Diff for /embedaddon/sudo/ChangeLog between versions 1.1 and 1.1.1.6

version 1.1, 2012/02/21 16:23:01 version 1.1.1.6, 2014/06/15 16:12:53
Line 1 Line 1
2012-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>2014-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c, plugins/group_file/group_file.c,
           plugins/system_group/system_group.c:
           deal with NULL gr_mem here too
           [0db43ed71001]
   
           * NEWS, configure, configure.ac:
           Sudo 1.8.10p3
           [3f415a180023]
   
   2014-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event.c:
           Fix non-blocking mode. We only want to exit the event loop when
           poll() or select() returns 0 and there are no active events. This
           fixes a problem on some systems where the last buffer was not being
           written when the command exited.
           [deb6b1a7b241]
   
   2014-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
           Make get_boottime() return bool.
           [9ff15a995d01]
   
           * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
           Fix fd leak on Linux when determing boot time. This is usually
           masked by the closefrom() call in sudo. From Jamie Anderson. Bug
           #645
           [0b4c430e8b88]
   
   2014-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
           Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
           changing the user. This is the correct flag to use with a program
           that changes the uid like su or sudo and fixes a role problem on
           Solaris. From Gary Winiger; Bug #642
           [ec23c3bf41bb]
   
           * plugins/sudoers/defaults.c:
           pam_setcred should default to true; from Gary Winiger Bug #642
           [23e6628ec546]
   
   2014-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/match.c,
           plugins/sudoers/regress/testsudoers/test6.out.ok,
           plugins/sudoers/regress/testsudoers/test6.sh,
           plugins/sudoers/regress/testsudoers/test7.out.ok,
           plugins/sudoers/regress/testsudoers/test7.sh:
           Fix matching of uids and gids broken in sudo 1.8.9.
           [315eff4add59]
   
           * plugins/sudoers/testsudoers.c:
           Fix -P option in usage()
           [50753b6222b7]
   
   2014-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
           plugins/sudoers/sudoers.h:
           Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
           or targetpw is set. Bug #639
           [dff0208d1194]
   
   2014-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.ac:
           Sudo 1.8.10p2
           [774ebec63b41]
   
           * plugins/sudoers/timestamp.c:
           Don't write an empty timestamp record when timestamp_timeout is
           zero. If we find an empty record in the timestamp file, overwrite it
           with a good one, truncating the file as needed.
           [9c226d81b660]
   
   2014-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
           Fix typos in description of the -x option. Bug #637
           [6ff2bfaaf99d]
   
   2014-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.ac:
           Sudo 1.8.10p1
           [33828a3385ad]
   
           * plugins/sudoers/timestamp.c:
           Fix typo/thinko that prevented "Defaults !tty_tickets" from working.
           [f65cc29dbcc7]
   
           * plugins/sudoers/parse.c:
           Fix "sudo -l command" output when the matching command is negated.
           Bug #636
           [b4a92803f733]
   
   2014-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c,
           common/regress/sudo_conf/test5.err.ok,
           common/regress/tailq/hltq_test.c:
           The atofoo_test and hltq_test tests now display their own test error
           rate. Display pass/fail count separately for sudo_conf and
           sudo_parseln tests. Check stderr output for the sudo_conf test.
           [5c814709ac70]
   
           * src/Makefile.in:
           Don't run the check_ttyname test if cross compiling.
           [874ecc1c3db0]
   
           * plugins/sudoers/Makefile.in:
           CWD no longer used.
           [13b2f3c4269b]
   
           * plugins/sudoers/Makefile.in:
           Fix diff of toke and err output files in "make check"
           [485cdf3c75e7]
   
   2014-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/de.mo, src/po/de.po:
           sync with translationproject.org
           [d246c72a2350]
   
   2014-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Check whether ber.h is needed before ldap.h even if we are not using
           any ber functions. Needed for older versions of nss ldap.
           [c2310324dc34]
   
           * plugins/sudoers/sssd.c:
           Fix compiler warning in debug code.
           [8ee4cb6cafad]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po:
           Catalan translation for sudo from translationproject.org.
           [d6af7d06ee36]
   
   2014-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Document negation fix in JSON output.
           [37a85423ae49]
   
   2014-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Fix handling of '!' operator when converting sudoers. We now add a
           "negated" boolean flag to objects that have the '!' operator.
           [071926c10280]
   
   2014-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
           Czech translation for sudoers from translationproject.org
           [c0aae297f7c1]
   
   2014-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Try -libmldap before -lldap in case there is no link from
           libibmldap.so to libldap.so. Since IBM ldap is installed under /opt
           we should only be able to reach it if --with-ldap was given an
           explicit path.
   
           Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined.
           [89d50c29d737]
   
   2014-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Fix typo in setreuid() PERM_ROOT error message.
           [533415f53165]
   
           * mkpkg:
           No longer need to disable setresuid() on debian.
           [96ba687c35f0]
   
   2014-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/timestamp.c:
           Fix conversion of timestamp_timeout from double to struct timeval.
           Also quiet a printf format warning on 32-bit systems.
           [59d1f3094dda]
   
   2014-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po:
           Serbian translation for sudoers from translationproject.org.
           [7134b386d658]
   
   2014-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add Ingo Schwarze
           [114cdf286987]
   
           * NEWS, plugins/sudoers/visudo_json.c:
           When exporting sudoers in JSON format, use the same type of Options
           object for both Defaults and Cmnd_Specs.
           [caa57043e197]
   
   2014-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/inet_pton.c:
           Silence cppcheck false positive.
           [b2781c42a80f]
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
           sync with translationproject.org
           [baba43a6d682]
   
           * NEWS, doc/UPGRADE:
           Mention init.d scripts on AIX and HP-UX Mention sudoers group
           mismatch fix
           [0259cb1f7cae]
   
           * INSTALL:
           Talk about clearing files at boot time, not reboot time since it
           happens when the system comes up, not down.
           [e8e480bc34fd]
   
           * plugins/sudoers/sudoers.c:
           We also need to open the sudoers file as root if there is a GID
           mismatch.
           [2fb2ba6fc4e6]
   
           * sudo.pp:
           Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX
           rpm packages.
           [4aca1d318599]
   
   2014-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/Makefile.in:
           Remove init.d file and link in uninstall target.
           [249a9f105cdd]
   
           * configure, configure.ac, sudo.pp:
           Fix INIT_DIR for real this time.
           [5444eb1afbc5]
   
           * configure, configure.ac, sudo.pp:
           Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and
           init.d dirs.
           [809b54ef95f8]
   
           * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in,
           init.d/hpux.sh.in, src/Makefile.in, sudo.pp:
           First cut add installing an init.d file for HP-UX and AIX to remove
           old sudo timestamp files at boot time.
           [ec6d35c62d88]
   
   2014-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -"
           for the default login class. From Ingo Schwarze.
           [f13ea603760e]
   
           * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in,
           doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in,
           doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
           Remove some extraneous markup; from Ingo Schwarze
            * No need to explicitly end a macro with No before | because | counts
           as middle punctuation and falls out of the macro, anyway.
            * No need to explicitly re-open in-line macros after | because |
           counts as middle punctuation and the macros resume afterwards,
           anyway.
            * Simplify the mnemonic remarks regarding the option letters, no need
           for manual font and spacing control with No and Ns.
            * Trim Ns No to just Ns, it already implies No.
           [cc63d66c6655]
   
           * doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Move zerowidth space in :alpha: after the colon for consistency.
           [799f6656c6e8]
   
           * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
           doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
           doc/visudo.man.in:
           regen
           [14d682732b6f]
   
           * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
           Remove extraneous keeps in SYNOPSIS now that mandoc does implied
           keeps when converting from mdoc to man.
           [0f48fc289f29]
   
           * doc/sudoers.mdoc.in:
           Properly escape the : in :alpha:
           [e41d4533a55f]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From
           Jan Stary.
           [90ec488905de]
   
   2014-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Fix indentation of Defaults entries. The initial indent should be
           outside the loop iterating over the entries.
           [dc493c888fb2]
   
   2014-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
           sync with translationproject.org
           [fc517bc0908e]
   
           * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c,
           common/fatal.c, common/gidlist.c, common/sudo_conf.c,
           common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c,
           plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
           src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h:
           We must include gettext.h before missing.h as it includes system
           headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
           audit code that does not include sudoers.h.
           [3ac4aa43ce40]
   
           * common/sudo_dso.c:
           When emulating DSO_NEXT with shl_get() we need to skip the program's
           handle. This used to be documented as being index -2 but now it
           seems to be index 0. As this is not guaranteed we need to look up
           the real handle value for PROG_HANDLE and skip it when interating
           through all the DSOs. Fixes infinite recursion on HP-UX in the
           getenv() replacement.
           [ade1b3045232]
   
           * src/env_hooks.c:
           Export getenv() so it is visible to shared objects we link with.
           [1ac08446a3a7]
   
   2014-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/regress/atofoo/atofoo_test.c,
           common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c,
           common/regress/tailq/hltq_test.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Add some initprogname() calls to the test programs.
           [e4320585a88b]
   
   2014-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [038d066a866d]
   
           * doc/UPGRADE:
           Mention that there is now a default LDAP search filter.
           [6351da3f8377]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Minor word choice change.
           [7e59ab3eb453]
   
           * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
           plugins/sudoers/ldap.c, plugins/sudoers/match.c:
           Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup
           support requires an expensive substring match on the server. If
           netgroups are not needed, this option can be disabled to reduce the
           load on the LDAP server.
           [e6bd6c103390]
   
   2014-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Update copyright year.
           [1299eed430a5]
   
           * NEWS:
           Mention LDAP changes.
           [512b1e363587]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
           Use a default LDAP search filter of (objectClass=sudoRole). When
           constructing the netgroup query, add (sudoUser=*) to the query so we
           don't fall below the 3 character OpenLDAP substring threshold.
           Otherwise the index for sudoUser will never be used for that query.
           Pointed out by Michael Stroeder.
           [54856973af41]
   
           * plugins/sudoers/timestamp.c:
           Don't warn about an insecure lecture dir twice. Display warnings in
           the user's locale.
           [2c56b8b6d6f9]
   
   2014-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention the fix for ^Z at the password prompt when sudo was started
           in the background.
           [352d52ad1f7d]
   
           * common/term.c, src/exec_pty.c:
           In term_restore(), only restores the terminal if we are in the
           foregroup process group. Instead of calling tcgetpgrp(), which is
           racy, we set a temporary handler for SIGTTOU and check whether it
           was received after a failed call to tcsetattr().
           [94979d51daa2]
   
           * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in,
           configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl,
           plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c:
           Use inet_pton() instead of inet_aton() and include a version from
           BIND for those without it.
           [fe61a27c76d3]
   
           * common/regress/atofoo/atofoo_test.c:
           Quiet a gcc warning.
           [f197821892ea]
   
           * compat/getaddrinfo.c:
           Need to include limits.h for USHRT_MAX.
           [d1d8bd9a0e01]
   
   2014-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/term.c, include/sudo_util.h:
           Use bool for function return values instead of 1 or 0.
           [99e357c0800b]
   
           * configure, configure.ac:
           Warn the user if the rundir needs to be cleared in the rc files.
           Neither AIX not HP-UX clear /var/run (if it even exists).
           [6cdbf57a2f9e]
   
           * NEWS:
           Update for sudo 1.8.9p5
           [efb737c32615]
   
           * src/preserve_fds.c:
           When the closefrom limit is greater than any of the preserved fds,
           the pfds list will be non-empty but lastfd will be -1 triggering an
           ecalloc(0) assertion. Instead, test for lastfd being -1 and make
           sure we always update it, even if dup() fails. Also restore initial
           value of lowfd after we are done relocating. Fixes bug #633
           [a11206a31f28]
   
           * common/term.c:
           Document function return values.
           [267bc85f6fbb]
   
   2014-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           term_restore() now restarts itself so we don't need to do it
           ourselves.
           [a17e885d0b0a]
   
           * common/term.c:
           syscall restarting is broken on Mac OS X when interrupted by a tty
           signal so restart tcsetattr() by hand. For details, see.
           http://openradar.appspot.com/radar?id=6402578615107584
           [3997b2a0577e]
   
           * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c:
           Add regress for atobool(), atoid() and atomode()
           [e1cbdf86d6e2]
   
           * plugins/sudoers/Makefile.in:
           Add back boottime.lo
           [0b7ddc31e13e]
   
           * INSTALL:
           Mention that rundir and vardir may be the same and what to do if
           they are.
           [301df9a31d43]
   
           * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c:
           Bring back boot time checking code and zero out time stamp files
           that predate the boot time. This should help systems w/o /var/run
           where the admin has setup rc.d to clear the timestamp directory.
           [e09389a8b1ca]
   
           * configure, configure.ac:
           Check libraries for inet_pton() if not in libc.
           [9f9bd83895e8]
   
   2014-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Fix clock_gettime() detection when it lives in librt. Some systems
           have inet_aton() in libresolv (older Solaris).
           [e5f7c8bc9a81]
   
           * sudo.pp:
           Avoid duplicate directories if vardir and rundir are the same.
           [c5df5ebc191b]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [740b2cc42fea]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Elaborate on time stamp error message causes.
           [2838fea2e21a]
   
   2014-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Remove the time stamp dir and its contents when uninstalling. We
           currently leave the lecture status files installed until there is a
           better way to detect upgrades.
           [61532b7113ff]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Update time stamp error messages and regen.
           [edf570c98cd5]
   
           * plugins/sudoers/timestamp.c:
           Restore warning when sudoers is unable to update the time stamp
           file.
           [86648a771250]
   
           * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
           m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp:
           Replace --with-timedir and --with-lecture_dir with --with-rundir and
           --with-vardir which are the parent directories of the time stamp and
           lecture dirs. These directories need to be searchable by non-root so
           that the timestampowner setting can function.
           [5c38d77a2d0c]
   
           * plugins/sudoers/timestamp.c:
           Fix use of timestampowner in the new time stamp world order. Parent
           directories for timestampdir and lecture_dir are now created with
           the execute bit set so that we can traverse them as non-root.
           [9ff6f07c0a5d]
   
   2014-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in:
           Regen Makefiles.
           [59542bcdb222]
   
           * common/sudo_debug.c, config.h.in, include/sudo_util.h,
           plugins/sample/sample_plugin.c:
           Move ctim_get and mtim_get to sudo_util.h
           [d565391f5491]
   
           * plugins/sudoers/timestamp.c:
           sprinkle some debug printfs and add function header comments
           [1842d9b8170d]
   
           * plugins/sudoers/timestamp.c:
           Properly handle the case where /var/run/sudo/ts doesn't exist.
           [895f3ad6ad60]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           fix typo
           [50041ebb6ce6]
   
           * NEWS:
           Mention "sudo -K" change.
           [e99bd7657aae]
   
           * doc/UPGRADE:
           Upgrade info for 1.8.10
           [0867718b9af5]
   
   2014-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/timestamp.c:
           Warn on ftruncate failure().
           [d2081876da25]
   
           * plugins/sudoers/timestamp.c:
           Fix checking of lecture status.
           [e12d78234d17]
   
           * mkpkg:
           Do not override timedir on Debian.
           [283fa2e69a0a]
   
           * common/event.c, common/event_select.c, include/missing.h,
           plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/sudo_edit.c:
           Use sudo_timeval macros and remove compat macros from missing.h
           [1de76d8b811e]
   
           * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c,
           config.h.in, configure, configure.ac, doc/sudoers.cat,
           doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h,
           include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c,
           plugins/sudoers/check.h, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c, src/Makefile.in:
           Switch to new time stamp file format. Each user now has a single
           file which may contain multiple records when per-tty time stamps are
           in use (the default). The time stamps use a monotonic timer where
           available and are once again stored in /var/run/sudo. The lecture
           status is now stored separately from the time stamps in a different
           directory.
           [7e16eb37bacc]
   
   2014-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/check.c:
           When listing a user's privileges, always prompt the user for their
           own password, regardless of the value of target_pw, root_pw or
           runas_pw.
           [73a13ccc7933]
   
   2014-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/atomode.c:
           Zero out errstr when there is no error; fixes bug #632
           [74950ef1a0dc]
   
   2014-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac, plugins/sudoers/interfaces.c,
           plugins/sudoers/match_addr.c:
           Use inet_aton() instead of inet_addr() as it allows us to
           distinguish between the address (or mask 255.255.255.255) and an
           error. In the future we may consider switching to inet_pton() for
           IPv4 too.
           [b6b4e4c77e9a]
   
   2014-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Fix typo, ULONG_MAX vs. ULLONG_MAX
           [5d274daa9fb1]
   
           * plugins/sudoers/sudo_nss.c:
           Fix typo in the AIX case.
           [ee531c950fce]
   
           * plugins/sudoers/sudo_nss.c:
           Size pointer for sudo_parseln() should be size_t not ssize_t. This
           was already correct for the nsswitch.conf case.
           [cfaf895c1db4]
   
   2014-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c:
           It is now possible to disable network interface probing in sudo.conf
           by changing the value of the probe_interfaces setting.
           [e9dc28c7db60]
   
   2014-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/match_addr.c:
           If inet_addr() returns INADDR_NONE, return false instead of
           iterating through the interfaces looking for a match that will never
           happen.
           [1559c301caec]
   
           * configure, configure.ac, src/Makefile.in:
           Add explicit dependency on sudoers.la to sudo target when sudoers is
           compiled statically into the sudo binary.
           [d08cc66e18bd]
   
   2014-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
           plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c:
           Do not assume localtime(), gmtime() and ctime() always return non-
           NULL.
           [a1b5b67436de]
   
   2014-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, common/Makefile.in, compat/Makefile.in,
           doc/Makefile.in, include/Makefile.in,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in, zlib/Makefile.in:
           Update copyright years
           [37d2aaa92544]
   
           * plugins/sudoers/visudo_json.c:
           Eliminate dead store found by clang checker.
           [86874d5340f1]
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p4
           [f79ab7c6c1c5]
   
           * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
           When relocating fds, update the debug fd if it is set so we are
           guaranteed to get debugging output.
           [b1deaa472aa6]
   
   2014-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           If the event loop exits due to an error and we are not logging I/O,
           kill the command if still running. Fixes a bug where sudo could exit
           while the command was still running.
           [844018ff8a8c]
   
           * src/preserve_fds.c:
           When relocating preserved fds, start with the highest ones first to
           avoid moving fds around more than we have to. Now uses a bitmap to
           keep track of which fds are being preserved. Fixes a bug where the
           debugging fd could be relocated to the same fd as the error
           backchannel temporarily, resulting in debugging output being printed
           to the backchannel if util@debug was enabled.
           [55e006dbeaf3]
   
           * src/preserve_fds.c:
           When restoring fds traverse list from high -> low, not low -> high
           to avoid implicitly closing an fd we want to relocate.
           [6351225f47d7]
   
           * src/exec.c:
           If not logging I/O we may get EOF when the command is executed and
           the other end of the backchannel is closed. Just remove the
           backchannel event in this case or we will continue to receive the
           event. Bug #631
           [a204b69d91f7]
   
           * src/po/sr.mo, src/po/sr.po:
           sync with translationproject.org
           [987087ce4658]
   
   2014-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
           [3448dffe9701]
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p3
           [22e5a6f69999]
   
           * plugins/sudoers/logwrap.c:
           Remove dead store; found by cppcheck
           [a59833af3401]
   
   2014-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sesh.c:
           Quiet a cppcheck warning about a negative subscript.
           [ab98b72f5bdf]
   
           * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h:
           Make noexec parameter to sudo_execve() bool.
           [daa75e4c248a]
   
           * plugins/sudoers/sudoreplay.c:
           Quiet a few innocuous cppcheck warnings.
           [90ffa16d27b1]
   
           * plugins/sudoers/sssd.c:
           Handle in_res being NULL for sudo_debug_printf() in
           sudo_sss_filter_result().
           [8595cc05d2a8]
   
           * plugins/sudoers/iolog.c:
           When writing length to timing file, use %u not %d as it is unsigned.
           [a7f2fcb6919e]
   
           * plugins/sudoers/visudo_json.c:
           Close export_fp in the error path too, but do not close stdout.
           [5c918718ab45]
   
           * plugins/sudoers/auth/secureware.c:
           Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck.
           [f2619d2eb7a8]
   
   2014-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/group_file/plugin_test.c:
           Make this compile again
           [f0ff8df475e8]
   
           * common/term.c:
           Add suppression line to quiet a bogus (inconclusive) cppcheck
           warning.
           [065207271e5d]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Do not leak old istack if realloc fails; found by cppcheck. Also
           modify yyless() to avoid a harmless cppcheck warning every time it
           is used.
           [021077017a23]
   
           * Makefile.in, common/Makefile.in, compat/Makefile.in,
           doc/Makefile.in, include/Makefile.in,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in, zlib/Makefile.in:
           Add cppcheck target to run cppcheck on all source files.
           [d207c2ef49a2]
   
   2014-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p2
           [2e7fe6e371a4]
   
           * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
           m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
           Update to libtool-2.4.2.418
           [d1dbed89d733]
   
           * config.guess, config.sub:
           Update from http://git.savannah.gnu.org/gitweb/?p=config.git
           [2b5e32d23be5]
   
   2014-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Sudo 1.8.9 also fixes bug #617
           [cc5c18228719]
   
   2014-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           The fix for the hang was already in the 1.8.9 tarballs.
           [f038ebcc1071]
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p1
           [732fca0003cf]
   
           * common/atobool.c, common/event.c, plugins/sudoers/iolog.c,
           plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c:
           Update copyright year.
           [fdeb5956810e]
   
           * plugins/sudoers/parse.h:
           Go back to making the bit fields in struct cmndtag explicitly
           signed. This fixes a problem on gcc 4.8 (at least) which appears to
           be treating the value as unsigned by default.
           [46b9a7bb10ac]
   
           * common/atobool.c:
           Use debug_return_int() instead of bare return for debugging support.
           [c273f822de5f]
   
   2014-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event.c:
           Fix infinite loop that could be triggered by sudo_ev_loopbreak() and
           sudo_ev_loopcontinue().
           [1723561c46b0]
   
           * NEWS:
           Update for 1.8.9 final.
           [d49c14d21410]
   
   2014-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Handle a sequence file with no trailing newline.
           [aa29306e4f6d]
   
   2014-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Truncate io log and timing files on open when recycling them. Only
           an issue when the sequence number wraps around.
           [01b2dfe15ff0]
   
           * plugins/sudoers/iolog.c:
           Repair reading of the iolog sequence number that got broken when
           adding stricter strtoul() checks.
           [e0f4a11c3437]
   
           * src/exec.c:
           If invoked as sudoedit we can't just exec the command directly since
           the temporary files need to be updated before sudo exits.
           [508503be1c4f]
   
           * src/preserve_fds.c:
           Fix restoration of the close-on-exec flag when moving a relocated fd
           back into its original position.
           [5572f1f8b48a]
   
   2014-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Add "see below" to reference "Secure editing" section in "Preventing
           shell escapes".
           [b2db990a36b3]
   
   2014-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Add initial "Secure editing" section.
           [0d7a192e0e25]
   
           * doc/LICENSE:
           Update copyright year.
           [4a639d9207a9]
   
   2013-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo,
           src/po/eo.po, src/po/fi.mo, src/po/fi.po:
           sync with translationproject.org
           [5c15a411b10d]
   
           * plugins/sudoers/policy.c:
           Make user_cwd and user_tty dynamically allocated even for the
           "unknown" case.
           [015454bf97f8]
   
   2013-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Use -fstack-protector-strong in preference to -fstack-protector-all
           or -fstack-protector.
           [bdd1066eefc4]
   
           * doc/HISTORY:
           Dell acquired Quest
           [3d5b7d27a313]
   
   2013-12-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo,
           src/po/ru.po, src/po/vi.mo, src/po/vi.po:
           sync with translationproject.org
           [f964671d08ce]
   
   2013-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po,
           src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po,
           src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [5f5becf5fb7a]
   
           * doc/sudoers.ldap.cat:
           regen
           [77745e6bc0d5]
   
           * NEWS:
           Update for recent changes.
           [365b9084268a]
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           Fix typo; we want setlocale(LC_ALL, "") since we are setting the
           locale for the first time.
           [e2b9660e9d48]
   
   2013-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           Use sudoers_initlocale() in main() startup, not sudoers_setlocal()
           as the latter assumes we are already in the user's locale which may
           not be the case. For sudoreplay, we can just use setlocale()
           directly as there is no sudoers locale.
           [12235e50dea0]
   
   2013-12-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/preserve_fds.c, src/sudo.c, src/sudo.h:
           Redo preserve_fds support to remap high fds so we can get the most
           out of closefrom(). The fds are then restored after closefrom().
           [7d712ec49db7]
   
           * plugins/sudoers/Makefile.in:
           Fix install-plugin when sudoers is compiled statically.
           [36a8bf3b588d]
   
   2013-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
           include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in,
           src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c,
           src/sudo.h, src/sudo_exec.h:
           Add support for preventing fds from getting clobbered by
           closefrom().
           [269f45964ff0]
   
   2013-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           regen
           [b8f458379b5b]
   
   2013-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/alloc.c:
           Need to include limits.h here too.
           [b53c6edef597]
   
   2013-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.ac, plugins/sudoers/parse.h:
           No need to use __signed.
           [05f9648d1953]
   
           * plugins/sudoers/regress/logging/check_wrap.c:
           Need limits.h here too.
           [54aac3bbf66a]
   
           * compat/closefrom.c:
           Still need limits.h here.
           [0abc6b2be208]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [386b47ced07f]
   
           * compat/closefrom.c:
           Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX
           lacks /proc/self and it has F_CLOSEM.
           [b5735fbcfdce]
   
   2013-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Use a switch to map digest type to name instead of an array of
           strings.
           [ab17ceb4dd60]
   
           * compat/closefrom.c:
           Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X.
           [e70df3b3144b]
   
           * compat/snprintf.c:
           Remove _MAX and _MIN compat; we rely on missing.h for that. We
           already require the compiler handle long long so there's no need to
           use HAVE_LONG_LONG_INT everywhere.
           [2bda15071439]
   
           * common/ttysize.c, include/missing.h:
           Remove _MAX and _MIN defines that any system from the last 20 years
           should have. Add ULLONG_MAX in case it is missing.
           [2db0cee4aaa8]
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
           plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
           Change visudo -x to take a file name argument, which may be '-' to
           write the exported sudoers file to stdout.
           [84cb72c3c391]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/parse.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
           plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c:
           Move symbol extern defs into sudoers.h
           [b631a0b57fae]
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/logging/check_wrap.c:
           Add missing sudo_util.h
           [ed0edc2e2d0c]
   
   2013-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Warn if the time stamp in the I/O log file does not fit in time_t.
           Warn if the info line is not well-formed instead of silently
           ignoring it.
           [37a050de5be5]
   
   2013-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
           Rename libcommon libsudo_util
           [df3ffd4229e5]
   
   2013-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c,
           common/atoid.c, common/atomode.c, common/fmt_string.c,
           common/gidlist.c, common/progname.c, common/setgroups.c,
           common/sudo_conf.c, common/term.c, common/ttysize.c,
           include/missing.h, include/sudo_util.h,
           plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
           plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h,
           plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h:
           Move prototypes for functions provided by libcommon that don't have
           their own header files into sudo_util.h.
           [43f423a24416]
   
   2013-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/logging.c, plugins/sudoers/logging.h,
           plugins/sudoers/mkdefaults:
           Now that we have proper number parsing functions we should store
           T_UINT defaults values as unsigned int, not int.
           [67d8c2244f1d]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
           Don't use int where we really mean enum def_tuple. When this code
           was written it was assumed that we may have multiple tuple types.
           However, that hasn't happened and probably never will.
           [8491f970f343]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Regen after string parsing changes.
           [fd6bf79c3286]
   
           * common/atoid.c, common/atomode.c, compat/strtonum.c, configure,
           configure.ac, include/missing.h, plugins/sudoers/defaults.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c:
           The OpenBSD strtonum() uses very short error strings that can't be
           translated usefully. Convert them to longer strings on error. Also
           use the longer strings for atomode() and atoid().
           [dace028594da]
   
   2013-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c,
           plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
           Add atomode() function for parsing a file mode.
           [44e29629aa5e]
   
           * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in,
           compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c,
           configure, configure.ac, include/missing.h,
           plugins/sudoers/boottime.c, plugins/sudoers/defaults.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c,
           src/parse_args.c, src/sudo.c, src/ttyname.c:
           Use strtonum() instead of atoi(), strtol() or strtoul() where
           possible.
           [e4a1fc84b893]
   
           * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in,
           configure, configure.ac, include/missing.h, mkdep.pl:
           Add strtonum.c to compat for simpler number parsing.
           [a4c69b003da0]
   
   2013-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_common.c:
           Fix a warning on Solaris, we need to use debug_return_const_ptr.
           [932aa94c0cac]
   
           * plugins/sudoers/Makefile.in:
           check_symbols needs to link with SUDO_LIBS in order to get -lpthread
           on HP-UX for libldap (which uses threads). It would be better to
           have a separate variable for the pthread library but this is no
           worse than it used to be.
           [94591b765371]
   
   2013-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           add missing comma
           [7dcbd1c6dd25]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Make -c option description more accurate.
           [3f305ae6037e]
   
   2013-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c:
           When checking whether a user may change the login class, just check
           pw_uid of the runas user, which was passed in to set_loginclass().
           [aaf736440441]
   
   2013-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Use atoid() when parsing user/group IDs and print them as unsigned
           int.
           [40c77459a36a]
   
   2013-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Correctly parse 64-bit times in I/O log files.
           [d053ee75adc3]
   
           * compat/getgrouplist.c, plugins/group_file/getgrent.c,
           plugins/sudoers/pwutil.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
           Use atoid() not atoi() when parsing uids/gids.
           [491146596626]
   
           * plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
           plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
           plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
           plugins/sudoers/sudoers.h:
           Better match debugging. Sprinkle const in match functions.
           [4cd8d793f165]
   
   2013-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document that plugins can be compiled statically into the sudo
           binary.
           [434061cf909f]
   
   2013-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sssd.c:
           sudo_sss_filter_user_netgroup(): fix comment typos, break out of
           loop early if we match ALL or netgroup.
           [0691731f4b12]
   
           * plugins/sudoers/sssd.c:
           When filtering netgroups, use the passwd struct stashed in the
           handle, not user_name since we may be listing another users
           privileges.
           [f2669cf7b70c]
   
           * mkpkg:
           RHEL 6 and above builds sudo with SSSD support
           [afc3d894851e]
   
           * plugins/sudoers/sssd.c:
           Avoid passing NULL domainname to sudo_debug_printf().
           [b08abe5e6d23]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document sssd debug subsystem.
           [250c3ab1bcf0]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
           Document "event" debug subsystem.
           [85d220b48edc]
   
           * plugins/sudoers/match.c:
           Use atoid() instead of atoi() when parsing uids/gids so we get
           proper range checking.
           [5c3e2f3f6cb9]
   
           * plugins/sudoers/sssd.c:
           Add user netgroup filtering for SSSD. Previously, rules for a
           netgroup were applied to all even when they did not belong to the
           specified netgroup. RedHat Bugzilla 880150.
           [784848b5462c]
   
           * plugins/sudoers/sssd.c:
           Fix several issues found by the clang static analyzer; Daniel
           Kopecek
           [520261dd7461]
   
   2013-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * README.LDAP:
           Mention how to dump sudoers info from LDAP.
           [a53c93790a30]
   
           * src/exec_common.c:
           On Solaris, disabling the proc_exec privilege appears to interfere
           with DAC file permissions. Adding DAC override permissions to the
           inheritable set works around this for commands run as root without
           giving extra permissions to other users. Bug #626
           [391ad44026c3]
   
   2013-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in,
           compat/getprogname.c, configure, configure.ac, include/missing.h,
           mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c, src/parse_args.c,
           src/regress/ttyname/check_ttyname.c, src/sudo.c:
           Instead of setprogname(), add initprogname() which gets the program
           name for getprogname() using /proc or pstat() if possible.
           [e2d48d81456f]
   
   2013-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to
           return this in certain situations but it appears to be harmless at
           least insofar as retrieving the tty goes.
           [105bea4e1c20]
   
           * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po,
           src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po,
           src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
           src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po,
           src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
           Sync with translationproject.org
           [3694d7ad4c9d]
   
   2013-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Add missing newline in help message after export option.
           [1c0bff0c181e]
   
   2013-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac, plugins/sudoers/Makefile.in,
           src/Makefile.in:
           Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in
           Makefile.in so we can make it last. Fixes a linking problem on
           Ubuntu precise.
           [f8d3bddbe742]
   
   2013-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, m4/ax_func_getaddrinfo.m4:
           Do not rely on NULL being defined for getaddrinfo() test. Fixes the
           check on HP-UX 11.23.
           [a5dcf0283693]
   
   2013-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Regen for sudo 1.8.9b1
           [945f27a7aa1c]
   
           * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po:
           Sync with translationproject.org
           [52abae16ccfa]
   
   2013-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c,
           compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in,
           configure, configure.ac, include/sudo_dso.h, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c,
           plugins/sudoers/ldap.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/sssd.c, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c, src/Makefile.in,
           src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c,
           src/sudo.h:
           Add wrapper functions for dlopen() et al so that we can support
           statically compiling in the sudoers plugin but still allow other
           plugins to be loaded. The new --enable-static-sudoers configure
           option will cause the sudoers plugin to be compiled statically into
           the sudo binary. This does not prevent other plugins from being
           loaded as per sudo.conf.
           [9425770e9d2b]
   
   2013-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Handle non-unix groups correctly. Get rid of runasuser and
           runasgroup types and use username and usergroup instead. The fact
           that the user or group is inside a Runas_List doesn't affect its
           underlying type.
           [ea1789258c11]
   
   2013-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Simplify Defaults list option object. The name and value strings are
           superfluous.
           [5852b0184669]
   
           * compat/dlopen.c:
           Back out unintended change.
           [85156e49e96e]
   
           * MANIFEST, aclocal.m4, configure, configure.ac,
           m4/ax_func_getaddrinfo.m4:
           Add dedicated test for getaddrinfo(). Tru64 UNIX contains two
           versions of getaddrinfo and we must include netdb.h to get the
           proper definition.
           [9882e3e1e8e3]
   
           * compat/dlopen.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c:
           Define RTLD_GLOBAL for older systems without it. Bug #621
           [ed38ac84f1da]
   
   2013-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/snprintf.c, include/missing.h:
           Rename snprintf replacement rpl_snprintf since we may now replace
           the libc version and #define rpl_snprintf snprintf in missing.h so
           we get our version when needed. This is consistent with how we
           replace glob and fnmatch.
           [309aa17d0dfe]
   
           * common/Makefile.in, common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c,
           common/regress/tailq/hltq_test.c, src/Makefile.in:
           libcommon tests need locale_stub.lo to link.
           [baae40f36de5]
   
           * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure,
           configure.ac, m4/ax_func_snprintf.m4:
           Add check for C99 compliant (v)snprintf function.
           [79e02551543c]
   
           * compat/sig2str.c, configure, configure.ac:
           Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and
           SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug
           #621; from Daniel Richard G.
           [2a59ccb8c966]
   
           * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c:
           Add definition of U_ for --disable-nsl Don't define warning_gettext
           if --disable-nsl Bug #621; from Daniel Richard G.
           [c0054eb89c2b]
   
   2013-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           When merging Defaults entries we need to check the type of the next
           entry and not just assume it is the same as the previous one.
           [e97d9b9cf0d5]
   
           * plugins/sudoers/visudo_json.c:
           runasgroups not runasgroup in the Cmnd_Spec.
           [92ea5dc20e4d]
   
           * plugins/sudoers/visudo_json.c:
           Fix some syntax errors and change how lists are handled.
           [027b8dea44b2]
   
           * common/sudo_debug.c, config.h.in, configure, configure.ac,
           include/fatal.h, include/sudo_debug.h:
           Allow sudo to compile without variadic macro support in cpp.
           Debugging support will be limited (no file info from warnings.) From
           Daniel Richard G.; Bug #621
           [51b8b868cd4b]
   
           * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c,
           common/sudo_conf.c, include/fatal.h, include/gettext.h,
           include/missing.h, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c,
           plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
           plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c,
           src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
           src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
           src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c,
           src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
           Add warning_gettext() wrapper function that changes to the user
           locale, then calls gettext(). Add U_ macro that calls
           warning_gettext() instead of gettext(). Rename warning2()/error2()
           back to warning_nodebug()/error_nodebug().
           [f3bb207db201]
   
   2013-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c,
           compat/utimes.c, configure.ac, plugins/sudoers/boottime.c,
           plugins/sudoers/check.c, plugins/sudoers/getdate.c,
           plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/logging.h, plugins/sudoers/sssd.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c,
           src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c:
           Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug
           #624; from Daniel Richard G.
           [b212e4694018]
   
           * include/sudo_debug.h, plugins/sudoers/defaults.c,
           plugins/sudoers/ldap.c, src/exec_common.c:
           Add debug_return_const_str and debug_return_const_ptr for returning
           a const string or pointer. Using const for the normal versions
           produces warnings with the Tru64 compiler.
           [45018a149cb4]
   
           * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure,
           configure.ac, m4/sudo.m4:
           Fixes for building under Tru64; from Daniel Richard G. Bug #624
           [fc4a6cbae1ba]
   
   2013-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           log_{fatal,warning} now logs to the debug file itself.
           log_{fatal,warning} now calls warningx2() after setting the locale
           itself instead of using the wrapper macros. This removes the only
           use of warningx(ngettext(...)).
           [930129361e0a]
   
   2013-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Add -Wpointer-arith to --enable-warnings
           [2043ae306d1b]
   
           * configure, configure.ac:
           Fix more instances of #include directives where the '#' was not in
           column 1. From Daniel Richard G. (bug #622)
           [75f36f39dcab]
   
           * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
           plugins/sudoers/visudo_json.c:
           Add support to visudo to export sudoers in JSON format.
           [1697b2b4bfd2]
   
   2013-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.h:
           Remove unused digest field from struct cmndspec, the digest really
           lives in struct sudo_command.
           [e9a1e2e112d6]
   
           * config.h.in, configure:
           Regen with autoconf 2.69
           [275f69f98f9e]
   
           * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in,
           doc/Makefile.in:
           Rename configure.in -> configure.ac
           [0aeafe425373]
   
           * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure,
           configure.in, ltmain.sh, m4/sudo.m4:
           From Daniel Richard G. (bug #622) Add an autogen.sh script that
           rebuilds the autoconf world. Move old aclocal.m4 contents to
           m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include
           directives. Some tests had #include directives where the '#' was not
           in column 1. Updated obsolete macro usage via autoupdate.
           [5fe8de5a56df]
   
   2013-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo_exec.h:
           Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The
           likelihood of receiving a partial message is quite low so this is
           not a big deal.
           [900a304f9548]
   
           * configure, configure.in:
           HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for
           MSG_WAITALL to be visible.
           [f08b1a00a30a]
   
           * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok,
           plugins/sudoers/regress/visudo/test5.sh:
           Add regress test for bug #623
           [8e83cfccaf14]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Cope with a comment on the last line of the file with no newline.
           Bug #623
           [f826243bc4e6]
   
           * compat/getaddrinfo.c:
           Include arpa/inet.h for HP-UX; from Daniel Richard G.
           [d4d7a4303bae]
   
           * doc/Makefile.in:
           Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel
           Richard G.
           [f664c8d2f961]
   
   2013-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/fatal.h:
           In v{warning,fatal}x?() make a new copy of ap for the debug
           functions. It is not legal to use ap twice without reinitializing
           it. Noticed by Daniel Richard G.
           [6ca8bc48ecb3]
   
           * include/fatal.h:
           Remove errant warning_restore_locale() call.
           [4ef7aecefcbb]
   
           * include/missing.h, plugins/sudoers/logging.c:
           Move va_copy compat macro to missing.h
           [c873e4cc4c8a]
   
           * common/Makefile.in, compat/Makefile.in, mkdep.pl,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in, zlib/Makefile.in:
           Uniquify header dependencies so we don't end up with duplicates when
           a header file includes other headers. The header dependencies are
           sorted so the generated order is stable.
           [95747db2f07a]
   
           * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS,
           mkdep.pl:
           Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From
           Daniel Richard G.
           [e94ee99a52a9]
   
           * plugins/sudoers/testsudoers.c:
           Fix pasto
           [5262735e78e0]
   
   2013-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.mdoc.in:
           Fix typo.
           [6b11a4eec6b6]
   
   2013-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
           regen
           [995ca9f21862]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c:
           Fix warnings from -Wold-style-definition
           [a748c5c7b423]
   
           * configure, configure.in:
           Add -Wold-style-definition to --enable-warnings
           [0484de0deb59]
   
           * common/event_poll.c:
           Extra debugging for ready fds.
           [91fb85cdecbb]
   
           * common/event_select.c:
           When deleting an event, check ev->events to determine whether to
           remove from readfds or writefds instead of blinding removing from
           both. Also fix highfd adjustment.
           [7384db65ca9c]
   
   2013-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event_select.c:
           Only check an fd that is >= 0. Timeout-only events may have a
           negative fd.
           [fa0e5cbc3cc2]
   
   2013-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event.c:
           Don't call sudo_ev_{add,del}_impl() for timeout-only events. This
           makes it possible to pass sudo_ev_alloc() an fd of -1 for events
           only use SUDO_EV_TIMEOUT.
           [6838657a1a2f]
   
   2013-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/alloc.c, common/event_select.c, include/sudo_event.h:
           Make a copy of readfds/writefds before calling select() instead of
           calculating it each time. Keep track of high fd in the base.
           [6048b78f2e94]
   
   2013-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add Stephen Gelman
           [0028c7a91a4f]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
           Fix sign comparison warning.
           [914cb36b9ed2]
   
           * plugins/sudoers/sudoreplay.c:
           Fix potential NULL dereference in non-interactive mode.
           [9233428d3f32]
   
   2013-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c:
           Use MSG_WAITALL when receiving struct command_status over the Unix
           domain socket since we no longer use datagrams. This should avoid
           the need to handle incomplete reads, though in theory it is still
           possible.
           [28a92888a908]
   
           * plugins/sudoers/sudoreplay.c:
           SIGKILL is not catchable
           [79f82e4cb11d]
   
           * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c:
           Add sudo_ev_get_timeleft() to get the amount of time left before an
           event times out and use it in sudoreplay.
           [d5b17ee30fa4]
   
   2013-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
           plugins/sudoers/sudoreplay.c:
           If the user presses <return> or <enter> in sudoreplay, skip to the
           next event. Useful for skipping past long pauses in the data.
           [43343f45c94d]
   
           * common/event.c, common/event_poll.c, common/event_select.c:
           Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we
           clear active flag from unprocessed events if sudo_ev_loopbreak() or
           sudo_ev_loopcontinue() are used. Remove bogus optimization when the
           timeout is zero or negative; it could prevent an I/O event from
           being triggered.
           [a13603fb3134]
   
           * plugins/sudoers/sudoreplay.c:
           Move session replay into its own function.
           [e323f7729595]
   
           * common/event.c, common/event_poll.c, common/event_select.c,
           include/sudo_event.h:
           Get rid of cur and pending pointers in struct sudo_event_base. We
           now pop the first event off the active queue instead of using a
           foreach loop with deferred removal of the event. Add
           SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the
           event on the event queue and timeouts queue respectively. No longer
           need to compare the timeout to {0,0} or compare the event's base
           pointer to NULL to determine queue membership.
           [f2b2251fd523]
   
           * common/event_poll.c:
           rename sudo_ev_loop_impl() -> sudo_ev_scan_impl()
           [614faaff04e3]
   
           * MANIFEST, common/event.c, common/event_poll.c,
           common/event_select.c, compat/Makefile.in, compat/nanosleep.c,
           config.h.in, configure, configure.in, include/missing.h,
           include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c:
           Add support for libevent-style timed events. Adding a timed event is
           currently O(n). The only consumer of timed events is sudoreplay
           which only used a singled one so O(n) == O(1) for now. This also
           allows us to remove the nanosleep compat function as we now use a
           timeout event instead.
           [db41c08e92dc]
   
   2013-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c:
           Now that sudo_ev_base_free() removes all events before freeing we
           don't need to do this by hand.
           [b59d43658c5f]
   
           * common/event.c, common/event_poll.c, common/event_select.c,
           include/sudo_event.h:
           Add a list of active events in the base that the back end sets when
           it calls poll or select. This allows the front end to iterate over
           the events instead of having that code in both back ends. It will
           also simplify support for timeout events. Also make sure we can't
           touch freed memory if a callback frees its own event.
           [933b99b3f2bc]
   
           * common/event.c:
           Remove any existing events before freeing the event base.
           [2543c6620cf1]
   
   2013-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           mon_handler() should be static
           [b1a62ef65c96]
   
   2013-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           If user specified start_tls and ldaps, display a warning and ignore
           start_tls. There's no reason to make this a fatal error.
           [bf446dd1e740]
   
           * src/exec_pty.c:
           Add missing else when the connection from the monitor to the parent
           sudo process is broken (due to the parent dying). Prevents a
           spurious "unexpected reply type on backchannel" warning.
           [5c44053cef08]
   
           * src/exec_pty.c:
           When flushing output we don't care whether we are the foreground
           process or not, we still need to flush to /dev/tty. If we are in the
           background, it is OK to get SIGTTOU.
           [9716892d1fb5]
   
           * plugins/sudoers/ldap.c:
           Should not attempt start_tls on an ldaps connection.
           [9d01d461c52c]
   
   2013-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/parser/check_fill.c:
           Fix sign compare warning.
           [6130fa8df758]
   
           * doc/Makefile.in:
           Eliminate warning about circular dependency from GNU make.
           [7ed5df762089]
   
           * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
           src/ttyname.c:
           More sign compare fixes. On Solaris id_t is signed so use uid_t in
           the set_perms.c ID macro instead.
           [8166dcc50d0b]
   
           * common/fileops.c, common/lbuf.c, common/secure_path.c,
           common/sudo_debug.c, include/secure_path.h,
           plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
           plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h,
           plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
           plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.h,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c,
           src/ttyname.c:
           Quiet sign comparision warnings.
           [e34f45dad10c]
   
           * configure, configure.in:
           Add -Wsign-compare to --enable-warnings
           [d560e274a6ae]
   
           * plugins/sudoers/ldap.c:
           Ignore SIGPIPE when connecting to the LDAP server so we can get a
           proper error message with the IBM LDAP libs. Also return
           LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that
           return an int.
           [611a4ed9b8ee]
   
           * plugins/sudoers/regress/parser/check_base64.c,
           plugins/sudoers/regress/parser/check_digest.c:
           Quiet compiler warnings.
           [7d82dcca7126]
   
   2013-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           sudo_ldap_parse_uri() should join multiple URIs in the string list
           together but it was clearing the host entry each time through the
           loop. Fixes a bug with multiple URI entries in ldap.conf where only
           the last one was being honored.
           [83cee19b136d]
   
           * src/exec_pty.c:
           Avoid a double free introduced when plugging a memory leak in
           safe_close(). A new ev_free_by_fd() function is used to remove and
           free any events sharing the specified fd. This can be used after
           safe_close() to make sure we don't try to select() on a closed fd.
           [54f48a281147]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c:
           Quiet some llvm check false positives. The common idiom of using
           TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a
           TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is
           probably faster anyway).
           [bd1b8c11f416]
   
           * plugins/sudoers/auth/pam.c:
           If pam_open_session() fails don't call pam_getenvlist() with a NULL
           pam handle.
           [352e0329acba]
   
           * plugins/sudoers/defaults.c:
           Fix newly introduced use after frees found by llvm checker.
           [a81080230f1f]
   
           * common/event_select.c:
           Remove an errant list_next() call that should have been removed in
           the TAILQ conversion.
           [3bbf8d117ce4]
   
           * MANIFEST, common/Makefile.in, common/list.c,
           common/regress/tailq/hltq_test.c, include/list.h, include/queue.h,
           plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
           plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Add "headless" tail queues and use them in place of the semi-
           circular lists in sudoers. Once the headless tail queue is built up
           it is converted to a normal TAILQ. This removes the last consumer of
           list.c and list.h so those can now be removed.
           [5986ba762a24]
   
           * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in,
           plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/env.c, plugins/sudoers/interfaces.c,
           plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c,
           src/hooks.c:
           Use SLIST and STAILQ macros instead of doing headless singly linked
           lists manually. As a bonus we now use a tail queue for ldap.c and
           sudoreplay.c.
           [c31bc2d99082]
   
           * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c,
           common/event_select.c, common/list.c,
           common/regress/sudo_conf/conf_test.c, common/sudo_conf.c,
           doc/LICENSE, include/list.h, include/missing.h, include/queue.h,
           include/sudo_conf.h, include/sudo_event.h,
           plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
           src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c,
           src/sudo.c, src/sudo.h, src/sudo_plugin_int.h:
           Convert sudo to use BSD TAILQ macros instead of home ground tail
           queue functions. This includes a private queue.h header derived from
           FreeBSD. It is simpler to just use our own header rather than try to
           deal with macros that may or may not be present in various queue.h
           incarnations.
           [450bce095d7c]
   
   2013-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Fix AND operator broken by changes to fix OR.
           [a4d3485ee943]
   
   2013-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Fix OR operator.
           [f5c1c90ee284]
   
   2013-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Fix memory leak of I/O buffer events in safe_close().
           [08cd790cfbba]
   
   2013-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c:
           Don't allow the debug subsystem to be initialized twice. Otherwise
           we can exhuast our stack when built in static mode.
           [fadacb6a4617]
   
           * common/event_poll.c:
           Make sure we do not try to usie index -1 in base->pfds[].
           [beeb922aba3f]
   
   2013-10-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           Bump version to 1.8.9
           [758dbb464796]
   
   2013-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Convert the monitor process to the event subsystem.
           [c4fe8e2ba53c]
   
           * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
           Convert the main sudo event loop to use the event subsystem. Read
           events for I/O buffers are added before the loop starts. Write
           events are added on demand as the buffers are filled.
           [72a603e997e0]
   
           * INSTALL, MANIFEST, common/Makefile.in, common/event.c,
           common/event_poll.c, common/event_select.c, common/list.c,
           common/sudo_debug.c, config.h.in, configure, configure.in,
           include/list.h, include/sudo_debug.h, include/sudo_event.h,
           mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in,
           src/exec_pty.c:
           Simple event subsystem that uses poll() or select(). Basically a
           simplied subset of libevent2. Currently only fd events are supported
           (since that's all we need). The poll() backend is used by default,
           except on Mac OS X where poll() is broken for devices (including
           /dev/tty and ptys).
           [8773142b4117]
   
           * src/exec.c, src/exec_pty.c:
           Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent
           semantics when the other end closes. This should make the conversion
           to poll() less problematic.
           [b6a321722a91]
   
   2013-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c:
           Fix removal of trailing newlines in a debug message.
           [6f5ce5ac64e0]
   
   2013-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           When checking for unused Runas_Aliases, count those used as part of
           a Runas Group too. Fixes a false positive warning.
           [f13271a4a377]
   
   2013-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Include stddef.h for rsize_t and errno_t on systems that support it
           natively.
           [bc547d47e9c6]
   
           * MANIFEST:
           Fix braino.
           [67b79747312f]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
           Rebuild message catalog files.
           [0a9befb0674e]
   
           * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
           src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
           src/po/vi.mo, src/po/zh_CN.mo:
           Rebuild message catalog files.
           [25191089ddf2]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
           Czech translation for sudo from translationproject.org.
           [8bc0ed069ddb]
   
   2013-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
           src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
           src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
           src/po/zh_CN.po:
           Sync with translationproject.org
           [c16f9bb4579e]
   
           * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Change "next" back to 2. In the context of "next Friday" we really
           do want the friday of the upcoming (not current) week.
           Unfortunately, this means that things like "next week" and "next
           year" will match one more than we really want. Fixing this will
           require some fairly major changes to the grammar.
           [7f863c930121]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Mention that relative times don't always do what you might expect.
           [710a9b0dd36f]
   
   2013-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add diacritical for Zdenek Behan.
           [78d333f88e6c]
   
   2013-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/regress/ttyname/check_ttyname.c:
           Do not fail if ttyname() cannot determine the tty but sudo can.
           Should fix problems with running "make check" under pbuilder.
           [e6fc06a6c5cf]
   
           * plugins/sudoers/Makefile.in:
           Remove extraneous $$CWD; from Bdale Garbee
           [4d040ddd7446]
   
   2013-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Make "this" and "next" qualifiers work a bit better. There is still
           room for improvement as "this week" will use the current time
           instead of the beginning of the week. That's a separate issue
           though.
           [e844c02f754a]
   
   2013-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c:
           Mark main() public to silence a warning on HP-UX.
           [ac0b869b9842]
   
   2013-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
           Be specific that we are talking about the Unix epoch; bug #615
           [25887775371b]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
           src/po/sudo.pot, src/selinux.c:
           Do not use "setup" as a verb; bug #614
           [17c4750aac5f]
   
           * plugins/sudoers/iolog.c:
           Fix logic goof when checking open() status.
           [76ece1445d71]
   
           * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
           src/po/nl.po, src/po/ru.mo, src/po/ru.po:
           Sync with translationproject.org
           [21351498000f]
   
           * NEWS, plugins/sudoers/sudoreplay.c:
           Work around a bug in sudo 1.8.7 timing files where the indexes are
           off by two.
           [4aa0cd58af58]
   
           * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
           plugins/sudoers/sudoreplay.c:
           Repair writing of the I/O log file indices broken in sudo 1.8.7.
           [6a5f867884f5]
   
   2013-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Try to improve the PAGERS noexec example a bit.
           [226f11118daa]
   
   2013-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Document comment character in ldap.conf Clarify what is and is not
           supported in TLS_KEYPW Mention that gsk8capicmd can be used to
           create a stash file
           [fb8f06ab4458]
   
   2013-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           New bugs fixed for 1.8.8.
           [c158df7cd9d2]
   
           * plugins/sudoers/visudo.c:
           Fix setting of quiet flag when -q / --quiet is specified. Do not
           print "sudoers: parsed OK" in quiet mode.
           [df55acd57ce6]
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
           src/po/fi.po, src/po/it.mo, src/po/it.po:
           Updated translations from translationproject.org
           [e9e8abd23a28]
   
           * plugins/sudoers/check.c:
           Don't allow root to change its SELinux role without a password. Bug
           #611
           [f8b599acb29d]
   
   2013-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention new Mac OS X symbol interposition.
           [98293b7c4e0f]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
           src/po/eo.po, src/po/fr.mo, src/po/fr.po:
           Updated translations from translationproject.org
           [865be7454354]
   
           * config.h.in, configure, configure.in, src/sudo_noexec.c:
           Add configure checks for the exec functions we will dummy out. This
           is only really needed on Mac OS X when symbol interposition is being
           performed but won't hurt elsewhere.
           [49c20cf6bab0]
   
   2013-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/Makefile.in,
           src/sudo_noexec.c:
           Fix installation of sudo_noexec on Mac OS X. Use library symbol
           interposition on Mac OS X 10.4 and higher so we don't need to set
           DYLD_FORCE_FLAT_NAMESPACE=1.
           [a82999dff8e6]
   
   2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Fix error display from ldap_ssl_client_init(). There are two error
           codes. The return value can be decoded via ldap_err2string() but the
           ssl reason code cannot (you have to look it up in a table online).
           [0267125ce9f0]
   
   2013-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Fix typo in tls_key example for Tivoli
           [36599f424ac4]
   
           * src/parse_args.c:
           Don't escape '$' when running "sudo -i command". Bug #564
           [17542d52f714]
   
           * plugins/sudoers/iolog_path.c:
           Fix typo in comment.
           [d0510ed5eaba]
   
           * plugins/sudoers/auth/pam.c:
           Fix comment.
           [4e89e0bfd6af]
   
           * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
           Quiet some gcc -Wformat=2 false positives
           [28a2014b9822]
   
   2013-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Remove now-obsolete arg to env_merge()
           [ba015cf5d935]
   
           * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           Updated translations from translationproject.org
           [72b6aeaba505]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
           French translation for sudo from translationproject.org.
           [a72321771860]
   
           * plugins/sudoers/logging.h:
           Add __printflike to audit_failure.
           [1686b3699d41]
   
           * include/missing.h:
           Use __nonnull__ attribute in __printflike.
           [d123613a1fb6]
   
   2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
           When merging the PAM environment, allow environment variables set in
           PAM to override ones set by sudo as long as they do not match the
           env_keep or env_check lists.
           [f3c64967fed7]
   
           * plugins/sudoers/auth/pam.c:
           Call pam_getenvlist() after we've opened the session to get the
           session-specific environment variables.
           [b413fb9e1c77]
   
   2013-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           option not flag
           [08c31af7b818]
   
           * compat/getopt_long.c, config.h.in, configure, configure.in:
           Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
           a check for optreset which is a BSD extension and provide a
           definition in getopt_long.c if it is not present.
           [3393e8d83400]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [f38f65830118]
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
           Use lower case for the long option arguments to match the manual.
           This is inconsistent with GNU but it is better to match the sudo
           documentation.
           [8fac2d64f5d2]
   
           * NEWS:
           Sudo 1.8.8
           [105c73752474]
   
           * src/parse_args.c:
           Use lower card for the long option arguments to match the manual.
           This is inconsistent with GNU but it is better to match the sudo
           documentation.
           [af243dd39850]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Describe how remote command execution can be implemented.
           [3eba7f93b7f6]
   
           * doc/sudoers.ldap.cat:
           Bump version.
           [0ee7f02f3627]
   
   2013-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * src/sudo.c:          * src/sudo.c:
        Fixed a format string vulnerability when the sudo binary (or a         Make it a fatal error if the plugin returns invalid or out of range
        symbolic link to the sudo binary) contains printf format escapes        command info.
        and the -D (debugging) flag is used.        [8a7e56c7584a]
   
           * plugins/sudoers/policy.c:
           Use strtol() instead of atoi() and perform error checking of
           parameters passed from the sudo front-end.
           [05e05be3c6c4]
   
           * plugins/sudoers/auth/pam.c:
           It is not possible for auth to be NULL here.
           [771500e776e9]
   
           * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Initialize user_runhost and user_srunhost to user_host and
           user_shost in visudo and testsudoers.
           [c47cca74e1fc]
   
           * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
           common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
           common/list.c, common/sudo_conf.c, common/sudo_debug.c,
           compat/Makefile.in, compat/getopt_long.c, include/error.h,
           include/fatal.h, plugins/sudoers/Makefile.in,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
           src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
           Rename error.h -> fatal.h now that there is no error() function.
           [3a3827f10f04]
   
           * common/sudo_debug.c, include/sudo_debug.h:
           Add support to the debug subsystem for zero-length strings. This can
           happen for things like warning(NULL) or fatal(NULL) where we just
           want to log the errno string.
           [3ed739c5cc91]
   
           * include/error.h:
           Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
           [57e65ed595d2]
   
           * plugins/sudoers/audit.c:
           Need to include gettext.h for BSM audit.
           [a87fda2d0123]
   
           * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
           src/parse_args.c, src/sudo.c:
           Change some fatalx(NULL) that should be fatal(NULL).
           [8b1efda9f578]
   
