2025-06-17  Todd C. Miller  <Todd.Miller@sudo.ws>

	* :
	Merge sudo 1.9.17 from branch 'main' into sudo-1.9
	[84e7ca675]

2025-06-17  Rose  <gfunni234@gmail.com>

	* lib/iolog/iolog_write.c, plugins/python/regress/iohelpers.c,
	plugins/sudoers/sudo_printf.c, src/conversation.c:
	Properly check against errors against fwrite

	fwrite is not the same as write; you have to explicitly compare
	against the length to detect errors, and sometimes number of items
	is mistaken for length.
	[5fad16bda]

2025-06-12  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/CONTRIBUTING.md:
	No more mercurial repo, point to git.sudo.ws instead.
	[e6cf241b0]

2025-06-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	fix typo
	[fd6aa4932]

2025-06-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/fur.mo, plugins/sudoers/po/fur.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/pt.mo, plugins/sudoers/po/pt.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/ca.mo,
	po/ca.po, po/fur.mo, po/fur.po, po/hr.mo, po/hr.po, po/it.mo,
	po/it.po, po/pt.mo, po/pt.po, po/pt_BR.mo, po/pt_BR.po, po/sr.mo,
	po/sr.po, po/yue.mo, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[04a811750]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.17
	[d861a00a6]

	* NEWS, configure, configure.ac:
	Sudo 1.9.17
	[cb3355e9d]

	* MANIFEST:
	Add Cantonese translation from GitHub
	[60fff3a3d]

	* scripts/check_man.in:
	Fix typo
	[57f67f67f]

2025-03-13  cantonese-sra  <cantonese.sra@proton.me>

	* po/yue.mo, po/yue.po:
	yue translation
	[666d8c175]

2025-06-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/env.c:
	Fix typo
	[ee1383e31]

2025-06-07  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo.man.in, docs/sudo.mdoc.in, plugins/sudoers/env.c:
	Add SUDO_TTY environment variable if the user has a tty

	This can be used to find the user's original tty device when sudo
	runs the command in its own pty. GitHub issue #447.
	[afd01d856]

2025-06-04  Rose  <gfunni234@gmail.com>

	* lib/iolog/regress/iolog_path/check_iolog_path.c,
	logsrvd/iolog_writer.c:
	Restrict-qualify a few methods that are listed as such
	[a925829e6]

2025-05-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* include/sudo_util.h, lib/util/term.c, lib/util/util.exp.in,
	src/tgetpass.c:
	Use TCSAFLUSH not TCSADRAIN when disabling echo

	A long time ago this was changed from TCSAFLUSH to TCSADRAIN due to
	some systems having problems with TCSAFLUSH. That should no longer
	be a concern. Using TCSAFLUSH ensures that password input that has
	been received by the kernel, but not yet read by sudo, will be
	discarded and not echoed.
	[77fe6ae51]

2025-04-30  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/logging.c:
	log_failure: only display "command not found" if running a command

	If the user is not allowed to run a command, we try to give them a
	more useful message than "Sorry, user foo may not run sudo on bar."
	However, this should only be done when running, not listing, a
	command. Otherwise, it would be possible for a user with no sudo
	privileges to use "sudo -l /path/to/some/command" to determine
	whether an executable exists in a directory that they do not have
	search access to.
	[82ebb1eaa]

2025-03-30  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/auth/passwd.c:
	Use constant-time string compare for plain text password check.

