim_test.c,
10986 	lib/util/regress/getgrouplist/getgrouplist_test.c,
10987 	lib/util/regress/glob/globtest.c,
10988 	lib/util/regress/mktemp/mktemp_test.c,
10989 	lib/util/regress/parse_gids/parse_gids_test.c,
10990 	lib/util/regress/progname/progname_test.c,
10991 	lib/util/regress/strsplit/strsplit_test.c,
10992 	lib/util/regress/sudo_conf/conf_test.c,
10993 	lib/util/regress/sudo_parseln/parseln_test.c,
10994 	lib/util/regress/tailq/hltq_test.c,
10995 	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/secure_path.c,
10996 	lib/util/sha2.c, lib/util/sig2str.c, lib/util/snprintf.c,
10997 	lib/util/str2sig.c, lib/util/strndup.c, lib/util/strtobool.c,
10998 	lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
10999 	lib/util/term.c, lib/util/ttyname_dev.c, lib/util/vsyslog.c,
11000 	plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c,
11001 	plugins/group_file/group_file.c, plugins/python/sudo_python_debug.c,
11002 	plugins/sample/sample_plugin.c,
11003 	plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
11004 	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
11005 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
11006 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
11007 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
11008 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
11009 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
11010 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
11011 	plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
11012 	plugins/sudoers/cvtsudoers_json.c,
11013 	plugins/sudoers/cvtsudoers_ldif.c,
11014 	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
11015 	plugins/sudoers/editor.c, plugins/sudoers/env.c,
11016 	plugins/sudoers/env_pattern.c, plugins/sudoers/filedigest.c,
11017 	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
11018 	plugins/sudoers/gentime.c, plugins/sudoers/getdate.c,
11019 	plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
11020 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
11021 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
11022 	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
11023 	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
11024 	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_util.c,
11025 	plugins/sudoers/locale.c, plugins/sudoers/logging.c,
11026 	plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
11027 	plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
11028 	plugins/sudoers/match_digest.c, plugins/sudoers/parse.c,
11029 	plugins/sudoers/parse_ldif.c, plugins/sudoers/policy.c,
11030 	plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
11031 	plugins/sudoers/pwutil_impl.c, plugins/sudoers/rcstr.c,
11032 	plugins/sudoers/regress/check_symbols/check_symbols.c,
11033 	plugins/sudoers/regress/env_match/check_env_pattern.c,
11034 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
11035 	plugins/sudoers/regress/logging/check_wrap.c,
11036 	plugins/sudoers/regress/parser/check_addr.c,
11037 	plugins/sudoers/regress/parser/check_base64.c,
11038 	plugins/sudoers/regress/parser/check_digest.c,
11039 	plugins/sudoers/regress/parser/check_fill.c,
11040 	plugins/sudoers/regress/parser/check_gentime.c,
11041 	plugins/sudoers/regress/parser/check_hexchar.c,
11042 	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
11043 	plugins/sudoers/starttime.c, plugins/sudoers/strlist.c,
11044 	plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
11045 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_debug.c,
11046 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11047 	plugins/sudoers/timeout.c, plugins/sudoers/timestamp.c,
11048 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
11049 	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
11050 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
11051 	plugins/system_group/system_group.c, src/conversation.c,
11052 	src/env_hooks.c, src/exec.c, src/exec_common.c, src/exec_monitor.c,
11053 	src/exec_nopty.c, src/exec_pty.c, src/get_pty.c, src/hooks.c,
11054 	src/limits.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
11055 	src/preserve_fds.c, src/regress/noexec/check_noexec.c,
11056 	src/regress/ttyname/check_ttyname.c, src/signal.c, src/sudo.c,
11057 	src/sudo_edit.c, src/sudo_noexec.c, src/tcsetpgrp_nobg.c,
11058 	src/tgetpass.c, src/ttyname.c, src/utmp.c:
11059 	Include string.h unconditionally and only use strings.h for
11060 	strn?casecmp() In the pre-POSIX days BSD had strings.h, not
11061 	string.h. Now strings.h is only used for non-ANSI string functions.
11062 	[f7f633de570a]
11063 
11064 	* lib/iolog/host_port.c, lib/iolog/iolog_fileio.c,
11065 	lib/iolog/iolog_json.c, lib/iolog/iolog_path.c,
11066 	lib/iolog/iolog_util.c,
11067 	lib/iolog/regress/host_port/host_port_test.c,
11068 	lib/iolog/regress/iolog_json/check_iolog_json.c,
11069 	lib/iolog/regress/iolog_path/check_iolog_path.c,
11070 	lib/iolog/regress/iolog_util/check_iolog_util.c, lib/util/aix.c,
11071 	lib/util/arc4random.c, lib/util/arc4random_buf.c,
11072 	lib/util/arc4random_uniform.c, lib/util/cfmakeraw.c,
11073 	lib/util/closefrom.c, lib/util/digest.c, lib/util/digest_gcrypt.c,
11074 	lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event_poll.c,
11075 	lib/util/event_select.c, lib/util/fatal.c, lib/util/fchmodat.c,
11076 	lib/util/fnmatch.c, lib/util/fstatat.c, lib/util/getaddrinfo.c,
11077 	lib/util/getcwd.c, lib/util/getdelim.c, lib/util/getgrouplist.c,
11078 	lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c,
11079 	lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c,
11080 	lib/util/isblank.c, lib/util/json.c, lib/util/key_val.c,
11081 	lib/util/lbuf.c, lib/util/locking.c, lib/util/logfac.c,
11082 	lib/util/logpri.c, lib/util/memset_s.c, lib/util/mkdir_parents.c,
11083 	lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
11084 	lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c,
11085 	lib/util/progname.c, lib/util/pw_dup.c, lib/util/reallocarray.c,
11086 	lib/util/regress/fnmatch/fnm_test.c,
11087 	lib/util/regress/getgrouplist/getgrouplist_test.c,
11088 	lib/util/regress/glob/globtest.c,
11089 	lib/util/regress/mktemp/mktemp_test.c,
11090 	lib/util/regress/parse_gids/parse_gids_test.c,
11091 	lib/util/regress/progname/progname_test.c,
11092 	lib/util/regress/strsig/strsig_test.c,
11093 	lib/util/regress/strsplit/strsplit_test.c,
11094 	lib/util/regress/strtofoo/strtobool_test.c,
11095 	lib/util/regress/strtofoo/strtoid_test.c,
11096 	lib/util/regress/strtofoo/strtomode_test.c,
11097 	lib/util/regress/strtofoo/strtonum_test.c,
11098 	lib/util/regress/sudo_conf/conf_test.c,
11099 	lib/util/regress/sudo_parseln/parseln_test.c,
11100 	lib/util/regress/tailq/hltq_test.c,
11101 	lib/util/regress/vsyslog/vsyslog_test.c, lib/util/roundup.c,
11102 	lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c,
11103 	lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c,
11104 	lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
11105 	lib/util/strsignal.c, lib/util/strsplit.c, lib/util/strtobool.c,
11106 	lib/util/strtoid.c, lib/util/strtomode.c, lib/util/strtonum.c,
11107 	lib/util/sudo_conf.c, lib/util/sudo_debug.c, lib/util/sudo_dso.c,
11108 	lib/util/term.c, lib/util/ttysize.c, lib/util/unlinkat.c,
11109 	lib/util/utimens.c, lib/util/uuid.c,
11110 	plugins/audit_json/audit_json.c, plugins/group_file/getgrent.c,
11111 	plugins/group_file/group_file.c, plugins/group_file/plugin_test.c,
11112 	plugins/python/regress/testhelpers.h,
11113 	plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c,
11114 	plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
11115 	plugins/sudoers/audit.c, plugins/sudoers/base64.c,
11116 	plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
11117 	plugins/sudoers/check.c, plugins/sudoers/cvtsudoers.c,
11118 	plugins/sudoers/cvtsudoers_json.c,
11119 	plugins/sudoers/cvtsudoers_ldif.c,
11120 	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
11121 	plugins/sudoers/digestname.c, plugins/sudoers/editor.c,
11122 	plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
11123 	plugins/sudoers/file.c, plugins/sudoers/filedigest.c,
11124 	plugins/sudoers/find_path.c, plugins/sudoers/fmtsudoers.c,
11125 	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
11126 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
11127 	plugins/sudoers/getspwuid.c, plugins/sudoers/gmtoff.c,
11128 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
11129 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
11130 	plugins/sudoers/hexchar.c, plugins/sudoers/interfaces.c,
11131 	plugins/sudoers/iolog_client.c,
11132 	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap_conf.c,
11133 	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
11134 	plugins/sudoers/logging.c, plugins/sudoers/logwrap.c,
11135 	plugins/sudoers/match.c, plugins/sudoers/match_command.c,
11136 	plugins/sudoers/match_digest.c, plugins/sudoers/parse.c,
11137 	plugins/sudoers/parse_ldif.c, plugins/sudoers/prompt.c,
11138 	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
11139 	plugins/sudoers/rcstr.c, plugins/sudoers/redblack.c,
11140 	plugins/sudoers/regress/check_symbols/check_symbols.c,
11141 	plugins/sudoers/regress/env_match/check_env_pattern.c,
11142 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
11143 	plugins/sudoers/regress/logging/check_wrap.c,
11144 	plugins/sudoers/regress/parser/check_addr.c,
11145 	plugins/sudoers/regress/parser/check_base64.c,
11146 	plugins/sudoers/regress/parser/check_digest.c,
11147 	plugins/sudoers/regress/parser/check_fill.c,
11148 	plugins/sudoers/regress/parser/check_gentime.c,
11149 	plugins/sudoers/regress/parser/check_hexchar.c,
11150 	plugins/sudoers/regress/starttime/check_starttime.c,
11151 	plugins/sudoers/set_perms.c, plugins/sudoers/solaris_audit.c,
11152 	plugins/sudoers/sssd.c, plugins/sudoers/strlist.c,
11153 	plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
11154 	plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
11155 	plugins/sudoers/sudoers_debug.c, plugins/sudoers/sudoreplay.c,
11156 	plugins/sudoers/testsudoers.c, plugins/sudoers/timeout.c,
11157 	plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
11158 	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
11159 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
11160 	plugins/system_group/system_group.c, src/conversation.c,
11161 	src/copy_file.c, src/env_hooks.c, src/exec.c, src/exec_common.c,
11162 	src/exec_nopty.c, src/get_pty.c, src/hooks.c, src/limits.c,
11163 	src/load_plugins.c, src/openbsd.c, src/parse_args.c, src/preload.c,
11164 	src/preserve_fds.c, src/selinux.c, src/sesh.c, src/signal.c,
11165 	src/solaris.c, src/sudo_edit.c, src/tcsetpgrp_nobg.c,
11166 	src/tgetpass.c, src/utmp.c:
11167 	We no longer need to include headers we don't use for sudo*.h files.
11168 	Previously we needed to include headers required by the various
11169 	sudo*h files. Now those files are more self-sufficient and we should
11170 	only include headers needed by code in the various .c files.
