2023-07-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_14p1 for changeset fc033946b1a9
	[ee6033290e91] [tip] <1.9>

	* configure, configure.ac:
	sudo 1.9.14p1
	[fc033946b1a9] [SUDO_1_9_14p1] <1.9>

	* NEWS:
	Docume bug fixes in 1.9.14p1.
	[f526fda905de] <1.9>

	* plugins/sudoers/log_client.c:
	fmt_info_messages: don't include ttyname if it is NULL

	The NULL check was commented out for testing but should have been
	restored. Fixes a potential protocol error message from
	sudo_logsrvd.
	[12cf2b87355a] <1.9>

	* logsrvd/iolog_writer.c:
	evlog_new: store a new copy of peeraddr, not a pointer to a buffer.

	Starting in sudo 1.9.14, eventlog_free() will free the peeraddr
	member too so it needs to be dynamically allocated.
	[4c984e3e6aef] <1.9>

2023-06-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_14 for changeset 8010d7515347
	[ff70094a18c0] <1.9>

	* MANIFEST, NEWS, config.h.in, configure, configure.ac,
	include/sudo_compat.h, plugins/sudoers/Makefile.in,
	plugins/sudoers/logging.c, plugins/sudoers/match_command.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c, src/exec_nopty.c:
	Merge sudo 1.9.14 from tip.
	[8010d7515347] [SUDO_1_9_14] <1.9>

2023-06-26  Todd C. Miller  <Todd.Miller@sudo.ws>

	* Merge pull request #275 from AtariDreams/emergency

	Set command_info to NULL once it is freed
	[6d1e55f4e7b9]

2023-06-26  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* plugins/sudoers/policy.c:
	Set command_info to NULL once it is freed

	The lack of setting to NULL is a holdover from when command_info was
	a local variable and not a global one. However, we given how other
	global variables are set to NULL, it is best that we do the same
	here to avoid potential issues should sudoers_policy_store_result be
	called again after the first time failed, otherwise we could get a
	double-free.
	[a1a462a52a98]

2023-06-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* Merge pull request #274 from bin-ly/main

	Modify the is_script function for match_command.c
	[05675d16bd52]

2023-06-25  binlingyu  <binlingyu@uniontech.com>

	* plugins/sudoers/match_command.c:
	Modify the is_script function for match_command.c
	[ce944a838c33]

2023-06-21  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	Mention C99 requirement.
	[f12a7b68e0b2]

2023-06-20  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Reference SETENV-related settings in the command environment
	section.

	Based on GitHub PR #273 from Ilya Kulakov.
	[f8b5ef533800]

	* INSTALL.md:
	Sudo requires a C99 compiler due to the use of flexible array
	members.
	[bb80666c7382]

	* Merge pull request #266 from AtariDreams/c99

	Do variable length arrays the C99 way
	[690561b17683]

2023-06-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* Merge pull request #269 from trackers-lover/main

	correct the return value type of function alias_find_used
	[30dc3eb4a59a]

2023-06-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Clarify that use_pty is on by default starting with 1.9.14.
	[984048215229]

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	Sudo runs the command in a pty by default in 1.9.14 and above.
	[92ec41fdf7c9]

	* plugins/sudoers/sudoers.in:
	Add commented out example for disabling use_pty.
	[9a59b831f363]

2023-06-15  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .circleci/config.yml:
	Update Xcode version from 13.2.1 to 13.4.1.
	[10bbb25b415e]

2023-06-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST:
	Add plugins/sudoers/regress/testsudoers/passwd to MANIFEST.
	[016644afd8ae]

	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, po/eo.mo,
	po/eo.po, po/pl.mo, po/pl.po:
	Updated translations from translationproject.org
	[97167b63ffbd]

	* NEWS:
	Document recent bug fixes.
	[34d8ffa919c6]

	* MANIFEST, plugins/sudoers/regress/testsudoers/group,
	plugins/sudoers/regress/testsudoers/passwd,
	plugins/sudoers/regress/testsudoers/test22.out.ok,
	plugins/sudoers/regress/testsudoers/test22.sh,
	plugins/sudoers/regress/testsudoers/test23.out.ok,
	plugins/sudoers/regress/testsudoers/test23.sh:
	Add tests to exercise recent runas user and group bug fixes.
	[20f19831ed34]

	* MANIFEST, plugins/sudoers/regress/testsudoers/passwd,
	plugins/sudoers/regress/testsudoers/test21.out.ok,
	plugins/sudoers/regress/testsudoers/test21.sh:
	Add test to exercise the bug that prevented the group specified via
	"sudo -g" from matching when a Runas_Alias was used in the user or
	group portion of a Runas_Spec.
	[16c0668b5c4b]

2023-06-13  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/match.c:
	runaslist_matches: split out user_list and group_list matching.