           * include/error.h, include/missing.h:
           Use __printf0like for warning() and fatal() since the fmt string may
           be NULL.
           [858a890f00ad]
   
           * compat/pw_dup.c:
           Quiet a gcc "used uninitialized in this function" false positive.
           [98f47f89ce60]
   
           * mkpkg:
           Enable bsm audit on Mac OS X and Solaris >= 11.
           [8607488f986c]
   
           * plugins/sudoers/bsm_audit.c:
           Fix compilation on Solaris 11.
           [01aa46298ed7]
   
           * plugins/sudoers/bsm_audit.c:
           Add missing missing.h
           [080de69a55a1]
   
           * plugins/sudoers/sudoers.c:
           Move the -C (user_closefrom) check until after set_cmnd() so that
           closefrom_override can be used in a command-specific Defaults line.
           Fixes bug #610 from Mengtao Sun.
           [413565c6ff6b]
   
   2013-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           If not using a pty and the child process gets SIGTTOU or SIGTTIN and
           sudo is the foreground process, make the child the foreground
           process and continue it.
           [5ff433443bc4]
   
           * src/sudo.c:
           If sudo is not setuid and was not invoked with a full path, look in
           the user's PATH for the sudo binary to give a better error message.
           [a740129a38f0]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.h:
           Add limited support for "sudo -l -h other_host". Since group lookups
           are done on the local host, rules that use group membership may be
           incorrect if the group database is not synchronized between hosts.
           [2c8b222a5f7f]
   
           * src/parse_args.c:
           Fix parsing of "-h host" when used in conjunction with the -l flag.
           [62f3d726d52b]
   
           * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
           doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
           doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
           src/sudo_usage.h.in:
           Simplify usage messages a bit and make --help output more closely
           resemble GNU usage wrt long options. Sync usage and man page
           SYNOPSYS sections and improve long options in the manual pages. Now
           that we have long options we don't need to give the mnemonic for the
           single-character options in the description.
           [17b7e386955a]
   
   2013-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           Fix setting of mailer argv[0] to basename of mailerpath. No need to
           strdup() mailerpath as it is not modified.
           [8843cdd958ee]
   
           * plugins/sudoers/logging.c:
           Make sure the mailer exists and is a regular file before trying to
           exec it.
           [b73d6214014f]
   
           * plugins/sudoers/timestamp.c:
           If tty_tickets are enabled but there is no tty, use a ticket file
           based on the parent pid.
           [75408bd61ced]
   
           * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
           Allow default plugin dir to be configured in sudo.conf.
           [478883594cc5]
   
           * doc/CONTRIBUTORS:
           UTF8 for Ruusamae, Elan; from Tae Wong
           [02e0c95b4fa6]
   
   2013-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/regress/sudo_conf/test5.in,
           common/regress/sudo_conf/test5.out.ok,
           common/regress/sudo_conf/test6.in,
           common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
           doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
           Don't allow max_groups to be set to zero, it just complicates things
           needlessly. Fixes an assertion in visudo when there is a group-
           based Defaults entry.
           [d62a8ea32db9]
   
   2013-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/gidlist.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
           src/sudo.h:
           Refactor code to parse list of gids into its own function that is
           shared by the sudo front-end and the sudoers module. Make uid/gid
           parse error be fatal, not just a warning.
           [da3b2b06605c]
   
           * common/atoid.c:
           Add function comment block.
           [09a324de716f]
   
           * common/atoid.c:
           Default text domain is now sudo, not sudoers.
           [1acb1da6f304]
   
           * common/Makefile.in:
           Update dependency for atoid.lo
           [5e367cd44288]
   
           * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
           src/sudo.h:
           Add endpointer and separator args to atoid()
           [2077e4ed8578]
   
   2013-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c:
           Use private version of atoid() to avoid a dependency on libcommon.a
           (since that already depends on libreplace.a).
           [7c12d63b0560]
   
           * doc/CONTRIBUTORS:
           More UTF8 in names; from Tae Wong
           [512b263f51c8]
   
           * compat/getgrouplist.c, plugins/sudoers/iolog.c,
           plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
           Use atoid() in more places.
           [06f4ae57c707]
   
           * MANIFEST, common/Makefile.in, common/atoid.c,
           plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
           Move atoid() to common so it can be used in src and compat too.
           [095d730701e4]
   
           * compat/closefrom.c:
           Avoid a crash on Mac OS X 10.8 (at least) when we close
           libdispatch's fds out from under it before executing the command.
           Switch to just setting the close on exec flag instead.
           [349ebf4987df]
   
           * doc/CONTRIBUTORS:
           Convert to last, first for easier sorting and use UTF8 (including a
           BOM).
           [8c30d221bd75]
   
           * plugins/sudoers/atoid.c:
           Add atoid() function to convert a string to an id_t (uid, gid or
           pid). We have to be careful to choose() either strtol() or strtoul()
           depending on whether the string appears to be signed or unsigned.
           Always using strtoul() is unsafe on 64-bit platforms since the uid
           might be represented as a negative number and (unsigned long)-1 on a
           64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
           with uids larger than 0x7fffffff on 32-bit platforms.
           [5d818e399157]
   
           * MANIFEST, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h:
           Add atoid() function to convert a string to an id_t (uid, gid or
           pid). We have to be careful to choose() either strtol() or strtoul()
           depending on whether the string appears to be signed or unsigned.
           Always using strtoul() is unsafe on 64-bit platforms since the uid
           might be represented as a negative number and (unsigned long)-1 on a
           64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
           with uids larger than 0x7fffffff on 32-bit platforms.
           [cd92246a710f]
   
           * plugins/sudoers/sudoers.c:
           Avoid "perm stack underflow" error when logging the unknown uid
           error.
           [871514c713b7]
   
           * plugins/sudoers/set_perms.c:
           In rewind_perms() there is nothing to do if perm_stack_depth == 0.
           [98de335f47f0]
   
   2013-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
           Add pam_setcred sudoers option to allow the user to control whether
           pam_setcred() is called on the user's behalf.
           [4260a8e43073]
   
           * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
           Add pam_service and pam_login_service sudoers settings to control
           the service name passed to pam_start.
           [5ea0e3588f3a]
   
           * mkpkg:
           Newer Xcode places the SDKs under Xcode.app
           [4b54379d5c45]
   
   2013-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/zero_bytes.c,
           compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
           configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
           mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
           plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
           src/tgetpass.c:
           Implement memset_s() and use it instead of zero_bytes(). A new
           constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
           max conversation reply length. This constant can be used as a max
           value for memset_s() when clearing passwords filled in by the
           conversation function.
           [264ec146028e]
   
   2013-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/system_group/Makefile.in:
           Do not try to install plugins when shared modules are disabled
           (sudoers already had the check).
           [3d582c042042]
   
           * plugins/sudoers/Makefile.in:
           Update dependencies to take into account compat/getopt.h and
           compat/dlfcn.h.
           [301fb31cd121]
   
           * src/Makefile.in:
           Update dependencies now that sudo_usage.h is always included from
           the build dir.
           [c1ff70ec9515]
   
   2013-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Add some warnings and debugging to sasl ccname handling.
           [467f415861f0]
   
           * plugins/sudoers/ldap.c:
           Fix write loop invariant in sudo_krb5_copy_cc_file()
           [6948cf6e9b9f]
   
   2013-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Strip off leading FILE: or WRFILE: prefix before trying to copy the
           user's credential cache.
           [56c16feab62f]
   
   2013-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
           just save RLIMIT_NPROC in exec_setup() before the final setuid() and
           restore it immediately after. We don't need to modify RLIMIT_NPROC
           for simple euid changes, just for changing the real (and saved) uids
           before we exec. This also means we no longer need to worry about
           _SC_CHILD_MAX returning -1. Bug #565
           [1372f1909039]
   
   2013-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c, src/preload.c:
           Now that the ldap code runs with the real and effective uid set to
           0, it is not possible for the gssapi libs to find the user's krb5
           credential cache file. To work around this, we make a temporary copy
           of the user's credential cache specified by KRB5CCNAME (opened with
           the user's effective uid) and point gssapi to it. To set the
           credential cache file name, we dynamically look up
           gss_krb5_ccache_name() and use it if available, otherwise fall back
           to setting KRB5CCNAME.
           [8b86c134541a]
   
   2013-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
           doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
           doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c:
           Long option support for visudo and sudoreplay.
           [91427968be71]
   
   2013-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
           src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
           Add support for long options and fix inclusion of sudo_usage.h with
           modern gcc broken in 8597:1fcb7ba13018.
           [d13134819944]
   
           * src/Makefile.in:
           Add rule to rebuild sudo_usage.h when the .in file changes.
           [59a32899e251]
   
           * compat/Makefile.in, mkdep.pl, src/Makefile.in:
           Add make rules for building getopt_long.c
           [5f57593b3a8b]
   
           * src/parse_args.c:
           Make "-h hostname" work. Optional args in GNU getopt() only work
           when there is no space between the option flag and the argument.
           [b8258659cabb]
   
   2013-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
           configure, configure.in, doc/LICENSE, src/parse_args.c:
           Use getopt_long() so we can make the -h flag take an optional
           argument. Includes a version for those without it.
           [d1dd66c8a86b]
   
   2013-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document that the -h option can be used specify a host name for
           future plugins.
           [8470c74cf326]
   
           * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
           Overload -h option to specify an optional hostname for remote
           access. This is future-proofing; no policy plugins currently support
           this.
           [0e01d8c3c623]
   
           * configure, configure.in:
           Bump version to 1.8.8
           [a1155bfaa28f]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document the remote_host setting (-h host)
           [c737db906f5d]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           fix "the the"
           [0025464a3942]
   
           * src/parse_args.c, src/sudo.c, src/sudo.h:
           Do not error out if arg to -U option cannot be resolved, that is for
           the plugin to decide. There is no need for runas_user and
           runas_group to be global, make them local to parse_args() instead.
           [fb02a62a72ba]
   
           * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
           plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
           src/po/pt_BR.mo, src/po/pt_BR.po:
           Sync with translationproject.org
           [e8f4772d918a]
   
   2013-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Remove old bits about sudo setuid problems that should have been
           cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
           sudo to 04755 to match current packaging.
           [1e3904cdc2de]
   
           * plugins/sudoers/auth/pam.c:
           Go back to ignoring the return value of pam_setcred() since with
           stacked PAM auth modules a failure from one module may override
           PAM_SUCCESS from another. If the first module in the stack fails,
           the others may be run (and succeed) but an error will be returned.
           This can cause a spurious warning on systems with non-local users
           (e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
           [b6022e26135a]
   
           * src/net_ifs.c:
           Remove unused variable.
           [93dde7d82fde]
   
           * NEWS:
           Fix typo
           [5ef79671c2c7]
   
   2013-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sssd.c:
           Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
           From Dan Harnett.
           [4a0af6f12765]
   
   2013-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Fix formatting typo; from Eric S. Raymond
           [058b533ba460]
   
   2013-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg:
           Use -gxcoff on aix so dbx can be used to debug sudo.
           [4950e019ed2d]
   
   2013-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
           Fix typo; bug 605
           [41f7b46a6e51]
   
   2013-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
           src/po/tr.mo:
           Regen .mo files that were out of date.
           [9e25a254f9db]
   
   2013-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           On Solaris 11 and higher, tag binaries for ASLR if supported by the
           linker.
           [a2a6cafa3e60]
   
           * mkpkg:
           No longer need to disable PIE on Solaris.
           [cf90019ae67e]
   
   2013-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
           Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
           OpenBSD also supports PIE but enables it by default so we don't need
           to do anything. This fixes problems on systems with a version of GNU
           ld that accepts -pie but where the run-time linker doesn't actually
           support PIE. Also verify that a trivial PIE binary works unless PIE
           is explicitly enabled.
           [3c5f125efeb1]
   
   2013-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * aclocal.m4, configure, configure.in:
           Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
           where we can end up crashing due to malloc() failures. Sems OK when
           Using Sun as and ld.
           [b8ba412102ab]
   
           * NEWS:
           Update with final changes.
           [78ff6d2ed47a]
   
   2013-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Add -fPIE to PIE_LDFLAGS as per gcc manual.
           [fe900cbb0780]
   
   2013-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in, compat/Makefile.in:
           Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
           [f84bc7482b78]
   
           * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/regress/visudo/test4.out.ok,
           plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
           Replace sequence number-based cycle detection in visudo with a
           "used" flag in struct alias. The caller is required to call
           alias_put() when it is done with the alias. Inspired by a patch from
           Daniel Kopecek.
           [0bdbac1b3b39]
   
   2013-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Eliminate a few relocations related to sudoers_io.
           [18e9e2cc3367]
   
           * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
           Sync with translationproject.org
           [f38cc128a2ad]
   
   2013-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Clarify a comment.
           [7a045ee06e95]
   
   2013-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Handle d_type == DT_UNKNOWN when resolving the device to a name and
           sprinkle some more debugging.
           [8774133747d9]
   
   2013-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Add message about disabling PIE if sudo gets SIGSEGV.
           [c786af2a6751]
   
           * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
           No longer store the ctime of a devpts tty. The handling of ctime on
           devpts in Linux has been changed to conform to POSIX. As a result we
           can no longer assume that the ctime will stay unchanged throughout
           the life of the session. We store the session ID in the time stamp
           file so there is a much smaller chance of the time stamp file being
           reused by a new login. While here, store the uid/gid in the
           timestamp file too for good measure.
           [7028b21f7a9b]
   
           * configure, configure.in:
           PIE is broken on FreeBSD/arm
           [f232c60d6229]
   
           * mkpkg:
           Add explicit sendmail path for Linux since we may not have sendmail
           installed in the build chroot.
           [1ba2f84f4ff0]
   
   2013-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, plugins/sudoers/iolog.c,
           plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
           Quiet a few -Wunused-result compiler warnings.
           [ef12afb61423]
   
   2013-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Mention what SHA-2 formats are supported.
           [bf298d0fdf8a]
   
           * doc/CONTRIBUTORS:
           List code and translations separately.
           [826547bc1295]
   
   2013-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
           Sync with translationproject.org
           [9499a6f438b8]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [cce449e284a6]
   
           * Makefile.in:
           Fix c-format for fatal/fatalx
           [4ad81d3faaeb]
   
   2013-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
           Change some error/errorx -> fatal/fatalx in comments and xgettext
           flags.
           [9d9b64fa2ec9]
   
           * NEWS:
           There is now a Turkish translation of sudoers.
           [701c5af6aa76]
   
           * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
           Updated translations from translationproject.org including new
           Turkish translation.
           [9cedbb50d90f]
   
   2013-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document that sudoers will re-use existing I/O log paths unless they
           are mktemp-style with trailing X's.
           [4f43bd13d9e7]
   
           * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
           Allow ldap_conf and ldap_secret to be specified as plugin arguments
           in sudo.conf
           [37c6c425b565]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           sudoers_debug is now deprecated in favor of the sudo debugging
           framework.
           [1195be1ec254]
   
           * plugins/sudoers/ldap.c:
           Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
           SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
           debug file with the ldap subsystem. The sudoers_debug setting in
           ldap.conf is still honored for now but will be removed in a future
           release.
           [cfa42b4b913e]
   
   2013-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers2ldif:
           Add support for converting sudoers files with SHA-2 command digests.
           [dc0d03485946]
   
           * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
           plugins/sudoers/sudoers2ldif:
           Add copyright notice to scripts
           [5e8bd4e6083f]
   
           * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
           plugins/sudoers/regress/sudoers/test14.out.ok,
           plugins/sudoers/regress/sudoers/test14.toke.ok:
           Add regress for SHA-2 digests.
           [0b258c2a2a95]
   
           * compat/getgrouplist.c:
           Solaris maps negative gids to GID_NOBODY.
           [57050e5c750f]
   
           * plugins/sudoers/visudo.c:
           Clear up an llvm checker warning which appears to be a false
           positive and fix an old XXX while I'm at it.
           [9ee13133e596]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Correct last change date
           [3bc1fa5b0f76]
   
           * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
           No need to translate this error message.
           [4d9941970a26]
   
           * doc/UPGRADE:
           Mention .sl vs. .so extension handling on HP-UX Mention group
           membership changes Fix typos
           [40ac0efbdb2b]
   
           * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
           common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
           common/setgroups.c, common/term.c, common/ttysize.c,
           compat/Makefile.in, compat/dlopen.c, compat/endian.h,
           compat/getline.c, compat/getprogname.c, compat/isblank.c,
           compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
           compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
           compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
           compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
           include/Makefile.in, include/alloc.h, include/fileops.h,
           include/gettext.h, include/lbuf.h, include/missing.h,
           include/sudo_plugin.h, pathnames.h.in,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
           plugins/sudoers/alias.c, plugins/sudoers/audit.c,
           plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
           plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
           plugins/sudoers/defaults.h, plugins/sudoers/env.c,
           plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
           plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
           plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
           plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
           plugins/sudoers/logging.h, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
           plugins/sudoers/redblack.h,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.h, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
           plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c, src/Makefile.in,
           src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
           src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
           src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
           src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
           src/utmp.c:
           Update copyright years.
           [5c6d72661bad]
   
           * plugins/sudoers/mon_systrace.h:
           Systrace support was removed long ago.
           [10a038a2da77]
   
   2013-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
           plugins/sudoers/regress/sudoers/test9.toke.out.ok:
           Remove some files that were mistakenly added.
           [833502da26de]
   
           * common/sudo_debug.c, config.h.in, configure, configure.in,
           plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
           plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
           Use time(&now) instead of now = time(NULL) when storing the current
           time in a time_t (better compiler error checking). Better parsing
           and printing of 64-bit time_t on 32-bit platforms.
           [c227dc72c04e]
   
   2013-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Don't check the tty of the parent process. Now that we get the
           controlling tty device number from the kernel there is no need. If
           the process has really disassociated from the tty then reporting
           "unknown" is appropriate.
           [62fb66e565db]
   
   2013-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/error.c:
           Use EXIT_FAILURE instead of 1 as the fatal() exit value.
           [ed94c2c5e88a]
   
           * src/sesh.c:
           Change remaining errorx -> fatalx
           [3f6d70e19303]
   
   2013-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
           error if the entry already exists in the cache.
           [94d45970400a]
   
           * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
           Change "foo: failed" to just "foo" since we print the string form of
           errno. Gets rids of some useless translations.
           [476f37349dbc]
   
   2013-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/match.c:
           Fix pasto in debug_decl
           [08650186a239]
   
           * plugins/sudoers/Makefile.in:
           regen
           [acf4c34fba2c]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/parse.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
           Rename log_error() -> log_warning() for consistency with
           warning()/fatal()
           [474ed5a0e335]
   
           * plugins/sudoers/auth/API:
           The NO_EXIT flag was removed a while ago.
           [e0a4be270226]
   
           * common/aix.c, common/alloc.c, common/error.c, include/error.h,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
           plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
           src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
           src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
           src/utmp.c:
           Rename error/errorx -> fatal/fatalx and remove the exit value as it
           was always 1.
           [ea66f58c4da5]
   
           * NEWS:
           digests are supported in sudoers ldap too
           [77d6c25f7653]
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c:
           Print test failures to stdout like the final count so the outputis
           not displayed out of order.
           [f541b78ecb93]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
           plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
           src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
           src/po/it.po, src/po/tr.po:
           Sync with translationproject.org
           [cbd70678b99f]
   
           * Makefile.in:
           Check for any uncommitted changes in dist target and add force-dist
           target that omit check-dist.
           [78dc3f41e37e]
   
   2013-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/regress/ttyname/check_ttyname.c:
           Fix logic bug when checking tty via ttyname().
           [279aee076194]
   
           * compat/endian.h:
           Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
           __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
           [fe35e0b04502]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [0ddebccd3045]
   
           * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document digest support.
           [d794c7b9a7bc]
   
           * MANIFEST, plugins/sudoers/Makefile.in,
           plugins/sudoers/regress/parser/check_base64.c:
           Simple bas64 decode unit test.
           [344b0df0fe50]
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.h:
           Move base64_decode into its own source file.
           [30497e7f88bc]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Only check year against 2038 if time_t is 32-bit.
           [9c1f2e3fc3ba]
   
   2013-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
           plugins/sudoers/sssd.c:
           Add digest support for sudoers in ldap and sss.
           [314937b5e59e]
   
           * INSTALL, configure, configure.in:
           Error out in configure if the compiler doesn't support "long long".
           [d3645c1d50d1]
   
           * plugins/sudoers/match.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l:
           Include stdint.h or inttypes.h before sha2.h
           [20ad1c20313d]
   
           * common/lbuf.c:
           Simplify lbuf append functions by moving the realloc code into
           lbuf_expand(). We now expand as needed each time bytes need to be
           written to the lbuf. Also handle a NULL pointer being passed in for
           paranoia's sake.
           [6283ee562ef4]
   
           * plugins/sudoers/iolog.c:
           Zero out struct iolog_details early to avoid a potential (though
           unlikely) dereference of stack garbage if we hit a fatal error
           before iolog_deserialize_info() is called.
           [2eeca8be05fb]
   
   2013-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Update copyright year.
           [b843c6a43238]
   
           * plugins/sudoers/sudoers_version.h:
           Bump SUDOERS_GRAMMAR_VERSION for new digest support.
           [188556fb8156]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Sanity check digest in parser so visudo can catch errors. Add base64
           support
           [b8586d5cc7ed]
   
           * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
           For big endian architectures just use memcpy() instead of BE macros
           in a loop.
           [c71a0f4a8a8e]
   
   2013-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
           plugins/sudoers/gram.h, plugins/sudoers/gram.y,
           plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.h,
           plugins/sudoers/regress/parser/check_digest.c,
           plugins/sudoers/regress/parser/check_digest.out.ok,
           plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c:
           Initial implementation of checksum support in sudoers. Currently
           supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
           validation in parser and base64 support. checksum support for ldap
           sudoers
           [b8f196346eca]
   
   2013-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
           SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
           domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
           respectively.
           [7511d07c0a83]
   
   2013-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Add sudo 1.8.6p8
           [0666fd0321ae]
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
           Add missing "not" in error message when mixing standalone and non-
           standalone authentication methods.
           [7eba4439db73]
   
           * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
           Check for crypt() returning NULL. Traditionally, crypt() never
           returned NULL but newer versions of eglibc have a crypt() that does.
           Bug #598
           [887b9df243df]
   
           * plugins/sudoers/auth/pam.c:
           Better PAM error messages
           [fd7eda53cdd7]
   
           * plugins/sudoers/auth/kerb5.c:
           Better error messages
           [98142874a2f4]
   
           * plugins/sudoers/bsm_audit.c:
           Use same error message for getauid() failure.
           [07f0d88cb1df]
   
           * plugins/sudoers/sssd.c:
           Start warning with a lower case letter for consistency and to match
           existing translated strings.
           [b719ac52c9e3]
   
   2013-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg:
           Disable PIE on Solaris where it is not really supported.
           [c36c84cdcc7a]
   
           * src/ttyname.c:
           AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
           before we try to match it against st_rdev.
           [5dab449fb962]
   
           * src/ttyname.c:
           Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
           a problem finding the tty name when it is not in /dev/pts.
           [6c205d087fa0]
   
           * compat/snprintf.c:
           Support %lld and %llu
           [feabfa06c954]
   
           * .hgignore, MANIFEST, src/Makefile.in,
           src/regress/ttyname/check_ttyname.c:
           Add ttyname test.
           [e987038f8c07]
   
   2013-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
           src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
           src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
           src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
           Sync with translationproject.org
           [4d7b73b22079]
   
           * plugins/sudoers/timestamp.c:
           Log timestampfile to debug file.
           [e997281146c0]
   
           * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
           Don't add the "Password: " string we look up in the PAM text domain
           to the sudoers.pot file.
           [771b52244abf]
   
   2013-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot:
           Synce with regcomp() error message change.
           [fc6d3dfb8eb8]
   
           * plugins/sudoers/sudoreplay.c:
           Be consistent with error message when regcomp() fails.
           [de6c69ba04e4]
   
   2013-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/testsudoers/test5.out.ok,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Use group -1 instead of 1 as the invalid group since the running
           user might have group 1 as their default group.
           [71404a9fa75d]
   
           * plugins/sudoers/Makefile.in:
           PWD may be a shell builtin, use CWD instead.
           [c443105c5091]
   
   2013-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           Split up check_user().
           [ce7cc0767589]
   
   2013-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure.in:
           Cosmetic fixes in the comments.
           [640abee43c14]
   
   2013-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
           message for visibility checks when the test fails.
           [99665477ee55]
   
           * config.h.in:
           regen
           [00c22606719a]
   
           * configure, configure.in:
           We no longer use mbr_check_membership() and setrlimit64() is AIX-
           specific.
           [43caf685a1f1]
   
           * Makefile.in:
           The first (all) target must be by itself or some makes will choose
           the run the entire target list.
           [16cf3def49f5]
   
           * configure, configure.in:
           Do exec_prefix expansion when enable_shared even if noexec is not
           enabled.
           [7ed28cb32d8d]
   
           * compat/getgrouplist.c:
           Use free() not efree() since we don't include alloc.h here
           [1a008737be24]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [b939f941346f]
   
           * plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Pass in expected gid to testsudoers in addition to the uid that
           matches the test sudoers files.
           [6a1710e8cac1]
   
   2013-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Tru64 5.x does declare innetgr() and getdomainname().
           [c75598e69c7e]
   
           * plugins/sudoers/match.c:
           Fix compilation when getdomainame() is not present.
           [e831b017a962]
   
           * config.h.in, configure.in, include/missing.h:
           Move SET/CLR/ISSET from config.h.in to missing.h
           [3a3dd29fd7f0]
   
           * configure, configure.in:
           Fix getgrouplist() check.
           [12a2adf60e98]
   
           * MANIFEST:
           No more timestamp.h
           [5677e26afc0f]
   
           * plugins/sudoers/check.c:
           Neded sys/time.h for struct timeval in struct sudo_tty_info.
           [aceaadd8c400]
   
           * plugins/sudoers/Makefile.in:
           regen depends
           [21675a8b67e5]
   
           * NEWS:
           Mention libibmldap on HP-UX
           [75b4e4b22950]
   
           * NEWS, plugins/sudoers/match.c:
           Instead of checking the domain name explicitly for "(none)", just
           check for illegal characters.
           [ce35dda811db]
   
           * plugins/sudoers/visudo.c:
           Only warn once when we are unable to open the sudoers file.
           [9e27e3aa5b10]
   
           * plugins/sudoers/sudoers.c:
           Fall back to opening /dev/tty to determine whether there is a tty if
           the system doesn't have kernel support for determing the tty.
           [2775bcf9a9b5]
   
           * compat/getprogname.c:
           Update guard to take __progname into account
           [60eae3f20232]
   
           * compat/snprintf.c:
           Some older systems have inttypes.h but not stdint.h
           [ed1ef160015f]
   
           * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
           compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
           compat/getline.c, compat/getprogname.c, compat/glob.c,
           compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
           compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
           compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
           compat/strsignal.c, compat/utimes.c:
           Add guards in compat source files. Not really needed since we only
           include them in the Makefile if they are needed but should not hurt
           either.
           [8cbd3b4595b9]
   
   2013-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Don't include gram.h in gram.y, its contents are already included.
           Move sudoerserror to the end of gram.y so COMMENT is declared when
           we need to use it.
           [7d72ebdd7222]
   
   2013-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure.in:
           Remove some pre-ANSI cruft.
           [6a95704b2116]
   
           * plugins/sudoers/match.c:
           Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
           when it is set.
           [da40c550ffed]
   
           * NEWS, plugins/sudoers/iolog_path.c:
           We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
           just leave it as-is.
           [9a22de140d28]
   
   2013-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Add missing semicolon in rule.
           [817d3f1b2a21]
   
           * plugins/sudoers/sudoers.c:
           Now that we can determine the terminal even when file descriptors
           are redirected we can check user_ttypath rather than opening
           /dev/tty when enforcing requiretty.
           [56a28bc09041]
   
           * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Stash umask in struct sudo_user so we don't need to look it up
           later.
           [9f85749199dc]
   
           * plugins/sudoers/sudoers.c:
           Minor cosmetic change
           [c373e106ed49]
   
           * plugins/sudoers/regress/parser/check_addr.c:
           No longer need to declare interfaces
           [d7ff7e579557]
   
           * plugins/sudoers/logging.c:
           Fix compilation in SUDOERS_NO_SEQ case
           [9a6db9247534]
   
           * plugins/sudoers/regress/parser/check_addr.c:
           No longer need to define sudo_printf
           [578ad13c3546]
   
           * plugins/sudoers/check.c, plugins/sudoers/check.h,
           plugins/sudoers/timestamp.c:
           Pass auth_pw to the timestamp functions.
           [f603649177d6]
   
           * plugins/sudoers/iolog_path.c:
           Fix SUDOERS_NO_SEQ
           [17881f9bcd68]
   
           * plugins/sudoers/locale.c:
           Don't need all of sudoers.h in here
           [c518150c6483]
   
           * plugins/sudoers/sudoers.c:
           Don't need to include sudoers_version.h here.
           [8abb31102119]
   
   2013-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           DEFAULT_LECTURE is no longer used.
           [f565c00a68c1]
   
           * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
           Move sudo_conv into policy.c
           [f699aee7136b]
   
           * plugins/sudoers/pwutil.c:
           cosmetic fixes
           [930e60389ca8]
   
           * plugins/sudoers/match.c:
           RHEL (and perhaps other Linux distros) use the string "(none)"
           instead of an empty string when there is no actual NIS-style domain
           name. Bug #596
           [11aec11489ac]
   
           * plugins/sudoers/match.c:
           Fix return values when NAME_MATCH is defined.
           [ce030be9ccef]
   