	Avoid potential password guessing based on timing attacks on the
	strcmp() function. Reported by Quarkslab.
	[111fd83fb]

2025-04-30  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/check.c:
	check_user: refactor the "running as self" check into its own
	function
	[a294a8be0]

	* plugins/sudoers/check.c:
	check_user: restrict the special case for running as the invoking
	user

	The intent is to allow the user to run a command or edit a file as
	themself without entering a password. It should not apply to listing
	a command via "sudo -l command".
	[28837b2af]

2025-04-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/cvtsudoers.man.in, docs/sudo.conf.man.in, docs/sudo.man.in,
	docs/sudo_logsrv.proto.man.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.man.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin_python.man.in, docs/sudo_sendlog.man.in,
	docs/sudoers.ldap.man.in, docs/sudoers.man.in,
	docs/sudoers_timestamp.man.in, docs/sudoreplay.man.in,
	docs/visudo.man.in:
	Regenerate man format manuals
	[9c98d0f4a]

	* docs/sudo.conf.mdoc.in, examples/sudo.conf.in:
	Sync "Path intercept" comment with default sudo.conf and man page
	[b876e3bbf]

2025-04-28  peppapig450  <peppapig450@pm.me>

	* docs/sudo_logsrv.proto.mdoc.in:
	Fix typo and update Protocol Buffers URL in sudo_logsrv.proto man
	page

	- Remove duplicate "The" in description of log_id field. - Update
	outdated Protocol Buffers link from
	https://developers.google.com/protocol-buffers/ to
	https://protobuf.dev, the new canonical URL.

	Signed-off-by: peppapig450 <peppapig450@pm.me>
	[d173674c2]

	* docs/sudoers.ldap.mdoc.in:
	Fix minor grammar errors in sudoers.ldap man page

	Signed-off-by: peppapig450 <peppapig450@pm.me>
	[334e23183]

	* docs/cvtsudoers.mdoc.in, docs/sudo.mdoc.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.mdoc.in,
	docs/sudo_logsrvd.mdoc.in, docs/sudo_plugin.mdoc.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudo_sendlog.mdoc.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.mdoc.in,
	docs/sudoers_timestamp.mdoc.in, docs/sudoreplay.mdoc.in,
	docs/visudo.mdoc.in:
	Fix typo: 'Please not report' → 'Please do not report' in
	documentation

	Signed-off-by: peppapig450 <peppapig450@pm.me>
	[aa5d4b2b4]

	* docs/sudo.conf.mdoc.in:
	Fix minor grammar and spelling issues in sudo.conf man page

	Signed-off-by: peppapig450 <peppapig450@pm.me>
	[2f4d6bfe2]

2025-03-31  Todd C. Miller  <Todd.Miller@sudo.ws>

	* logsrvd/iolog_writer.c, logsrvd/logsrvd_local.c,
	plugins/audit_json/audit_json.c:
	Free existing contents of struct eventlog before overwriting.

	In the unlikely event that there are duplicate keys in info_msgs,
	free the old string before overwriting with the new one.
	[ce0ec8ddc]

	* src/tgetpass.c:
	Use a pointer to end of buffer instead of tracking space left.

	Fixes a problem in feedback mode where an initial backspace would
	reduce the effective buffer size. GitHub issue #439
	[e8695d536]

2025-03-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .gitignore, .hgignore:
	Ignore scripts/check_man
	[627ae4b09]

2025-03-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* INSTALL.md, config.h.in, configure, configure.ac,
	plugins/sudoers/defaults.c:
	Make ignore_dot the default

	Add --disable-ignore-dot to disable it and deprecate
	--with-ignore-dot.
	[fce45b276]

2025-02-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in,
	docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in:
	Dash/hyphen related style fixes from check_man.
	[ff3c2185f]

	* scripts/check_man.in:
	Add hyphen/dash checks
	[eae70b05c]

2025-02-24  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, configure, configure.ac, docs/Makefile.in,
	scripts/check_man.in:
	Add check_man script to check for man page warnings.
	[c2e77b713]

2025-02-26  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
	Sync sudo.DEBUG descriptions with comments in sudo_debug.h.
	[38c0bdd7a]

2025-02-23  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo.conf.man.in, docs/sudo.conf.man.in.sed,
	docs/sudo.man.in, docs/sudo.man.in.sed, docs/sudoers.man.in,
	docs/sudoers.man.in.sed:
	Sync sed scripts that add back troff conditionals.