	This makes it possible to call the appropriate runas user or group
	list match function when resolving aliases instead of calling
	runaslist_matches() itself. Fixes a bug that prevented the group
	specified via "sudo -g" from matching when a Runas_Alias was used in
	the user or group portion of a Runas_Spec.
	[3e0885e96418]

	* plugins/sudoers/match.c:
	runaslist_matches: remove special case to handle "sudo -g group"

	Now that we are guaranteed to have a runas user list for all sudoers
	rules that contain a runas list, we can remove support for the
	special case where user_matched is set in the runas group matching
	conditional. This fixes a bug where "sudo -u myuser -g mygroup" was
	permitted by a rule like "myuser ALL = (root) ALL".
	[d80e907efe77]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/regress/sudoers/test27.json.ok,
	plugins/sudoers/regress/sudoers/test27.ldif.ok,
	plugins/sudoers/regress/sudoers/test27.out.ok:
	Populate runasusers even when only a grouplist is specified.

	When a sudoers rule permits the user to run commands as a group, not
	a user, we should set the runasusers to single member with the
	special MYSELF token. This guarantees that the only time runasusers
	will be NULL is when no runaslist is present.
	[25c293ae5053]

	* plugins/sudoers/match.c:
	runaslist_matches: fix bug when no runas list is specified in
	sudoers.

	If a sudoers rule has no runas list, a user-specified runas group
	should only be allowed if it matches a group that the default runas
	user belongs to. Instead, a missing group check allowed the user run
	commands as the default runas user with an arbitrary group.

	This means that a rule like "somebody host = ALL", which should be
	equivalent to "somebody host = (root) ALL", had the same effect as
	"somebody host = (root:ALL) ALL".
	[eeb075b3b79c]

2023-06-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/python/pyhelpers.h:
	Python may be built with 32-bit time_t support on 32-bit platforms.
	We need to undef the SIZEOF_TIME_T from pyconfig.h so it does not
	conflict with our own.
	[c8bf985eb777]

2023-06-10  Todd C. Miller  <Todd.Miller@sudo.ws>

	* Merge pull request #272 from millert/main

	Avoid use of variable length arrays and add ctype(3) casts.
	[806b2266f6ab]

	* lib/util/lbuf.c:
	Avoid use of variable length arrays and add ctype(3) casts.
	[d8c80d4905b3]

	* Merge pull request #270 from moehanabi/main

	Add %n$s support for sudo_lbuf_append_v1
	[53ad2cdaaabe]

2023-06-09  Brilliant Hanabi  <130747944+moehanabi@users.noreply.github.com>

	* lib/util/lbuf.c:
	Add %n$s support for sudo_lbuf_append_v1
	[f48fa0250fdc]

2023-06-09  bianguangze  <bianguangze@uniontech.com>

	* plugins/sudoers/alias.c:
	correct the return value type of function alias_find_used
	[f689f55fef3f]

2023-06-07  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po,
	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
	plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo,
	po/fr.po, po/hr.mo, po/hr.po, po/ko.mo, po/ko.po, po/ro.mo,
	po/ro.po, po/ru.mo, po/ru.po, po/sr.mo, po/sr.po, po/uk.mo,
	po/uk.po, po/vi.mo, po/vi.po:
	Updated translations from translationproject.org
	[966147718ed3]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.14
	[b79b44520c46]

	* NEWS:
	Mention Bug #1050 fix.
	[c4af7e56a515]

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/sudo_ldap_conf.h:
	Add NETGROUP_QUERY option for servers that can't match
	nisNetgroupTriple. This can be used to support netgroup queries on
	systems that lack the innetgr() function and where the LDAP server
	cannot query the nisNetgroup by nisNetgroupTriple.
	[98b293bee424]

2023-06-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/defaults.c, plugins/sudoers/ldap.c,
	plugins/sudoers/match.c, plugins/sudoers/parse.h:
	sudo_ldap_check_non_unix_group: pass nss pointer to netgr_matches()
	This allows us to use the LDAP-specific version of innetgr() when
	possible. Also enable "use_netgroups" by default even on systems
	without innetgr() since we can now query netgroups directly via
	LDAP.
	[a443919be48c]