11171 	[72cbeae218e7]
11172 
11173 	* include/sudo_compat.h, include/sudo_conf.h, include/sudo_debug.h,
11174 	include/sudo_iolog.h, include/sudo_json.h, include/sudo_util.h,
11175 	plugins/sudoers/sudoers.h:
11176 	Add dependent system includes to make sudo_*.h more standalone. In
11177 	the past we've relied on the various .c files to include the system
11178 	headers that define types that the sudo_*.h headers require. This is
11179 	fragile and can cause issues when includes get re-ordered.
11180 	[a9fb765c0fba]
11181 
11182 	* plugins/sudoers/env.c:
11183 	Fix typo in PERLIO_DEBUG (trailing whitespace). This has no effect
11184 	unless env_reset is disabled. From Allan Wirth
11185 	[bdf9c9e7f455]
11186 
11187 2020-05-17  Sebastian Rasmussen  <sebras@gmail.com>
11188 
11189 	* plugins/sudoers/visudo.c:
11190 	Fix typo in warning message.
11191 	[01b8fab9fdf5]
11192 
11193 2020-05-15  Todd C. Miller  <Todd.Miller@sudo.ws>
11194 
11195 	* lib/util/mksiglist.h, lib/util/mksigname.h:
11196 	Prefer SIGSYS if SIGUNUSED is defined to the same value. Fixes a
11197 	regress failure on musl libc where SIGSYS and SIGUNUSED share the
11198 	same value.
11199 	[e030acf8a670]
11200 
11201 	* plugins/python/regress/testhelpers.h:
11202 	Add missing sys/wait.h include; fixes a compilation problem on musl
11203 	libc.
11204 	[9a6a09e74a14]
11205 
11206 	* lib/iolog/hostcheck.c:
11207 	Add missing sys/types.h include; fixes a compilation problem on musl
11208 	libc.
11209 	[7c8ea831203b]
11210 
11211 	* include/sudo_compat.h:
11212 	Only define WCONTINUED and WIFCONTINUED if neither are already
11213 	defined. Fixes a warning on musl libc where WIFCONTINUED is defined
11214 	in stdlib.h for some reason.
11215 	[9f55ae24b479]
11216 
11217 2020-05-16  Dan Robertson  <dan@dlrobertson.com>
11218 
11219 	* include/sudo_debug.h:
11220 	Fix includes when building with musl
11221 
11222 	Include sys/types.h for mode_t and id_t in sudo_debug.h
11223 	[15abb56a1edf]
11224 
11225 2020-05-15  Todd C. Miller  <Todd.Miller@sudo.ws>
11226 
11227 	* scripts/mkpkg:
11228 	Enable OpenSSL on RHEL 6 too. The version of OpenSSL in RHEL 6 is
11229 	new enough for the log server to use.
11230 	[853fd8a74207]
11231 
11232 	* logsrvd/logsrvd_conf.c:
11233 	Don't print errno for the "TLS not supported" message.
11234 	[c94540d3d632]
11235 
11236 2020-05-14  Todd C. Miller  <Todd.Miller@sudo.ws>
11237 
11238 	* etc/sudo-logsrvd.pp, etc/sudo-python.pp:
11239 	Fix macOS bundle IDs for sudo-logsrvd and sudo-python packages
11240 	[a9f6aea56e40]
11241 
11242 2020-05-13  Todd C. Miller  <Todd.Miller@sudo.ws>
11243 
11244 	* logsrvd/eventlog.c:
11245 	Add iolog_path to the JSON-format event log
11246 	[924d8836ead0]
11247 
11248 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
11249 	Rename FLUSHED state to FINISHED This makes more sense when
11250 	receiving event-only logs.
11251 	[9e2736246e0d]
11252 
11253 2020-05-12  Todd C. Miller  <Todd.Miller@sudo.ws>
11254 
11255 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
11256 	Fix handling of connections without associated I/O logs. This fixes
11257 	reject events as well as accept events without the expect_iobufs
11258 	flag set.
11259 	[3ddb52ae0af4]
11260 
11261 	* logsrvd/sendlog.c:
11262 	Fix handling of accept and reject messages without an I/O log. Only
11263 	set expect_iobufs in AcceptMessage if sending I/O logs. Set state to
11264 	FINISHED immediately after sending a RejectMessage.
11265 	[767e75944d4f]
11266 
11267 	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
11268 	logsrvd/sendlog.c, logsrvd/sendlog.h:
11269 	Add -A and -R options to test logging of accept and reject events.
11270 	If -A is specified, no I/O will be sent, only the accept event. For
11271 	-R, a reject event with the specified reason is sent.
11272 	[90db0e6f9b68]
11273 
11274 	* configure, configure.ac:
11275 	cfmakeraw(3) is broken on AIX, don't use it there The cfmakeraw(3)
11276 	function exists but does not set VMIN to 1 or VTIME to 0 in c_cc[]
11277 	in struct termios, which makes it useless. The AIX version also
11278 	doesn't clear the CSIZE and PARENB flags from c_cflag.
11279 	[bbdcae2c5fb5]
11280 
11281 	* NEWS:
11282 	fix pastos
11283 	[cbf517081e74]
11284 
11285 2020-05-11  Todd C. Miller  <Todd.Miller@sudo.ws>
11286 
11287 	* .hgtags:
11288 	Added tag SUDO_1_9_0 for changeset 706d726a2f8e
11289 	[d1f2b4ee59d5] <1.9>
11290 
11291 	* MANIFEST, include/sudo_iolog.h, include/sudo_util.h,
11292 	lib/iolog/Makefile.in, lib/iolog/host_port.c,
11293 	lib/iolog/regress/host_port/host_port_test.c, lib/util/Makefile.in,
11294 	lib/util/host_port.c, lib/util/regress/host_port/host_port_test.c,
11295 	lib/util/util.exp.in, logsrvd/logsrvd_conf.c,
11296 	plugins/sudoers/iolog_client.c:
11297 	Rename sudo_parse_host_port -> iolog_parse_host_port and mv to
11298 	lib/iolog It is not used outside of the I/O log client and server
11299 	and the host:port syntax may change in the future.
11300 	[706d726a2f8e] [SUDO_1_9_0]
11301 
11302 	* plugins/sudoers/sudoreplay.c:
11303 	Remove duplicate inclusion of time.h
11304 	[f560858325d5]
11305 
11306 2020-05-08  Todd C. Miller  <Todd.Miller@sudo.ws>
11307 
11308 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
11309 	logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
11310 	plugins/sudoers/iolog_client.c:
11311 	Only enable TLS listener by default if we have a cert for it. We
11312 	want the log server to work with the default configuration. If the
11313 	default certificate path exists, it will be used with the default
11314 	listener. If the user explicitly enabled a TLS listener we always
11315 	attempt to use it. If TLS was specified but no cert file was set,
11316 	the default location will be used (and an error will occur if the
11317 	cert cannot be loaded).
11318 	[16ade34c38ee]
11319 
11320 2020-05-07  Todd C. Miller  <Todd.Miller@sudo.ws>
11321 
11322 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
11323 	regen for 1.9.0 final
11324 	[99e507035253]
11325 
11326 	* logsrvd/Makefile.in:
11327 	regen
11328 	[555d817825b0]
11329 
11330 	* doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
11331 	The --preserve-env=list option may be specified more than once.
11332 	[8066a9d1b04b]
11333 
11334 	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
11335 	doc/sudoers.man.in, doc/sudoers.mdoc.in:
11336 	Quiet some warnings from igor.
11337 	[4df4fd274023]
11338 
11339 	* MANIFEST, Makefile.in, etc/codespell.exclude, etc/codespell.ignore,
11340 	etc/codespell.skip:
11341 	Plumb in codespell with a "make spell" target.
11342 	[4b1de7ee8648]
11343 
11344 	* configure, configure.ac, install-sh:
11345 	Fix a few more typos.
11346 	[d22a8c46c743]
11347 
11348 2020-05-06  Todd C. Miller  <Todd.Miller@sudo.ws>
11349 
11350 	* NEWS, doc/sudo.man.in, doc/sudo.mdoc.in, src/parse_args.c:
11351 	Don't allow duplicate values for command line options that take an
11352 	argument. Previously, if multiple instances of the same command line
11353 	option were specified, the last one would be used. This meant that,
11354 	for example, "sudo -u someuser -u otheruser id" would run the
11355 	command as "otheruser". This has the potential to cause problems for
11356 	programs that run sudo with a user-specified command that do not use
11357 	the "--" option to indicate that no more options should be
11358 	processed. While this is a bug in the calling program, there is
11359 	little downside to erroring out when multiple options of the same
11360 	type are specified on the command line. Bug #924
11361 	[66e2612e7672]
11362 
11363 	* NEWS:
11364 	Debian bug #734752
11365 	[d3285c45ac4b]
11366 
11367 	* src/sudo.c, src/sudo.h:
11368 	Look up runas user by name, not euid, where possible. Fixes a
11369 	problem when there are multiple users with the same user-ID where
11370 	the PAM session modules could be called with the wrong user name.