	The sudo manuals contain conditional to avoid describing
	system-specific behavior on systems that don't support it. When we
	convert from mdoc to man format we lose those conditionals, these
	sed scripts add them back. Changes to the mdoc files can prevent the
	regexps from matching so they need to be updated periodically.
	[cf1b87c71]

2025-02-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in:
	Fix some style warnings from "mandoc -Tlint"
	[4d331e602]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Style fixes from Bjarni Ingi Gislason.
	[3ba525a34]

2025-02-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Most Defaults entries are applied in order.

	The exceptions are command-specific Defaults (which cannot be
	applied until the command's path is resolved) and a small number of
	"early" defaults that affect other entries.
	[b04386f63]

2025-02-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/Makefile.in, lib/util/mksiglist.c, lib/util/mksigname.c:
	Only use system includes for mksiglist and mksigname.

	These are standalone programs that run on the host system (which may
	differ from the target system) so we should not include config.h and
	sudo_compat.h.
	[1bdead1bb]

	* Makefile.in, lib/eventlog/Makefile.in, lib/fuzzstub/Makefile.in,
	lib/iolog/Makefile.in, lib/logsrv/Makefile.in,
	lib/protobuf-c/Makefile.in, lib/ssl_compat/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	No longer need to define NSIG for cppcheck.

	There is now a configure check that defines it as needed.
	[b0d94331c]

2025-02-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_monitor.c, src/exec_nopty.c, src/exec_pty.c:
	Split the code to fill an exec closure into two functions.

	This lets us initialize the exec closure early and fill in the
	events later. It also makes things consistent with the exec_pty
	version.
	[1032030f8]

2025-02-10  Todd C. Miller  <Todd.Miller@sudo.ws>

	* configure, configure.ac, docs/Makefile.in:
	Run groff with warnings enabled for "make lint".
	[a4a999b5e]

	* lib/util/getentropy.c, src/sudo.c:
	Prefer POSIX getpgrp() to getpgid(0).

	We use getpgrp() in most place so prefer it for consistency with the
	rest of the code base.
	[257a078a8]

	* docs/sudo.man.in, docs/sudo_logsrv.proto.man.in,
	docs/sudoers.man.in, docs/visudo.man.in:
	regen
	[8feff96d3]

	* docs/visudo.mdoc.in:
	Make DIAGNOSTICS descriptions indent consistent with sudo.mdoc.in.
	[d3293c528]

2025-02-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo.mdoc.in, docs/visudo.mdoc.in:
	Avoid using ".It Li foo ..." in sudo manuals.

	The .Li macro is deprecated and makes no difference on terminal
	devices. Also avoid using items greater than 80 characters which
	will wrap incorrectly. Bug #1075.
	[dc0f16dbc]

	* docs/sudo.mdoc.in, docs/sudo_logsrv.proto.mdoc.in,
	docs/sudoers.mdoc.in:
	Fix warnings from groff -mandoc -t -K utf8 -rF0 -rHY=0 -ww -b -z

	Specify list offset and width in ens where applicable. Shorten the
	ttyname description in sudo_logsrv.proto.mdoc.in. Bug #1075.
	[aad69105d]

2025-02-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* etc/sudo-logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	Only package parent directories that match a non-default prefix

	For example, if sudo is installed into /opt/sudo we only want to
	package directories under /opt and not /var.
	[a9e112079]

	* plugins/sudoers/Makefile.in:
	regen
	[43f16c1d2]

	* MANIFEST:
	Add lib/util/login_max.c
	[4bb4c6a15]

2025-01-21  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_pty.c:
	Initialize exec closure before calling
	sudo_fatal_callback_register()

	The pty_cleanup() function, which may be called via
	fatal()/fatalx(), expects that ec->details is set. If there is a
	fatal error after the cleanup hook is registered but before the exec
	closure it filled in, pty_cleanup() would dereference a NULL
	pointer. Reported by Bjorn Baron.
	[0be9f0f94]