2023-06-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_ptrace.c:
	Only call ptrace_verify_post_exec() for intercept, not log_subcmds.
	[9f55dcdd66cd]

	* NEWS, configure, configure.ac:
	sudo 1.9.14
	[73c25828ffc8]

2023-06-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/visudo.c:
	run_command: back out changes to run editor in its own process
	group. It unnecessarily complicates things to work around bugs in an
	OS almost no one runs.
	[8790d32a4f99]

	* MANIFEST, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/suspend_parent.c, lib/util/util.exp.in,
	plugins/sudoers/Makefile.in, src/Makefile.in, src/sudo_exec.h,
	src/suspend_parent.c:
	Make suspend_parent.c out of lib/util and into src. Nothing else
	uses it now.
	[69eda3d690e4]

2023-06-03  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/digestname.c, plugins/sudoers/filedigest.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Initialize digest_type to SUDO_DIGEST_INVALID, not -1 and make it
	unsigned. This makes the digest type consistently unsigned instead
	of a mix of signed (for the -1 value in the tokenizer) and unsigned.
	[49ef7c33450f]

2023-05-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
	etc/codespell.exclude, etc/codespell.ignore,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/pivot.c, plugins/sudoers/visudo.c:
	Fix typos and update excluded/ignored codespell lists.
	[bdb70620b4e4]

2023-05-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/visudo.c:
	run_command: check that ttyfd is not -1 before using it
	[990cbd169a37]

2023-05-18  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* include/sudo_event.h, lib/util/event.c, lib/util/rcstr.c,
	plugins/sudoers/canon_path.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/sudo_ldap_conf.h:
	Do variable length arrays the C99 way

	Variable length arrays are supported by C99, but having it denoted
	as "1" confused the compiler and is not defined.

	Note that because we don't get the inferred NULL terminator, we have
	to increase the malloc size by one.
	[4e33419e940e]

2023-05-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/visudo.c:
	Work around a macOS a kernel bug where tcsetpgrp() does not restart.

	I reported this bug to Apple over 12 years ago.
	[77871464e563]

	* plugins/sudoers/visudo.c:
	run_command: run editor in foreground if visudo is the foreground
	process

	The command is now always run in its own process group. If visudo is
	run in the foreground, the command is run in the foreground too.
	Otherwise, run the command in the background. There is a race
	between the tcsetpgrp() call in the parent and the execve() in the
	child. If we lose the race and the command needs the controlling
	terminal, it will be stopped with SIGTTOU or SIGTTIN, which the
	waitpid() loop will handle.
	[e8e14e0024da]

	* plugins/sudoers/visudo.c:
	Accept carriage return for EOL in addition to newline.

	Since visudo doesn't alter the terminal settings it is possible for
	the terminal to have the ONLCR bit set in the output control flags.
	In that case, we will get a CR, not a NL when the user presses
	enter/return. One way this can happen is if visudo is run in the
	background from a shell that supports line editing and the editor
	restores the (cbreak-style) terminal mode when it finishes.
	[14538e74fd02]

2023-05-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/regress/parser/check_fill.c:
	check_fill: sudoers_strict() is now a function, not a global
	variable
	[8b8e72d283df]

	* plugins/sudoers/parse.h, plugins/sudoers/sudoers.h,
	plugins/sudoers/toke.h:
	Move parser prototypes / externs from sudoers.h to parse.h or
	toke.h.
	[79a52390c46b]

	* plugins/sudoers/file.c, plugins/sudoers/sudoers.c:
	parse.h is already included by sudoers.h.
	[f6faa3f782a2]

	* plugins/sudoers/policy.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c:
	Rename parser_conf -> sudoers_conf in all but the parser itself.
	[61614621341e]

2023-05-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/visudo.c:
	Move sudoers search path to struct sudoers_parser_config.

	That way we can avoid passing it to init_parser() directly. We still
	need sudoers_search_path to be shared between the lexer and the
	parser.
	[5e6c6a08aded]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h, plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
	Add struct sudoers_parser_config and pass it to init_parser().