11371 	Debian bug #734752
11372 	[b45608f29a02]
11373 
11374 	* src/sesh.c:
11375 	Fix ironic typo in spelling fixes. Bug #925
11376 	[73de90df6ff9]
11377 
11378 	* scripts/pp:
11379 	Sync PolyPkg from upstream.
11380 	[ac5e4b830177]
11381 
11382 	* NEWS, TODO, config.h.in, configure.ac,
11383 	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
11384 	etc/sudo.pp, include/compat/getaddrinfo.h, include/sudo_event.h,
11385 	include/sudo_util.h, lib/util/fnmatch.c, lib/util/getaddrinfo.c,
11386 	lib/util/regress/vsyslog/vsyslog_test.c, logsrvd/logsrvd.c,
11387 	plugins/audit_json/audit_json.c,
11388 	plugins/python/example_debugging.py,
11389 	plugins/python/regress/check_python_examples.c,
11390 	plugins/python/regress/testhelpers.c, plugins/sudoers/gram.c,
11391 	plugins/sudoers/gram.y, plugins/sudoers/iolog.c,
11392 	plugins/sudoers/iolog_client.c, plugins/sudoers/parse.h,
11393 	plugins/sudoers/pwutil.h,
11394 	plugins/sudoers/regress/cvtsudoers/test30.sh, scripts/mkdep.pl,
11395 	src/exec.c, src/exec_monitor.c, src/exec_pty.c, src/sesh.c:
11396 	Apply spelling fixes. Fixes from PR #30 (ka7) and Bug #925
11397 	(fossies.org codespell)
11398 	[1fb13dc3991b]
11399 
11400 2020-05-05  Todd C. Miller  <Todd.Miller@sudo.ws>
11401 
11402 	* Makefile.in, etc/sudo-python.pp:
11403 	Use the proper python version in the libpython dependency on Debian.
11404 	The configure script already detects the python version, we just
11405 	need to use it.
11406 	[4e49c53f206f]
11407 
11408 	* plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po, po/ja.mo,
11409 	po/ja.po, po/sv.mo, po/sv.po:
11410 	Updated translations from translationproject.org
11411 	[abdb2d6fe7cb]
11412 
11413 	* NEWS:
11414 	Bug #922 and Bug #923
11415 	[7a77f74c436f]
11416 
11417 2020-05-04  Todd C. Miller  <Todd.Miller@sudo.ws>
11418 
11419 	* etc/sudo.pp:
11420 	Fix Debian ldap dependency broken in last commit.
11421 	[4980b1b653ef]
11422 
11423 	* etc/sudo.pp:
11424 	Fix "make package" on Debian when linux_audit is not set.
11425 	[a00d7dec5821]
11426 
11427 	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
11428 	include/log_server.pb-c.h, lib/logsrv/log_server.pb-c.c,
11429 	lib/logsrv/log_server.proto, logsrvd/logsrvd.c, logsrvd/sendlog.c,
11430 	plugins/sudoers/iolog_client.c:
11431 	Add a ClientHello message that client sends to the server. This
11432 	makes it easier to detect a plaintext client sending to a TLS port.
11433 	Without this, the TLS server will be silent as it waits for the
11434 	client to initiate the TLS connection.
11435 	[22c033bcf456]
11436 
11437 	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
11438 	Better error messages when there is a problem with the TLS
11439 	connection. If SSL_read, SSL_write or SSL_connect fails we can use
11440 	the reason string to let the user know what the problem is.
11441 	[92f603e37e40]
11442 
11443 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
11444 	logsrvd/logsrvd_conf.c:
11445 	Make the default certificate and key paths match the example file.
11446 	[f642836bfcf0]
11447 
11448 	* logsrvd/logsrvd.c, plugins/sudoers/iolog_client.c:
11449 	Warn about tls errors during startup so the user has a clue. We
11450 	write messages to stderr until we become a daemon.
11451 	[25ad61aa7dab]
11452 
11453 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
11454 	doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in,
11455 	doc/sudoers.man.in, doc/sudoers.mdoc.in, include/log_server.pb-c.h,
11456 	lib/logsrv/log_server.pb-c.c, lib/logsrv/log_server.proto,
11457 	logsrvd/logsrvd.c, logsrvd/sendlog.c:
11458 	Remove the tls parameter from the ServerHello message. The TLS
11459 	connection is now initiated before ServerHello is received.
11460 	[9d8b76f14cda]
11461 
11462 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
11463 	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
11464 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11465 	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
11466 	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h,
11467 	plugins/sudoers/policy.c:
11468 	Adapt sudoers iolog client to log server dual port changes. The TLS
11469 	handshake now occurs before the ServerHello message is read. This
11470 	fixes potential man-in-the-middle attacks and works better with TLS
11471 	1.3.
11472 	[8137b029a3fe]
11473 
11474 	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in,
11475 	doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
11476 	examples/sudo_logsrvd.conf, logsrvd/logsrv_util.h,
11477 	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
11478 	logsrvd/sendlog.c:
11479 	Use port 30343 for plaintext and port 30344 for TLS. For TLS
11480 	connections we now do the TLS handshake immediately before the
11481 	ServerHello message. This lets the client recieve an alert from the
11482 	server is there is a handshake error after the TLS connect has
11483 	succeeded. It also means that the contents of the ServerHello are
11484 	protected from a man-in-the-middle attack.
11485 	[bb4d8b57b3dd]
11486 
11487 	* include/sudo_util.h, lib/util/host_port.c,
11488 	lib/util/regress/host_port/host_port_test.c, logsrvd/logsrvd_conf.c,
11489 	plugins/sudoers/iolog_client.c:
11490 	Add support for a tls flag in sudo_parse_host_port(). If the string
11491 	"(tls)" appears at the end, the tls flag is set to true and the
11492 	default tls port is used if necessary.
11493 	[f0d9a225cd75]
11494 
11495 	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
11496 	Plug memory leaks in sudo_sendlog
11497 	[886254bcae6a]
11498 
11499 	* lib/util/event.c, lib/util/event_poll.c, lib/util/event_select.c:
11500 	Handle EAGAIN like we do ENOMEM from poll() and select(). On some
11501 	systems, poll() and select() can return EAGAIN instead of ENOMEM if
11502 	there is a kernel resource shortage. In this case we just re-enter
11503 	the event loop and retry.
11504 	[048df2548dcc]
11505 
11506 2020-05-03  Todd C. Miller  <Todd.Miller@sudo.ws>
11507 
11508 	* configure, configure.ac:
11509 	Use the --embed when running "python3-config --ldflags" if
11510 	supported. Newer versions of python3-config only include libpython
11511 	in the output when the --embed is used. Otherwise, "python3-config
11512 	--libs" and "python3-config --ldflags" only list the libraries
11513 	python is dependent on and not the python library itself.
11514 	[d90dc892c726]
11515 
11516 2020-04-30  Todd C. Miller  <Todd.Miller@sudo.ws>
11517 
11518 	* logsrvd/sendlog.c, plugins/sudoers/iolog_client.c:
11519 	On error, remove the connection with an error without freeing the
11520 	closure. Fixes the final message at the end when there is a network
11521 	error.
11522 	[0e1952eb707b]
11523 
11524 	* lib/util/event_poll.c:
11525 	Do not call poll(2) or ppoll(2) with nfds > RLIMIT_NOFILE. Both
11526 	poll(2) and ppoll(2) will return EINVAL if the nfds function
11527 	argument is larger than the max files per process resource limit.
11528 	Prevent this by limiting the max number entries in the pfds[] array
11529 	to the RLIMIT_NOFILE soft limit.
11530 	[ab0f798bb024]
11531 
11532 2020-04-29  Todd C. Miller  <Todd.Miller@sudo.ws>
11533 
11534 	* include/sudo_event.h, lib/util/event.c:
11535 	The timeout parameter of sudo_ev_add() should be const.
11536 	[de85c8897aad]
11537 
11538 2020-04-28  Todd C. Miller  <Todd.Miller@sudo.ws>
11539 
11540 	* plugins/sudoers/iolog_client.c:
11541 	Don't free TLS on error in tls_init(), it is freed in
11542 	client_closure_free(). Fixes a double free on error introduced with
11543 	the TLS state cleanup in client_closure_free().
11544 	[f1b478f2ec13]
11545 
11546 	* logsrvd/logsrvd.c:
11547 	Check for tls_config->dhparams_path being non-NULL before using it.
11548 	[09348a25bfd2]
11549 
11550 2020-04-23  Todd C. Miller  <Todd.Miller@sudo.ws>
11551 
11552 	* doc/sudo_sendlog.man.in, doc/sudo_sendlog.mdoc.in:
11553 	Document the TLS and test options.
11554 	[e5f6b6c46c25]
11555 
11556 	* logsrvd/sendlog.c:
11557 	Allow -t option even without OpenSSL Also add -t to the usage
11558 	message
11559 	[d874c9a67ed6]
11560 
11561 	* logsrvd/sendlog.c:
11562 	Use sudo_strtonum() instead of relying on strtoll(). Older, pre-C99,
11563 	systems may not include strtoll() in their C library.