2025-01-17  Mateusz Piotrowski  <0mp@FreeBSD.org>

	* src/exec_pty.c:
	Fix a typo in the description of exec_pty()
	[6fc816d90]

2025-01-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/ttyname_dev.c:
	Quiet a -Wconversion warning.
	[a5bca1b94]

2025-01-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/fuzzstub/fuzzstub.c, lib/iolog/iolog_nextid.c,
	lib/iolog/regress/iolog_filter/check_iolog_filter.c,
	lib/util/event.c, lib/util/regress/fuzz/fuzz_sudo_conf.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd_local.c, logsrvd/logsrvd_relay.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c, logsrvd/sendlog.c,
	plugins/sudoers/ldap.c, plugins/sudoers/log_client.c,
	plugins/sudoers/timestamp.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/visudo.c, src/conversation.c, src/copy_file.c,
	src/exec_monitor.c, src/exec_ptrace.c, src/sudo_intercept_common.c,
	src/tgetpass.c, src/ttyname.c:
	Check for negative return value of read, write and lseek instead of
	-1

	The return values are used in ways that assume they are positive. In
	practice, it is not possible to have a negative return value other
	than -1 due to the size of the buffers being read from or written
	to. Also add overflow checks when updating the buffer len. Quiets
	several coverity warnings.
	[a27b989c9]

2025-01-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .github/workflows/main.yml:
	Switch to upload-sarif v3
	[6df96785f]

	* .github/workflows/codeql-analysis.yml:
	Update codeql GitHub actions to a non-deprecated version.
	[7cc0a0cc4]

	* .github/workflows/main.yml:
	Use upload-artifact@v4, v3 is deprecated.
	[c5b86f06e]

2025-01-15  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec.c, src/exec_nopty.c, src/exec_pty.c, src/sudo_exec.h:
	Check the controlling tty to determine if a tty belongs to the user.

	Previously, we compared the terminal device number returned by
	get_process_ttyname() with that of stdin, stdout and stderr. This
	causes problems on Linux if the user is logged in on the console,
	which is a virtual device that may correspond to one of several
	different terminal devices. In this specific case, there is a
	mismatch between the controlling terminal listed in /proc/self/stat
	(which corresponds to the underlying terminal device) and the device
	number of stdin, stdout and stderr (which is that of /dev/console).
	[fd3ff3a0b]

	* lib/util/login_max.c, plugins/sudoers/cvtsudoers_pwutil.c,
	plugins/sudoers/pwutil_impl.c:
	Move LOGIN_NAME_MAX compat define to login_max.c
	[a3cd820d2]

2025-01-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/toke_util.c:
	copy_string: use an end pointer to quiet a coverity warning

	Instead of modifying the len parameter and using it for bounds
	checking, compute the end of the source string and bound check on
	that instead. Also simplify the code slightly and enable debugging.
	[e3753309f]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	expand_include: initialize dst_size to 1 to quiet coverity warning

	This could only be an issue if the sudoers file was an empty string,
	which is not possible.
	[af4634a1c]

	* plugins/sudoers/match_digest.c:
	digest_matches: don't initialize digest_len to -1

	This was done to quiet a coverity warning but newer coverity now
	warns about this instead.
	[34a3c84de]

	* lib/util/setgroups.c:
	Check for sysconf() negative return value instead of -1

	Quiets a coverity warning.
	[0fdbb6e2e]

	* include/sudo_util.h, lib/util/Makefile.in, lib/util/gethostname.c,
	lib/util/login_max.c, lib/util/util.exp.in,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/match.c,
	plugins/sudoers/pwutil_impl.c:
	Add sudo_login_name_max() and sudo_host_name_max()

	These convenience functions cache the value and handle any potenial
	errors from sysconf().
	[405070d48]

	* config.h.in, configure, configure.ac, include/sudo_util.h:
	Add an OFF_T_MAX define

	This will be used for integer overflow checks when copying files.
	[7c075c100]

2025-01-15  Todd C. Miller  <Todd.Miller@sudo.ws>

	* LICENSE.md:
	Update copyright year
	[30729312c]

2025-01-15  Ignacy Gawędzki  <ignacy.gawedzki@green-communications.fr>

	* src/ttyname.c:
	Fix getting ppid in get_process_ttyname for Linux.