	This struct contains parser configuration such as the sudoers file
	uid/gid/mode and parse flags such as verbose, strict and recovery.
	[ed8042e7a49a]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	push_include_int: Avoid passing close(2) a negative value on error.
	Coverity CID 314108
	[bbbdfa87543e]

	* plugins/sudoers/ldap.c:
	Eliminate dead store. Coverity CID 315032.
	[6b48998e4db1]

2023-05-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* include/sudo_iolog.h, lib/iolog/iolog_gets.c:
	iolog_gets: change size parameter to int to match fgets/gzgets

	Return an error, setting errno to EINVAL, for negative sizes.
	[27534bcb58a7]

2023-05-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Rename force_umask to override_umask and make it private to
	sudoers.c.

	Add getter for policy.c.
	[1c8a56c767f3]

	* plugins/sudoers/check.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.c:
	Make timestamp_uid and timestamp_gid private to timestamp.c.

	Add getter (for set_perms.c) and setter (for sudoers.c).
	[ad49d0ee7e6f]

	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/sudo_auth.h,
	plugins/sudoers/policy.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.h:
	Make login_style private to bsdauth.c

	Add a setter for policy.c to handle auth_type from the front-end.
	[962af1d3d0fd]

2023-05-03  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/sudo_debug.c:
	Back out last change, len must be int, not size_t, for %.*s.
	[a82bbd86fa29]

	* src/exec_pty.c:
	Use a "%s" format instead of using a translated string as the
	format.
	[1a73a1b4fa94]

	* Merge pull request #260 from AtariDreams/size_t

	Prefer size_t over int, as casting can take extra instructions
	[c0fd1027e105]

2023-05-03  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* lib/eventlog/parse_json.c, lib/util/sudo_debug.c,
	plugins/sudoers/fmtsudoers.c:
	Prefer size_t over int, as casting can take extra instructions
	[96fc138b2009]

2023-05-02  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	Rename init_parser_ext() to init_parser() and remove old wrapper.

	There was only one consumer of the init_parser() wrapper now that
	reset_parser() has been introduced.
	[4be1b8965ce6]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.c:
	Add reset_parser() and use in place of init_parser(NULL).
	[f85227ac1182]

	* plugins/sudoers/ldap.c, plugins/sudoers/ldap_conf.c,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
	Make path_ldap_conf and path_ldap_secret private to policy.c.

	Add getters for both so the ldap code can access them.
	[90a2107d6ec7]

	* plugins/sudoers/file.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
	Make sudoers_file private to policy.c and visudo.c.

	We just need a way for the policy (and visudo) to override the
	default sudoers path. This adds a getter to be used in file.c when
	sudoers is first opened.
	[657aa80f3af8]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/visudo.c:
	Support adminconfdir for relative include paths in sudoers.
	[7ebdbd46b47b]

	* plugins/sudoers/visudo.c:
	Track the destination sudoers path for each parsed file.

	When adminconfdir is enabled, the destination pathh may be different
	from the path we opened. We always store an edited file in the
	adminconfdir (if enabled). This makes it possible to use visudo when
	/etc/sudoers is located on a read-only file system.
	[de896a012d81]

	* INSTALL.md, Makefile.in, configure, configure.ac, docs/Makefile.in,
	examples/Makefile.in, include/Makefile.in, lib/util/Makefile.in,
	lib/zlib/Makefile.in, logsrvd/Makefile.in, m4/sudo.m4,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add adminconfdir and --enable-adminconf to set it. Configuration
	paths in sudo are now a colon-separated list of files with the
	adminconfdir instance first (if enabled), followed by a sysconfdir
	instance.
	[be1f672878ae]

	* configure, configure.ac, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/secure_path.c, lib/util/sudo_conf.c, lib/util/util.exp.in,
	logsrvd/Makefile.in, logsrvd/logsrvd.c, logsrvd/logsrvd_conf.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/sudoers.c, src/Makefile.in:
	Convert config file paths to colon-separated path list. This means
	that _PATH_SUDO_CONF, _PATH_SUDOERS, _PATH_SUDO_LOGSRVD_CONF, and
	_PATH_CVTSUDOERS_CONF can now specify multiple files. The first file
	that exists is used.
	[902d9da6a941]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/file.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, plugins/sudoers/visudo.c:
	Support sudoers_file being a colon-separated path of files. The
	first file found is used.
	[bebe005e2d32]

2023-05-01  Todd C. Miller  <Todd.Miller@sudo.ws>

	* config.h.in, configure:
	Regenerate with latest autoconf from git.
	[0996570205bf]

2023-04-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* logsrvd/logsrvd_conf.c:
	No longer need to set AI_NUMERICSERV while fuzzing.