11564 	[a1a610bbe022]
11565 
11566 	* include/protobuf-c/protobuf-c.h:
11567 	Allow this to build on systems without stdint.h by using config.h.
11568 	Old, pre-C99, systems may have inttypes.h but not stdint.h.
11569 	[72e603875b82]
11570 
11571 2020-04-22  Todd C. Miller  <Todd.Miller@sudo.ws>
11572 
11573 	* etc/sudo-logsrvd.pp, scripts/pp:
11574 	Fix support for pp_systemd_disabled and check for systemd existence.
11575 	On our build schroots we don't have systemctl installed but do have
11576 	the /etc/systemd and /lib/systemd (or /usr/lib/systemd) directories.
11577 	[93917f4130b0]
11578 
11579 	* etc/sudo-logsrvd.pp:
11580 	Set pp_macos_service_id instead of
11581 	pp_macos_default_service_id_prefix. It is only effective to set
11582 	pp_macos_default_service_id_prefix in the indivisual %service
11583 	sections (and not %set) so we may was well use pp_macos_service_id
11584 	which includes the service name.
11585 	[84ccf13e7076]
11586 
11587 	* etc/sudo-logsrvd.pp:
11588 	Set launchd service id prefix to "ws.sudo." The default value in
11589 	PolyPkg is "com.quest.rc."
11590 	[eb581d74573e]
11591 
11592 	* scripts/pp:
11593 	Fix macOS package creation.
11594 	[556c0051c0fc]
11595 
11596 2020-04-21  Todd C. Miller  <Todd.Miller@sudo.ws>
11597 
11598 	* plugins/sudoers/iolog_client.c:
11599 	Shut down the TLS connection cleanly in client_closure_free(). Also
11600 	free the SSL data which is part of the client closure.
11601 	[258ec8832cbd]
11602 
11603 	* src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
11604 	src/sudo.h, src/sudo_edit.c, src/sudo_exec.h:
11605 	Fix sudoedit when running with SELinux RBAC mode. We can't use
11606 	run_command() to run sesh, that will use the sudo event loop (and
11607 	might run it in a pty!). There's no need to relabel the tty when
11608 	copying files. Get the path to sesh from sudo.conf.
11609 
11610 	Currently, for SELinux RBAC, the editor runs with the target user's
11611 	security context. This defeats the purpose of sudoedit. Fixing that
11612 	requires passing file descriptors between the main sudo process
11613 	(running with the invoking user's security context) and sesh
11614 	(runnning with the target user's security context).
11615 	[81c9ec600894]
11616 
11617 	* MANIFEST, src/Makefile.in, src/copy_file.c, src/sesh.c,
11618 	src/sudo_edit.c, src/sudo_exec.h:
11619 	Refactor the sudoedit code to copy files so it can be shared. The
11620 	SELinux sudoedit code now extends the destination file the same way
11621 	the non-SELinux version does.
11622 	[82c44299309e]
11623 
11624 	* src/sudo_edit.c:
11625 	Do not remove sudoedit temporary files if we cannot overwrite the
11626 	real file. The warning message says the files were preserved but
11627 	they actually got removed.
11628 	[685f2de6bb2e]
11629 
11630 	* include/compat/glob.h, lib/util/glob.c:
11631 	Make gl_pathc, gl_matchc and gl_offs size_t in glob_t to match
11632 	POSIX.
11633 	[c3586082d3ea]
11634 
11635 	* scripts/pp:
11636 	Only remove the systemd unit service file if we copied it manually.
11637 	If the service file was installed as part of the package it will be
11638 	removed automatically when the package is uninstalled.
11639 	[e98e1493c5bf]
11640 
11641 2020-04-20  Todd C. Miller  <Todd.Miller@sudo.ws>
11642 
11643 	* doc/sudo_logsrv.proto.man.in, doc/sudo_logsrv.proto.mdoc.in:
11644 	Document TLS settings in ServerHello
11645 	[22ae16f41585]
11646 
11647 2020-04-17  Todd C. Miller  <Todd.Miller@sudo.ws>
11648 
11649 	* src/sudo_edit.c:
11650 	Extend the original file before to the new size before updating it.
11651 	Instead of opening the original file for writing w/ tuncation, we
11652 	first extend the file with zeroes (by writing, not seeking), then
11653 	overwrite it. This should allow sudo to fail early if the disk is
11654 	out of space before it overwrites the original file.
11655 	[aef4db03e9e1]
11656 
11657 	* src/sudo.c:
11658 	I/O log plugins should be closed *before* the policy plugin, not
11659 	after.
11660 	[dec6fccf63d4]
11661 
11662 	* plugins/sudoers/set_perms.c:
11663 	Fix typo
11664 	[82b0efbb6c26]
11665 
11666 	* plugins/sudoers/iolog.c:
11667 	Only display error string once on I/O error. We already include the
11668 	error string in the format so no need to use errno too.
11669 	[59795855d6a2]
11670 
11671 	* plugins/sudoers/iolog.c, plugins/sudoers/policy.c:
11672 	Free passwd and group caches in I/O plugin after log_warning(), not
11673 	before. The logging functions may try to use the cache via
11674 	set_perms(PERM_ROOT).
11675 	[652b925b9658]
11676 
11677 2020-04-17  Laszlo Orban  <laszlo.orban@quest.com>
11678 
11679 	* logsrvd/logsrvd.c:
11680 	add missing shudown of TLS connection
11681 	[14b25a0f4f6b]
11682 
11683 2020-04-16  Todd C. Miller  <Todd.Miller@sudo.ws>
11684 
11685 	* etc/sudo-logsrvd.pp, scripts/pp:
11686 	Disable systemd support on Linux systems that don't use it.
11687 	[3c01c91dbfb2]
11688 
11689 2020-04-14  Todd C. Miller  <Todd.Miller@sudo.ws>
11690 
11691 	* configure, configure.ac:
11692 	1.9.0 final
11693 	[acf3b4592384]
11694 
11695 	* etc/sudo-logsrvd.pp, scripts/pp:
11696 	Update PolyPkg from my branch with systemd support.
11697 	[a7a487496209]
11698 
11699 2020-04-09  Todd C. Miller  <Todd.Miller@sudo.ws>
11700 
11701 	* plugins/python/example_conversation.py,
11702 	plugins/python/example_io_plugin.py, plugins/python/regress/testdata
11703 	/check_example_io_plugin_fails_with_python_backtrace.stdout:
11704 	If the signal.Signals enum is not present, search the dictionary.
11705 	The Signals enum was added in Python 3.5. If it is not present we
11706 	need to iterate over the dictionary items, looking for signal name
11707 	to number mappings. Fixes the signal tests with Python 3.4.
11708 	[22811794ed46]
11709 
11710 	* plugins/python/regress/check_python_examples.c,
11711 	plugins/python/sudo_python_module.c:
11712 	Python dictionaries are sparse so we cannot use pos as an index.
11713 	When converting sudo options from a dictionary to a tuple we need to
11714 	track the current index into the tuple separately from the position
11715 	of the dictionary entry.
11716 	[07cb8a0c7f21]
11717 
11718 2020-04-08  Todd C. Miller  <Todd.Miller@sudo.ws>
11719 
11720 	* etc/sudo-logsrvd.pp:
11721 	Fix handling of /etc/sudo_logsrvd.conf in the sudo-logsrvd package.
11722 	For rpm and deb we include the file directly and mark it volatile.
11723 	For all others we copy it in the postinstall script from the example
11724 	dir if the file doesn't already exist.
11725 	[83264a96b923]
11726 
11727 	* scripts/mkpkg:
11728 	Check for the Sun Studio C compiler on Solaris under /opt. Also
11729 	intialize with_python to false.
11730 	[52e28d55f9a6]
11731 
11732 	* po/sudo.pot:
11733 	regen
11734 	[faaacb7777d4]
11735 
11736 	* lib/util/parseln.c:
11737 	Explicitly include stdio.h for getdelim(3)
11738 	[3b0bff3ef388]
11739 
11740 	* logsrvd/logsrvd.c:
11741 	Reload sudo.conf upon SIGUP This makes it possible to update the
11742 	Debug settings in sudo.conf and have them take effect on reload.
11743 	[9fb7baf9a3ad]
11744 
11745 	* logsrvd/logsrvd.c, logsrvd/sendlog.c,
11746 	plugins/sudoers/iolog_client.c:
11747 	Store the result of ERR_get_error() so we can use it for both warn
11748 	and debug. Otherwise, only the debug framework gets the actual error
11749 	and the user won't see the problem.
11750 	[039565f16d13]
11751 
11752 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
11753 	Disable IPv4-mapped IPv6 addresses in the listener. Also store the
11754 	host + port string and use it in error messages.
11755 	[3fbac477ef6b]
11756 
11757 	* configure, configure.ac, examples/Makefile.in:
11758 	Install the example sudo_logsrvd.conf unless one already exists
11759 	[89c41b936c44]
11760 
11761 2020-04-07  Todd C. Miller  <Todd.Miller@sudo.ws>
11762 
11763 	* examples/sudo_logsrvd.conf:
11764 	Make the path to logsrvd_cert.pem match the documentation.
11765 	[b2a45e7c9cdb]
11766 
11767 	* etc/sudo-logsrvd.pp, logsrvd/logsrvd.c:
11768 	Create the pid file parent directory if it doesn't already exist.
11769 	Also package the run directory in the sudo_logsrvd PolyPkg file.
11770 	[ac8b573e8545]
11771 
11772 	* configure, configure.ac:
11773 	Sudo 1.9.0rc1
11774 	[7d437646afc2]
11775 
11776 	* MANIFEST:
11777 	Include all python plugin files in MANIFEST, not the directory
11778 	itself.