	The ppid field in /proc/self/stat is the fourth and not the third.
	The latter is the process state (S, R, etc.).

	Signed-off-by: Ignacy Gawędzki
	<ignacy.gawedzki@green-communications.fr>
	[5794e511d]

2025-01-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in,
	plugins/sudoers/defaults.c:
	Format T_TIMESPEC as "%d.%d" instead of "%.1f"

	This fixes the display of the timeout values in the "sudo -V" output
	on systems without a C99-compliant snprintf(). The snprintf()
	replacement sudo ships with does not support floating point.
	[01b1410d6]

2024-12-22  vayers  <violetlastname@gmail.com>

	* plugins/sudoers/sudoers.in:
	Replace tab with space

	A line in the sudoers file contains a tab where a space seems to be
	more appropriate.
	[7c121ff83]

2025-01-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* configure, configure.ac:
	Newer macOS deprecates -force_flat_namespace for -flat_namespace

	The linker warns about -force-flat_namespace and uses
	-flat_namespace instead. Check for -flat_namespace if
	-force-flat_namespace is not found.
	[103af8cb2]

	* scripts/build_pkgs:
	build_pkgs: adapt to work with a git repo
	[46831d6ef]

	* scripts/log2cl.pl:
	Remove unused -b option
	[b52ef1fbb]

2025-01-03  Todd C. Miller  <Todd.Miller@sudo.ws>

	* aclocal.m4, configure, m4/libtool.m4, m4/ltoptions.m4,
	m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4,
	scripts/ltmain.sh:
	Update to libtool 2.5.3
	[355c82a1d]

2025-01-01  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/log2cl.pl:
	Add markdown mode for use with the sudo web site.
	[e13163ce0]

2024-12-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/log2cl.pl:
	Use Text::Wrap::fill() for ChangeLog body, not wrap().
	[a3c1cbd88]

2024-12-20  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in:
	Sort entries in the "SEE ALSO" section.
	[e670d2a85]

	* docs/sudo.man.in, docs/sudo.mdoc.in, src/tgetpass.c:
	If sudo is run without a tty via ssh, suggest using "ssh -t"

	The current warning message mentions using sudo's -S option but this
	will cause the password to be echoed without a terminal. In most
	cases, the user just needs to run ssh with the -t option.
	[516f72960]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y:
	The "ALL" command should not override a previous NOSETENV tag in a
	rule.

	Command tags are inherited from previous Cmnds in a Cmnd_Spec_List.
	There is a special case of the SETENV tag for the "ALL" command,
	where SETENV is implied if no explicit SETENV or NOSETENV tag is
	specified. The code to inherit the SETENV tag didn't take into
	account that an implied value for SETENV should also be overridden
	by an explicit SETENV or NOSETENV tag in the previous Cmnd in the
	Cmnd_Spec_List.
	[4dbb07c19]

2024-12-01  Todd C. Miller  <Todd.Miller@sudo.ws>

	* Makefile.in, lib/eventlog/Makefile.in, lib/fuzzstub/Makefile.in,
	lib/iolog/Makefile.in, lib/logsrv/Makefile.in,
	lib/protobuf-c/Makefile.in, lib/ssl_compat/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/audit_json/Makefile.in, plugins/group_file/Makefile.in,
	plugins/python/Makefile.in, plugins/sample/Makefile.in,
	plugins/sample_approval/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Don't need to undef _POSIX_HOST_NAME_MAX, it is not used.
	[de3b179a0]