	Now that getaddrinfo() is stubbed out while fuzzing we can remove
	the hack that set AI_NUMERICSERV.
	[8e3deb584c1c]

2023-04-26  Todd C. Miller  <Todd.Miller@sudo.ws>

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	getaddrinfo stub: set sin_port
	[019eb2da9944]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Avoid NULL deref in stub getaddrinfo() when nodename is NULL. Also
	add support for parsing servname. We only need to support a subset
	of getaddrinfo() functionality in the fuzzer.
	[a605cc43bbaf]

	* configure, m4/hardening.m4:
	Add missing stdio.h include for the _FORTIFY_SOURCE=2 check.
	Implementations of _FORTIFY_SOURCE require the header file to be
	included. Also remove the useless test of an empty program with
	_FORTIFY_SOURCE defined. Pointed out by Florian Weimer.
	[511b9bdddbdc]

	* configure, m4/ldap.m4:
	Use ldap_msgfree() instead of ldap_init() for the lber.h test. The
	ldap_init() function is marked as deprecated and not defined by
	default on some systems. This can cause an error for compilers that
	do not support implicit function declarations. From Florian Weimer.
	[1b1ce2072403]

2023-04-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Include arpa/inet.h for inet_pton() prototype.
	[50d3b09376f7]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Add netdb.h for struct addrinfo and EAI_* error codes.
	[92d33c6f8a23]

	* logsrvd/regress/fuzz/fuzz_logsrvd_conf.c:
	Stub out getaddrinfo() and freeaddrinfo(). We may not be able have
	access to DNS in the fuzzing environment.
	[b3d2e6c04076]

	* lib/eventlog/regress/eventlog_store/store_sudo_test.c:
	Plug memory leaks in store_sudo_test found by LSAN.
	[5f1d68d01c0c]

2023-04-24  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/limits.c:
	disable_coredump: only change the soft limit, leave the hard limit
	as-is This should avoid problems on Linux in cases where sudo does
	not have CAP_SYS_RESOURCE which may be the case in an unprivileged
	container. GitHub issue #42
	[4e65c3923119]

2023-04-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/build_pkgs:
	Add basic support for remote power on/off via net-snmp.
	[ca021941fd58]

	* src/exec.c:
	More accurate description of what happens for "sudo -b".
	[a9158169fcac]

	* src/exec_pty.c:
	Better support for "sudo -b" when running the command in a pty.

	When a command is run via "sudo -b" it has no access to terminal
	input. In non-pty mode, the command runs in an orphaned process
	group and reads from the controlling terminal fail with EIO. We
	cannot do the same while running in a pty but if we set stdin to a
	half-closed pipe, reads from it will get EOF. That is close enough.
	[a284611a18fd]

2023-04-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_nopty.c, src/exec_pty.c, src/selinux.c, src/sudo.h,
	src/ttyname.c:
	Avoid calling isatty()/ttyname() on std{in,out,err} if not a char
	dev.

	The user controls these fds so we should avoid calling ioctl(2) on
	them unless they correspond to actual character device files.
	[745430b563db]

	* src/parse_args.c, src/sudo_usage.h.in:
	Hard-code usage() and help() for an 80-column terminal.

	Trying to tailor the help and usage output to the terminal width is
	simply not worth it and could be abused to mark a socket as
	"trusted" on Linux if there are additional kernel bugs like
	CVE-2023-2002.
	[d06fa6322ffb]

	* config.h.in, configure, configure.ac, src/sudo.c,
	src/sudo_usage.h.in:
	Move CONFIGURE_ARGS from sudo_usage.h.in to config.h.in.
	[e3149b6f4392]

2023-04-17  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/ttysize.c, src/sudo.c:
	get_user_info: call sudo_get_ttysize() even if no /dev/tty We still
	want to initialize rows and cols based on the environment if
	possible.
	[4f3801c2f264]

2023-04-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/parse_args.c:
	Get the tty size using stdout, not stderr, when printing help
	output. While usage() prints to stderr, help() prints to stdout.
	[0bdf411ebc7f]

	* src/sudo.c:
	get_user_info: pass sudo_get_ttysize() the fd of /dev/tty, not
	stderr. Both the plugin API and the main event loop expect
	lines/cols to refer to the user's terminal, so using /dev/tty is
	better here.
	[2e7ba199f4c7]

	* include/sudo_util.h, lib/util/ttysize.c, lib/util/util.exp.in,
	plugins/sudoers/sudoreplay.c, src/parse_args.c, src/sudo.c:
	Add an fd argument to sudo_get_ttysize() instead of always using
	stderr.