11779 	[4aa09dd70b9e]
11780 
11781 	* plugins/python/example_approval_plugin.py,
11782 	plugins/python/example_audit_plugin.py,
11783 	plugins/python/example_group_plugin.py,
11784 	plugins/python/example_io_plugin.py,
11785 	plugins/python/example_policy_plugin.py, plugins/python/regress/test
11786 	data/check_example_io_plugin_fails_with_python_backtrace.stdout:
11787 	Avoid using typing annotations so tests run with Python 3.4.
11788 	[88b7048bc4a6]
11789 
11790 	* plugins/python/python_plugin_common.c, plugins/python/regress/testda
11791 	ta/check_loading_fails_missing_classname.stderr:
11792 	Sort the list of possible plugins before printing it. This gives
11793 	more reproducible error messages for the tests.
11794 	[ea33f4970268]
11795 
11796 	* plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
11797 	check_example_group_plugin_is_able_to_debug.log, plugins/python/regr
11798 	ess/testdata/check_example_io_plugin_command_log.stored, plugins/pyt
11799 	hon/regress/testdata/check_example_io_plugin_command_log_multiple1.s
11800 	tored, plugins/python/regress/testdata/check_example_io_plugin_comma
11801 	nd_log_multiple2.stored, plugins/python/regress/testdata/check_examp
11802 	le_io_plugin_failed_to_start_command.stored, plugins/python/regress/
11803 	testdata/check_example_io_plugin_fails_with_python_backtrace.stderr,
11804 	plugins/python/regress/testdata/check_loading_fails_wrong_path.stder
11805 	r, plugins/python/regress/testdata/check_multiple_approval_plugin_an
11806 	d_arguments.stdout, plugins/python/regress/testdata/check_python_plu
11807 	gins_do_not_affect_each_other.stdout,
11808 	plugins/python/regress/testhelpers.h:
11809 	Use regular expressions when matching expected and actual text.
11810 	[f2562728481a]
11811 
11812 	* plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
11813 	check_example_debugging_c_calls@info.log, plugins/python/regress/tes
11814 	tdata/check_example_debugging_plugin@info.log,
11815 	plugins/python/regress/testhelpers.c:
11816 	Use regex to match __init__.py instead of hacking it in
11817 	verify_log_lines()
11818 	[8bf71289e585]
11819 
11820 	* plugins/python/pyhelpers.c, plugins/python/python_plugin_common.c,
11821 	plugins/python/regress/check_python_examples.c,
11822 	plugins/python/regress/iohelpers.c,
11823 	plugins/python/regress/plugin_approval_test.py, plugins/python/regre
11824 	ss/testdata/check_example_debugging_c_calls@diag.log, plugins/python
11825 	/regress/testdata/check_example_debugging_c_calls@info.log, plugins/
11826 	python/regress/testdata/check_example_debugging_py_calls@diag.log, p
11827 	lugins/python/regress/testdata/check_example_debugging_py_calls@info
11828 	.log, plugins/python/regress/testdata/check_example_policy_plugin_va
11829 	lidate_invalidate.log, plugins/python/regress/testdata/check_loading
11830 	_fails_wrong_classname.stderr, plugins/python/regress/testdata/check
11831 	_multiple_approval_plugin_and_arguments.stdout,
11832 	plugins/python/regress/testhelpers.h:
11833 	Make most python tests pass with Python 3.4 Dictionary order is not
11834 	stable in Python < 3.6 so we need to sort by key to have consistent
11835 	results. The LogHandler output is also different on older Python
11836 	versions. Also, don't stop running python tests after the first
11837 	error.
11838 	[aaa06cb5fac1]
11839 
11840 	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
11841 	Increase the maximum delay again for slower systems. Otherwise we
11842 	may get a spurious test failure.
11843 	[6660908aa93d]
11844 
11845 	* plugins/python/Makefile.in, plugins/sudoers/Makefile.in,
11846 	scripts/mkdep.pl:
11847 	Handle dependencies for .h files in the same directory as the
11848 	source. Fixes missing header dependencies for the sudoers and python
11849 	plugins.
11850 	[3109dd5cf61e]
11851 
11852 	* etc/sudo.pp:
11853 	Remove bits for Tru64 kit-style packages
11854 	[0e9a9580d76c]
11855 
11856 	* MANIFEST, Makefile.in, configure, configure.ac, etc/sudo-logsrvd.pp,
11857 	etc/sudo-python.pp, etc/sudo.pp:
11858 	Split sudo_logsrvd and the python plugin into their own packages.
11859 	[9aee8247f0ba]
11860 
11861 	* scripts/mkpkg:
11862 	Build python packages where possible.
11863 	[7a2b993bb8ac]
11864 
11865 2020-04-06  Todd C. Miller  <Todd.Miller@sudo.ws>
11866 
11867 	* plugins/sudoers/iolog_client.c:
11868 	Don't pass a NULL submitcwd or ttyname value to the server. It is
11869 	possible for the cwd and/or tty to be missing. If we send a NULL
11870 	pointer to the server where it expects a string the AcceptMessage
11871 	will fail to parse.
11872 	[4f96d1c6e41c]
11873 
11874 	* include/sudo_plugin.h:
11875 	Disable -Wstrict-prototypes for sudo_hook_fn_t typedef.
11876 	[15d2a1332865]
11877 
11878 	* plugins/python/python_plugin_common.c:
11879 	Fall back to using Py_Finalize() for Python version < 3.6
11880 	[e7ad63e57c79]
11881 
11882 2020-04-06  Robert Manner  <robert.manner@balabit.com>
11883 
11884 	* logsrvd/eventlog.c:
11885 	logsrvd/eventlog.c: add a newline after each log message for logfile
11886 	output
11887 	[457f77b8f3be]
11888 
11889 	* lib/iolog/iolog_fileio.c:
11890 	lib/iolog/iolog_fileio.c: do not call fchown on invalid fd
11891 
11892 	Fixes the warning in the log: iolog_write_info_file_json: unable to
11893 	fchown 0:0 /var/log/...: Bad file descriptor
11894 	[bccdaf007db8]
11895 
11896 	* logsrvd/iolog_writer.c:
11897 	logsrvd/iolog_writer.c: treat runuid, rungid 0 as valid (usually
11898 	==root)
11899 	[5a7c447e9619]
11900 
11901 2020-04-05  Todd C. Miller  <Todd.Miller@sudo.ws>
11902 
11903 	* po/eo.mo, po/eo.po, po/sr.mo, po/sr.po:
11904 	Updated translations from translationproject.org
11905 	[6e47dbfdba2c]
11906 
11907 2020-04-03  Todd C. Miller  <Todd.Miller@sudo.ws>
11908 
11909 	* examples/Makefile.in:
11910 	Install example sudo_logsrvd.conf file
11911 	[c1c6f4c8119d]
11912 
11913 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
11914 	Make it clear in the sudoers grammar that sudoedit needs file args.
11915 	Debian bug #571621
11916 	[b6358b602623]
11917 
11918 2020-04-02  Todd C. Miller  <Todd.Miller@sudo.ws>
11919 
11920 	* NEWS:
11921 	Fixed Debian bugs #571621, #596631 and #669687
11922 	[6058c1c46739]
11923 
11924 	* doc/sudo.man.in, doc/sudo.mdoc.in, plugins/sudoers/env.c:
11925 	Truncate the command args at 4096 chars when formatting
11926 	SUDO_COMMAND. We have to limit the length of SUDO_COMMAND to avoid
11927 	getting E2BIG from execve(2) for very long argument vectors. The
11928 	command's environment also counts against the ARG_MAX limit. Debian
11929 	bug #596631
11930 	[ff1fa8e3377f]
11931 
11932 	* plugins/sudoers/auth/pam.c:
11933 	Do not try to delete creds we did not set. If pam_setcred() fails
11934 	when opening the PAM session, we don't want to call it with
11935 	PAM_DELETE_CRED when closing the session.
11936 	[c31039431c46]
11937 
11938 2020-04-01  Todd C. Miller  <Todd.Miller@sudo.ws>
11939 
11940 	* plugins/sudoers/auth/API, plugins/sudoers/auth/aix_auth.c,
11941 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/fwtk.c,
11942 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
11943 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
11944 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
11945 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
11946 	plugins/sudoers/sudoers.h:
11947 	Add a force flag to sudo_auth_cleanup() to force immediate cleanup.
11948 	This is used for PAM authentication to make sure pam_end() is called
11949 	via sudo_auth_cleanup() when the user authenticates successfully but
11950 	sudoers denies the command. Debian bug #669687
11951 	[98cb9d98f547]
11952 
11953 	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
11954 	Increase the maximum delay for slower systems. Otherwise we may get
11955 	a spurious test failure.
11956 	[e4c1fffd427c]
11957 
11958 	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in:
11959 	Document when cwd_optional was added.
11960 	[165447e1d7fa]
11961 
11962 2020-03-31  Todd C. Miller  <Todd.Miller@sudo.ws>
11963 
11964 	* NEWS, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
11965 	plugins/sudoers/policy.c, src/exec.c, src/sudo.c, src/sudo.h:
11966 	Add cwd_optional to command details and enable it in the sudoers
11967 	plugin. If cwd_optional is set to true, a failure to set the cwd
11968 	will be a warning, not an error, and the command will still run.
11969 	Debian bug #598519
11970 	[a6694704d92f]
11971 
11972 	* doc/sudo.man.in, doc/sudo.mdoc.in:
11973 	The policy close function is responsible for closing the PAM
11974 	session.