2024-11-29  Todd C. Miller  <Todd.Miller@sudo.ws>

	* etc/codespell.ignore, src/exec_ptrace.h:
	Quiet codespell 2.3.0 complaints.
	[3226c60e6]

2024-11-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* include/sudo_compat.h, lib/util/ttyname_dev.c,
	plugins/sudoers/policy.c, plugins/sudoers/timestamp.c,
	src/regress/ttyname/check_ttyname.c, src/sudo.c, src/ttyname.c:
	Use NODEV macro instead of explicit (dev_t)-1.

	Also fix an assignment of dev_t to -1 that should be NODEV. Bug
	#1074.
	[d5028a00c]

2024-11-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_16p2 for changeset 3c721fa0ff0c
	[015a0d717]

	* :
	Merge sudo 1.9.16p2 from tip.
	[172cbd968]

	* NEWS, configure, configure.ac:
	Sudo 1.9.16p2
	[73cbe4e7e]

2024-11-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sudoreplay.c:
	Work around a bug in UBSan that is causing CI failures.

	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116834
	[f8987fc0b]

2024-11-17  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers_pwutil.c,
	plugins/sudoers/pwutil_impl.c:
	Avoid multiple calls to sysonf() via the MAX macro.

	The expansion of MAX would result in multiple calls to sysconf(). It
	is less error-prone to store the result of sysconf() in a long.
	[da20ccec0]

	* lib/util/setgroups.c, plugins/sudoers/sudo_printf.c,
	src/conversation.c:
	Add some casts to quiet -Wconversion
	[3d85f2e98]

2024-11-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* include/sudo_plugin.h, plugins/sudoers/policy.c, src/hooks.c:
	Cast hook functions to sudo_hook_fn_t to fix C23 compile error.

	The sudo plugin API defines sudo_hook_fn_t as a function with
	unspecified arguments. This is no longer supported in C23 so use a
	variadic function for sudo_hook_fn_t instead. Moving to a union may
	be a better long-term fix. GitHub issue #420.
	[9613ef944]

	* lib/util/regress/parse_gids/parse_gids_test.c:
	Use NULL, not false, in the terminating entry of test_data[].
	[4c99e29bb]

	* plugins/sudoers/cvtsudoers_ldif.c:
	Pass NULL, not false, to sudoers_format_default_line().
	[9c63ff0e1]

	* lib/util/ttyname_dev.c:
	sudo_ttyname_dev: On Linux try to use /proc/self/fd/{0,1,2} if
	possible.

	If one of std{in,out,err} matches the specified device, try to
	resolve it to a path by using /proc/self/fd/{0,1,2}. This avoids
	searching all of /dev and works in a chroot where /proc is mounted
	but /dev/pts is not. GitHub issue #421.
	[b7efb8ab5]

2024-11-15  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/sudo.c, src/ttyname.c:
	get_process_ttyname: always return the terminal device if we find
	one.

	If sudo cannot map the device number to a device file, set name to
	the empty string. The caller now checks for an empty name and only
	passes the tty path to the plugin if it is non-empty. This allows
	sudo to run without warnings in a chroot() jail where the terminal
	device files are not present. GitHub issue #421.
	[7e8f00688]

2024-11-12  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_16p1 for changeset d6059bdf2a76
	[1fbc14667]

	* :
	Merge sudo 1.9.16p1 from tip.
	[7b41190db]

	* NEWS, configure, configure.ac:
	Sudo 1.9.16p1
	[abc0baffc]

2024-11-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/auth/pam.c:
	pam_get_item() takes a void ** arg, not const void **, on Solaris
	[0f41cd717]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Shell-style substitution is not supported in env_file.