	For sudoreplay we open /dev/tty, so use that instead of stderr when
	determining the terminal size.
	[4afc292d3cf4]

	* lib/util/ttysize.c:
	Check whether stderr is a tty before trying TIOCGWINSZ.
	[4a0d367e49c6]

2023-04-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* configure, configure.ac:
	Use -no-undefined on macOS to avoid "-undefined dynamic_lookup"
	warnings.

	Starting with macOS 13, the linker warns when "-undefined
	dynamic_lookup" is used. This is added by libtool by default on
	macOS but we can suppress it by passing -no-undefined to libtool.
	[afeb9acd894c]

2023-04-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
	docker/fedora/latest/Dockerfile, docker/fedora/rawhide/Dockerfile,
	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
	docker/ubuntu/rolling/Dockerfile:
	Add make to Dockerfile and sort packages.
	[fa937cbf8a23]

2023-04-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/UPGRADE.md, docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/defaults.c:
	Enable the use_pty option by default for sudo 1.9.14.

	GitHub issue #258
	[86a1a6da1878]

2023-04-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Split up the monolithic sudoers_policy_main() function.

	This splits the code to find the command, perform a sudoers lookup,
	ask for a password as needed, and perform post-lokup checks out into
	sudoers_check_common(). The old sudoers_policy_main() has been
	replaced by sudoers_check_cmnd() (called by sudoers_policy_check()),
	sudoers_validate_user() (called by sudoers_policy_validate()) and
	sudoers_list() (called by sudoers_policy_list()). The list_user
	lookup is now performed in sudoers_list().
	[59e0b245c776]

	* plugins/sudoers/sudoers.c:
	Move the root_sudo check until after we apply per-command Defaults.

	It is possible, though unlikely, for "root_sudo" to be used in a
	per-command Defaults statement.
	[ca1903576e0d]

2023-04-01  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sudoers.c:
	sudoers_policy_main: restore locale if sudoers_lookup() fails.

	Previously, if sudoers_lookup() set VALIDATE_ERROR, the sudoers
	locale would still be in effect instead of the original locale.
	[24df4eebbfc8]

	* plugins/sudoers/parse.c:
	sudoers_lookup_pseudo: remove validated function argument

	This was always set to FLAG_NO_USER|FLAG_NO_HOST which are cleared
	at the top of the fuction. Make validated a local variables,
	initialized to 0, instead. No change in behavior.
	[72e6207850fc]

2023-03-31  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/audit.c, plugins/sudoers/iolog.c:
	The I/O log file name is not just the basename of the full
	iolog_path. The audit plugin already has the correct value for
	iolog_file, don't overwrite it with basename(iolog_path). In the
	future we may wish to pass in iolog_file and iolog_dir in addition
	to iolog_path. Fixes Bug #1046.
	[f272de885273]

2023-03-29  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sudoers.c:
	Warn with "unknown user" not "unknown uid" if user cannot be
	resolved. Prior to sudo 1.8 this was after a getpwuid() but now we
	use getpwnam().
	[9a523881df41]

	* plugins/sudoers/sudoers.c:
	Set timestamp_uid and timestamp_gid via a callback. This also makes
	it possible to include the location of the line in the sudoers file
	in the warning message (and mail).
	[5588cf3cb55b]

2023-03-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
	Fix display of escape sequencees in ldapsearch example.
	[08dc98162160]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	White space is not allowed between Defaults and '@', ':', '!', '>'.
	The EBNF made it appear that this is allowed when it really is not.
	[74bba755afaf]

2023-03-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/edit_open.c, src/exec.c, src/exec_intercept.c,
	src/exec_intercept.h, src/exec_monitor.c, src/exec_nopty.c,
	src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
	src/sudo_edit.h, src/sudo_exec.h, src/tgetpass.c:
	Make struct {command,user}_details pointers const where possible.
	[dcfa95a24789]

	* src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
	Make user_details private to main.
	[43477263455b]