11975 	[db4af211ff75]
11976 
11977 	* .clang-format:
11978 	Config file for clang-format 8.x and higher based on webkit style.
11979 	This approximates what I want the sudo coding style to look like.
11980 	Only deviations from webkit style are included.
11981 	[d3ec3a8401cf]
11982 
11983 	* src/exec_pty.c:
11984 	Don't kill the command just because the loop exited unexpectedly. We
11985 	currently have no good way to distinguish between an error executing
11986 	the command and an error while the command is running.
11987 
11988 	In the future, we should have additional status codes so we can tell
11989 	what type of condition caused the loop to exit.
11990 
11991 	For now, only kill the command if cstat is left uninitialized.
11992 	[9492d60783fe]
11993 
11994 2020-03-29  Todd C. Miller  <Todd.Miller@sudo.ws>
11995 
11996 	* logsrvd/logsrvd.c:
11997 	Write process ID as an unsigned int (with a cast). On Solaris, pid_t
11998 	may be typedef'd as a long but the actual range is 32 bits at most.
11999 	[b9a818d77142]
12000 
12001 	* doc/LICENSE:
12002 	Add license info for a few other files. These are all ISC licensed
12003 	but it is still best to have them all listed in one place.
12004 	[dd37dc484ea5]
12005 
12006 	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
12007 	plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
12008 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
12009 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
12010 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
12011 	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
12012 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
12013 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
12014 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
12015 	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
12016 	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
12017 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
12018 	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
12019 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
12020 	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
12021 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
12022 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
12023 	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/ca.mo,
12024 	po/ca.po, po/cs.mo, po/cs.po, po/de.mo, po/de.po, po/eo.mo,
12025 	po/eo.po, po/fi.mo, po/fi.po, po/fr.mo, po/fr.po, po/hr.mo,
12026 	po/hr.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ko.mo,
12027 	po/ko.po, po/nb.mo, po/nb.po, po/pl.mo, po/pl.po, po/pt.mo,
12028 	po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sv.mo, po/sv.po, po/tr.mo,
12029 	po/tr.po, po/uk.mo, po/uk.po, po/vi.mo, po/vi.po, po/zh_CN.mo,
12030 	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
12031 	Updated translations from translationproject.org
12032 	[58d62352abff]
12033 
12034 	* lib/util/getusershell.c, lib/util/host_port.c, lib/util/roundup.c,
12035 	logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
12036 	logsrvd/logsrv_util.h, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
12037 	logsrvd/logsrvd_conf.c, logsrvd/sendlog.c, logsrvd/sendlog.h,
12038 	plugins/sudoers/iolog_client.c, plugins/sudoers/iolog_plugin.h:
12039 	Some new source files got created with my old email address.
12040 	[ede435f55f5c]
12041 
12042 	* .gitignore, .hgignore:
12043 	Ignore __pycache__ directories.
12044 	[5901cfb35a74]
12045 
12046 	* include/sudo_iolog.h, lib/iolog/iolog_util.c, logsrvd/sendlog.c,
12047 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
12048 	plugins/sudoers/sudoreplay.c:
12049 	iolog_parse_loginfo() now opens the log file itself.
12050 	[bf03f505fc94]
12051 
12052 	* include/sudo_iolog.h, lib/iolog/Makefile.in,
12053 	lib/iolog/iolog_fileio.c, lib/iolog/iolog_util.c,
12054 	logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
12055 	logsrvd/sendlog.c, plugins/sudoers/Makefile.in,
12056 	plugins/sudoers/iolog.c,
12057 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
12058 	plugins/sudoers/sudoreplay.c:
12059 	Write an extended I/O info log in JSON format. This will be used by
12060 	sudoreplay if it exists to get more information about the command
12061 	being replayed.
12062 	[5fc89148c214]
12063 
12064 	* MANIFEST, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
12065 	include/sudo_iolog.h, lib/iolog/Makefile.in, lib/iolog/iolog_json.c,
12066 	lib/iolog/iolog_util.c, plugins/sudoers/sudoreplay.c:
12067 	Parse I/O JSON info file in JSON if present. The JSON version
12068 	includes more information than the original "log" file in the I/O
12069 	log dir.
12070 	[269ae210ea34]
12071 
12072 	* logsrvd/iolog_writer.c, logsrvd/logsrvd.h:
12073 	Store runenv in the I/O log info file too.
12074 	[15f90fb3748f]
12075 
12076 	* plugins/sudoers/Makefile.in,
12077 	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c:
12078 	Create files for check_iolog_plugin in the build dir, not src dir.
12079 	[bdaea95b47fc]
12080 
12081 	* include/sudo_json.h, lib/iolog/iolog_fileio.c, lib/util/json.c,
12082 	logsrvd/eventlog.c, logsrvd/iolog_writer.c, logsrvd/logsrvd.h,
12083 	plugins/audit_json/audit_json.c:
12084 	Do not use JSON_ARRAY with sudo_json_add_value()
12085 	[c74b75adb90f]
12086 
12087 	* MANIFEST, lib/iolog/Makefile.in, lib/iolog/iolog_json.c,
12088 	lib/iolog/iolog_json.h,
12089 	lib/iolog/regress/iolog_json/check_iolog_json.c,
12090 	lib/iolog/regress/iolog_json/test1.in,
12091 	lib/iolog/regress/iolog_json/test2.in,
12092 	lib/iolog/regress/iolog_json/test2.out.ok,
12093 	lib/iolog/regress/iolog_json/test3.in, lib/util/json.c:
12094 	Add tests for the simple json parser.
12095 	[9ede5000f4c7]
12096 
12097 	* lib/iolog/iolog_json.c:
12098 	Simply the JSON parsing code a bit. We can use a single stack for
12099 	nested objects and arrays. There is also no need to track the
12100 	current object and array separately. This allows us to remove the
12101 	array special case when assigning a value.
12102 	[4a34e528d9f0]
12103 
12104 	* NEWS:
12105 	Update NEWS for 1.9.0b5 changes
12106 	[bf8db62788d3]
12107 
12108 	* logsrvd/logsrvd.c:
12109 	sudo_logsrvd now exits with an error if it cannot open any listen
12110 	sockets.
12111 	[47a22f71e286]
12112 
12113 	* configure, doc/sudo_logsrvd.conf.man.in,
12114 	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
12115 	doc/sudo_logsrvd.mdoc.in, examples/sudo_logsrvd.conf,
12116 	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
12117 	m4/sudo.m4, pathnames.h.in:
12118 	Create a pidfile for sudo_logsrvd when not run with the -n flag.
12119 	[9f1b8edff6cc]
12120 
12121 	* etc/sudo.pp:
12122 	Add sudo_logsrvd as a service so it gets started at boot.
12123 	[d2ac9eb87dbf]
12124 
12125 	* plugins/sudoers/po/sudoers.pot:
12126 	Update sudoers.pot with json parser warnings.
12127 	[2b277f799d2e]
12128 
12129 2020-03-19  Todd C. Miller  <Todd.Miller@sudo.ws>
12130 
12131 	* scripts/mkpkg:
12132 	Enable OpenSSL on systems that can support it.
12133 	[976370b9d9db]
12134 
12135 2020-03-17  Todd C. Miller  <Todd.Miller@sudo.ws>
12136 
12137 	* config.h.in, configure, configure.ac, logsrvd/logsrvd.c:
12138 	Add configure check for SSL_CTX_get0_certificate(). Dummy out
12139 	verify_server_cert() if it is not present to allow building on older
12140 	OpenSSL versions. Rewriting this to work with old OpenSSL is not
12141 	worth the trouble.
12142 	[61349d2533fe]
12143 
12144 	* lib/iolog/hostcheck.c:
12145 	Include stdlib.h for malloc(3) prototype. We shouldn't rely on it to
12146 	be implicitly included via OpenSSL headers.
12147 	[9f4f7d3d3662]
12148 
12149 2020-03-16  Todd C. Miller  <Todd.Miller@sudo.ws>
12150 
12151 	* plugins/sudoers/policy.c:
12152 	Only set errstr for plugin API version 1.15 and above.
12153 	[780722091e9f]
12154 
12155 2020-03-14  Todd C. Miller  <Todd.Miller@sudo.ws>
12156 
12157 	* NEWS:
12158 	Sudo 1.8.31p1
12159 	[40629e6fd692]
12160 
12161 	* src/limits.c:
12162 	Ignore a failure to restore the RLIMIT_CORE resource limit. Linux
12163 	containers don't allow RLIMIT_CORE to be set back to RLIM_INFINITY
12164 	if we set the limit to zero, even for root. This is not a problem
12165 	outside the container.
12166 	[1064b906ca68]
12167 
12168 2020-03-12  Todd C. Miller  <Todd.Miller@sudo.ws>
12169 
12170 	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
12171 	regen
12172 	[72ca06a294b4]
12173 
12174 	* include/sudo_event.h, lib/util/event.c:
12175 	Add SUDO_EV_MASK to mask off invalid event values. Now used by
12176 	sudo_ev_init() to avoid bogus events.
12177 	[10a5d1afa1c9]
12178 
12179 2020-03-11  Todd C. Miller  <Todd.Miller@sudo.ws>
12180 
12181 	* plugins/python/regress/iohelpers.c,
12182 	plugins/python/regress/testhelpers.c:
12183 	Avoid using sprintf(), vsprintf(), strcat(), and strncat(). It is
12184 	less error-prone to use functions with a return value that indicates
12185 	when truncation ocurred.
12186 	[21938a3b1548]
12187 
12188 	* plugins/sudoers/match_digest.c:
12189 	Work around two Coverity false positives; CID 208813 208815
12190 	[389bf3749ed2]
12191 
12192 	* logsrvd/logsrvd.c:
12193 	Fix potential use-after-free; Coverity CID 208814
12194 	[e575532efe35]
12195 
12196 	* plugins/python/regress/iohelpers.h, plugins/python/regress/testdata/
12197 	check_example_debugging_c_calls@info.log, plugins/python/regress/tes
12198 	tdata/check_example_debugging_plugin@info.log,
12199 	plugins/python/regress/testhelpers.c:
12200 	Don't hard-code path to logging/__init__.py or line numbers. Allows
12201 	python plugin tests to success on versions other than 3.7.