	Also document that comments are supported.
	[8b5375716]

2024-10-29  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/logging.c:
	Do not send mail for "sudo -nv" or "sudo -nl"

	This avoids sending mail for users running "sudo -nv" or "sudo -nl"
	even when mail_badpass or mail_always are enabled. We already avoid
	logging in that case but mailing was not disabled when that change
	was made. Bug #1072.
	[116115229]

2024-10-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS, README.LDAP.md, docs/Makefile.in, docs/SECURITY.md,
	docs/TROUBLESHOOTING.md, docs/UPGRADE.md:
	Run igor on other docs too, not just man pages
	[9d49f861c]

	* INSTALL.md, LICENSE.md, docs/CONTRIBUTING.md, docs/UPGRADE.md:
	Remove trailing whitespace
	[5180dd802]

2024-10-28  Ikko Eltociear Ashimine  <eltociear@gmail.com>

	* NEWS:
	docs: update NEWS

	minor fix
	[28df79a24]

2024-10-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/auth/pam.c:
	sudo_pam_verify: move PAM_USER after getpass_error check

	Move it into the PAM_SUCCESS case of the switch *pam_status switch.
	[17aa7688c]

	* plugins/sudoers/auth/pam.c:
	Fix indentation
	[52c73b8f5]

2024-10-02  Marco Trevisan (Treviño)  <mail@3v1n0.net>

	* plugins/sudoers/auth/pam.c:
	plugins/pam: Check the user didn't change during PAM transaction

	PAM modules can change the user during their execution, in such
	case, sudo would still use the user that has been provided giving
	potentially access to another user with the credentials of another
	one.

	So prevent this to happen, by ensuring that the final PAM user is
	matching the one which started the transaction
	[a68e821ef]

2024-09-28  Célestin Matte  <dev@cmatte.me>

	* plugins/sudoers/sudoers.in:
	Fix typo in sudoer file comment
	[05b5de538]

2024-09-21  Todd C. Miller  <Todd.Miller@sudo.ws>

	* INSTALL.md:
	Document "--with-secure-path-value=no"
	[f6e1a87be]

2024-08-17  Rose  <gfunni234@gmail.com>

	* plugins/sudoers/strvec_join.c, plugins/sudoers/sudoers.h:
	Put restrict qualifers in strvec_join function pointer
	[77672d83c]

2024-09-17  Andy Fiddaman  <illumos@fiddaman.net>

	* configure.ac, plugins/sudoers/sudoers.in:
	Allow --secure-path-value=no

	This adds support for --with-secure-path-value=no to allow packagers
	to ship the sudoers configuration file with the secure path line
	commented out if required.
	[131e7e2de]

2024-09-13  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .github/workflows/main.yml:
	Update CIFuzz GitHub action
	[ae5cf31a9]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	alias_error: display the file and line info for the duplicate alias

	Having the file and line of the previous alias definition should
	make it easier to fix duplicate alias errors.
	[0cbddb693]

2024-09-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/ttyname.c:
	On AIX, psinfo.pr_ttydev is 0 when a process has no terminal. On
	most other systems, psinfo.pr_ttydev is -1 for processes with no
	associated terminal. GitHub issue #408
	[d001abc8e]

2024-09-10  Ferdinand Bachmann  <ferdinand.bachmann@yrlf.at>

	* plugins/sudoers/sudoers.in:
	Add pam_silent setting to sudoers example config
	[ce36f01de]

2024-09-09  Ferdinand Bachmann  <ferdinand.bachmann@yrlf.at>

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Fix version typo for pam_silent option in sudoers man page
	[915935ab6]

2024-09-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/eventlog/eventlog.c, logsrvd/logsrvd_local.c,
	plugins/sudoers/logging.c:
	Fix the date written used by the exit record in sudo-format log
	files

	The change to always get the current time when building a struct
	evlog in sudoers broke the data and time written for exit records.
	This only affected file-based logs, not syslog. GitHub issue #405.
	[22b320645]