	* src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/parse_args.c,
	src/sudo.c, src/sudo.h, src/sudo_edit.c, src/sudo_exec.h,
	src/tgetpass.c:
	Make user_details private to sudo.c.
	[fec5df7605dc]

	* configure, scripts/config.sub:
	Regenerate with the autoconf 2.72c snapshot.
	[6dda0f9323b1]

2023-03-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/parse_args.c:
	Use sudo_get_ttysize() in help() and usage(). This eliminates a
	dependency on the user_details global.
	[ecbc8afc1630]

	* src/exec.c, src/sudo.c, src/sudo.h:
	Store submitcwd (from user_details) in struct command_details. This
	eliminates use of the user_details global from exec_setup().
	[ed37b2a451f8]

2023-03-24  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/utmp.c:
	utmp_fill: user is now always non-NULL, no need for user_details.
	[76bdecaaad07]

	* src/parse_args.c, src/sudo.c, src/sudo.h:
	Remove list_user global.
	[fd397db04688]

	* src/conversation.c:
	No need to declare tgetpass_flags, it is already in sudo.h.
	[c7e1b8ef75c8]

	* src/sudo.c:
	No need for sudo_mode to be global anymore.
	[f746eba12bd9]

	* src/sudo.c:
	Make command_details private to main().
	[311fd705cce4]

	* src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
	Make iobufs private to exec_iolog.c.
	[80861a209ddd]

	* src/sudo_exec.h:
	Remove ttymode and its associated values.
	[efb4e04097ab]

	* src/exec.c, src/exec_pty.c, src/get_pty.c, src/sudo.h,
	src/sudo_exec.h:
	Move ptyname to struct exec_closure
	[d4080a4262bd]

	* src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h:
	Move pty_make_controlling() to exec_monitor.c where it is called. We
	can use details->tty to access the pty follower path.
	[9875f0b136f4]

	* src/exec_pty.c, src/sudo.c:
	Eliminate utmp_user global, just use the value in struct command
	details.
	[95b28adcb0f3]

	* src/exec_iolog.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
	Replace tty_mode global with term_raw flag in struct exec_closure.

	The pty_cleanup hook needs access to the closure so add
	pty_cleanup_init() to store a pointer to the closure for use by
	pty_cleanup_hook().
	[cc01f0da46d9]

	* src/exec_monitor.c, src/exec_pty.c, src/sudo_exec.h:
	Register pty cleanup function in exec_pty(), not exec_cmnd_pty(). We
	want it to execute in the main sudo process, not the monitor.
	[279e370adc01]

	* src/exec_iolog.c:
	Make ttyblock private to exec_iolog.c
	[61243eba350d]

2023-03-23  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_pty.c, src/sudo_exec.h:
	exec_pty.c: move foreground flag to struct exec_closure. Also make
	pipeline flag private to exec_pty() and remove the unneeded
	check_foreground() prototype.
	[dd25f1d91008]

	* src/exec_pty.c:
	On resume, always sync the pty terminal settings with /dev/tty.

	Changes made to the terminal settings while the command is suspended
	are now reflected in the pty when the command is resumed. This is
	more consistent with the non-pty behavior and allows for the removal
	of the "tty_initialized" global. One downside to this change is that
	if a terminal-based program using the pty is stopped with SIGSTOP it
	may have the wrong terminal settings on resume. However, this is no
	different from the non-pty case.
	[3e59765dea31]

	* lib/util/suspend_parent.c, lib/util/term.c:
	Correct a comment.
	[393a4d472507]

2023-03-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .github/FUNDING.yml:
	GitHub sponsor settings.
	[7bd778b9adef]

	* config.h.in, configure, configure.ac:
	Use built-in tests for bit types instead of using AC_CHECK_TYPES.
	This should be more portable as it handles the quirks of some older
	systems.
	[7e471f2a914d]

	* plugins/sudoers/visudo.c, src/regress/intercept/test_ptrace.c:
	Quiet compiler warnings on systems where pid_t is not an int.
	Historically, pid_t was a long on some 32-bit systems like Solaris.
	[c31393da893d]

	* plugins/sudoers/visudo.c:
	Silence "used uninitialized" false positives with older gcc
	versions.
	[40f0ee142249]

	* src/exec_pty.c:
	exec_pty: always copy the terminal settings from /dev/tty the pty.
	Previously, we only did this when running in the foreground but this
	can cause problems when running a program that reads the terminal