   2013-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
           Update copyright year.
           [7e4b8d49addd]
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
           plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
           Add sudo_set_grlist(), currently unused by the back end.
           [b37ac1d0e8fc]
   
           * plugins/sudoers/pwutil.c:
           Remove unused macros, fix a debug_decl
           [6136fb4a0d3b]
   
           * include/missing.h:
           Tru64 Unix doesn't prototype innetgr() or getdomainname().
           [585ac1874dfe]
   
           * include/missing.h:
           Whitespace fixes
           [0bb28cd91d97]
   
           * common/error.c:
           Don't need to include setjmp.h here, error.h already includes it.
           [fd05ab00e186]
   
   2013-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in, plugins/sudoers/Makefile.in:
           regen depends
           [57991f5e16b4]
   
           * plugins/sudoers/check.h:
           Rename guard define.
           [ccf4dba241d6]
   
           * plugins/sudoers/check.c, plugins/sudoers/check.h,
           plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
           Move contents of timestamp.h into check.h.
           [c139757a9283]
   
           * plugins/sudoers/sudoers.h:
           expand_prompt() is now in prompt.c sudo_printf extern is now in
           error.h
           [219bd74ca62b]
   
           * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
           plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
           plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
           plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
           plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
           plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
           plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
           plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
           plugins/sudoers/toke.h:
           Change multiple inclusion guards to be _SUDOERS_FOO_H
           [faace6d55e78]
   
   2013-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
           src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
           New Dutch translation for sudo and sudoers New Turkish translation
           for sudo From translationproject.org
           [bc918b7b23a4]
   
   2013-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in:
           Fix a typo in a comment and make sure we don't mistakenly include
           _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
           [694d12ac70ec]
   
   2013-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           Don't build check_symbols if we are linking sudoers in statically.
           [f6602723bab7]
   
           * configure, configure.in:
           Use $host_os not $host when we only care about the os name and
           version.
           [05e4f4fcba06]
   
           * aclocal.m4, configure, configure.in:
           Suppress duplicate -L and -I flags.
           [228f2f581aed]
   
           * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
           Fix regress tests on non-OpenBSD platforms.
           [9d91bc859c50]
   
           * configure, configure.in:
           If we find sasl/sasl.h there's no need to check for sasl.h too
           [889efaa86012]
   
           * aclocal.m4, configure, configure.in:
           Add -R flags at the very end after configure link tests are done
           since we can only count on libtool to accept -R, the compiler front
           end may not. Also unify the libldap and libibmldap tests using
           AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
           libibmldap (but is not an explicit dependency).
           [ab1451894351]
   
   2013-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Back out changes that broke detection of skey, opie and ldap
           libraries.
           [ffa82b8f8641]
   
           * plugins/sudoers/regress/testsudoers/test1.sh,
           plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test4.sh,
           plugins/sudoers/regress/testsudoers/test5.sh,
           plugins/sudoers/regress/visudo/test1.sh,
           plugins/sudoers/regress/visudo/test2.sh,
           plugins/sudoers/regress/visudo/test3.sh:
           Add explicit "exit 0" to prevent the check target from ending
           prematurely.
           [cca411b492bd]
   
           * plugins/sudoers/Makefile.in:
           Fix exit values in check target so we don't have to ignore errors.
           [cbc429c409e9]
   
           * plugins/sudoers/Makefile.in:
           Fail a test if there is unexpected stderr output.
           [4fc24d536bec]
   
           * MANIFEST:
           Fix path to sudo.conf manuals; remove non-existant test2.err.ok
           [6b8bcd60dd85]
   
           * src/load_plugins.c:
           Fix compilation in dynamic mode.
           [679856fa0774]
   
           * configure, configure.in:
           On HP-UX, libibmldap has a hidden dependency on libCsup
           [22994709d77c]
   
           * compat/dlopen.c:
           Pass BIND_VERBOSE to shl_load()
           [0060b9cfa9ab]
   
           * configure, configure.in:
           Only create static helper libs when --disable-shared is specified.
           [1fcdb1a437e0]
   
           * src/load_plugins.c:
           Ubreak static build.
           [4ac9f96be285]
   
           * INSTALL, aclocal.m4, configure, configure.in:
           Replace --with-rpath and --with-blibpath with --disable-rpath. Now
           that we use libtool for linking we can just use the -R flag and have
           libtool translate it to the proper linker flag.
           [09798fad6888]
   
   2013-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Bump I/O buffer size 32K
           [4ef793225309]
   
   2013-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in:
           Document sesh Path setting.
           [34b0b903b4f8]
   
           * src/exec.c, src/exec_common.c:
           Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
           [06aa1956f38d]
   
           * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
           src/selinux.c:
           Make sesh path configurable in sudo.conf
           [91d331f273b7]
   
           * configure, configure.in:
           Use -fno-pie and -nopie if supported when --disable-pie is
           specified.
           [777138c04dcc]
   
   2013-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document direct execution of the command if the policy plugin has no
           close function.
           [6a14145c6e80]
   
   2013-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Only delete creds if we actually established them. Print an error if
           pam_setcred() fails and we actually authenticated.
           [1e015314903b]
   
           * common/Makefile.in, plugins/group_file/Makefile.in:
           regen
           [dd8cee2a5e1b]
   
           * common/alloc.c, include/alloc.h:
           Convert efree() to a macro that just casts to void * and does
           free(). If the system free() can't handle free(NULL) this may crash
           but C89 was a long time ago.
           [efd0ff9270fb]
   
           * configure, configure.in:
           Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
           Fixes a problem with errno sometimes not being set on error on HP-
           UX.
           [54b419d58320]
   
           * common/sudo_debug.c:
           Fix debug logging from the plugin when there is no error number.
           This was broken in the big debugging reorg for 1.8.7.
           [2ea7e145e928]
   
   2013-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in, plugins/group_file/Makefile.in,
           plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in, src/load_plugins.c:
           Always install plugins with a .so extension regardless of what
           extension the system uses for shared libraries. That way the
           group_plugin sudoers setting can be shared between heterogenous
           systems.
           [a7e6ecff6fdf]
   
           * plugins/sudoers/match.c:
           Mac OS X has netgroup functions in netdb.h.
           [243881a974aa]
   
           * plugins/sudoers/parse.h:
           Tags in struct cmndtag can be set to IMPLIED as well.
           [cb6926988cc8]
   
           * plugins/sudoers/parse.c:
           Quiet a compiler warning.
           [14e608c2001d]
   
           * plugins/sudoers/testsudoers.c:
           Quiet an llvm checker warning.
           [2eeb9f3d08f3]
   
           * plugins/sudoers/parse.c:
           Quiet gcc -Wuninitialized false positive
           [643ad987503d]
   
   2013-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in:
           Document group_file and system_group plugins.
           [b56511e79230]
   
           * NEWS:
           Sudo 1.8.7
           [e95183b8fa27]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Try to clarify that sudoedit in sudoers should not include a leading
           pathname.
           [7b2beac92a9c]
   
           * plugins/sudoers/pwutil_impl.c:
           Make sure groupname_len is at least 32 just to be on the safe side.
           It is better to allocate a little extra and not need it than to have
           to reallocate and start over.
           [6d3e1ba47de9]
   
           * include/alloc.h, include/missing.h:
           Add __malloc_like macro to apply __malloc__ attribute to emalloc,
           ecalloc and estrdup. It cannot be applied to realloc since that may
           return the same pointer.
           [8d70cb81d1f1]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Fix potential double free in an error path.
           [657573feb6a4]
   
           * src/exec_pty.c:
           When running the command in a pty, defer the call to exec_setup()
           until just before we exec the command. This is consistent with the
           non-pty path. As a side effect, the monitor process runs as root and
           not the runas user.
           [e2a7f8c7ee4c]
   
   2013-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/closefrom.c:
           Update copyright year.
           [9b652af4dfc0]
   
   2013-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/closefrom.c:
           Use pst_highestfd from pstat_getproc() on HP-UX.
           [09f3fea46a3d]
   
   2013-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, common/Makefile.in, doc/Makefile.in,
           plugins/sudoers/Makefile.in:
           Clean up generated test files and other minor housekeeping.
           [f5f4fdd908e1]
   
           * plugins/sudoers/iolog.c:
           Add back gettimeofday() call inadvertantly removed in e1abb9810a83
           [675cce8401ae]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Use pstat() on HP-UX to determine the tty device.
           [2884af22a9df]
   
           * plugins/sudoers/auth/pam.c:
           Fix PAM compilation: def_pam_session, not just pam_session.
           [5417d7acc6ea]
   
           * doc/fixmdoc.sh:
           Don't remove the -S option description when trimming out selinux.
           Bug #592
           [8a94f2cfa0a0]
   
   2013-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for Sudo 1.8.6p7
           [0858a73e9c40]
   
   2013-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document when sudo may exec the command directly instead of forking.
           [da41951edc28]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document that close and version be NULL for plugin API >= 1.3 and
           that sudo may execute the command directly if there is no close, or
           pty or timeout needed.
           [e5f929ddeaf8]
   
           * plugins/sudoers/auth/sudo_auth.c:
           Fix debug_decl for sudo_auth_begin_session and
           sudo_auth_end_session.
           [58243392c0df]
   
           * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
           Add pam_session sudoers option.
           [d994465db9f1]
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h:
           Dummy out close function if there is no end_session for the auth
           method and the front-end can handle a NULL close function. Avoids
           the extra sudo process when we don't actually need it.
           [74886d5b0fb6]
   
   2013-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, aclocal.m4:
           Add m4/ to paths m4_include parameters so we don't need to use
           autoconf's -I flag.
           [4fd86e7a84f3]
   
           * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
           src/sudo_plugin_int.h:
           If the policy plugin does not provide a close function, there is no
           command timeout and no pty is required, skip the event loop and just
           exec the command directly.
           [ad532f107170]
   
           * src/sudo.c:
           Do not crash if the plugin close and version functions are not
           defined. If there is no policy close function, simply print a
           warning that the command was not found.
           [c789a9dd54e8]
   
   2013-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c:
           Fix typos in selinux/solaris privs specific code.
           [9af3999361b4]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, src/parse_args.c:
           Pass the default plugin directory to the plugin via the settings
           list. Could be used by a stacking plugin.
           [688e771fc145]
   
           * plugins/sudoers/timestamp.c:
           Completely ignore time stamp file if it is set to the epoch,
           regardless of what gettimeofday() returns.
           [df58842af660]
   
           * doc/CONTRIBUTORS:
           Add Nikolai Kondrashov
           [df59791438f9]
   
           * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
           Use userpw_matches() for username matching so #uid works for
           sudoRunAsUser.
           [a124062334df]
   
           * plugins/sudoers/sssd.c:
           Avoid calling realloc3() with a zero size parameter when all
           retrieved sssd rules fail. Otherwise we'll get a run-time error due
           to malloc(0) checking.
           [84dfcb73ebd7]
   
           * plugins/sudoers/sssd.c:
           Do not send error mail if a user is not found in SSSD. Local users
           can run sudo too. From Nikolai Kondrashov
           [3d2ae99ee468]
   
   2013-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/regress/sudo_conf/test4.in,
           common/regress/sudo_conf/test4.out.ok:
           Test setting disable_coredump to illegal value.
           [3c71c6c49027]
   
           * common/sudo_conf.c:
           Fix atobool() usage.
           [d40c9f4d06b0]
   
           * common/regress/sudo_conf/conf_test.c:
           Remove unused variable.
           [328b524b365b]
   
           * plugins/sudoers/sudoers.c:
           Make "sudo -l non_existent_command" warn that non_existent_command
           doesn't exist, not the "list" pseudo-command.
           [9dc0388fc4f3]
   
           * plugins/sudoers/parse.c:
           Make sudoers file long list output better match the format used by
           ldap sudoers. Tags are now converted to options and there is a
           single command per line.
           [6e6dc3f20d84]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Use the correct the sudoers policy symbol names and undo an editor
           goof committed when adding max_groups to sudo.conf.
           [2a6f7ddf5cc3]
   
           * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
           For "sudo -l" start a new line if the runas list changes to make the
           output easier to read.
           [7dc3d724c924]
   
   2013-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
           For "sudo -l" and "sudo -ll" only print the runas info for
           subsequent commands in a list if the runas info has changed. If we
           have new runas info, print out the tags again so as to be less
           confusing to the user. For "sudo -ll" set the line continuation
           indent to 8.
           [b5ec02fe7fc1]
   
   2013-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
           doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
           plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
           plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
           plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
           plugins/sample_group/sample_group.c,
           plugins/sample_group/sample_group.exp:
           Rename sample_group plugin to group_file. Install group_file and
           system_group plugins by default.
           [951b3e446fae]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Add maxseq sudoers option to limit the max number of I/O log files.
           [e1abb9810a83]
   
   2013-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Log lines and columns in the iolog file.
           [03adb6230e05]
   
   2013-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_conf/test1.in,
           common/regress/sudo_conf/test1.out.ok,
           common/regress/sudo_conf/test2.in,
           common/regress/sudo_conf/test2.out.ok,
           common/regress/sudo_conf/test3.in,
           common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
           include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
           src/sudo.c:
           Add simple regress tests for sudo.conf parsing.
           [3c36b61bf61c]
   
           * src/sudo.c:
           Always display the I/O plugin version as long as its open functions
           doesn't return an error. Previously it was only displayed if the
           plugin open returned 1.
           [4b0277db3f8c]
   
           * plugins/sudoers/pwutil_impl.c:
           Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
           of poking around in struct utmpx.
           [2c0cc5c42958]
   
           * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
           #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
           build directory and not the src dir when using a separate build
           directory.
           [1fcb7ba13018]
   
   2013-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/fileops.c:
           If a line was longer that 0x80000000 the bit hack to round to the
           next power of two would roll over to zero.
           [f4f729cf6f0f]
   
           * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
           plugins/sudoers/sudoers.h, src/sudo.c:
           Use max_groups in front-end and plugin.
           [bf1e74166831]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, src/parse_args.c:
           Pass max_groups to plugin in settings list.
           [d7d76e8651f4]
   
           * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h:
           Add max_groups setting to sudo.conf (currently unused) and remove
           unused return value from setters.
           [f6494f71e1f0]
   
   2013-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL:
           Reorganize configure options
           [23475de8039f]
   
   2013-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Add Sudo 1.8.6p7
           [5192fc511cbe]
   
   2013-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL.configure:
           Sync with autoconf 2.68
           [985e5c8efa4e]
   
           * INSTALL, README:
           Remove obsolete OS notes and move build requirements to INSTALL.
           [bf0dd53ca164]
   
   2013-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Sort elements of the settings, user_info and command_info lists.
           [663062ada5b7]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Remove trailing white space
           [027916a6c8e7]
   
           * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
           Store the session ID in the tty ticket file too. A tty may only be
           in one session at a time so if the session ID doesn't match we
           ignore the ticket.
           [4eb2cb8df48b]
   
   2013-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c, src/sudo.c:
           Move tzset() call from sudoers plugin to sudo front end.
           [3c058dad8772]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Mention line continuation
           [399873f8c805]
   
           * MANIFEST, common/Makefile.in, common/fileops.c,
           common/regress/sudo_parseln/parseln_test.c,
           common/regress/sudo_parseln/test1.in,
           common/regress/sudo_parseln/test1.out.ok,
           common/regress/sudo_parseln/test2.in,
           common/regress/sudo_parseln/test2.out.ok,
           common/regress/sudo_parseln/test3.in,
           common/regress/sudo_parseln/test3.out.ok,
           common/regress/sudo_parseln/test4.in,
           common/regress/sudo_parseln/test4.out.ok,
           common/regress/sudo_parseln/test5.in,
           common/regress/sudo_parseln/test5.out.ok,
           common/regress/sudo_parseln/test6.in,
           common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
           include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
           plugins/sudoers/sudo_nss.c:
           Add line continuation support to sudo_parseln() and make it use
           getline() instead of fgets() internally.
           [d02bf3973fc5]
   
   2013-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sample/sample_plugin.c:
           Fix memory leak in error path; found by llvm checker
           [d090c26a5b00]
   
           * plugins/sudoers/sudoreplay.c:
           Remove useless store detected by llvm checker.
           [12a4db91651a]
   
           * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
           src/load_plugins.c, sudo.pp:
           Sudo now stores its libexec files in a "sudo" subdirectory instead
           of in libexec itself. For backwards compatibility, if the plugin is
           not found in the default plugin directory, sudo will check the
           parent directory default directory ends in "/sudo".
           [5de67de76489]
   
           * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
           plugins/system_group/system_group.c:
           Add missing __dso_public to plugin structs so they are exported.
           [dde703577621]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
           Mention that sudoers has its own plugins too.
           [0a6c6203b512]
   
   2013-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
           Correct last change date.
           [45894291d792]
   
           * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in:
           Remove duplicated sudo.conf info in the sudo, sudoers and
           sudo_plugin manuals and cross-reference the new sudo.conf manual.
           [b808ba29cf3a]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Fix typos
           [0e70964150c6]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Fix some typos.
           [94ae045cfbc6]
   
           * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in:
           Add standalone sudo.conf manual page.
           [d64d949b700c]
   
           * doc/sample.sudo.conf:
           add group_source example
           [118c1ba1c014]
   
           * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
           doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
           [f5bd6006dc1c]
   
           * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
           src/po/it.po:
           Sync with translationproject.org
           [a6f2b9aac371]
   
   2013-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
           src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
           src/po/vi.po:
           Sync with translationproject.org
           [ba546666969d]
   
   2013-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
           plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
           src/po/es.po, src/po/gl.po:
           Sync with translationproject.org
           [cdc454e34c03]
   
   2013-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Clarify ttyname changes.
           [cbf2f80fe582]
   
           * NEWS:
           Add 1.8.6p6
           [3aa591e98b3b]
   
           * src/ttyname.c:
           Remove ttyname() fall back code on systems where we can query the
           kernel for the tty device via /proc or sysctl(). If there is no
           controlling tty, it is better to just treat the tty as unknown
           rather than to blindly use what is hooked up to std{in,out,err}.
           [b2bd3005d2e4]
   
   2013-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
           Add group_source setting in sudo.conf to allow the admin to specify
           how a user's groups are looked up. Legal values are static (just the
           kernel list from getgroups), dynamic (whatever the group database
           includes) and adaptive (only use group db if kernel group list is
           full).
           [87a5b02e22ad]
   
           * plugins/sudoers/policy.c:
           Pass back exec_background to front end if it is enabled in sudoers.
           [8230e1cd0bbd]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Mention that exec_background is for 1.8.7 and higher only.
           [fdf0d5a3e182]
   
   2013-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST:
           Add missing test files.
           [1165389aa5e6]
   
           * plugins/sudoers/regress/visudo/test3.err.ok,
           plugins/sudoers/regress/visudo/test3.out.ok,
           plugins/sudoers/regress/visudo/test3.sh:
           Add regress test for bug 361
           [54c7fb61b82d]
   
           * plugins/sudoers/iolog.c:
           Add __dso_public to extern declaration of declaration to match
           actual definition.
           [4695ded501e6]
   
           * NEWS:
           Add 1.8.6p5
           [b07b28c5c4d7]
   
   2013-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
           plugins/sudoers/regress/visudo/test2.out.ok,
           plugins/sudoers/regress/visudo/test2.sh:
           Add test for visudo cycle check core dump; test case from Daniel
           Kopecek
           [41074541147a]
   
           * plugins/sudoers/visudo.c:
           Fix potential stack overflow due to infinite recursion in alias
           cycle detection. From Daniel Kopecek.
           [d7e018a87434]
   
           * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
           Ignore duplicate entries in sudo.conf and report the line number
           when there is an error. Warn, don't abort if there is more than one
           policy plugin.
           [dfcb5a698f0a]
   
           * plugins/sudoers/tsgetgrpw.c:
           Use strtoul() not atoi().
           [58a52cf9b6b8]
   
   2013-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in:
           regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
           [9b44e9d26d16]
   
           * compat/nss_dbdefs.h:
           Fix typo that breaks the build on HP-UX.
           [b9ab6ba23485]
   
           * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
           configure, configure.in:
           Use nss_search() to implement getgrouplist() where available. Tested
           on Solaris and HP-UX. We need to include a compatibility header for
           HP-UX which uses the Solaris nsswitch implementation but doesn't
           ship nss_dbdefs.h.
           [d29dbc4dc06d]
   
   2013-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
           Remove extra flag to sudo_sigaction(). We want to trap the signal
           regardless of whether or not it is ignored by the underlying command
           since there's no way to know what signal handlers the command will
           install. Now we just use sudo_sigaction() to set a flag in
           saved_signals[] to indicate whether a signal needs to be restored
           before exec.
           [c042d52c7192]
   
   2013-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c, config.h.in, configure, configure.in:
           Use _getgroupsbymember() on Solaris to get the groups list. Fixes
           performance problems with the getgroupslist() compat on Solaris
           systems with network-based group databases.
           [287d3ae2ce8d]
   
   2013-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document signal handler behavior in plugin API 1.3
           [20dc9d1c105f]
   
           * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
           src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
           Move signal code into its own source file and add sudo_sigaction()
           wrapper that has an extra flag to check the saved_signals list to
           only install the handler if the signal is not already ignored. Bump
           plugin API version for the new front-end signal behavior.
           [5d2f27a1b404]
   
           * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
           src/sudo_exec.h:
           Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
           the command. If we get SIGINT or SIGQUIT, call the plugin close()
           functions as if the command was interrupted. If we get SIGTSTP,
           uninstall the handler and deliver SIGTSTP to ourselves.
           [332baf3a81b7]
   
           * src/exec.c, src/exec_pty.c:
           Rename handle_signals() to dispatch_signals(). Block other signals
           in handler() so we don't have to worry about the write() being
           interrupted.
           [666e95c9a0f1]
   
   2013-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/tgetpass.c:
           Rename signal handler to avoid name clash with one in exec.c
           [8913101a29b6]
   
   2013-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Add missing call to save_signals().
           [47d075d7326b]
   
   2013-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Fill in the comment block at the top of the .pot files and preserve
           it when regenerating them.
           [6449497b76db]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
           Add exec_background option in plugin command info and a sudoers
           option to match. When set, commands are started in the background
           and automatically foregrounded as needed. There are issues with some
           ill-mannered programs (like Linux su) so this is not the default.
           [c0b32b0938f2]
   
           * common/Makefile.in:
           regen
           [2b2b220e7aea]
   
           * src/Makefile.in:
           Add SESH_OBJS variable for sesh object files.
           [d3e04ae8fd1f]
   
           * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
           Update copyright year.
           [61a0f0cedb13]
   
           * src/exec_pty.c:
           Always resume the command in the foreground if sudo itself is the
           foreground process. This helps work around poorly behaved programs
           that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
           worst, sudo will go into the background but upon resume the command
           will be runnable. Otherwise, we can get into a situation where the
           command will immediately suspend itself.
           [c368ac3eb2e4]
   
           * configure, configure.in:
           Use -fstack-protector-all in preference to -fstack-protector where
           supported.
           [f930c95ceb51]
   
   2013-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Only test for -fstack-protector and -fvisibility=hidden on GNU
           compatible compilers.
           [796f4696d863]
   
   2013-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Add Sudo 1.8.6p4
           [8a928de8e717]
   
           * common/Makefile.in, compat/Makefile.in, configure, configure.in,
           plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in:
           Break out stack smashing protector options into SSP_CFLAGS and
           SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
           [01be114fc9fb]
   
   2013-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
           In rbrepair(), make sure we never try to change the color of the
           sentinel node, which is the first entry, not the root. From Michael
           King
           [3fc4dc4004ec]
   
   2012-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           No need to restore default signal handler for SIGSTOP as it is not
           catchable. Attempting to do so is harmless but sigaction() will fail
           and set errno to EINVAL which makes it looks like there is an error.
           [be7c0b759e9a]
   
           * src/exec.c:
           Print SIGCONT_FG and SIGCONT_BG properly in debug output.
           [93e59e301c8f]
   
   2012-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
           [9ed48f696595]
   
   2012-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Add howmany() macro since some systems have this in sys/param.h
           which we no longer include.
           [2c5efaa16c45]
   
   2012-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
           Remove errant file.
           [a91699beffc6]
   
   2012-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Remove obsolete sudoers_cleanup() stubs.
           [89153025a2ae]
   
           * common/alloc.c, common/atobool.c, common/fileops.c,
           common/fmt_string.c, common/lbuf.c, common/secure_path.c,
           common/sudo_conf.c, common/sudo_debug.c, common/term.c,
           compat/closefrom.c, compat/getcwd.c, compat/glob.c,
           compat/snprintf.c, include/missing.h,
           plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
           plugins/sample_group/plugin_test.c,
           plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
           plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
           plugins/sudoers/check.c, plugins/sudoers/defaults.c,
           plugins/sudoers/env.c, plugins/sudoers/find_path.c,
           plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
           plugins/sudoers/redblack.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
           plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
           plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
           src/exec_common.c, src/exec_pty.c, src/get_pty.c,
           src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
           src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
           Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
           MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
           HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
           MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
           [f4807d46f504]
   
           * include/missing.h, plugins/sudoers/match.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
           Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
           (sys/param.h or netdb.h).
           [2544f5e306dd]
   
   2012-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           Move debug_decl() in log_failure() to be after the variable
           declarations for C89.
           [f48d2035ab44]
   
   2012-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/error.c, include/error.h, plugins/sudoers/iolog.c,
           plugins/sudoers/logging.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Cannot wrap sigsetjmp() or we end up returning to the wrong place.
           Use a macro instead.
           [749ee6acdad8]
   
   2012-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/policy.c:
           Fix return in sudoers_policy_open that should be debug_return.
           [a78b795b6846]
   
   2012-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
           too.
           [acfa891c229e]
   
           * src/solaris.c:
           Quiet a gcc warning and add comment about needing to keep the handle
           open.
           [f954f228960f]
   
   2012-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL:
           mention --disable-shared
           [6954d39e2d0f]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Add missing command_info argument in I/O plugin open() prototype.
           Bug #579
           [72beb07aba0e]
   
   2012-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c:
           Regen for proper line numbers.
           [6cf6e132e764]
   
           * configure, configure.in:
           Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
           [d604dc8ca38a]
   
           * common/sudo_printf.c:
           Include missing.h for __printflike.
           [a33640600faf]
   
           * plugins/sudoers/iolog.c:
           Saner loop invariant in io_mkdirs (cosmetic only).
           [dc30274afe38]
   
           * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
           configure, configure.in, include/error.h, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
           src/sesh.c:
           Move warn/error into common and make static builds work.
           [4d3f374f4e4c]
   
           * MANIFEST, common/Makefile.in, common/sudo_debug.c,
           common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/conversation.c, src/sesh.c:
           Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
           Add sudo_printf function pointer that is initialized to
           _sudo_printf() instead of requiring a sudo_conv function pointer
           everywhere. The plugin will reset sudo_printf to point to the
           version passed in via the plugin open function. Now plugin_error.c
           can just call sudo_printf in all cases. The sudoers binaries no
           longer need their own version of sudo_printf.
           [9b09d3f63790]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
           plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
           need error_jmp to be extern. Also add plugin_clearjmp() that clears
           a flag so error()/errorx() knows when to call exit() vs. longjmp().
           [5a4617148e70]
   
           * plugins/sudoers/set_perms.c:
           Let warning() call gettext() for us.
           [ab8d502ba4ac]
   
           * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
           Do locale swapping in the warning()/error() macros themselves
           instead of in the underlying functions.
           [4cd205540e17]
   
           * common/alloc.c, common/list.c, include/error.h,
           plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
           src/hooks.c:
           Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
           [48346393634d]
   
           * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
           plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
           src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
           src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
           src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
           Call gettext() on parameters for warning()/warningx() instead of
           having warning() do it for us.
           [c71088bc9d3e]
   
           * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
           Call gettext() in sudoerserror() in the user's locale and pass the
           untranslated string to it.
           [cdbfc231b848]
   
           * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
           plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Allow sudoers programs (visudo, sudoreplay, visudo) to use
           plugin_error.c instead of the error.c from the front-end. This means
           sudoers_setlocale() needs to be independent of the sudo_user struct
           and the defaults table. The sudoers locale is now updated via a
           callback.
           [e356f5f8cd6a]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
           plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
           Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
           warning/error functions work when sudo_conv is NULL
           [7365ee24a779]
   
           * src/error.c:
           No need to change locale in front-end warning()/error().
           [23dc1df7f93b]
   
           * plugins/sudoers/tsgetgrpw.c:
           Ignore bad lines in passwd/group file instead if stopping processing
           when we hit one.
           [79b790559075]
   
           * plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Bash doesn't let you set UID to use MYUID instead.
           [5be56335f059]
   
           * plugins/sudoers/visudo.c:
           Avoid NULL deref for unknown Defaults in strict mode.
           [545c21c1e7d6]
   
           * common/sudo_conf.c, common/sudo_debug.c:
           See DEFAULT_TEXT_DOMAIN
           [3d723e1d27db]
   
   2012-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * .hgignore:
           Add signame.c and mksigname.
           [d59bbf423f00]
   
           * plugins/sudoers/Makefile.in:
           Fold preinstall into install-plugin and pass the path to the plugin
           binary to the preinstall command.
           [2c2205af8bb7]
   
           * pp:
           sync with upstream
           [a4b7336b3256]
   
           * src/sudo.h:
           repair spacing
           [f5c1255ce514]
   
   2012-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c:
           Set group on sudo_debug when creating it to gid 0 so systems without
           BSD group semantics don't get the invoking user's group.
           [7dda01196554]
   
           * plugins/sudoers/iolog.c:
           Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
           path is a temporary, in which case the final component is created
           via mkdtemp() instead of mkdir().
           [79c0c4e7ed58]
   
           * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
           For PERM_ROOT set egid to 0 so log files are not created with the
           gid of the user.
           [5b964ea43474]
   