2024-09-04  Arjen Lentz  <arjenlentz@users.noreply.github.com>

	* src/exec_ptrace.c:
	Fixed typo in exec_ptrace.c
	[f47c88065]

2024-09-02  Todd C. Miller  <Todd.Miller@sudo.ws>

	* configure, configure.ac:
	Better test for cross-compiling when checking for C99 snprintf

	We want to avoid calling AX_FUNC_SNPRINTF entirely if
	cross-compiling since it is not possible to undo the setting of
	PREFER_PORTABLE_SNPRINTF. The previous attempt to do this failed to
	take into account that PREFER_PORTABLE_SNPRINTF would still be
	defined. GitHub issue #969
	[3e12cacc0]

2024-08-17  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_16 for changeset 28c38a84aced
	[483e5e87c]

	* :
	Merge sudo 1.9.16 from tip.
	[c1a614060]

2024-08-15  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/policy.c:
	Make a ttydev parse error non-fatal for now

	This is new for sudo 1.9.16 so we don't want to break sudo if there
	ends up being a bug in formatting dev_t from the front-end.
	[4751a4d2d]

2024-08-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in:
	Document that ttydev is formatted as a long long.
	[6a5a8f58e]

	* config.h.in, configure, configure.ac,
	src/regress/ttyname/check_ttyname.c, src/sudo.c:
	Format ttydev as (signed) long long, not unsigned.

	Now that we parse ttydev as a long long it makes more sense to
	format it the same way. This completely avoids the sign extension
	issue on systems where dev_t is signed.
	[cc8c43c4d]

2024-08-13  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/sudo.c:
	Fix sign compare warning

	Store the result of asprintf() in an int, not size_t.
	[6b90acbfb]

	* config.h.in, configure, configure.ac,
	src/regress/ttyname/check_ttyname.c, src/sudo.c:
	Fix formatting of ttydev on systems with signed 32-bit dev_t

	If dev_t is 32-bit and signed, formatting as an unsigned long long
	may result in a bogus value due to sign extension.
	[46274e725]

	* src/regress/ttyname/check_ttyname.c:
	get_process_ttyname() now returns a dev_t, not a string.
	[f3aa3f1f2]

2024-08-13  Rose  <gfunni234@gmail.com>

	* include/compat/glob.h, lib/util/glob.c:
	Restrict-qualify glob and its functions

	glob is restrict-qualified in the standard
	[e9e0096a1]

	* include/sudo_util.h, lib/util/hexchar.c:
	Restrict-qualify sudo_hexchar_v1

	sudo_hexchar_v1 requires an array of at least size-2, and is not
	aliased.
	[82eac2b41]

2024-08-13  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/policy.c:
	Use sudo_strtonum() instead of strtoull().

	Fixes building on systems that lack strtoull(). While dev_t is
	unsigned on most systems, we can still use sudo_strtonum() here as
	long as we allow the full range of values [LLONG_MIN,LLONG_MAX]. We
	don't use strtoul() here since some 32-bit systems have 64-bit
	dev_t.
	[827fa8b76]

2024-08-13  Rose  <gfunni234@gmail.com>

	* include/sudo_util.h, lib/util/uuid.c:
	Use static declaration for array sizes to uuid functions
	[cba5d2a5c]

2024-08-13  Todd C. Miller  <Todd.Miller@sudo.ws>

	* include/sudo_compat.h:
	Include time.h if missing utimensat() or futimens().

	Now that we declare these as taking a timespec array we cannot get
	away with a simple forward declaration.
	[6f8dfd968]

2024-08-13  Rose  <gfunni234@gmail.com>

	* include/sudo_util.h, lib/util/multiarch.c:
	Restrict-qualify stat_multiarch
	[e7483ae8e]

	* src/load_plugins.c:
	Replace sudo_stat_plugin with sudo_qualify_plugin, as
	sudo_stat_plugin does not exist

	sudo_qualify_plugin was probably meant instead.