12202 	[659d3d3fcb8b]
12203 
12204 	* doc/LICENSE:
12205 	Add copyright for the Python bindings.
12206 	[cc64df1f85f2]
12207 
12208 	* plugins/sudoers/match_command.c:
12209 	Fix typo introduced on systems with O_PATH or O_EXEC
12210 	[e8fea3eabf99]
12211 
12212 	* NEWS:
12213 	Update for sudo 1.9.0
12214 	[39158cb4af26]
12215 
12216 	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
12217 	plugins/sudoers/cvtsudoers_json.c,
12218 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
12219 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
12220 	plugins/sudoers/match.c, plugins/sudoers/match_command.c,
12221 	plugins/sudoers/regress/sudoers/test14.in,
12222 	plugins/sudoers/regress/sudoers/test14.json.ok,
12223 	plugins/sudoers/regress/sudoers/test14.ldif.ok,
12224 	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
12225 	plugins/sudoers/regress/sudoers/test14.out.ok,
12226 	plugins/sudoers/regress/sudoers/test14.toke.ok,
12227 	plugins/sudoers/sudoers_version.h:
12228 	Allow the ALL keyword to be specified with a digest list.
12229 	[9856ed3cde7f]
12230 
12231 	* doc/sudoers.man.in, doc/sudoers.mdoc.in,
12232 	plugins/sudoers/cvtsudoers_json.c,
12233 	plugins/sudoers/cvtsudoers_ldif.c, plugins/sudoers/fmtsudoers.c,
12234 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
12235 	plugins/sudoers/ldap_util.c, plugins/sudoers/match.c,
12236 	plugins/sudoers/match_command.c, plugins/sudoers/match_digest.c,
12237 	plugins/sudoers/parse.h, plugins/sudoers/regress/sudoers/test14.in,
12238 	plugins/sudoers/regress/sudoers/test14.json.ok,
12239 	plugins/sudoers/regress/sudoers/test14.ldif.ok,
12240 	plugins/sudoers/regress/sudoers/test14.ldif2sudo.ok,
12241 	plugins/sudoers/regress/sudoers/test14.out.ok,
12242 	plugins/sudoers/regress/sudoers/test14.toke.ok,
12243 	plugins/sudoers/sudo_ldap.h:
12244 	Allow a list of digests to be specified for a command.
12245 	[e0e9ecee870b]
12246 
12247 	* plugins/sudoers/ldap_util.c, plugins/sudoers/parse_ldif.c:
12248 	A struct member of type ALL should have its name field set to NULL.
12249 	[484b9af004af]
12250 
12251 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/toke.c,
12252 	plugins/sudoers/toke.l:
12253 	Allow Cmd_Alias in addition to Cmnd_Alias. Some people find using
12254 	Cmd_Alias more natural.
12255 	[55edb5057091]
12256 
12257 2020-03-01  Todd C. Miller  <Todd.Miller@sudo.ws>
12258 
12259 	* doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
12260 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
12261 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
12262 	Add pam_ruser and pam_rhost sudoers flags.
12263 	[b1d494440004]
12264 
12265 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/sendlog.c,
12266 	logsrvd/sendlog.h:
12267 	Store the event base in the client closure. Explicitly passing the
12268 	event base removes the need to set a default base.
12269 	[0e4ae8d810f8]
12270 
12271 	* plugins/sudoers/iolog.c:
12272 	Revert change to initialize io_operations earlier. Instead, check
12273 	io_operations.open for NULL which is the case for "sudo -V". Also
12274 	move the early return in sudoers_io_open() for "sudo -V" until after
12275 	we have initialized debugging.
12276 	[0e9e7a99725d]
12277 
12278 2020-02-28  Todd C. Miller  <Todd.Miller@sudo.ws>
12279 
12280 	* plugins/sudoers/iolog.c:
12281 	Initialize io_operations earlier.
12282 	[ab235d88f8ae]
12283 
12284 2020-02-27  Todd C. Miller  <Todd.Miller@sudo.ws>
12285 
12286 	* plugins/sudoers/iolog_client.c:
12287 	Mark up some remaining TODOs
12288 	[847c9328a7b5]
12289 
12290 	* src/conversation.c:
12291 	Sudo's -S option should override the SUDO_CONV_PREFER_TTY flag.
12292 	[f5737b68c0bf]
12293 
12294 	* plugins/python/pyhelpers.c, plugins/python/python_plugin_policy.c,
12295 	plugins/python/sudo_python_module.c:
12296 	Use C99 __func__ instead of gcc-specific __PRETTY_FUNCTION__
12297 	[db4f5d7c200e]
12298 
12299 2020-02-27  Robert Manner  <robert.manner@balabit.com>
12300 
12301 	* plugins/python/example_debugging.py, plugins/python/regress/testdata
12302 	/check_example_debugging_c_calls@diag.log, plugins/python/regress/te
12303 	stdata/check_example_debugging_c_calls@info.log, plugins/python/regr
12304 	ess/testdata/check_example_debugging_plugin@err.log, plugins/python/
12305 	regress/testdata/check_example_debugging_plugin@info.log:
12306 	plugins/python/regress: add a test and example of using the python
12307 	logger
12308 	[ed23b3ba375f]
12309 
12310 	* MANIFEST, doc/sudo_plugin_python.man.in,
12311 	doc/sudo_plugin_python.mdoc.in, plugins/python/Makefile.in,
12312 	plugins/python/python_baseplugin.c,
12313 	plugins/python/python_convmessage.c,
12314 	plugins/python/python_importblocker.c,
12315 	plugins/python/python_loghandler.c,
12316 	plugins/python/python_plugin_common.c,
12317 	plugins/python/sudo_python_module.c,
12318 	plugins/python/sudo_python_module.h:
12319 	plugins/python/sudo_module: add sudo.LogHandler
12320 
12321 	so python log system can be used with sudo logsystem. Loggers use it
12322 	by default (the handler is set on the root logger). If that is not
12323 	the intent, it can be overridden explicitly.
12324 	[45b8902ce188]
12325 
12326 2020-02-26  Todd C. Miller  <Todd.Miller@sudo.ws>
12327 
12328 	* INSTALL, Makefile.in, config.h.in, configure, configure.ac,
12329 	lib/iolog/iolog_fileio.c, plugins/sudoers/Makefile.in,
12330 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_client.c,
12331 	plugins/sudoers/iolog_plugin.h, plugins/sudoers/sudoers.c:
12332 	Add --disable-log-server and --disable-log-client configure options.
12333 	These can be used to optionally disable building sudo_logsrvd and
12334 	support for remote I/O logging in the sudoers plugin respectively.
12335 	[bc802e022f22]
12336 
12337 2020-02-26  Robert Manner  <robert.manner@balabit.com>
12338 
12339 	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
12340 	plugins/python/python_plugin_common.c,
12341 	plugins/python/regress/check_python_examples.c, plugins/python/regre
12342 	ss/testdata/check_loading_fails_missing_classname.stderr, plugins/py
12343 	thon/regress/testdata/check_loading_succeeds_with_missing_classname.
12344 	stdout:
12345 	plugins/python: autodetect ClassName field
12346 
12347 	If "ClassName" is not specified, load the one and only sudo.Plugin
12348 	from the module (if so), otherwise display which plugins are
12349 	available from which the system admin can choose.
12350 	[b9dbbf1b6e97]
12351 
12352 	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in,
12353 	plugins/python/Makefile.in, plugins/python/python_plugin_common.c:
12354 	plugins/python/plugin_common: add a default search path for python
12355 	plugins
12356 
12357 	If the ModulePath is relative, assume it is under
12358 	"/usr/local/libexec/sudo/python" or wherever the sudo plugins are in
12359 	a "python" subdirectory.
12360 	[5f75db882754]
12361 
12362 	* plugins/python/regress/check_python_examples.c, plugins/python/regre
12363 	ss/testdata/check_example_audit_plugin_version_display.stdout, plugi
12364 	ns/python/regress/testdata/check_example_debugging_py_calls@info.log
12365 	, plugins/python/regress/testdata/check_example_io_plugin_version_di
12366 	splay_full.stdout, plugins/python/regress/testdata/check_example_pol
12367 	icy_plugin_version_display_full.stdout, plugins/python/regress/testd
12368 	ata/check_multiple_approval_plugin_and_arguments.stdout:
12369 	plugins/python/regress: update tests for show_version changes
12370 
12371 	- plugin->show_version is not marked NULL any more.
12372 	- if verbose, it also displays which python class was loaded from
12373 	which file
12374 	[e30a1e43e3c2]
12375 
12376 	* plugins/python/python_plugin_approval.c,
12377 	plugins/python/python_plugin_audit.c,
12378 	plugins/python/python_plugin_common.c,
12379 	plugins/python/python_plugin_common.h,
12380 	plugins/python/python_plugin_io.c,
12381 	plugins/python/python_plugin_policy.c:
12382 	plugins/python: make show_version display the plugin in verbose mode
12383 
12384 	Before it only displayed the plugin version, now it also displays
12385 	which python plugin is loaded to be more useful.
12386 	[8c94175ead70]
12387 
12388 	* plugins/python/python_plugin_approval.c,
12389 	plugins/python/python_plugin_common.c:
12390 	plugins/python/approval: fix show_version crash when it is not
12391 	implemented
12392 
12393 	For approval plugins show_version is not optional.
12394 	[61f6b4679d6b]
12395 
12396 2020-02-24  Todd C. Miller  <Todd.Miller@sudo.ws>
12397 
12398 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
12399 	Avoid calling sudoers_policy_exec_setup() on error. We only want to
12400 	pass the execution environment back for commands that are accepted
12401 	or rejected. Also avoid potentially freeing the wrong pointer when
12402 	garbage collection is enabled.