           * plugins/sudoers/logging.c:
           Add calls to set_perms(PERM_ROOT) becore logging to a file. We
           should already be root but since we cache the current permission
           status it is basically free. That way, if more of sudoers runs as
           non-root in the future logging will still work correctly.
           [c591d4973f41]
   
           * common/sudo_conf.c, config.h.in, configure, configure.in,
           include/gettext.h, plugins/sudoers/locale.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
           #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
           [41f6bb4926f4]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Mention that sudo.conf is parsed in the C locale.
           [f711c416e30c]
   
           * common/sudo_conf.c:
           Parse sudo.conf in the "C" locale.
           [776658f651ea]
   
           * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
           plugins/sudoers/sudoers.h:
           Fix compilation on systems w/o setlocale()
           [6940d1c1c1ce]
   
           * doc/TROUBLESHOOTING:
           Sudo now includes a workaround for the Solaris 11 locale issue.
           [ab93787a552c]
   
   2012-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/gettext.h, plugins/sudoers/iolog_path.c,
           plugins/sudoers/locale.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
           Always include locale.h from gettext.h so we no longer need to
           include locale.h from the .c files.
           [93d39182ccfa]
   
           * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
           plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
           src/solaris.c, src/sudo.c, src/sudo.h:
           Add os-specific initialization functions for solaris (workaround
           setuid locale problem in Solaris 11) and openbsd (set malloc_options
           if SUDO_DEVEL). Also move set_project() to solaris.c.
           [1d6581afbaf4]
   
   2012-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
           Avoid strerror() when possible and just rely on warning/error to
           handle errno in the proper locale.
           [bf612caae97c]
   
           * plugins/sudoers/logging.c:
           Set sudoers locale in log_allowed()
           [2dd0ac704cae]
   
           * plugins/sudoers/check.c:
           Make the sudo lecture translatable.
           [3cdfc183d72d]
   
           * Makefile.in:
           Add the values of badpass_message, passprompt and mailsub to
           sudoers.pot so they can be translated.
           [51cbe8adcb94]
   
           * plugins/sudoers/logging.c:
           Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
           up by xgettext.
           [c5b74115caf0]
   
   2012-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
           plugins/sudoers/sudoers.h:
           Make expand_prompt() args const and free the prompt when we are done
           with it.
           [995ef8519fe6]
   
           * plugins/sudoers/policy.c:
           Fix cut and pasto
           [e002921c1d15]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
           Expand def_mailsub in the sudoers locale, not the user's.
           [a4775f2fb385]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
           plugins/sudoers/env.c, plugins/sudoers/iolog.c,
           plugins/sudoers/locale.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/parse.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/timestamp.c:
           Call gettext inside log_error et al instead of having the caller do
           it. This way we can display any messages to the user in their own
           locale but log in the sudoers local.
           [286e0444f785]
   
           * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/visudo.c, src/error.c, src/exec.c,
           src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
           src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
           src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
           Display warning/error messages in the user's locale.
           [00a04165c0cf]
   
           * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
           audit_failure() now calls gettext itself using the sudoers locale.
           [d77f1d78799a]
   
           * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
           plugins/sudoers/sudoers.c:
           Convert setlocale() to sudoers_setlocale() in the sudoers module.
           This only converts existing uses, there are more places where we
           need to sprinkle sudoers_setlocale() calls.
           [8ee0cbf0d0a9]
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
           plugins/sudoers/locale.c, plugins/sudoers/logging.h,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Add simple locale switching to make it easy to switch from the
           user's locale to the sudoers locale without making excessive
           setlocale() calls when we don't need to.
           [5c61582fdeee]
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           plugins/sudoers/plugin_error.c, src/error.c:
           Add variants of warn/error and sudo_debug_printf that take a va_list
           instead of a variable number of args.
           [00392bdc063c]
   
           * INSTALL, doc/TROUBLESHOOTING:
           Document Solaris 11 locale issues and workarounds.
           [05f7d34af3ae]
   
           * Makefile.in, configure, configure.in:
           Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
           locales. Make links from localdir/lang -> localdir/lang.UTF-8
           [5ca9326480e2]
   
   2012-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
           Do not inform the user that the command was not permitted by the
           policy if they do not successfully authenticate. This is a
           regression introduced in sudo 1.8.6.
           [c1279df08bfb]
   
           * plugins/sudoers/Makefile.in:
           Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
           the rpath in HP-UX SOM shared libraries for the LDAP libs.
           [b07185657b42]
   
           * src/parse_args.c:
           The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
           [22c73cbe3ff9]
   
   2012-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL, configure, configure.in:
           Allow the user to specify and alternate libtool
           [c9d6fc9521fd]
   
   2012-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
           Allow sudo to be build with sss support without also including ldap
           support. From Stephane Graber.
           [b992a80ebea1]
   
   2012-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           Refactor policy plugin interface code from sudoers.c into policy.c
           [393e62910b8a]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
           Refactor command_info setting into its own function.
           [a952b948324c]
   
           * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
           plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Make interfaces pointer private to interfaces.c and add
           get_interfaces() accessor.
           [b69b9334ed3c]
   
   2012-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
           plugins/sudoers/sudoers.h:
           Make user_cwd const since it is either a string literal or passed in
           from the front-end.
           [90751b81e8bc]
   
           * configure, configure.in:
           sudo 1.8.7
           [bf727adb8af0]
   
           * plugins/sudoers/sudoers.c:
           Avoid nested strtok() calls.
           [9d9f22ab52a9]
   
   2012-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
           plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
           Move expand_prompt() into its own source file for easier unit
           testing.
           [b419b48a436f]
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
           plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
           Make check.c independent of the underlying timestamp implementation.
           [895071bd6065]
   
           * plugins/sudoers/iolog_path.c:
           Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
           [8ac38f02dd6d]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Use a list for the possible values of Tag_Spec with a minimal indent
           to improve readability. In the pod version, these were =head3. Also
           use .St -p1003.1 instead of just POSIX when talking about glob() and
           fnmatch().
           [361a6f7a5c44]
   
   2012-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           sudo_ttyname_dev() is unused if there is no /proc or sysctl().
           [6598dbf81e16]
   
           * compat/mksiglist.c, compat/mksigname.c,
           compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
           plugins/sample_group/plugin_test.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
           Explicitly mark main() as public in executables to avoid an HP-UX ld
           warning.
           [72a40ce218be]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Remove grep from SEE ALSO section.
           [c7cafee1621f]
   
           * common/alloc.c:
           If vasprintf() fails, just use the errno it sets instead of assuming
           ENOMEM.
           [1be5bfdc0cab]
   
   2012-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Mention HP-UX pam.conf settings.
           [8b8e745b49fd]
   
   2012-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
           plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/timestamp.h:
           Split off timestamp functions into their own source file.
           [d5833332511d]
   
   2012-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Mention how !foo is not the same as ALL,!foo
           [51f8e470757d]
   
   2012-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Start commands in the background when I/O logging is enabled. We
           can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
           which returns EINTR on signal instead of restarting automatically.
           [83b1d59146f7]
   
           * src/exec_pty.c:
           Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
           string in deliver_signal().
           [2cefea7a976e]
   
   2012-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Fix running commands that need the terminal in the background when
           I/O logging is enabled. E.g. "sudo vi &". When the command is
           foregrounded, it will now resume properly.
           [0bc13a253429]
   
           * plugins/sudoers/match.c:
           Add rudimentary support for name-based matching as a compile-time
           option. This unsafe when used in conjunction with the '!' operator.
           [f93bc8e6db15]
   
   2012-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
           plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
           Split out implementation-specific back end code out of pwutil.c into
           pwutil_impl.c. This will allow the main pwutil code to be used for
           lookup methods other than getpw* and getgr*.
           [999c2dde60e4]
   
   2012-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           sudo 1.8.6p3
           [97fef3d9ed65]
   
   2012-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/fixman.sh:
           Don't use embedded newline when matching, use \n. This got expanded
           at some point. Bug #573
           [6652f834b8f5]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
           really needed due to the #defines that yacc makes but it is less
           confusing this way as the lexer calls sudoerserror().
           [a0577be6527d]
   
           * common/alloc.c, plugins/sample_group/plugin_test.c,
           plugins/sudoers/env.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           src/exec_common.c, src/parse_args.c, src/sudo.c:
           No need to translate "unable to allocate memory" when we can just
           use the system translation via strerror().
           [377499e5827c]
   
           * plugins/sudoers/sudoreplay.c:
           Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
           all file systems support d_type. Bug #572
           [8b861c62945f]
   
           * plugins/sudoers/sudoreplay.c:
           Avoid calling fclose(NULL) in the error path when we cannot open an
           I/O log file.
           [9401d5c4bb05]
   
   2012-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           Sudo 1.8.6p2
           [6e32496280f2]
   
           * src/exec.c:
           When setting the signal handler for SIGTSTP to the default value in
           non-I/O log mode, store the old handler value for when we restore it
           after resume.
           [242628694e42]
   
           * plugins/sudoers/env.c:
           Replace the guts of sudo_setenv_nodebug() with our old setenv.c
           which supports non-standard BSD and glibc semantics. sudo_setenv()
           now simply calls sudo_setenv2().
           [57ffb6c9efaa]
   
   2012-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document non-Unix group support in LDAP sudoers.
           [33c89f3aeee6]
   
           * plugins/sudoers/ldap.c:
           Enable non-Unix group support for LDAP sudoers. We now check for
           non-Unix groups and netgroups with the same query in the second
           pass. Bug #571
           [eb98fdff54d9]
   
   2012-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
           plugins/sudoers/gram.h, plugins/sudoers/parse.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c:
           Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
           [cb6c0d93215e]
   
   2012-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention support for SUCCESS=return in /etc/nsswitch.conf
           [ef1f35aa0863]
   
           * NEWS, configure, configure.in:
           sudo 1.8.6p1
           [73a5e1f004b3]
   
   2012-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/env.c:
           Avoid setting LOGNAME, USER and USERNAME variables twice when
           set_logname is enabled.
           [0de4f5fbd1d4]
   
           * plugins/sudoers/env.c:
           Fix duplicate detection in sudo_putenv(), do not prune out the
           variable we just set when overwriting an existing instance. Fixes
           bug #570
           [854ee714c831]
   
           * plugins/sudoers/env.c:
           Add some debuggging
           [a25cd3305823]
   
   2012-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudo_nss.c:
           Disable word wrap in list mode when stdout is a pipe to make "sudo
           -l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
           [65ade04511fd]
   
           * common/lbuf.c:
           Print a trailing newline in lbuf_print() when there is not enough
           space to do word wrapping and the lbuf does not end with a newline.
           [c0200e19cd09]
   
           * plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
           Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
           Kopecek
           [5c480316e3ce]
   
           * MANIFEST:
           Add sssd.c
           [9cadd014ef97]
   
   2012-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
           plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
           plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
           src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
           regen .po files
           [62423d4d143d]
   
           * MANIFEST, plugins/sudoers/po/vi.mo:
           Add Vietnamese sudoers translation from translationproject.org
           [33666a605525]
   
           * NEWS:
           mention PIE
           [05032e5304c6]
   
           * MANIFEST, plugins/sudoers/po/vi.po:
           Add Vietnamese sudoers translation from translationproject.org
           [015c2204bae2]
   
   2012-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, compat/Makefile.in, mkdep.pl:
           Add missing signame dependency
           [e493bfb01929]
   
           * src/exec.c, src/ttyname.c:
           Silence compiler warnings.
           [1c5374b66d9b]
   
           * MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
           config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
           src/exec.c, src/exec_pty.c:
           Replace strsigname() with sig2str(), emulating it as needed.
           [1e348cca1fa6]
   
           * config.h.in, configure, configure.in, src/utmp.c:
           Use fseeko() for legacy utmp handling if available.
           [b4bbd8d2c0e9]
   
   2012-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/strsigname.c, config.h.in, configure, configure.in:
           Detect sys_sigabbrev[] and use it in place of sys_signame[] if
           present. For some reason glibc does not declare sys_sigabbrev so we
           must add an extern definition of our own.
           [b38f3fbd7078]
   
           * compat/strsignal.c, compat/strsigname.c:
           Handle NULL entries in sys_siglist and sys_signame.
           [a388959d9654]
   
           * compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
           compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
           Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
           [711e41aba59a]
   
   2012-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           sync
           [5a2522488754]
   
           * src/exec.c:
           Pass on SIGTSTP to the command if it was sent by a user process (not
           the kernel or the terminal) when we are not I/O logging and set the
           default SIGTSTP handler when we re-send the signal to ourself,
           restoring our handler after we resume.
           [4259c47e31c0]
   
           * src/exec.c:
           Shells typically change their process group when they start up so
           that they can implement job control. Most well-behaved shells change
           the pgrp back to its original value before suspending so we must not
           try to restore in that case, lest we race with the child upon
           resume, potentially stopping sudo with SIGTTOU while the command
           continues to run. Some shells, such as pdksh, just suspend the shell
           by sending SIGSTOP to themselves without restoring the pgrp. In this
           case we need to change the pgrp back for them. Should fix bug #568
           [6ac6751ffd17]
   
   2012-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, compat/Makefile.in, compat/mksigname.c,
           compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
           config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
           src/exec.c, src/exec_pty.c:
           Use strsigname() to print signal names in the debug output. If the
           system has no strsigname(), use our own.
           [0735f18906b9]
   
   2012-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/testsudoers/test5.inc,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Remove generated file and change path for temporary include file.
           [4e9fa830c6b5]
   
           * plugins/sudoers/Makefile.in:
           When running regress tests, list pass/fail rate for each dir
           (testsudoers and visudo) instead of the total. Also prevent the
           result files from clobbering each other by keeping them in the
           relevant directories.
           [6aac53baff7d]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Don't print an error message in yyerror() if open_sudoers() fails,
           we've already printed an error message. Also restore the check for
           sudoers_warnings in yyerror().
           [aa6036df5fb2]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l:
           Avoid printing the >>> parse error <<< message for testsudoers when
           the -t flag is specified.
           [76f3433c8992]
   
   2012-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c:
           Fix NULL deref when an entry has no Runas_Entry
           [4b14983ff6e7]
   
           * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [440e9c9b37de]
   
           * NEWS:
           sync
           [3142ba2dce60]
   
           * plugins/sudoers/check.c:
           Correct the check_user() comment header.
           [73da30308fff]
   
           * plugins/sudoers/auth/sudo_auth.c:
           Change a log_fatal() into log_error() when no auth methods are
           configured. The caller already checks the return value.
           [05f5c39793a7]
   
           * plugins/sudoers/logging.c:
           Add missing debug_return
           [3a76bb7c2fe7]
   
   2012-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Make the capitalization consistent for .Ss and .Sx
           [5c5735ee4b2f]
   
           * doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
           doc/sudo.man.in, doc/sudo.mdoc.in:
           Add COMMAND EXECUTION section that describes how sudo runs the
           command, the extra sudo processes and signal handling.
           [dff2d88e984e]
   
   2012-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in:
           Happy Easter
           [4b9d697c6b83]
   
   2012-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in:
           Don't echo the awk command when building siglist.in
           [21daa72921e6]
   
           * doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Cosmetic changes.
           [19259528e9ad]
   
           * doc/Makefile.in:
           The HISTORY, LICENSE and CONTRIBUTORS files are not longer
           generated.
           [ea6ac9e981e6]
   
           * MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
           plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
           plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
           src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
           src/po/uk.po, src/po/vi.po:
           Sync with translationproject.org and add Italian sudoers
           translation.
           [9276740aea59]
   
   2012-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Expand description of fqdn to talk about systems where the hosts
           file is searched before DNS.
           [4ee812ca6116]
   
   2012-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/Makefile.in:
           For cat pages there is nothing to make unless DEVEL is set.
           [fab4a5b68708]
   
           * configure, configure.in, doc/Makefile.in:
           Always use mandoc to format cat pages and remove now-extraneous
           nroff configure tests.
           [5747f4ed5762]
   
           * pp:
           sync polypkg from git
           [89ddf6ea3e3f]
   
           * plugins/sudoers/sudoers.c:
           Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
           is not always the same as "fully qualified".
           [7c1d9c098386]
   
   2012-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.mdoc.in:
           Fix some typos. Describe error messages not related to policy
           permissions.
           [f5ebf9030d85]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/visudo.c:
           Add new check_defaults() function to check (but not update) the
           Defaults entries. Visudo can now use this instead of update_defaults
           to check all the defaults regardless instead of just the global
           Defaults entries.
           [3fa879ce1b65]
   
   2012-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document sudoers log format.
           [08998a7061ab]
   
           * NEWS:
           Update for sudo 1.8.5p3
           [6e102a5d4e8d]
   
           * src/load_plugins.c:
           Add missing check for I/O plugin API version when checking for the
           presence of I/O plugin hooks.
           [ef05c7eeaf81]
   
           * src/hooks.c:
           Can't call debug code in the process_hooks_xxx functions() since
           ctime() may look up the timezone via the TZ environment variable.
           [2179fb26bd8e]
   
   2012-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_common.c, src/sesh.c, src/utmp.c:
           Include signal.h before sudo_exec.h since it uses sigset_t * in the
           fork_pty prototype.
           [94fc0d859600]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
           doc/visudo.man.in, doc/visudo.mdoc.in:
           Remove OPTIONS section; options now go inside DESCRIPTION
           [a619fc58a746]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [44719d80bc06]
   
           * MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
           plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
           src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
           Sync with translationproject.org and add new Slovenian translation.
           [34b4b966bbac]
   
           * common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/testsudoers.c:
           Reduce the number of "internal error, foo overflow" messages that
           need to be translated.
           [93ffa2b3d53f]
   
           * NEWS:
           Mention HP-UX reboot fix.
           [1e39b5aa32ac]
   
           * INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
           doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
           plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
           Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
           data source. From Daniel Kopecek and Pavel Brezina.
           [3f85e95d6928]
   
   2012-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_conf.c, src/load_plugins.c:
           If sudo.conf contains an I/O plugin but no policy plugin, use
           sudoers for the policy plugin. If a policy plugin is specified
           without an I/O plugin, only the policy plugin will be loaded.
           [ea192df2439d]
   
           * doc/Makefile.in, doc/sudoers.man.in:
           Do not modify the .Os section when building the .man.in file from
           .mdoc.in.
           [a9f9628e147f]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Add a note about wildcards matching multiple words and include an
           example. Also mention that for sudoedit, a wildcard in command line
           args does not match a slash.
           [fcb9fbac14e0]
   
   2012-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c, src/sudo_exec.h:
           Fix a comment, update a variable name in a prototype; all cosmetic.
           [e89f10cbd6e1]
   
           * plugins/sudoers/iolog.c:
           Cast 2nd argument of lseek() to off_t if it is a constant for
           systems with 64-bit off_t but without a proper lseek() prototype.
           [d8779da135d0]
   
           * compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/visudo.c:
           Fix some warnings from clang checker-267
           [1e44ef7860b5]
   
           * plugins/sample/sample_plugin.c:
           Fix memory leak found by clang checker-267
           [f8a43617fdfb]
   
   2012-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
           If we receive a signal from the command we executed, do not forward
           it back to the command. This fixes a problem with BSD-derived
           versions of the reboot command which send SIGTERM to all other
           processes, including the sudo process. Sudo would then deliver
           SIGTERM to reboot which would die before calling the reboot() system
           call, effectively leaving the system in single user mode.
           [4ffab9ab9e98]
   
   2012-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/fixman.sh, doc/fixmdoc.sh:
           Remove section about Solaris 10 on other systems. Add missing
           sudoers.man.in bit to fixman.sh.
           [176559199ba7]
   
   2012-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Expand section on Solaris privileges.
           [3a1bfa2f1743]
   
           * NEWS:
           Expand a bit on the Solaris priv set changes.
           [bffb78b4a520]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           The second argument to init_parser() is now bool.
           [fb727a4fb651]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Fix printing of parse error message to stderr.
           [dea6b420b84f]
   
           * plugins/sudoers/check.c, plugins/sudoers/defaults.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.c,
           plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
           If a command matches using an empty Runas_List (i.e. Runas_List is
           present but empty) and the -u option was not specified, set runas_pw
           to user_pw instead of using runas_default. This is intended to be
           used in conjunction with the Solaris Privilege Set support for rules
           that grant privileges without changing the user.
           [e84a081f3c11]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/gram.c, plugins/sudoers/gram.h,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
           Add support for parsing an empty Runas_List, which only allows the
           command to be run as the invoking user. This can be used in
           conjunction with the Solaris Privilege Set support to grant
           privileges without changing the user.
           [dc34373792fc]
   
   2012-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/fixman.sh:
           Fix HP-UX, just use ".TH name section" like the vendor manuals.
           [559738237c92]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Fix compilation on Solaris
           [2d310302207c]
   
           * .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
           doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
           doc/sudoers.mdoc.sh:
           Generate a sed script file when munging *.mdoc or *.man instead of
           passing sed expressions on the command line. Older seds do not
           support \n in a replacement so generate and run a sed script
           instead.
           [0bcce3f1ca18]
   
           * doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
           doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
           doc/visudo.man.in:
           Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
           [fe0f10b63776]
   
   2012-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           When checking whether a signal is user-generated, compare si_code
           against SI_USER instead of <= 0 since on HP-UX, terminal-related
           signals get a code of 0.
           [4e9021243343]
   
           * src/sudo.c:
           SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
           interchangably. This causes problems when setting RLIMIT_NPROC to
           RLIM_INFINITY due to a bug in bash where bash tries to honor the
           value of _SC_CHILD_MAX but treats a value of -1 as an error, and
           uses a default value of 32 instead.
   
           Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
           restored the previous value of RLIMIT_NPROC. However, that makes it
           impossible to set nproc to unlimited. We now only restore the nproc
           resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases,
           pam_limits will set RLIMIT_NPROC for us.
           [cb71cc8d0b08]
   
   2012-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Active Directory apparently requires that tenths of a second be
           present in a date so append .0 to the "now" value in the time
           filter. Also remove space for the global AND from TIMEFILTER_LENGTH
           since it was not being used consistently. Buffers of
           TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
           [d28619ff6e45]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Fix SELinux build
           [cc0d1f4e851b]
   
   2012-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST:
           Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
           were not being kept in sync.
           [fc3ad1847cb1]
   
           * doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
           doc/license.pod:
           Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
           were not being kept in sync.
           [950363dffe3a]
   
   2012-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           Fix printing of the permission denied message to standard error when
           a user is not allowed to run a command. This got broken by the
           recent logging changes.
           [b7af63da3ca1]
   
           * plugins/sudoers/sudoers_version.h:
           Bump grammar version for Solaris privs.
           [2a2baf024477]
   
           * doc/schema.ActiveDirectory:
           Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
           were added. From David Hicks.
           [3fc432a8edb4]
   
   2012-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           Remove lex.yy.c when building toke.c
           [72bb9e62b289]
   
           * doc/Makefile.in:
           Fix building docs in a build dir.
           [7a6f435af022]
   
           * doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
           doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
           doc/sudoreplay.pod, doc/visudo.pod:
           Remove pod versions of the manual; we now use mdoc.
           [5c967d2dd5db]
   
           * MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
           doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
           Add post-processing scripts to strip out login class, BSD auth,
           SELinux and privilege set bits when they are not supported.
           [d0d51f72f597]
   
           * NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
           doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
           plugins/sudoers/gram.h, plugins/sudoers/gram.y,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
           Merge in Solaris privilege support by Darren Moffat and John
           Zolnowsky
           [3aa0a64f2f5c]
   
   2012-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/contributors.pod:
           Sync with CONTRIBUTORS file
           [9a0852306ad9]
   
           * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
           doc/sudoers.man.in, doc/sudoreplay.man.in:
           Regen .man.in files with my private mandoc.
           [dc3c9fc449eb]
   
           * doc/Makefile.in:
           add MANDOC variable
           [35527e66afc5]
   
   2012-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
           doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
           Regen .man.in files with hacked mandoc to avoid issues with historic
           nroff.
           [d45cfa7d665f]
   
   2012-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
           Fix groff warnings.
           [111d522ca807]
   
           * doc/Makefile.in:
           Fix dependencies for .man.in files.
           [aefeffe1af2b]
   
           * .hgignore:
           Add doc/*.mdoc to ignore file
           [1e4de6ef2ad8]
   
           * INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
           doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
           doc/visudo.man.in, doc/visudo.mdoc.in:
           Build .man.in and .cat files from .mdoc.in files. Add new --with-man
           and --with-mdoc configure options.
           [c963fd7e8f80]
   
   2012-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
           Sudo manuals formatted in mdoc, to replace the pod versions.
           [e6dca4030451]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
           doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
           doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
           doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
           More minor costmetic fixes.
           [a7287a68385a]
   
   2012-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
           Minor cosmetic fixes.
           [9c48bdaf3946]
   
   2012-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
           Use "a password is required" instead of "password required" when the
           -n flag is used and we need to read a password.
           [a3c30fc41648]
   
   2012-07-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention logging changes.
           [8238fd6e02e8]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [e2cf634ba63b]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
           Document that other mail_* flags have precedence over mail_badpass.
           [9f4cc9188f40]
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
           plugins/sudoers/logging.c, plugins/sudoers/logging.h,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Move log_denial() calls and logic to log_failure(). Move
           authentication failure logging to log_auth_failure(). Both of these
           call audit_failure() for us.
   
           This subtly changes logging for commands that are denied by sudoers
           but where the user failed to enter the correct password. Previously,
           these would be logged as "N incorrect password attempts" but now are
           logged as "command not allowed". Fixes bug #563
           [cad35f0b3ad7]
   
   2012-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/aix.c:
           Do not set a resource limit to zero when we are unable to fetch a
           value from /etc/security/limits.
           [62bfb0a7895e]
   
   2012-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Add "Provides: sudo" to debian sudo-ldap package
           [beb8afa0beb2]
   
   2012-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in, zlib/Makefile.in:
           Define NO_VIZ for zlib when gcc doesn't support symbol visibility
           attributes.
           [9fdcbf526386]
   
           * configure, configure.in:
           Use the autoconf cache when checking for symbol export control
           support.
           [03c2cce8711f]
   
           * INSTALL, common/Makefile.in, compat/Makefile.in, configure,
           configure.in, mkpkg, plugins/sample/Makefile.in,
           plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in, src/Makefile.in:
           Add configure check for building PIE executables instead of doing it
           in mkpkg.
           [02b5b78ef258]
   
           * sudo.pp:
           MacOS pp backend doesn't like modes longer than 4 characters.
           [01b49022bf01]
   
   2012-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
           -fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
           will strip -fstack-protector from the linker flags and we always
           link with libtool.
           [0a0a0250ac2b]
   
   2012-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
           Regen for sudo 1.8.6
           [1657ee28b496]
   
           * NEWS, doc/sudoers.ldap.pod:
           Document improved Tivoli Directory Server support.
           [fb411edf4687]
   
           * config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
           Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
           option to specify Tivoli key db password. Allow TLS ciphers to be
           configured for Tivoli.
           [737e17c91e60]
   
   2012-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Tivoli Directory Server 6.3 libs always return a (bogus) error when
           setting LDAP_OPT_CONNECT_TIMEOUT.
           [504406637c38]
   
           * NEWS:
           Update
           [687a755604e8]
   
           * plugins/sudoers/ldap.c:
           Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
           same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
           set an ldap option fatal.
           [17cf93ae3304]
   
   2012-06-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Zero pointers in sudo_user struct after freeing, just in case.
           [8eff1f80b943]
   
           * plugins/sudoers/sudoers.c:
           Free user_gids in close function if it has not already been freed.
           [cbce28877f37]
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Defer group ID to name resolution until we actually need it.
           [463e75b81e89]
   
           * src/sudo.c:
           It is safe to read in sudo.conf before calling user_info().
           [3290b6434e3c]
   
           * plugins/sudoers/env.c, plugins/sudoers/ldap.c:
           Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
           prevent potential truncation. Bug #562.
           [29d9fc4e0c4e]
   
   2012-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           If installing with installp, error out if there is already an
           instance of the rpm package installed.
           [ec24c6faba22]
   
           * mkpkg:
           Add --disable-nls for AIX
           [192ac2f7d65e]
   
   2012-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Debian sudo-ldap packages should now depend on libldap-2.4-2, not
           libldap2.
           [cbcec71e6b58]
   
   2012-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Add Homepage and Bugs to debian control file.
           [0f19d7d14e66]
   
   2012-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg:
           fix typo when setting aix_freeware
           [2fd6feb50195]
   
           * common/Makefile.in, compat/Makefile.in, configure, configure.in,
           doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
           plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
           Don't run regress tests or sudoers sanity check (using the newly-
           built visudo) when cross compiling. Bug #560
           [0c4e3f68b2f5]
   
           * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
           plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
           plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
           plugins/sample_group/sample_group.exp,
           plugins/sample_group/sample_group.map,
           plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
           plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
           plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.exp,
           plugins/system_group/system_group.map,
           plugins/system_group/system_group.sym:
           Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
           it on demand Use a loader option file for HP-UX ld to explicitly
           export symbols
           [2402ff5302ab]
   
           * src/Makefile.in:
           Remove extraneous backslash
           [8ca054de138c]
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c:
           Don't check for errorx as an exported symbols as it is now a macro.
           Check for user_in_group() instead.
           [7b02c8ecd3ea]
   
   2012-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Adjust ld map file support to use an anonymous scope to match the
           updated .map files.
           [49be44282d9e]
   
   2012-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, include/gettext.h:
           Older versions of Solaris lack ngettext()
           [028af10dfa5f]
   
           * configure, configure.in:
           Move the check for -static-libgcc until after AC_LANG_WERROR has
           been called and use AX_CHECK_COMPILE_FLAG().
           [a7b09120e7ff]
   
           * include/gettext.h:
           Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
           [3aa2780d4a4e]
   
           * include/error.h, include/sudo_debug.h:
           Fix gcc 2.x variant macro support.
           [8e71c2370997]
   
           * plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
           Fix compilation on gcc 2.95 and other compilers that only allow
           variable declarations at the beginning of a block.
           [9d80c802bb46]
   
           * configure, configure.in, plugins/sudoers/Makefile.in:
           Link check_symbols with SUDO_LIBS to make sure we link with the
           requisite libraries to successfully dlopen sudoers.so. This is
           needed on HP-UX where a program dlopen()ing a shared object that
           uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
           pthreads).
           [b8961cd82337]
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c:
           Add check for exported local symbols. This will cause a "make check"
           failure on systems where we don't support symbol hiding.
           [8aa549389bb1]
   
           * configure, configure.in:
           Additional ${foo} -> $(foo) Makefile tweaks.
           [046bbde18f52]
   
           * plugins/sample/sample_plugin.map,
           plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
           plugins/system_group/system_group.map:
           No need to provide a name for the scope in the map file since we
           don't use the it for versioning.
           [5ed4b997560d]
   
   2012-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in,
           plugins/sudoers/regress/check_symbols/check_symbols.c:
           Add regress test for symbol visibility.
           [9adddd4e0518]
   
   2012-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           sudo 1.8.6
           [57008a7afb77]
   
           * configure, configure.in, include/missing.h:
           Add support for controlling symbol visibility using the HP and
           Solaris C compilers.
           [46d5b468979e]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoers.h:
           Use the expanded io log dir when updating the sequence number.
           Includes a workaround for older versions of sudo where the sequence
           number was stored in the unexpanded io log dir.
           [210797dab9a8]
   
   2012-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/parse_args.c:
           Simplify "sudo -s" argv rewriting.
           [7be143dae7c5]
   
           * MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
           plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in, src/Makefile.in,
           src/sudo_noexec.map:
           Don't use a map file for sudo_noexec.so since Solaris ld doesn't
           allow '*' in the global section. The libtool export flag is now
           added to LT_LDFLAGS instead of commenting/uncommenting lines.
           [38fc37a66b04]
   
   2012-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, include/missing.h:
           The visibility attribute was actually added in gcc 3.3.x, not 4.0.
           Just assume that if -fvisibility=hidden works that the attribute is
           usable.
           [d3904d6faf14]
   
           * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
           plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
           plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
           plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
           plugins/system_group/system_group.c:
           Export group cache from sudoers.so for system_group.so to use.
           [16695d207fc5]
   
           * MANIFEST, configure, configure.in, include/missing.h,
           plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
           plugins/sample_group/Makefile.in,
           plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
           plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.map, src/sudo_noexec.c,
           src/sudo_noexec.map:
           Use gcc's visibility attribute to specify when symbols are visible
           or hidden, if available. If not available, use an ELF version script
           if it is supported. If all else fails, fall back to using libtool's
           -export-symbols.
           [64e889921727]
   
   2012-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Add mode for installed locale files but leave the directories with
           default mode and owner.
           [142237dbb31f]
   
   2012-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg, sudo.pp:
           Install AIX packages under /opt/freeware with links in /usr/bin and
           /usr/sbin. This matches the layout of the sudo package from AIX
           freeware.
           [0b79d47bbe01]
   
           * Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
           plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
           Install shared objects with mode 0644 except on HP-UX which needs
           the executable bit set.
           [ae416af0ba6c]
   
           * Makefile.in, doc/Makefile.in, include/Makefile.in,
           plugins/sudoers/Makefile.in, src/Makefile.in:
           Make installed file modes consistent with the file modes in the sudo
           package.
           [307386373289]
   
   2012-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod:
           Add "%:" prefix when talking about QAS non-Unix group support.
           [7cb25f6861f8]
   
           * pp, sudo.pp:
           Fix packaging of symbolic links on HP-UX when the link source
           already exists in the filesystem.
           [c9bb48031596]
   
           * mkpkg:
           Only specify prefix if we are overriding the default value. Fixes
           the man dir (/usr/local/man vs. /usr/local/share/man).
           [65351b6c1697]
   
           * sudo.pp:
           Fix setting of sudoedit_man variable.
           [9beed9ae5bba]
   
           * doc/Makefile.in:
           Echo the command when linking the sudoedit manual.
           [6c83b5657b55]
   
   2012-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg, sudo.pp:
           Build .deb packages with selinux support.
           [3fd9cb1b4526]
   
   2012-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Don't list paths for unstripped binaries in the lintial overrides.
           [4c8e16f1773b]
   
           * pp:
           Add support for Installed-Size header in control file, required by
           newer debian versions.
           [e97d76234bee]
   
           * pp:
           Fix extended description in .deb files.
           [d35e27ace146]
   
           * sudo.pp:
           Add Depends, Replaces and Conflicts headers for .deb packages.
           [76eb6c4b3278]
   
   2012-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudo_nss.c:
           If there are no privs to print, write the message to the lbuf
           instead of printing it directly.
           [ecd56226abb7]
   
   2012-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Set -e in %pos and %preun for debian to quiet a lintian warning.
           [8bb908514df9]
   
           * doc/Makefile.in, src/Makefile.in, sudo.pp:
           Install sudoedit and the sudoedit manual as symbolic links, not hard
           links and package them as such.
           [f317ff3cf3e7]
   
           * sudo.pp:
           Make sudo binary permissions 755 instead of 111 Add lintian
           overrides file for .deb files.
           [991cd7d7f0e1]
   
           * configure, configure.in, doc/Makefile.in, mkpkg:
           Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
           MANCOMPRESSEXT which can be used to compress the installed manual
           pages. Compress the man pages for .deb files to appease lintian.
           [4e34083b41d2]
   
           * sudo.pp:
           Debian fixes:
            * fix modes to be more in line with what Debian expects
            * add section
            * install LICENSE as copyright and ChangeLog as changelog
            * create stub changelog.debian
           [7f6c5647f588]
   
           * pp:
           Fix find command to properly skip files in the DEBIAN dir when
           building md5sums.
           [8918bde941fa]
   
           * pp, sudo.pp:
           Use a debian-compliant package maintainer field.
           [fc51a94170eb]
   
   2012-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           No need to loop over atomic_writev(), it guarantees to write all
           data or return an error.
   
           Fix handling of stdout/stderr that contains "\r\n" and handle a
           "\r\n" pair that spans a buffer.
           [8aaf02d90c45]
   
   2012-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for sudo 1.8.5p2
           [d369d4d40a19]
   
           * plugins/sudoers/sudoreplay.c:
           Instead of doing extra write()s when replaying stdout, build up a
           vector for writev() instead. This results in far fewer system calls.
           [303d866c025c]
   
   2012-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/env_hooks.c, src/sudo.h, src/tgetpass.c:
           Provide unhooked version of getenv() and use it when looking up
           DISPLAY and SUDO_ASKPASS in the environment.
           [04dbdccf4a14]
   
   2012-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           When replaying a log of stdout or stderr, do newline to carriage
           return + linefeed conversion. We cannot have termios do this for us
           since we've disabled output postprocessing (POST) when setting raw
           mode.
           [61352a7d996f]
   
   2012-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           When checking for -fstack-protector, treat warnings as fatal errors.
           [4124cd12d511]
   
   2012-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Fix test for -z relro
           [548bdb6f5c4a]
   
           * MANIFEST:
           Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
           [ed063264a2a1]
   
           * INSTALL, aclocal.m4, configure, configure.in,
           m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
           Build with -fstack-protector and link with -zrelo where supported.
           Added --disable-hardening option to disable hardening options.
           [0b6c1a1ceb03]
   
   2012-05-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in,
           plugins/sudoers/regress/testsudoers/test1.sh,
           plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test4.out.ok,
           plugins/sudoers/regress/testsudoers/test4.sh,
           plugins/sudoers/regress/testsudoers/test5.inc,
           plugins/sudoers/regress/testsudoers/test5.out.ok,
           plugins/sudoers/regress/testsudoers/test5.sh,
           plugins/sudoers/testsudoers.c:
           Add tests for sudoers mode, owner and group checks.
           [a7607443aba0]
   
           * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
           If sudoers_mode is group-readable but the actual sudoers file is
           not, open the file as uid 0, not uid 1. This fixes a problem when
           sudoers has a more restrictive mode than what sudo expects to find.
           In older versions, sudo would silently chmod the file to add the
           group-readable bit.
           [c056b6003e6f]
   
           * INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
           No longer throw an error if sudoers is a symbolic link. Deprecated
           the --with-stow option as that is now (effectively) the default.
           [8ce783e54886]
   
   2012-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in,
           plugins/sudoers/regress/testsudoers/test2.inc,
           plugins/sudoers/regress/testsudoers/test2.out.ok,
           plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.d/root,
           plugins/sudoers/regress/testsudoers/test3.out.ok,
           plugins/sudoers/regress/testsudoers/test3.sh:
           Add basic tests for #include and #includedir
           [b303e4218951]
   
           * plugins/sudoers/testsudoers.c:
           Add -U sudoers_uid option to testsudoers.
           [3f8ed13501ba]
   
   2012-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           Update for 1.8.5p1
           [c33c49bf5b4b]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Fix #includedir; from Mike Frysinger
           [d4833d4e39a0]
   
           * plugins/sudoers/check.c:
           Don't prompt for a password if the user is in the exempt group, is
           root, or is running the command as themselves even if the -k option
           was specified. This makes "sudo -k command" consistent with the
           behavior one would get if the user ran "sudo -k" immediately before
           running the command.
           [632b3961df00]
   
   2012-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL:
           Fix capitalization
           [7258aa977caf]
   
           * mkpkg:
           Build PIE executable on Mac OS X 10.5 and above.
           [2a5c7ef92182]
   
   2012-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for sudo 1.8.4p5
           [21164f508b68]
   
           * plugins/sudoers/match_addr.c:
           Add missing break between AF_INET and AF_INET6 in
           addr_matches_if_netmask()
           [672a4793931a]
   
           * plugins/sudoers/mon_systrace.c:
           Move systrace monitor code to the attic
           [d6faf4754e9c]
   
   2012-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           The pointer to the siginfo_t struct in a signal handler may be NULL.
           [41a4ee934b53]
   
   2012-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/pwutil.c:
           Fix an alignment problem on NetBSD systems with a 64-bit time_t and
           strict alignment. Based on a patch from Martin Husemann.
           [1e5ba3c18f17]
   
           * include/missing.h:
           Add offsetof macro for those without it.
           [e44cb51d2587]
   
           * MANIFEST:
           add system_group plugin
           [6169793b510c]
   
   2012-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/dlopen.c:
           Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
           [85bd03bc5d94]
   
   2012-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention system_group plugin
           [05393dd4bdb8]
   
           * Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in:
           update depends
           [6feb0b824fc4]
   
           * plugins/system_group/system_group.c:
           Only call gr_delref() when use sudo's password caching functions.
           [1103442e21fa]
   
           * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
           Add missing dependency on libreplace.la
           [05bfd9d4657f]
   
           * compat/dlopen.c:
           Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
           PROG_HANDLE.
           [2382d0693acc]
   
           * Makefile.in, configure, configure.in,
           plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c,
           plugins/system_group/system_group.sym:
           Add group plugin that does lookups by name using the system group
           database.
           [2ddbb604112f]
   
           * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
           src/po/pl.po:
           sync with translationproject.org
           [4ef05df4226d]
   
   2012-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
           src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
           src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [115c3f828fc5]
   
   2012-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Add mode for docdir and use '-' (default) for localedir mode. Fixes
           a problem on Linux when building in a directory with the setgid bit
           set.
           [582279c8bcb1]
   
   2012-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * pp:
           Match CentOS 6.0
           [1e99ef210f98]
   
   2012-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update with recent changes
           [c5fc220ba696]
   
           * pp:
           Fix version check on AIX
           [d272e39112f4]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [72b23509465a]
   
           * plugins/sudoers/ldap.c:
           Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
           SDK.
           [87b685e70b9a]
   
           * plugins/sudoers/ldap.c:
           Fix printing of invalid uri
           [645aa53acdde]
   
           * plugins/sudoers/auth/pam.c:
           Pass PAM_SILENT when deleting creds to remove an annoying warning
           message on Solaris.
           [1dd0301ef293]
   
   2012-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/utmp.c:
           Fix the setutxent and endutxent compatibility defines (this time
           correctly) when only setutent and endutent are available.
           [d136d2867db9]
   
           * plugins/sudoers/ldap.c:
           sudo_ldap_set_options_global() should not take an LDAP handle as an
           argument since the options affect the global settings.
           [1dc39b9d20f2]
   
           * mkpkg:
           Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
           [c7716291a856]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
           plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
           src/sudo.h:
           Call the policy's init_session() function before we fork the child.
           That way, the session is created and destroyed in the same process,
           which is needed by some modules, such as pam_mount.
           [ece552ba002e]
   
           * doc/TROUBLESHOOTING:
           Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
           not specified.
           [bd293e100b28]
   
           * plugins/sudoers/auth/pam.c:
           Delete creds after closing the PAM session.
           [5158d726d6a5]
   
           * plugins/sudoers/ldap.c:
           Provide a more useful error message if using a Mozilla-style LDAP
           SDK and you forgot to specify TLS_CERT in ldap.conf.
           [7cb78feb899c]
   
           * src/exec_pty.c:
           Add missing initialization of a sigaction structure when I/O
           logging. Fixes a potential problem when suspending the command.
           [f4480f2ba816]
   
           * plugins/sudoers/ldap.c:
           Split global and per-connection LDAP options into separate arrays.
           Set global LDAP options before calling ldap_initialize() or
           ldap_init(). After we have an LDAP handle, set the per-connection
           options. Fixes a problem with OpenLDAP using the nss crypto backend;
           bug #342
           [265c9d2dc12b]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
           src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [6d7fe44be21e]
   
   2012-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c, src/sudo.h:
           Move struct passwd pointer into struct command details.
           [d6fb1eff2065]
   
   2012-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * pp:
           Sync with upstream for Mac OS X (and other) fixes.
           [c2f4998d01b0]
   
           * mkpkg:
           Only built Mac intel universal binary on an intel machine.
           [0009e0b7e5a8]
   
           * src/Makefile.in:
           Do not pass libtool the -static-libtool-libs option when building
           sudo and sesh. Otherwise, libtool may prefer a static version of an
           installed library over a dynamic one when linking.
           [6fbac9adc885]
   
   2012-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
           plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
           Add German translation for sudo Add Croatian translation for sudoers
           [fa4da1a6530c]
   
           * plugins/sudoers/iolog.c:
           typo fix in comment
           [abd721d1288e]
   
   2012-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update with recent changes
           [6fa11e8448b9]
   
           * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Sort xgettext output by file name.
           [f650841810f0]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
           Clarify what "sudoreplay -l" displays and mention that it is sorted.
           [84031c117bd6]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Use AC_HEADER_MAJOR to determine where major/minor are defined.
           [3c949650a223]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Include sys/mkdev.h if present instead of sys/sysmacros.h for
           minor(). This is needed on Solaris (at least) where the makedev
           macros in sysmacros.h are obsolete and library functions should be
           used instead.
           [343928acf81e]
   
           * mkpkg:
           When building on Mac OS X, only set SDK_FLAGS if specified osversion
           doesn't match host.
           [d84c6efac872]
   
   2012-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Add back buf and tty variables for _ttyname() case that were
           inadvertantly removed.
           [a4a820b22a44]
   
   2012-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [5446b12c1250]
   
           * configure, configure.in:
           Remove b8 from version number.
           [5adc4dcec061]
   
           * src/ttyname.c:
           remove some XXX
           [187579a5f593]
   
           * src/ttyname.c:
           When looking for a device match, do a breadth-first search instead
           of depth-first. We already special case /dev/pts/ so chances are
           good that if it is not a pseudo-tty it is in the base of /dev/. Also
           avoid a stat(2) when possible if struct dirent has d_type.
           [0183f8a1b278]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
           src/sudo.c, src/sudo.h:
           Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
           [f0574d878491]
   
           * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
           src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
           src/po/vi.mo:
           sync with translationproject.org
           [4527ea78fbd5]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
           src/po/hr.mo, src/po/hr.po:
           New Croatian and Galician translations from translationproject.org
           [ad4bd924b4de]
   
           * src/ttyname.c:
           Add depth-first traversal of /dev/ for the /proc case when not
           /dev/pts/N
           [499bd3456774]
   
           * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
           If struct dirent has d_type, use it to avoid an extra stat().
           [741dabbe4bcd]
   
           * plugins/sudoers/sudoreplay.c:
           Sort output of "sudoreplay -l"
           [c0615795bd4b]
   
   2012-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Fix duplicate free introduced in last rev
           [efdaabe69d75]
   
   2012-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Instead of treating ^C from tgetpass() specially, always return
           AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
           like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
           [a3b17298d4d0]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Rototill code to determine the tty. For Linux, we now look up the
           tty device in /proc/pid/stat instead of trying to open
           /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
           device number to a string. On BSD, we can use devname(). On Solaris,
           _ttyname_dev() does what we want. TODO: write /dev/ traversal code
           for the generic sudo_ttyname_dev().
           [6b22be4d09f0]
   
   2012-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Define PRNODEV for those w/o it.
           [f17290e64559]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Check for SVR4-style struct psinfo.pr_ttydev and use that to
           determine the tty if std{in,out,err} are not ttys.
           [76ad33a91f4b]
   
           * src/ttyname.c:
           Better support for SVR4-style /proc entries where we can't use
           ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
           attempt to map the device number back to the correct pseudo-tty
           slave device.
           [4f9f48cc79eb]
   
           * src/ttyname.c:
           When trying to determine the tty name, check parent's stderr in
           addition to its stdin and stdout.
           [604644056c7d]
   
           * src/exec_pty.c:
           Treat a tty read failure like EOF as it usually means the pty has
           gone away. Handle write() on the tty returning EIO.
           [16957f4a706f]
   
           * src/exec.c, src/exec_pty.c:
           Linux select() may return ENOMEM if there is a kernel resource
           shortage. Older Solaris select() may return EIO instead of EBADF
           when the tty goes away. If we get an unhandled select() failure,
           kill the child and exit cleanly.
           [d93940a311ab]
   
           * src/ttyname.c:
           Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
           block in open.
           [a9f809d09d52]
   
   2012-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Fix restoration of AIX permissions.
           [30c717115988]
   
           * src/parse_args.c:
           Allow the -k flag to be used along with the -i and -s flags.
           [0653b17c97f1]
   
           * plugins/sudoers/sudoreplay.c:
           Plug memory leak in parse_logfile() in the error path.
           [9cce86fa833b]
   
           * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
           src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
           src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [14af43d0b170]
   
   2012-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/regress/glob/globtest.c, config.h.in, configure,
           configure.in, plugins/sudoers/match.c:
           Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
           glob() and fnmatch() results to be consistent.
           [4226750d73c2]
   
   2012-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
           src/ttysize.c:
           Move ttysize.c to common so sudoreplay can use it.
           [b4a0aa514cd4]
   
           * plugins/sudoers/sudoreplay.c:
           If I/O log file includes rows + cols, warn if the user's tty is not
           big enough.
           [b980ef89efff]
   
           * plugins/sudoers/sudoreplay.c:
           Fix printing of TSID in "sudoreplay -l"
           [4221e3e108b4]
   
           * common/sudo_debug.c, include/sudo_debug.h,
           plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
           src/exec_pty.c:
           Log the process id in the debug file output. Since we don't want to
           keep calling getpid(), stash the value at init time and when we
           fork().
           [2782d30c024d]
   
           * src/exec_pty.c:
           Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
           is better to receive EIO from read()/write() than to be suspended
           when we don't expect it. Fixes a problem when our terminal is
           revoked which can happen when, e.g. our sshd is killed
           unceremoniously. Also, only change the value of "alive" from true to
           false, never from false to true. It is possible for us to receive
           notification of the child having stopped after it is already dead.
           This does not mean it has risen from the grave.
           [26c9fe8ce0f9]
   
           * src/exec_pty.c:
           Distinguish between signals we received from the parent vs. those
           delivered explicitly to the monitor process in debugging info.
           [40716cb180e5]
   
   2012-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
           Update tty_is_devpts() to match so we can determine when the tty has
           been reused.
           [2689665df027]
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
           Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
           and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
           This allows consumers of sudo_debug_printf() to log that data
           without having to specify it manually.
           [7c94c4879208]
   
           * src/exec_pty.c:
           Make this compile after last change.
           [ee09034f3266]
   
           * src/exec_pty.c:
           Don't try to restore the terminal if we are not the foreground
           process. Otherwise, we may be stopped by SIGTTOU when we try to
           update the terminal settings when cleaning up.
           [c48b24335456]
   
           * src/exec.c:
           If select() return EBADF in the main event loop, one of the ttys
           must have gone away so perform any I/O we can and close the bad fds.
           [3bc8678c03ce]
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l:
           Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
           function, file and line number in the debug log for warning() and
           error().
           [894cd131f11d]
   
   2012-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           src/conversation.c:
           Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
           Use this flag when wrapping error() and warning() so the debug
           output includes the error string.
           [1e2c67adaf1f]
   
   2012-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for sudo 1.8.5
           [7d2b62b823fe]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [718ad9de92cd]
   
           * doc/CONTRIBUTORS:
           sync
           [f48013aea641]
   
           * plugins/sudoers/pwutil.c:
           Use ecalloc()
           [fabd23c1f271]
   
           * src/exec_pty.c:
           Don't need zero_bytes() after ecalloc()
           [1a9d95cd10ef]
   
           * config.h.in, configure, configure.in, src/sudo_noexec.c:
           Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
           sudo_noexec.c.
           [cbaa1d4b0f8a]
   
           * src/utmp.c:
           Fix compat setutxent and endutxent macros for systems with
           setutent() but not setutxent(). From Gustavo Zacarias
           [d7ce622fc5f2]
   
   2012-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure.in:
           Add ignore_result definition to AH_BOTTOM
           [8d4096838a98]
   
           * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
           src/exec.c, src/exec_pty.c, src/tgetpass.c:
           Fix compiler warnings on some platforms and provide a better method
           of defeating gcc's warn_unused_result attribute.
           [9a8f804fcc75]
   
           * configure, configure.in:
           Fix building the builtin zlib from a build dir. When a zlib dir was
           specified, prepend its include path instead of appending so we get
           the right zlib headers.
           [5f61d591b186]
   
           * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
           zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
           zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
           zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
           zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
           Update zlib to version 1.2.6
           [173c4bc4d4fc]
   
   2012-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           g/c __unused which is no longer used
           [7ef3f23edcd6]
   
           * src/env_hooks.c:
           Fix compilation if RTLD_NEXT is not defined.
           [d5605f468b71]
   
           * src/po/sr.mo, src/po/sr.po:
           sync with translationproject.org
           [27d559f7985d]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
           doc/sudoers.man.in:
           regen
           [f9f63ce478b6]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [59035d82d15a]
   
           * Makefile.in:
           Ignore Project-Id-Version when comparing pot files.
           [22feb9ede46b]
   
           * plugins/sudoers/bsm_audit.c:
           Use error() instead of log_fatal()
           [54130bda4b50]
   
           * plugins/sudoers/env.c:
           Fix signedness of didvar in env_update_didvar()
           [77048a80b3e4]
   
           * plugins/sudoers/iolog.c:
           Quiet a compiler warning on some platforms.
           [8fdcaece0400]
   
           * compat/fnmatch.c:
           cast ctype(3) function/macro arguments from char to unsigned char to
           avoid potential negative subscripting.
           [bdcf7eef21ef]
   
           * common/setgroups.c:
           Quiet a warning on systems where the gids array in setgroups() is
           not prototyped as being const, even though it really is.
           [fdd758c6302d]
   
           * src/env_hooks.c:
           Quiet a compiler warning on systems where the argument to putenv(3)
           is const.
           [51bae2193b53]
   
           * plugins/sudoers/sudoreplay.c:
           Undo an incorrect int -> bool conversion.
           [b9a4ce320f14]
   
           * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
           src/po/sv.mo, src/po/sv.po:
           Add Swedish sudo and sudoers translations from
           translationproject.org
           [f7ce1de9073f]
   
           * plugins/sudoers/env.c:
           No need to preserve ODMDIR on AIX now that we always read
           /etc/environment.
           [4aa04b2f0125]
   
   2012-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod, plugins/sudoers/env.c:
           When initializing the environment for env_reset, start out with the
           contents of /etc/environment on AIX and login.conf on BSD.
           [5717bdc321e2]
   
           * doc/TROUBLESHOOTING, src/sudo.c:
           If we are not running with an effective uid of 0, try to give the
           user enough information to debug the problem.
           [fa4894896d8a]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
           Quiet a clang-analyzer false positive.
           [c4c0c1b9c8b0]
   
           * src/tgetpass.c:
           If there is nothing to read from the askpass program, set errno to
           EINTR. This makes the cancel button behave like the user entered ^C
           at the password prompt when PAM is used.
           [594302cb9caf]
   
           * src/sudo.h, src/tgetpass.c:
           Fetch the value of "askpass" from the sudo conf struct.
           [4593ee8f1bd3]
   
           * common/sudo_conf.c:
           Fix matching of "Path askpass" and "Path noexec"
           [4df28d62afb9]
   
   2012-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Quiet a clang-analyzer dead store warning.
           [dd90bf385a3f]
   
           * plugins/sudoers/sudoers.c:
           If the "timestampowner" user cannot be resolved, use ROOT_UID
           instead of exiting with a fatal error.
           [8d62aae99715]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
           plugins/sudoers/check.c, plugins/sudoers/env.c,
           plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/parse.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
           Remove the NO_EXIT flag to log_error() and add a log_fatal()
           function that exits and is marked no_return. Fixes false positives
           from static analyzers and is easier for humans to read too.
           [a0fe785c2a3d]
   
   2012-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
           src/po/eo.po:
           sync with translationproject.org
           [df5e8777de13]
   
   2012-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/da.mo, src/po/da.po:
           sync with translationproject.org
           [629d99548b78]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
           sync with translationproject.org
           [9d122a2860d6]
   
   2012-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/it.mo, src/po/it.po:
           sync with translationproject.org
           [6397593b15cf]
   
           * common/sudo_conf.c, plugins/sudoers/alias.c,
           plugins/sudoers/defaults.c, plugins/sudoers/env.c,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
           src/load_plugins.c:
           Use ecalloc() when allocating structs.
           [8b5888868db2]
   
           * common/alloc.c, include/alloc.h:
           Add ecalloc() and commented out recalloc(). Use inline strnlen()
           instead of strlen() in estrndup().
           [7fb9aa46c1e0]
   
   2012-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
           src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [45a032c37334]
   
   2012-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Remove unused label
           [2660bb0c1313]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
           Document what changed in each plugin API revision
           [59b30a6fc4d1]
   
           * plugins/sudoers/set_perms.c:
           Remove bogus optimization that could lead to a double free of the
           group list.
           [b0bfbd2a83a8]
   
   2012-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Expand AIX /etc/security/privcmds entry.
           [9f3f072e034e]
   
           * NEWS:
           Update for sudo 1.8.5
           [086049011f25]
   
           * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
           doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
           doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
           include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
           src/sudo_plugin_int.h:
           Rename plugin "args" to "options"
           [f25624951bd2]
   
           * doc/CONTRIBUTORS:
           Add Lithuanian and Vietnamese translators
           [2b4c075b69e3]
   
           * Makefile.in:
           Ignore comments when comparing new and old pot files.
           [f872999347b3]
   
           * src/Makefile.in:
           regen
           [c8193b1b11c7]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
           regen
           [15e3c17e8a3a]
   
           * doc/sudo_plugin.pod, include/sudo_plugin.h,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
           src/sudo.c, src/sudo.h:
           Pass a pointer to user_env in to the init_session policy plugin
           function so session setup can modify the user environment as needed.
           For PAM authentication, merge the PAM environment with the user
           environment at init_session time. We no longer need to swap in the
           user_env for environ during session init, nor do we need to disable
           the env hooks at init_session time.
           [3f5277b359d8]
   
           * plugins/sample/sample_plugin.c:
           Add explicit NULL entries for init_session, register_hooks and
           deregister_hooks with appropriate comments.
           [727a57978b40]
   
           * compat/pw_dup.c:
           Quiet a gcc "used uninitialized in this function" false positive.
           [f14b68379ce9]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           We should always call warning() with a format string or a string
           literal. In this case, the argument (path) is not user-controlled.
           [e9ef51224024]
   
   2012-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/selinux.c:
           Include sudo_exec.h for the sudo_execve() prototype.
           [769e58065edc]
   
           * config.h.in, configure, configure.in:
           Add check for pam_getenvlist()
           [36bde3f26c60]
   
           * common/sudo_conf.c:
           Set args to NULL in default plugin info struct when there is no
           Plugin line in sudo.conf.
           [93ec67708f01]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [a9287677795c]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
           regen
           [a242769d7962]
   
           * configure, configure.in:
           Bump version to 1.8.5
           [e8618f0c2505]
   
           * doc/sudo_plugin.pod:
           Document hooks API
           [e6ad07d27958]
   
   2012-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
           [fd72340042d3]
   
           * include/sudo_plugin.h:
           Use sudo_hook_fn_t in struct sudo_hook.
           [938f93112d6e]
   
           * doc/TROUBLESHOOTING:
           If cross compiling, --host must include the OS in the tuple. E.g.
           --host powerpc-unknown-linux
           [b8c010070c1e]
   
   2012-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c:
           Fix bogus int -> bool conversion; tags can have a value of -1.
           [e63d6434a303]
   
           * plugins/sudoers/env.c:
           Add env_should_keep() and env_should_delete() wrapper functions to
           simplify things a bit and hide the fact that matches_env_check() is
           not bool.
           [7a03d7a12b50]
   