12403 	[a3a202e89951]
12404 
12405 2020-02-22  Todd C. Miller  <Todd.Miller@sudo.ws>
12406 
12407 	* logsrvd/eventlog.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c:
12408 	Open event log at config time instead of open/close for each entry.
12409 	If logging via syslog, do the openlog() at config time instead. We
12410 	still lock the log file prior to writing to it but unlock
12411 	immediately after.
12412 	[3236bd001160]
12413 
12414 	* lib/util/locking.c:
12415 	Fix unlocking of an entire file with lockf(). Since lockf() uses the
12416 	files's current offset, we need to seek to the start of the file to
12417 	unlock the entire file.
12418 	[e415af1de6ca]
12419 
12420 2020-02-21  Robert Manner  <robert.manner@balabit.com>
12421 
12422 	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
12423 	doc/sudo_plugin_python: add approval plugin to supported plugins
12424 	[5034917e6902]
12425 
12426 2020-02-20  Todd C. Miller  <Todd.Miller@sudo.ws>
12427 
12428 	* lib/util/util.exp.in:
12429 	Add sudo_json_free_v1 to symbol exports file too.
12430 	[0a91a2986952]
12431 
12432 	* lib/util/Makefile.in, logsrvd/Makefile.in,
12433 	plugins/sudoers/Makefile.in:
12434 	Regenerate dependencies to match the recent JSON changes.
12435 	[5da86c77629c]
12436 
12437 	* plugins/python/python_convmessage.c:
12438 	Add missing check for calloc(3) failure.
12439 	[589c32ff2cf1]
12440 
12441 2020-02-19  Robert Manner  <robert.manner@balabit.com>
12442 
12443 	* doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
12444 	doc/sudo_plugin_python: document approval plugin and PluginReject
12445 	[9e61203dcb8d]
12446 
12447 	* plugins/python/sudo_python_module.c:
12448 	plugins/python/sudo_python_module.c: remove unused declaration
12449 
12450 	We do not use structsequence any more.
12451 	[a5570ba5ad8b]
12452 
12453 2020-02-18  Todd C. Miller  <Todd.Miller@sudo.ws>
12454 
12455 	* logsrvd/logsrvd.c, logsrvd/logsrvd.h:
12456 	Re-register listeners on SIGHUP. Previously, a config reload would
12457 	refresh the listener address list but the changes had no effect on
12458 	the actual addresses being listened on.
12459 	[c1c0ada6c594]
12460 
12461 	* logsrvd/logsrvd.c:
12462 	Fix compilation error when not built with OpenSSL support. Adds a
12463 	missing #ifdef HAVE_OPENSSL and reorders code to avoid the need for
12464 	a static init_tls_server_context() prototype.
12465 	[976c469eeb57]
12466 
12467 2020-02-18  Robert Manner  <robert.manner@balabit.com>
12468 
12469 	* plugins/python/python_plugin_common.c:
12470 	plugins/python: restore the original python inittab after
12471 	interpreter deinit
12472 	[b78a5d995de9]
12473 
12474 2020-02-17  Todd C. Miller  <Todd.Miller@sudo.ws>
12475 
12476 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
12477 	include/sudo_json.h, lib/util/json.c, logsrvd/eventlog.c:
12478 	Add support for JSON structured logging using syslog. Note that
12479 	depending on the system, the default syslog buffer may not be large
12480 	enough to store all the logging data.
12481 	[15a6667b1198]
12482 
12483 	* doc/sudo_logsrvd.conf.man.in, doc/sudo_logsrvd.conf.mdoc.in,
12484 	examples/sudo_logsrvd.conf, logsrvd/eventlog.c,
12485 	logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
12486 	logsrvd/logsrvd_conf.c:
12487 	Add support for JSON logging in sudo_logsrvd.
12488 	[8b013b899e3b]
12489 
12490 	* include/sudo_json.h, lib/util/json.c, lib/util/util.exp.in,
12491 	plugins/audit_json/audit_json.c, plugins/sudoers/cvtsudoers_json.c,
12492 	plugins/sudoers/regress/sudoers/test10.json.ok,
12493 	plugins/sudoers/regress/sudoers/test9.json.ok:
12494 	Rework the JSON API to write to a memory buffer, not a stdio stream.
12495 	[ec4e4053e95e]
12496 
12497 	* logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c:
12498 	Fix support for reloading the config in sudo_logsrvd. We need to re-
12499 	initialize the TLS server context. Also fix a memory leak of the TLS
12500 	parameters on reload.
12501 	[c4ca45502f3e]
12502 
12503 2020-02-17  Robert Manner  <robert.manner@balabit.com>
12504 
12505 	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h,
12506 	plugins/python/python_plugin_common.c,
12507 	plugins/python/regress/check_python_examples.c, plugins/python/regre
12508 	ss/testdata/check_example_debugging_load@diag.log,
12509 	plugins/python/regress/testhelpers.c:
12510 	plugins/python: only deinit interpreters when sudo unlinks the
12511 	plugin
12512 
12513 	This only happens when sudo unloads the last python plugin. The
12514 	reason doing so is because there are some python modules which does
12515 	not support importing them again after destroying the interpreter
12516 	which has imported them previously.
12517 
12518 	Another solution would be to just leak the interpreters (let the
12519 	kernel free up), but then there might be some python resources like
12520 	open files would not get cleaned up correctly if the plugin is badly
12521 	written.
12522 
12523 	Tests are meant to test the scenario sudo does, so I have modified
12524 	them to generally do not unlink but only a few times (~per plugin
12525 	type) so it does not use 48 interpreters (one gets started on every
12526 	plugin->open) and it is visible at least which type of plugin fails
12527 	deinit if there is an error.
12528 	[13cdead652aa]
12529 
12530 	* plugins/python/python_plugin_common.c,
12531 	plugins/python/sudo_python_debug.c:
12532 	plugins/python/debug: adapt debug refcount solution of sudoers
12533 	plugin
12534 	[dc815e383c39]
12535 
12536 2020-02-16  Todd C. Miller  <Todd.Miller@sudo.ws>
12537 
12538 	* plugins/sudoers/iolog_client.c:
12539 	The environment in the accept message is runenv not submitenv. The
12540 	I/O logging plugin is passed the environment the command will run
12541 	with, not the user's original environment.
12542 	[b3e1ee513001]
12543 
12544 2020-02-15  Todd C. Miller  <Todd.Miller@sudo.ws>
12545 
12546 	* include/sudo_compat.h, lib/iolog/iolog_fileio.c,
12547 	plugins/audit_json/audit_json.c, src/utmp.c:
12548 	Add compatibility define for fseeko(3). This is better than
12549 	cluttering up the code with #ifdefs for obsolete systems.
12550 	[a9123f768fe0]
12551 
12552 2020-02-14  Todd C. Miller  <Todd.Miller@sudo.ws>
12553 
12554 	* MANIFEST, plugins/sudoers/regress/testsudoers/test8.out.ok,
12555 	plugins/sudoers/regress/testsudoers/test8.sh:
12556 	Add test for #include directive without a trailing newline.
12557 	[dfcfad5c7c41]
12558 
12559 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
12560 	Don't require a newline at the end of include or includedir
12561 	directives.
12562 	[3d6aa5531609]
12563 
12564 2020-02-14  Robert Manner  <robert.manner@balabit.com>
12565 
12566 	* plugins/python/regress/testhelpers.c:
12567 	plugins/python/regress/testhelpers.c: replace fromisoformat
12568 
12569 	fromisoformat is only supported from python >=3.7
12570 	[86bf6de82376]
12571 
12572 2020-02-13  Robert Manner  <robert.manner@balabit.com>
12573 
12574 	* plugins/python/python_plugin_common.h,
12575 	plugins/python/sudo_python_module.c:
12576 	plugins/python: add missing annotations to help cpychecker
12577 	[fd66659bd681]
12578 
12579 	* plugins/python/python_plugin_common.c:
12580 	plugins/python/python_plugin_common.c: release py_args in close
12581 
12582 	even if the arguments are not used (eg. when there is no "close"
12583 	call in the plugin).
12584 
12585 	It was not really a memleak, because interpreter is deinitialized
12586 	anyway, which frees the object.
12587 	[5de8c111d40d]
12588 
12589 	* plugins/python/python_plugin_approval.c:
12590 	plugins/python/python_plugin_approval: fix negative ref count
12591 
12592 	The python_plugin_api_rc_call function already decrements the
12593 	refcount of py_args. Python avoids the double free, but the error
12594 	gets shown if using python debug build.
12595 	[4370af5b9092]
12596 
12597 2020-02-12  Robert Manner  <robert.manner@balabit.com>
12598 
12599 	* plugins/python/regress/check_python_examples.c:
12600 	plugins/python/regress: still some memleak fix
12601 	[c60050b79a5e]
12602 
12603 	* plugins/python/python_plugin_audit.c,
12604 	plugins/python/python_plugin_common.c,
12605 	plugins/python/python_plugin_common.h,
12606 	plugins/python/python_plugin_io.c,
12607 	plugins/python/python_plugin_policy.c:
12608 	plugins/python: make storing errstr more explicit
12609 
12610 	The error is always stored in plugin_ctx, but it is only set into
12611 	errstr if the API version is enough. (Previously it worked the
12612 	opposite: we only stored the error if API level was enough.)
12613 	[5b4fa733c876]
12614 
12615 	* plugins/python/regress/check_python_examples.c:
12616 	plugins/python/regress: strengthen errstr verification