           * sudo.pp:
           Fix application of debian-specific sudoers mods when building
           packages as non-root.
           [34bf4c52c425]
   
           * plugins/sudoers/env.c:
           matches_env_check() returns int, not boolean
           [0ad915b8d5cb]
   
           * src/sudo_edit.c:
           Fix compilation when seteuid() is not available.
           [8a722f998000]
   
           * src/ttyname.c:
           Simply move the free of ki_proc outside the realloc() loop.
           [217b786da760]
   
           * src/ttyname.c:
           Bring back the erealloc() for the ENOMEM loop and just zero the
           pointer after we free it.
           [29a016e45127]
   
           * src/ttyname.c:
           Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
           [266e08844065]
   
   2012-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Use normal error path if unable to set sudoers gid.
           [01c816918c99]
   
           * plugins/sudoers/set_perms.c:
           Make this work again on systems w/o seteuid().
           [2e67f7421e97]
   
   2012-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Fix compilation if no seteuid/setreuid/setresuid available.
           [d0b3c1f88eb4]
   
           * plugins/sudoers/set_perms.c:
           Better error messages, and added debugging throughout. Fixed
           seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
           AIX version of restore_perms(). Added checks to avoid changing
           uid/gid when we don't have to. Never set gid/uid state to -1, use
           the old value instead.
           [29188d469b5c]
   
           * src/exec_pty.c, src/ttyname.c:
           Fix format string warning on Solaris with gcc 3.4.3.
           [d1eeb6e1dd0f]
   
           * src/sudo.c:
           Always declare environ now that we swap it around unilaterally.
           [aaa3e92e7d0d]
   
           * src/Makefile.in:
           Honor LDFLAGS when linking sesh; from Vita Cizek
           [498b41438f6e]
   
           * src/sesh.c:
           Include alloc.h for estrdup() prototype; from Vita Cizek
           [93203655a320]
   
   2012-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Don't read /etc/environment on Linux when using PAM, PAM should set
           the environment variables as needed via pam_env.
           [b1ef62cb2d40]
   
           * INSTALL:
           Fix editor goof.
           [0c3dd3bb8b57]
   
           * src/hooks.c, src/sudo.c, src/sudo.h:
           Disable environment hooks after we get user_env back to make sure a
           plugin can't to modify user_env after we "own" it. This is kind of a
           hack but we don't want the init_session plugin function to modify
           user_env.
           [8e6d119452a5]
   
           * src/hooks.c, src/sudo.c:
           Add support for deregistering hooks. If an I/O log plugin fails to
           initialize, deregister its hooks (if any).
           [ac00c93900c5]
   
   2012-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c, src/sudo.c:
           Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
           setenv.
           [e75469dd9908]
   
           * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
           compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
           configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
           plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
           plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
           src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
           src/sudo_plugin_int.h:
           Initial cut at a hooks implementation. The plugin can register hooks
           for getenv, putenv, setenv and unsetenv. This makes it possible for
           the plugin to trap changes to the environment made by authentication
           methods such as PAM or BSD auth so that such changes are reflected
           in the environment passed back to sudo for execve().
           [61cffa06f863]
   
   2012-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, src/po/vi.mo, src/po/vi.po:
           Add Vietnamese sudo translation from translationproject.org
           [96df426790d5]
   
   2012-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
           doc/sudoers.pod:
           List sudo_noexec.so not noexec.so in the sample sudo.conf
           [53844e190ec5]
   
           * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
           doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
           include/sudo_plugin.h, plugins/sample/sample_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
           src/sudo_plugin_int.h:
           Add support for plugin args at the end of a Plugin line in
           sudo.conf. Bump the minor number accordingly and update the
           documentation. A plugin must check the sudo front end's version
           before using the plugin_args parameter since it is only supported
           for API version 1.2 and higher.
           [587f1f819536]
   
   2012-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           update depends
           [6d2da44e11e5]
   
           * MANIFEST:
           secure_path.c is in common, not compat
           [619c4a663dde]
   
           * configure, configure.in:
           Add check for variadic macro support in cpp.
           [756854caf675]
   
   2012-02-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Add type param to sudo_secure_path() and add sudo_secure_file() and
           sudo_secure_dir() wrappers which get by #includedir in sudoers.
           [2ec2d3d8df04]
   
   2012-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.pod, plugins/sudoers/visudo.c:
           Check the owner and mode in -c (check) mode unless the -f option is
           specified. Previously, the owner and mode were checked on the main
           sudoers file when the -s (strict) option was given, but this was not
           documented.
           [b2d6ee1e547a]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
           of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
           [159f6a50456a]
   
   2012-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add Eric Lakin for patch in bug #538
           [490c29c234c6]
   
           * src/exec_pty.c:
           Fix typo in safe_close() made while converting to debug framework
           that prevented it from actually closing anything.
           [a66422a62afd]
   
           * src/exec_pty.c:
           Add some more debugging.
           [b5667947dda9]
   
           * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
           include/Makefile.in:
           We need sysconfdir in compat/Makfile to get the proper sudo.conf
           path. Add standard prefix and foodir expansion in all Makefiles to
           avoid this problem in the future.
           [62b6ce4ecae9]
   
   2012-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
           New Lithuanian sudoers translation from translationproject.org
           [10436b649035]
   
           * plugins/sudoers/po/ja.po:
           Update from translationproject.org
           [acb8db5f8ef1]
   
   2012-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           When adding gids to the LDAP filter, only add the primary gid once.
           This is consistent with the space computation/allocation. From Eric
           Lakin
           [35d9d99c92c6]
   
           * doc/TROUBLESHOOTING:
           Add entry for AIX enhanced RBAC config.
           [5e10b6f8def7]
   
           * mkpkg:
           Target Mac OS X 10.5 when building packages.
           [06fce9bbebee]
   
   2012-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/secure_path.c,
           common/sudo_conf.c, include/secure_path.h,
           plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
           Relax the user/group/mode checks on sudoers files. As long as the
           file is owned by the right user, not world-writable and not writable
           by a group other than the one specified at configure time (gid 0 by
           default), the file is considered OK. Note that visudo will still set
           the mode to the value specified at configure time.
           [241174babfcc]
   
   2012-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Add AIX-specific version of permission setting code to make sure
           that the saved uid gets restored properly.
           [9a6f5d22c301]
   
           * config.h.in, configure, configure.in, src/exec_common.c:
           Check for LD_PRELOAD variants in configure instead of checkign cpp
           symbols. In disable_execute(), compute the length of the new envp
           and allocate it once instead of reallocating on demand. Also append
           old value of LD_PRELOAD (if any) to the new value.
           [680266346917]
   
           * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
           Fix the description of noexec.
           [6a6d142f3c80]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
           The "op" parameter to set_default() must be int, not bool since it
           is set to '+' or '-' for list add and subtract.
           [8da5b137bea2]
   
           * sudo.pp:
           Make sure sudoers is writable before calling ed script.
           [95352ab6336b]
   
   2012-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, doc/contributors.pod:
           Update contributors. Now includes translators and authors of compat
           code.
           [4fb5b616b50a]
   
   2012-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/sudo.pot:
           regen
           [2c86e2c328fe]
   
           * pp, sudo.pp:
           Build flat packages, not package bundles, on Mac OS X.
           [57bda3cd5520]
   
   2012-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Move macos section to be with the other OS-specific sections.
           [51423bb2973a]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
           Sync with translationproject.org
           [8ce41cbb8da0]
   
           * configure, configure.in:
           Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
           [fa979aa6fe7d]
   
           * sudo.pp:
           Add Mac OS X support, printing the latest chunk of the NEWS file and
           the license text in the installer.
           [ffeab72387c0]
   
           * sudo.pp:
           Add explicit file modes that match those used by "make install"
           [7eb37242c920]
   
           * pp:
           Sync with upstream for Mac OS X fixes.
           [97cba179041e]
   
           * plugins/sudoers/Makefile.in, src/Makefile.in:
           Got back to using "install-sh -M" for files installed as non-
           readable by owner. This fixes "make install" as non-root for package
           building.
           [967804ee77d6]
   
   2012-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
           Sync with translationproject.org
           [0e53db12039a]
   
           * Makefile.in, doc/Makefile.in, include/Makefile.in,
           plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
           plugins/sudoers/Makefile.in, src/Makefile.in:
           Use -m not -M for install-sh for everything except setuid. Install
           locale .mo files mode 0444, not 0644. If timedir parent doesn't
           exist, use default dir mode, not 0700.
           [8b6f64c92090]
   
   2012-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * pp:
           Re-sync with upstream; no longer need a local patch.
           [97a2c7be5e59]
   
           * mkpkg:
           Add support for building Mac OS X packages.
           [94d49ac223a4]
   
           * pp:
           Sync with upstream
           [1c97654fc841]
   
           * src/Makefile.in:
           No longer need to define _PATH_SUDO_CONF here.
           [2560905b7482]
   
           * src/exec_common.c:
           Fix noexec for Mac OS X.
           [b7a744bca2c0]
   
   2012-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in:
           Move _PATH_SUDO_CONF override to common to match sudo_debug.c
           [f0788972a63a]
   
           * plugins/sudoers/set_perms.c:
           More complete fix for LDR_PRELOAD on AIX. The addition of
           set_perm(PERM_ROOT) before calling the nss open functions (needed to
           avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
           and then real uid to 0 for PERM_ROOT works around the issue.
           [5888eda051af]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [997fe403e219]
   
           * src/sudo.c:
           Set real uid to root before calling sudo_edit() or run_command() so
           that the monitor process is owned by root and not by the user.
           Otherwise, on AIX at least, the monitor process shows up in ps as
           belonging to the user (and can be killed by the user).
           [d4772d7d2fc5]
   
           * plugins/sudoers/set_perms.c:
           For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
           the call to setuid(0) if the current euid is non-zero. This
           effectively restores the state of things prior to rev 7bfeb629fccb.
           Fixes a problem on AIX where LDR_PRELOAD was not being honored for
           the command being executed.
           [b9b40325b4dc]
   
           * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
           include/missing.h, src/sudo.c:
           Make a copy of the struct passwd in exec_setup() to make sure
           nothing in the policy init modifies it.
           [b721261c921f]
   
   2012-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod:
           update copyright
           [f9d229d1f65e]
   
           * common/sudo_debug.c, include/sudo_debug.h:
           g/c now-unused debug subsystems
           [8f21726e698f]
   
           * doc/sudo.pod, doc/sudoers.pod:
           Enumerate the debug subsystems used by sudo and sudoers.
           [ac4f84293d14]
   
   2012-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
           include/sudo_conf.h, src/sudo.c:
           Normally, sudo disables core dumps while it is running. This
           behavior can now be modified at run time with a line in sudo.conf
           like "Set disable_coredumps false"
           [ad14e0508b0d]
   
           * NEWS:
           Mention Spanish translation
           [600f3205bd6e]
   
           * common/sudo_debug.c:
           Make sure we don't try to fall back to using the conversation
           function for debugging in the main sudo process if we are unable to
           open the debug file.
           [ffa329aa908c]
   
           * MANIFEST, src/po/es.mo, src/po/es.po:
           Add sudo Spanish translation from translationproject.org
           [c1906654e740]
   
   2012-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Better debug subsystem usage
           [1a31f115743c]
   
           * src/sudo.c:
           Remove duplicate function prototypes
           [ae04b00532eb]
   
   2012-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Error out if user specified --with-pam but we can't find the headers
           or library. Also throw an error if the headers are present but the
           library is not and vice versa.
           [d6bf3e3d0aae]
   
   2012-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Fix the sudoers permission check when the expected sudoers mode is
           owner-writable.
           [8b0b7e770a22]
   
   2012-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Verify that we can link executables built with -D_FORTIFY_SOURCE
           before using it.
           [7578215d1a95]
   
           * src/exec_common.c:
           Fix potential off-by-one when making a copy of the environment for
           LD_PRELOAD insertion. Fixes bug #534
           [cc699cd551b6]
   
           * configure, configure.in:
           Add rudimentary check for _FORTIFY_SOURCE support by checking for
           __sprintf_chk, one of the functions used by gcc to support it.
           [a992673d2ef8]
   
           * compat/stdbool.h, config.h.in, configure, configure.in:
           Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
           [8ba1370884b3]
   
   2012-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [1e0b38397705]
   
   2012-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/sudo.c:
           The change in 818e82ecbbfc that caused to exit when the monitor dies
           created a race condition between the monitor exiting and the status
           being read. All we really want to do is make sure that select()
           notifies us that there is a status change when the monitor dies
           unexpectedly so shutdown the socketpair connected to the monitor for
           writing when it dies. That way we can still read the status that is
           pending on the socket and select() on Linux will tell us that the fd
           is ready.
           [7fb5b30ea48d]
   
           * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
           src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
           src/sudo_exec.h:
           Refactor disable_execute() and my_execve() into exec_common.c for
           use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
           disabling exec in exec_setup(), disable it immediately before
           executing the command. Adapted from a diff by Arno Schuring.
           [ec4d8b53db6b]
   
   2012-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * aclocal.m4, configure, configure.in:
           Add custom version of AC_CHECK_LIB that uses the extra libs in the
           cache value name. With this we no longer need to rely on a modified
           version of autoconf.
           [1c3b1d482d6c]
   
   2012-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Better handling of network functions that need -lsocket -lnsl
           [cc386342ec2b]
   
           * src/sudo.c:
           When setting up the execution environment, set groups before
           gid/egid like sudo 1.7 did.
           [928e1c5fa6c1]
   
           * configure, configure.in:
           Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
           [84b23cdf138f]
   
           * plugins/sudoers/sudoers.c:
           For "sudo -g" prepend the specified group ID to the beginning of the
           groups list. This matches BSD convention where the effective gid is
           the first entry in the group list. This is required on newer FreeBSD
           where the effective gid is not tracked separately and thus
           setgroups() changes the egid if this convention is not followed.
           Fixes bug #532
           [782d6909108b]
   
   2012-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Fix sh warning; use "test" instead of "["
           [c6ee3407f65e]
   
           * src/exec.c:
           When not logging I/O, use a signal handler that only forwards
           SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
           Fixes a race in the non-I/O logging path where the command may
           receive two keyboard-generated signals; one from the kernel and one
           from the sudo process.
           [9638684e786a]
   
           * src/exec.c:
           Back out change that put the command in its own pgrp when not
           logging I/O. It causes problems with pipelines.
           [4fc9c6e1e770]
   
   2012-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in, configure, configure.in:
           Only run compat regress tests on compat objects we actually build.
           Fixes "make check" in the compat dir for systems that don't
           implement character classes in fnmatch() or glob(). Bug #531
           [a7addc305e83]
   
   2012-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
           Update po files from translationproject.org
           [5ea066af1356]
   
 2012-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.pp:          * sudo.pp:
         Include parent directories in case they don't already exist. This          Include parent directories in case they don't already exist. This
         fixes a directory permissions problem with the AIX package when the          fixes a directory permissions problem with the AIX package when the
         /usr/local directories don't already exist.          /usr/local directories don't already exist.
           [a14f783dc827]
   
           * pp:
           sync with git version
           [2f79d0543661]
   
           * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
           regen dependencies
           [24c92ca6c64d]
   
           * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
           Move tty name lookup code to its own file.
           [58faf072cbf4]
   
   2012-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update with latest sudo 1.8.4 changes.
           [a4ffe4f42528]
   
           * config.h.in, configure, configure.in:
           Remove obsolete template for HAVE_TIMESPEC
           [75709007c906]
   
           * src/sudo.c:
           Add a check for devname() returning a fully-qualified pathname. None
           of the devname() implementations do this today but you never know
           when this might change.
           [16813ace38f9]
   
   2012-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           For "visudo -c" also list include files that were checked when
           everything is OK.
           [ad6f85b35c9c]
   
           * src/sudo.c:
           The device name returned by devname() does not include the /dev/
           prefix so we need to add it ourselves.
           [b55285abb7ed]
   
           * src/sudo.c:
           Add debug warning if KERN_PROC sysctl fails or devname() can't
           resolve the tty device to a name.
           [b5a23916ba3a]
   
           * common/sudo_debug.c:
           The result of writev() is never checked so just cast to NULL.
           [4be4e9b58d5b]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
           Update Esperanto, Finnish, Polish and Ukrainian translations from
           translationproject.org.
           [bb91bc6ad7e9]
   
   2012-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/sudo.c:
           Add support for determining tty via sysctl on other BSD variants.
           [fd15f63f719a]
   
           * configure, configure.in:
           Only check for struct kinfo_proc.ki_tdev on systems that support
           sysctl.
           [109b3f07a39d]
   
           * src/sudo.c:
           For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
           ttyname() of std{in,out,err}.
           [95969b70bd68]
   
   2012-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/sudo.c:
           On newer FreeBSD we can get the parent's tty name via sysctl().
           [3207290501ee]
   
           * plugins/sudoers/testsudoers.c:
           Include locale.h
           [a602cd0b8c2d]
   
           * src/sudo.c:
           Silence a gcc warning.
           [8c6d0e3cd534]
   
           * plugins/sudoers/bsm_audit.c:
           Need to include gettext.h and sudo_debug.h; from John Hein
           [447912aa7300]
   
           * plugins/sudoers/iolog.c:
           Initialize the debug framework from the I/O plugin too.
           [ce1bf44d96d2]
   
   2012-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/testsudoers.c:
           Enable debugging via sudo.conf.
           [d85669c749d0]
   
   2012-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Use SUDO_DEBUG_ALIAS for alias checking functions.
           [fb84af30dc76]
   
           * configure, configure.in:
           More complete test for getaddrinfo() that doesn't rely on the
           network libraries already being added to LIBS.
           [cbaf2369f4f0]
   
   2012-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/aix.c:
           Add debug support.
           [def1bdf24485]
   
           * configure, configure.in:
           Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
           [a2ea1c2eac61]
   
           * compat/getaddrinfo.c:
           Include errno.h and missing.h
           [7d15e17cc2f2]
   
           * .hgignore:
           ignore doc/varsub
           [417f9fc3231b]
   
           * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
           src/parse_args.c, src/sudo.c, src/sudo.h:
           Update copyright year.
           [5d0ffc7dd567]
   
           * NEWS:
           Update for sudo 1.8.4
           [841e3eff9844]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen pot files
           [c509cb45b66a]
   
           * plugins/sudoers/sudoreplay.c:
           Enable debugging via sudo.conf.
           [5087aaee8484]
   
           * plugins/sudoers/visudo.c:
           Enable debugging via sudo.conf.
           [04b067c16ed3]
   
           * plugins/sudoers/visudo.c:
           Allow "visudo -c" to work when we only have read-only access to the
           sudoers include files.
           [d8c6713fe5c1]
   
           * doc/sudo.pod, doc/visudo.pod:
           Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
           HISTORY section in sudo that points to HISTORY file.
           [d1f1bcb051c5]
   
           * doc/sudo.pod, doc/sudo_plugin.pod:
           Document Debug setting in sudo.conf and debug_flags in plugin.
           [acfc505aa4a9]
   
   2012-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/match.c:
           Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
           bug where a pattern like "/usr/*" include /usr/bin/ in the results,
           which would be incorrectly be interpreted as if the sudoers file had
           specified a directory. From Vitezslav Cizek.
           [0cdb6252188c]
   
           * INSTALL, config.h.in, configure, configure.in,
           plugins/sudoers/auth/kerb5.c:
           Add --enable-kerb5-instance configure option to allow people using
           Kerberos V authentication to use a custom instance. Adapted from a
           diff by Michael E Burr.
           [e83af8bb7aa7]
   
           * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
           Remove -D debug_level option.
           [cbcd05094347]
   
           * doc/LICENSE:
           Update copyright year.
           [9f43dd7aa852]
   
   2012-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           parse_error is now bool, not int
           [5ea7fb6fda38]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/parse.c:
           Print a more sensible error if yyparse() returns non-zero but
           yyerror() was not called.
           [d44ec88f1183]
   
           * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
           plugins/sudoers/gram.c:
           Replace y.tab.c with the correct filename in #line directives.
           [3c84fcb7e959]
   
   2012-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
           if the main process's fds 0-2 are not hooked up to a tty. Adapted
           from a diff by Zdenek Behan.
           [b9dfce12af85]
   
           * src/exec.c:
           When not logging I/O, put command in its own pgrp and make that the
           controlling pgrp if the command is in the foreground. Fixes a race
           in the non-I/O logging path where the command may receive two
           keyboard-generated signals; one from the kernel and one from the
           sudo process.
           [d0e263ce496c]
   
   2011-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo_edit.c:
           Quiet a bogus gcc warning.
           [2009669e0608]
   
           * src/parse_args.c, src/sudo.h:
           Fix warnings related to sudo.conf accessors.
           [08ddc29ba50b]
   
           * common/sudo_conf.c, include/sudo_conf.h:
           Separate sudo.conf parsing from plugin loading and move the parse
           functions into the common lib so that visudo, etc. can use them.
           [f1fc659a8079]
   
           * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
           src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
           Separate sudo.conf parsing from plugin loading and move the parse
           functions into the common lib so that visudo, etc. can use them.
           [e1f2cf6bd57a]
   
           * doc/sudoers.pod, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/sudoers.c, src/sudo.c:
           Remove support for noexec_file in sudoers and the plugin API
           [3e2fd58879b5]
   
           * plugins/sudoers/sudoers.c:
           Don't dump interfaces if there are none.
           [9081bb4d3e9e]
   
           * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
           Add missing %s printf escape to the group_plugin, iolog_dir and
           iolog_file descriptions.
           [7db03f2b737e]
   
   2011-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
           Fix typo in visiblepw description; from Joel Pickett
           [2fb4b26d5c2c]
   
   2011-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, configure, configure.in, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
           plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, src/sudo.c:
           When running a login shell with a login_class specified, use
           LOGIN_SETENV instead of rolling our own login.conf setenv support
           since FreeBSD's login.conf has more than just setenv capabilities.
           This requires us to swap the plugin-provided envp for the global
           environ before calling setusercontext() and then stash the resulting
           environ pointer back into the command details, which is kind of a
           hack.
           [ad4f1190143b]
   
           * plugins/sudoers/Makefile.in:
           If srcdir is "." just use the basename of the yacc/lex file when
           generating the C version. This matches the generated files currently
           in the repo.
           [0b11c3df87a8]
   
           * doc/Makefile.in, plugins/sudoers/Makefile.in:
           Clean up the DEVEL noise
           [9de2afe457fd]
   
           * src/exec.c:
           Handle different Unix domain socket (actually socketpair) semantics
           in BSD vs. Linux. In BSD if one end of the socketpair goes away
           select() returns the fd as readable and the read will fail with
           ECONNRESET. This doesn't appear to happen on Linux so if we notice
           that the monitor process has died when I/O logging is enabled,
           behave like the command has exited. This means we log the wait
           status of the monitor, not the command, but there is nothing else we
           can do at that point. This should only be an issue if SIGKILL is
           sent to the monitor process.
           [818e82ecbbfc]
   
           * src/exec_pty.c:
           Catch common signals in the monitor process so they get passed to
           the command. Fixes a problem when the entire login session is killed
           when ssh is disconnected or the terminal window is closed.
           Previously, the monitor would exit and plugin's close method would
           not be called.
           [0e4658263138]
   
           * INSTALL, configure, configure.in:
           Mention how to configure pam_hpsec on HP-UX to play nicely with
           sudo.
           [a7294cd8ce98]
   
   2011-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Escape values in the search expression as per RFC 4515.
           [c2adbc5db92b]
   
           * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
           plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
           src/Makefile.in:
           No need for install target to depend explicitly on install-dirs, the
           install-foo targets all depend on it.
           [62a36ed98279]
   
   2011-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * .hgignore:
           ignore src/sesh
           [463d492f6782]
   
           * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
           plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
           plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, src/Makefile.in:
           Add support for setenv entries in login.conf. We can't use
           LOGIN_SETENV since the plugin sets up the envp the command is
           executed with. Also regen the Makefile.in files while here. Fixes
           bug #527
           [088d507926e2]
   
   2011-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
           config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
           src/net_ifs.c:
           Add getaddrinfo() for those without it, written by Russ Allbery
           [4cf9ac831222]
   
           * doc/Makefile.in:
           Restore PACKAGE_TARNAME, it is used in docdir
           [9d65e893edb1]
   
           * MANIFEST, compat/stdbool.h:
           SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
           the MANIFEST
           [e67700dc5621]
   
           * common/atobool.c, common/term.c, src/exec.c:
           Remove duplicate return statements.
           [48a20d5215fd]
   
           * plugins/sudoers/auth/bsdauth.c:
           Remove inaccurate comment
           [e7f0265cf657]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
           Fetch the login class for the user we authenticate specifically when
           using BSD authentication. That user may have a different login class
           than what we will use to run the command. When setting the login
           class for the command, use the target user's struct passwd, not the
           invoking user's. Fixes bug 526
           [21bf0af892f7]
   
           * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
           plugins/sudoers/Makefile.in:
           Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
           [8ee6e0891f27]
   
           * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Fix "make check" fallout from the sudo_conv changes in sudo_debug.
           [b0aaa63c9081]
   
           * common/fileops.c, common/sudo_debug.c, configure, configure.in,
           include/fileops.h, plugins/sample/Makefile.in,
           plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
           plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
           plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/env.c, plugins/sudoers/find_path.c,
           plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
           plugins/sudoers/ldap.c, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
           plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
           src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
           src/sudo_plugin_int.h, src/utmp.c:
           Use stdbool.h instead of rolling our own TRUE/FALSE macros.
           [dcb0bbc42fc9]
   
   2011-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/stdbool.h, config.h.in, configure, configure.in:
           Add stdbool.h for systems without it.
           [18bd9dda1dcd]
   
           * aclocal.m4, config.h.in, configure, configure.in:
           No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
           includes have unistd.h in them. Add check for socklen_t for upcoming
           getaddrinfo compat.
           [d705465bef69]
   
           * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
           configure.in, plugins/sudoers/interfaces.c,
           plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
           plugins/sudoers/sudoreplay.c, src/net_ifs.c:
           Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
           HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
           [fa187c9bd2be]
   
           * src/sudo_noexec.c:
           No longer need to include time.h here as missing.h does not use
           time_t.
           [fa3a089bf5b1]
   
   2011-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Fix mode on sudoers as needed when the -f option is not specified.
           [7a1c40b0dc03]
   
           * MANIFEST, src/po/sr.mo, src/po/sr.po:
           Add Serbian translation for sudo from translationproject.org
           [9a0c25e25cba]
   
           * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
           src/parse_args.c:
           No longer pass debug_file to plugin, plugins must now use
           CONV_DEBUG_MSG
           [810cda1abb0b]
   
           * mkpkg:
           Build PIE executables for newer Debian and Ubuntu
           [1c5f25f8904a]
   
           * common/sudo_debug.c:
           Include time.h for ctime() prototype.
           [10090cf3bca1]
   
   2011-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
           src/exec_pty.c:
           Do not close error pipe or debug fd via closefrom() as we need them
           to report an exec error should one occur.
           [732f6587fafa]
   
           * doc/sudoers.ldap.pod:
           Document that a sudoUser may now be a group ID.
           [2fef46b9d3d3]
   
           * plugins/sudoers/ldap.c:
           Add support for permitting access by group ID in addition to group
           name.
           [b9450fdf1f69]
   
           * plugins/sudoers/ldap.c:
           Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
           [d62a1e7cff4f]
   
           * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
           Replace UCB fnmatch.c with a non-recursive version written by
           William A. Rowe Jr.
           [354d3384adb8]
   
           * plugins/sudoers/auth/pam.c:
           Fix typo, return_debug vs. debug_return
           [1b522efcbb0d]
   
   2011-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
           Update Japanese sudoers translation from translationproject.org
           [ec0f2beaad36]
   
           * doc/sudoers.pod:
           Make the env_reset descriptions consistent.
           [41c056f02688]
   
   2011-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Do multiple expansion when expanding paths to the noexec file, sesh
           and the plugin directory. Adapted from a diff by Mike Frysinger
           [d7e16c876c66]
   
           * common/Makefile.in:
           regen
           [9d729e09c186]
   
   2011-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * .hgignore:
           Add ignore file; from Mike Frysinger
           [1fa8d52425f8]
   
           * mkdep.pl:
           no longer save old Makefile.in to .old
           [378dd2395545]
   
           * plugins/sudoers/Makefile.in, src/Makefile.in:
           regen
           [769faf517720]
   
           * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
           m4/ltoptions.m4, m4/ltversion.m4:
           Update to libtool 2.4.2
           [9dac78d84b4f]
   
   2011-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers_version.h:
           Bump grammar version for #include and #includedir relative path
           support.
           [82a4f7cd8f71]
   
   2011-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Add support for relative paths in #include and #includedir
           [4d6e3bd0c24f]
   
           * plugins/sudoers/Makefile.in:
           Fix install-plugin when shared objects are unsupported or disabled.
           [cbdd770a7a1b]
   
           * plugins/sudoers/goodpath.c:
           Don't write to sbp if it is NULL
           [fc438f8e8570]
   
   2011-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in:
           Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
           only install matching .mo files
           [c1dc30ab4ebc]
   
   2011-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/sudoers.c, src/conversation.c:
           Fix non-dynamic (no dlopen) sudo build.
           [b0bd3fa925a3]
   
           * configure, configure.in:
           Don't error out if the user specified --disable-shared
           [cf035dd1e5cc]
   
           * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/conversation.c:
           Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
           the debug file.
           [640c62f83251]
   
           * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
           plugins/sudoers/sudoers.h:
           Make sudo_goodpath() return value bolean
           [fea2d59a6e55]
   
           * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
           Remove obsolete securid auth method.
           [4e54f860214b]
   
           * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
           plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/auth/sudo_auth.h:
           Prefix authentication functions with a "sudo_" prefix to avoid
           namespace problems.
           [581d74063ea1]
   
           * INSTALL, MANIFEST, config.h.in, configure, configure.in,
           doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
           Remove the old Kerberos IV support
           [2e4b4a44209d]
   
   2011-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           Don't print garbage at the end of the custom lecture.
           [44bb788fafaa]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Add lexer tracing as debug@parser
           [d850f3f9d414]
   
           * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
           plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c:
           Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
           <def_data.h> and not "def_data.h" when generating the parser in a
           build dir.
           [7da701def753]
   
   2011-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkdep.pl, plugins/sudoers/Makefile.in:
           Better devdir support in mkdep.pl
           [7dcec57bd155]
   
           * plugins/sudoers/Makefile.in:
           Add devdir before srcdir in include path and fix up dependecies
           accordingly.
           [6e9958eca485]
   
           * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
           plugins/sudoers/defaults.h, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
           #include "gram.h" not <gram.h> and "def_data.h" and not
           <def_data.h>.
           [003bdb078a15]
   
           * sudo.pp:
           Mark libexec files as optional. If we build without shared object
           support, libexec is not used.
           [4bffcf482219]
   
           * src/load_plugins.c:
           Change Debug sudo.conf setting to take a program name as the first
           argument. In the future, this will allow visudo and sudoreplay to
           use their own Debug entries.
           [cfb8f7e4867c]
   
           * src/sudo.c:
           fix sudo_debug_printf priority
           [dcb67e965609]
   
           * plugins/sudoers/sudoers.c:
           add missing debug_return_int
           [d88ec450c592]
   
   2011-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
           Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
           [dcee8efc294f]
   
           * doc/UPGRADE:
           Add missing word in HOME security note.
           [fd844fdcc1ac]
   
           * plugins/sudoers/testsudoers.c:
           Prevent "testsudoers -d username" from trying to malloc(0).
           [839126e56e8c]
   
   2011-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/sudoers/test10.in,
           plugins/sudoers/regress/sudoers/test10.out.ok,
           plugins/sudoers/regress/sudoers/test10.toke.ok,
           plugins/sudoers/regress/sudoers/test10.toke.out.ok,
           plugins/sudoers/regress/sudoers/test11.in,
           plugins/sudoers/regress/sudoers/test11.out.ok,
           plugins/sudoers/regress/sudoers/test11.toke.ok,
           plugins/sudoers/regress/sudoers/test11.toke.out.ok,
           plugins/sudoers/regress/sudoers/test12.in,
           plugins/sudoers/regress/sudoers/test12.out.ok,
           plugins/sudoers/regress/sudoers/test12.toke.ok,
           plugins/sudoers/regress/sudoers/test13.in,
           plugins/sudoers/regress/sudoers/test13.out.ok,
           plugins/sudoers/regress/sudoers/test13.toke.ok,
           plugins/sudoers/regress/sudoers/test9.in,
           plugins/sudoers/regress/sudoers/test9.out.ok,
           plugins/sudoers/regress/sudoers/test9.toke.ok,
           plugins/sudoers/regress/sudoers/test9.toke.out.ok:
           Tests for empty sudoers (should parse OK) and syntax errors within a
           line (should report correct line number) both with and without the
           trailing newline.
           [d57c879c4718]
   
           * plugins/sudoers/regress/sudoers/test4.out.ok,
           plugins/sudoers/regress/sudoers/test5.out.ok,
           plugins/sudoers/regress/sudoers/test7.out.ok,
           plugins/sudoers/regress/sudoers/test8.out.ok,
           plugins/sudoers/testsudoers.c:
           Print line number when there is a parser error.
           [5444ef6ac6dc]
   
   2011-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Keep track of the last token returned. On error, if the last token
           was COMMENT, decrement sudolineno since the error most likely
           occurred on the preceding line. Previously we always uses
           sudolineno-1 which will give the wrong line number for errors within
           a line.
           [d661a03a64da]
   
   2011-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           update with sudo 1.8.3p1 info
           [0f79ff31f602]
   
           * plugins/sudoers/sudoers.c:
           Fix crash when "sudo -g group -i" is run. Fixes bug 521
           [a3087ae337c4]
   
   2011-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Make alias_remove_recursive() return TRUE/FALSE as its callers
           expect and remove two unused arguments. Fixes bug 519.
           [2ee3b2882844]
   
           * plugins/sudoers/regress/visudo/test1.out.ok,
           plugins/sudoers/regress/visudo/test1.sh:
           Add regress test for bugzilla 519
           [48000ebedf97]
   
           * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Disable warning/error wrapping in regress tests.
           [373c589ba561]
   
 2011-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in:
           Do compile-po as part of sync-po so that the .mo files get rebuild
           automatically when we sync with translationproject.org
           [83f3cbfc2f33]
   
         * plugins/sudoers/Makefile.in:          * plugins/sudoers/Makefile.in:
         check_addr needs to link with the network libraries on Solaris          check_addr needs to link with the network libraries on Solaris
         [322bd70e316e]          [322bd70e316e]
Line 29 Line 8808
         process. Fixes a crash in the monitor on Solaris; bugzilla #518          process. Fixes a crash in the monitor on Solaris; bugzilla #518
         [e82809f86fb3]          [e82809f86fb3]
   
2011-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>2011-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * .hgtags:        * src/exec.c:
        Added tag SUDO_1_8_3 for changeset 82bec4d3a203        Get rid of done: label. If the child exits we still need to close
        [6c953ef6f577] <1.8>        the pty, update utmp and restore the SELinux tty context.
         [cc127bf48405]
   
        * Update Japanese sudoers translation from translationproject.org2011-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
        [82bec4d3a203] [SUDO_1_8_3] <1.8> 
   
           * common/Makefile.in, common/atobool.c, common/fileops.c,
           common/fmt_string.c, common/lbuf.c, common/list.c,
           common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
           plugins/sudoers/alias.c, plugins/sudoers/audit.c,
           plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
           plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
           plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
           plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
           plugins/sudoers/defaults.c, plugins/sudoers/env.c,
           plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
           plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
           plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
           plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
           src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
           src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
           src/tgetpass.c, src/ttysize.c, src/utmp.c:
           Add debug_decl/debug_return (almost) everywhere. Remove old
           sudo_debug() and convert users to sudo_debug_printf().
           [8f3bbf907b67]
   
           * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c, src/error.c:
           Wrap error/errorx and warning/warningx functions with debug
           statements. Disable wrapping for standalone sudoers programs as well
           as memory allocation functions (to avoid infinite recursion).
           [562ed7b5ae8d]
   
           * README, config.h.in, configure, configure.in:
           Add checks for __func__ and __FUNCTION__ and mention that we now
           require a cpp that supports variadic macros.
           [314cfe4c5d23]
   
           * MANIFEST, common/Makefile.in, common/sudo_debug.c,
           include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
           src/load_plugins.c, src/parse_args.c, src/sudo.c,
           src/sudo_plugin_int.h:
           New debug framework for sudo and plugins using /etc/sudo.conf that
           also supports function call tracing.
           [cded741e9f10]
   
   2011-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
           Update Japanese sudoers translation from translationproject.org
           [c24725775e32]
   
 2011-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Override and ignore the --disable-static option. Sudo already runs          Override and ignore the --disable-static option. Sudo already runs
         libtool with -tag=disable-static where applicable and we need non-          libtool with -tag=disable-static where applicable and we need non-
         PIC objects to build the executables.          PIC objects to build the executables.
        [dff177464029] <1.8>        [aff1227b853a]
   
 2011-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * NEWS:          * NEWS:
         Add sudoedit fix          Add sudoedit fix
        [3238dc7e4fb2] <1.8>        [74655c7ccad1]
   
         * plugins/sudoers/po/sudoers.pot:          * plugins/sudoers/po/sudoers.pot:
         regen pot files          regen pot files
        [7981d6cbf1ab] <1.8>        [28d89a831ed3]
   
        * Ignore set_logname (which is now the default) for sudoedit since we        * plugins/sudoers/env.c:
         Ignore set_logname (which is now the default) for sudoedit since we
         want the LOGNAME, USER and USERNAME environment variables to refer          want the LOGNAME, USER and USERNAME environment variables to refer
         to the calling user since that is who the editor runs as. This          to the calling user since that is who the editor runs as. This
         allows the editor to find the user's startup files. Fixes bugzilla          allows the editor to find the user's startup files. Fixes bugzilla
         #515          #515
        [3b9486e5fddb] <1.8>        [6c5dddf5ff05]
   
        * Instead of trying to grow the buffer in make_grlist_item(), simply        * plugins/sudoers/pwutil.c:
         Instead of trying to grow the buffer in make_grlist_item(), simply
         increase the total length, free the old buffer and allocate a new          increase the total length, free the old buffer and allocate a new
        one. This is less error prone and saves us from having to adjust        one. This is less error prone and saves us from having to adjust all
        all the pointers in the buffer. This code path is only taken when        the pointers in the buffer. This code path is only taken when there
        there are groups longer than the length of the user field in struct        are groups longer than the length of the user field in struct utmp
        utmp or utmpx, which should be quite rare.        or utmpx, which should be quite rare.
        [cb7c5ac834b5] <1.8>        [5587dc8cffaf]
   
        * Add Italian translation for sudo from translationproject.org        * src/po/it.mo:
        [c7876fccbc38] <1.8>        Add Italian translation for sudo from translationproject.org
         [1b3dd886e7e3]
   
        * NEWS:        * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
         src/po/ja.mo, src/po/ja.po:
         Japanese translation for sudo and sudoers from          Japanese translation for sudo and sudoers from
         translationproject.org          translationproject.org
        [9945a3ef7ff7] <1.8>        [c06dd866be6e]
   
 2011-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * sudoreplay depends on timestr.lo too; from Mike Frysinger        * plugins/sudoers/Makefile.in:
        [ad9ae493205f] <1.8>        sudoreplay depends on timestr.lo too; from Mike Frysinger
         [b9e73214b2f1]
   
 2011-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * plugins/sudoers/po/sudoers.pot:          * plugins/sudoers/po/sudoers.pot:
         Regen sudoers pot file.          Regen sudoers pot file.
        [2c4d99361994] <1.8>        [019588bafdb3]
   
         * NEWS:          * NEWS:
         Update with latest sudo 1.8.3 news          Update with latest sudo 1.8.3 news
        [4e7f59d339d4] <1.8>        [6868042a88e9]
   
        * ldap_start_tls_s() on Debian (at least) sets the effective and saved        * plugins/sudoers/sudoers.c:
        uids to the same value as the real uid. This prevents sudo from        It appears that LDAP or NSS may modify the euid so we need to be
        setting the uid or gid later on. As a workaround, we now set perms        root for the open(). We restore the old perms at the end of
        to root during sudoers_policy_open().        sudoers_policy_open().
        [eb4c4f15833a] <1.8>        [2da67a5497ef]
   
        * Better warning message on setuid() failure for the setreuid()        * plugins/sudoers/set_perms.c:
         Better warning message on setuid() failure for the setreuid()
         version of set_perms().          version of set_perms().
        [308c72f601e4] <1.8>        [07abcfe7bd9a]
   
 2011-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS:  
         Combine new translations in NEWS item  
         [0aa07471a5e6] <1.8>  
   
 2011-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Delref auth_pw at the end of check_user() instead of getting a ref        * plugins/sudoers/check.c:
         Delref auth_pw at the end of check_user() instead of getting a ref
         twice.          twice.
        [1c882f2fb46c] <1.8>        [cb665f55e6a5]
   
        * Make sudo_auth_{init,cleanup} return TRUE on success and check for        * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
         Make sudo_auth_{init,cleanup} return TRUE on success and check for
         sudo_auth_init() return value in check_user().          sudo_auth_init() return value in check_user().
        [573bf35ecac9] <1.8>        [92631c919356]
   
        * Do not return without restoring permissions.        * plugins/sudoers/auth/sudo_auth.c:
        [2444a0b96469] <1.8>        Do not return without restoring permissions.
         [59ef40b6696a]
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:          * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         regen pot files          regen pot files
        [d286bce8dbb1] <1.8>        [9f320a340b7c]
   
        * NEWS:        * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
        Update for latest release candidate        plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
        [63d184ba6263] <1.8>        plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
        plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
        regen pot files        plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
        [ac3ec1315df7] <1.8>        plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
        plugins/sudoers/sudoers.h:
        * Modify the authentication API such that the init and cleanup        Modify the authentication API such that the init and cleanup
         functions are always called, regardless of whether or not we are          functions are always called, regardless of whether or not we are
         going to verify a password. This is needed for proper PAM session          going to verify a password. This is needed for proper PAM session
         support.          support.
        [ea281ca46d94] <1.8>        [19a53f3fb596]
   
        * Add missing dependency for getspwgen other depends.        * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
        [9c124272910d] <1.8>        Add missing dependency for getspwuid.lo and regen other depends.
         [f7f70eae819a]
   
        * Fix a PAM_USER mismatch in session open/close. We update PAM_USER        * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
        to the target user immediately before setting resource limits, which        plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
        is after the monitor process has forked (so it has the old value).        Fix a PAM_USER mismatch in session open/close. We update PAM_USER to
         the target user immediately before setting resource limits, which is
         after the monitor process has forked (so it has the old value).
         Also, if the user did not authenticate, there is no pamh in the          Also, if the user did not authenticate, there is no pamh in the
         monitor so we need to init pam here too. This means we end up          monitor so we need to init pam here too. This means we end up
         calling pam_start() twice, which should be fixed, but at least the          calling pam_start() twice, which should be fixed, but at least the
         session is always properly closed now.          session is always properly closed now.
        [d0866ee5f190] <1.8>        [fbc063a2a872]
   
        * Add check for old being NULL in utmp_setid(); from Steven McDonald        * src/utmp.c:
        [30cc283ac2b4] <1.8>        Add check for old being NULL in utmp_setid(); from Steven McDonald
         [e87126442f2e]
   
 2011-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * If the invoking user cannot be resolved by uid fake the struct        * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h:
         If the invoking user cannot be resolved by uid fake the struct
         passwd and store it in the cache so we can delref it on exit.          passwd and store it in the cache so we can delref it on exit.
        [19d44f44d45d] <1.8>        [a27e2f8b9f5e]
   
 2011-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't error out if the group plugin cannot be loaded, just warn.        * plugins/sudoers/sudoers.c:
        [e91d9912c9a0] <1.8>        Don't error out if the group plugin cannot be loaded, just warn.
         [0fbfcd381e33]
   
 2011-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Quiet a false positive found by several static analysis tools. These        * plugins/sudoers/sudoers.c:
         Quiet a false positive found by several static analysis tools. These
         tools don't know that log_error() does not return (it longjmps to          tools don't know that log_error() does not return (it longjmps to
         error_jmp which returns to the sudo front-end).          error_jmp which returns to the sudo front-end).
        [3cc319e31ed6] <1.8>        [33d0469df21b]
   
 2011-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Italian translation for sudo from translationproject.org Regen        * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
         plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
         plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
         Add Italian translation for sudo from translationproject.org Regen
         .mo files          .mo files
        [c0b27f9d7e57] <1.8>        [c3c888a82be6]
   
         * .hgtags:  
         Added tag SUDO_1_8_2 for changeset 3682e51af1d0  
         [f0be566e9ea2] <1.8>  
   
 2011-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update to current reality and add bit about ssh auth        * doc/TROUBLESHOOTING:
        [48dcb86ce9be] <1.8>        Update to current reality and add bit about ssh auth
         [184a1e7c2eeb]
   
        * Make "verbose" static; fixes a namespace clash with        * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
         Make "verbose" static; fixes a namespace clash with
         pam_ssh_agent_auth (and it doesn't need to be extern these days).          pam_ssh_agent_auth (and it doesn't need to be extern these days).
        [b60fdd82de94] <1.8>        [cc38d2eb2f4c]
   
        * configure, configure.in:        * config.h.in, configure, configure.in, src/get_pty.c:
         FreeBSD has libutil.h not util.h          FreeBSD has libutil.h not util.h
        [c03b121e0193] <1.8>        [dab4c94b6d4f]
   
         * configure, configure.in:          * configure, configure.in:
         Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD          Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
        [002e3e0bb173] <1.8>        [41c362f0a92a]
   
        * Update po files from translationproject.org2011-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
        [2b36af902213] <1.8> 
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
           Update po files from translationproject.org
           [1e99e147c7fa]
   
 2011-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * NEWS:        * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
        Mention DEREF support 
        [dfeb152f1686] <1.8> 
 
        * plugins/sudoers/po/sudoers.pot: 
        sync pot files 
        [1fba22e927a3] <1.8> 
 
        * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: 
         Add support for DEREF in ldap.conf.          Add support for DEREF in ldap.conf.
        [fe1cf6ad0add] <1.8>        [3c1937a98547]
   
         * Makefile.in:          * Makefile.in:
         install target should depend on ChangeLog too, not just install-doc          install target should depend on ChangeLog too, not just install-doc
        [f54e2ab633b8] <1.8>        [1a7c83941175]
   
        * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:        * doc/sudoers.pod:
         Only iolog_file (not iolog_dir) supports mktemp-style suffixes.          Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
        [44a25099594e] <1.8>        [0eca47d60a2c]
   
        * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        * NEWS:
        regen pot files        Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
        [e14ee85cf49b] <1.8>        [0501415cc5ff]
   
           * doc/UPGRADE:
           Document group lookup change and possible side effects.
           [585743e1ebf7]
   
         * configure, configure.in:          * configure, configure.in:
         Fix some square brackets in case statements that needed to be          Fix some square brackets in case statements that needed to be
         doubled up. While here, use $OSMAJOR when it makes sense.          doubled up. While here, use $OSMAJOR when it makes sense.
        [853c6e5f994c] <1.8>        [8973343f4696]
   
        * Fix a crash in make_grlist_item() on 64-bit machines with strict        * plugins/sudoers/pwutil.c:
         Fix a crash in make_grlist_item() on 64-bit machines with strict
         alignment.          alignment.
        [e877c89ae32f] <1.8>        [c89508c73c46]
   
        * Remove list_options() function that is no longer used now that "sudo        * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
         Remove list_options() function that is no longer used now that "sudo
         -L" is gone.          -L" is gone.
        [f31543c80b98] <1.8>        [fcc6a776c135]
   
         * configure, configure.in:          * configure, configure.in:
         Error message if user tries --with-CC          Error message if user tries --with-CC
        [0ed7558b8924] <1.8>        [ec5b478f813a]
   
         * configure, configure.in:          * configure, configure.in:
         Check for -libmldap too when looking for ldap libs, which is the          Check for -libmldap too when looking for ldap libs, which is the
         Tivoli Directory Server client library.          Tivoli Directory Server client library.
        [831e32d1453c] <1.8>        [bb3007a97206]
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:  
         regen pot files for 1.8.3  
         [df2fb085cff2] <1.8>  
   
         * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,  
         doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,  
         doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,  
         doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,  
         doc/visudo.man.in:  
         Update for version 1.8.3  
         [38cf153add0a] <1.8>  
   
 2011-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Honor NOPASSWD tag for denied commands too.        * plugins/sudoers/parse.c:
        [f473c443ad54] <1.8>        Honor NOPASSWD tag for denied commands too.
         [8dd92656db92]
   
   2011-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Remove --with-CC option; it doesn't work correctly now that we use          Remove --with-CC option; it doesn't work correctly now that we use
        libtool. Users can get the same effect by setting the CC        libtool. Users can get the same effect by setting the CC environment
        environment variable when running configure.        variable when running configure.
        [4f04869d74fd] <1.8>        [ec22bd1a55e0]
   
 2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
         src/sudo_edit.c:
         Assume all modern systems support fstat(2).          Assume all modern systems support fstat(2).
        [0422b19dced3] <1.8>        [6a5a8985f6a0]
   
 2011-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * compat/regress/glob/globtest.c, config.h.in, configure,
         configure.in, include/missing.h, plugins/sudoers/sudoers.h,
         src/sudo.h, src/sudo_noexec.c:
         Add configure test for missing errno declaration and only declare it          Add configure test for missing errno declaration and only declare it
         ourselves if it is missing.          ourselves if it is missing.
        [6d26974f7e16] <1.8>        [456e76c809a2]
   
        * Include errno.h before sudo.h to avoid conflicting with the system        * plugins/sudoers/alias.c:
         Include errno.h before sudo.h to avoid conflicting with the system
         definition of errno.          definition of errno.
        [8000bdc0968f] <1.8>        [d0b97e392512]
   
 2011-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Only print individual check status when there is a failure.        * plugins/sudoers/regress/parser/check_addr.c:
        [bbdd669e7615] <1.8>        Only print individual check status when there is a failure.
         [2ac704c91441]
   
        * Add calls to setprogname() for test programs.        * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
        [c721f3466a3a] <1.8>        plugins/sudoers/regress/logging/check_wrap.c,
         plugins/sudoers/regress/parser/check_addr.c:
         Add calls to setprogname() for test programs.
         [a8d9b420e826]
   
         * configure, configure.in:          * configure, configure.in:
         Add -Wall and -Werror after all tests so they don't cause failures.          Add -Wall and -Werror after all tests so they don't cause failures.
        [20d75ce40086] <1.8>        [2661188ff3fa]
   
        * Actually run check_addr in the check target        * plugins/sudoers/Makefile.in:
        [dcd96ef0dc57] <1.8>        Actually run check_addr in the check target
         [0b2778bc86bf]
   
        * Split out address matching into its own file and add regression        * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
         plugins/sudoers/match_addr.c,
         plugins/sudoers/regress/parser/check_addr.c,
         plugins/sudoers/regress/parser/check_addr.in:
         Split out address matching into its own file and add regression
         tests for it.          tests for it.
        [863f28589c24] <1.8>        [12b9a2bf8dba]
   
 2011-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix matching a network number with netmask when the network number        * plugins/sudoers/match.c:
        is not the first address in the CIDR block.        When matching an address with a netmask in sudoers, AND the mask and
        [719942c986e9] <1.8>        addr before checking against the local addresses.
         [9747bb6d7b1c]
   
 2011-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't assume all editors support the +linenumber command line        * plugins/sudoers/match.c:
         Fix netmask matching.
         [a3c8f8cc1464]
 
         * plugins/sudoers/visudo.c:
         Don't assume all editors support the +linenumber command line
         argument, use a whitelist of known good editors.          argument, use a whitelist of known good editors.
        [d8d884af3b05] <1.8>        [21d43a91fd10]
   
 2011-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Silence compiler warnings on Solaris with gcc 3.4.3        * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
        [8047cdb5d6a1] <1.8>        src/exec_pty.c, src/sudo.c:
         Silence compiler warnings on Solaris with gcc 3.4.3
         [da620bae6fdb]
   
        * Fix building on RHEL 3        * mkpkg:
        [6bb0464a7450] <1.8>        Fix building on RHEL 3
         [f3227fb2a252]
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Add --enable-werror configure option.          Add --enable-werror configure option.
        [aa40fd459836] <1.8>        [fec2cdb95543]
   
        * setgroups() proto lives in grp.h on RHEL4, perhaps others.        * common/setgroups.c:
        [92f98cbaebf0] <1.8>        setgroups() proto lives in grp.h on RHEL4, perhaps others.
         [de91c0de5a98]
   
         * configure, configure.in:          * configure, configure.in:
         Use PAM by default on AIX 6 and higher.          Use PAM by default on AIX 6 and higher.
        [7ef53d5ac819] <1.8>        [e16493208e5f]
   
 2011-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add new Esperanto translation from translationproject.org        * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
        [109ed683b885] <1.8>        src/po/eo.mo, src/po/eo.po:
         Add new Esperanto translation from translationproject.org
         [0d9a59e04c64]
   
 2011-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Quiet an innocuous valgrind warning.        * plugins/sudoers/iolog_path.c:
        [fc453e49f9dd] <1.8>        Quiet an innocuous valgrind warning.
         [0582b6027161]
   
 2011-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix expansion of strftime() escapes in log_dir and add a regress        * plugins/sudoers/iolog_path.c,
         plugins/sudoers/regress/iolog_path/data:
         Fix expansion of strftime() escapes in log_dir and add a regress
         test that exhibited the problem.          test that exhibited the problem.
        [784e60d21f11] <1.8>        [a5c7c1c4c589]
   
        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        * plugins/sudoers/Makefile.in:
         Fix "make check" return value.          Fix "make check" return value.
        [d3608efd8da6] <1.8>        [33b58e175230]
   
 2011-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * plugins/sudoers/po/sudoers.pot:        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         Regen pot files          Regen pot files
        [3682e51af1d0] [SUDO_1_8_2] <1.8>        [063841aac19b]
   
         * Makefile.in:          * Makefile.in:
         Fix logic inversion in pot file up to date check.          Fix logic inversion in pot file up to date check.
        [343dbbca9422] <1.8>        [f6a8ca8654df]
   
         * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,  
         doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,  
         doc/visudo.cat, doc/visudo.man.in:  
         regen docs  
         [96234478bde2] <1.8>  
   
 2011-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Add caching for gettext() checks.          Add caching for gettext() checks.
        [4039d21424c3] <1.8>        [01b7200f6105]
   
         * configure, configure.in:          * configure, configure.in:
         Better handling of libintl header and library mismatch.          Better handling of libintl header and library mismatch.
        [cc9faee8e486] <1.8>        [9a49b1d4db69]
   
 2011-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS:  
         sync  
         [73649a44d934] <1.8>  
   
 2011-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Also check sudoers gid if sudoers is group writable.        * plugins/sudoers/sudoers.c:
        [3d345347f6ac] <1.8>        Also check sudoers gid if sudoers is group writable.
         [23ef96ca0d33]
   
         * NEWS:  
         Update for 1.8.2 final  
         [441c22fea363] <1.8>  
   
 2011-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         If dlopen is present but libtool doesn't find it, error out since it          If dlopen is present but libtool doesn't find it, error out since it
         probably means that libtool doesn't support the system.          probably means that libtool doesn't support the system.
        [6fc7c0de4f6d] <1.8>        [a9da0a5f7941]
   
        * configure args on the command line should override builtin defaults.        * mkpkg:
         configure args on the command line should override builtin defaults.
         Disable NLS for non-Linux/Solaris unless explicitly enabled.          Disable NLS for non-Linux/Solaris unless explicitly enabled.
        [0ef165f892c2] <1.8>        [b2fb05614504]
   
        * Fix loop that calls authenticate(). If there was an error message        * plugins/sudoers/auth/aix_auth.c:
         Fix loop that calls authenticate(). If there was an error message
         from authenticate(), display it.          from authenticate(), display it.
        [f0686011ff2e] <1.8>        [063a0c4f0b9a]
   
 2011-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * m4/libtool.m4, m4/ltversion.m4:
         Update to autoconf 2.68 and libtool 2.4          Update to autoconf 2.68 and libtool 2.4
        [00df5f3647e1] <1.8>        [5a912a6eb67b]
   
        * Fix typo; OPT should be OTP        * config.guess, config.sub, configure, configure.in, ltmain.sh:
        [31da1f989740] <1.8>        Update to autoconf 2.68 and libtool 2.4
         [931ab56aecf6]
   
        * Rename libsudoers convenience library to libparsesudoers to avoid        * doc/sudoers.pod:
         Fix typo; OPT should be OTP
         [e97bd2e46544]
 
         * plugins/sudoers/Makefile.in:
         Rename libsudoers convenience library to libparsesudoers to avoid
         libtool confusion.          libtool confusion.
        [e9ae9d611dd5] <1.8>        [2a89a613f537]
   
 2011-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Danish sudoers translation from translationproject.org        * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
        [fa9cd9758249] <1.8>        Add Danish sudoers translation from translationproject.org
         [27b96e85eb13]
   
        * Add dedicated callback function for runas_default sudoers setting        * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
         Add dedicated callback function for runas_default sudoers setting
         that only sets runas_pw if no runas user or group was specified by          that only sets runas_pw if no runas user or group was specified by
         the user.          the user.
        [3fb4b18525de] <1.8>        [b8382d8eea34]
   
 2011-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update Finish, Polish, Russian and Ukrainian translations from        * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
         plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
         plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
         src/po/ru.po:
         Update Finish, Polish, Russian and Ukrainian translations from
         translationproject.org.          translationproject.org.
        [0fcd8f6aff0a] <1.8>        [f9339aff664e]
   
        * Makefile.in:        * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
         plugins/sudoers/testsudoers.c:
         Go back to using a callback for runas_default to keep runas_pw in          Go back to using a callback for runas_default to keep runas_pw in
         sync. This is needed to make per-entry runas_default settings work          sync. This is needed to make per-entry runas_default settings work
         with LDAP-based sudoers. Instead of declaring it a callback in          with LDAP-based sudoers. Instead of declaring it a callback in
         def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a          def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
         bit naughty, but avoids requiring stub functions in visudo and the          bit naughty, but avoids requiring stub functions in visudo and the
         tests.          tests.
        [4e8e70832f06] <1.8>        [9aaefb908415]
   
 2011-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:  
         Regen pot files  
         [ca5c58c599a6] <1.8>  
   
         * Makefile.in:          * Makefile.in:
         Add check for out of date message catalogs when doing "make dist".          Add check for out of date message catalogs when doing "make dist".
        [36414e5c762b] <1.8>        [e45a29b612f4]
   
 2011-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * configure:
         regen
         [d6f9ad26774a]
 
         * configure.in:
         Make sure compiler supports static-libgcc before using it.          Make sure compiler supports static-libgcc before using it.
        [6c98e8809291] <1.8>        [b01bd9566e50]
   
 2011-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc        * src/Makefile.in:
        [a0a3a3fa6470] <1.8>        Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
         [c99c7ab3edef]
   
 2011-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add new Russian sudo translation from translationproject.org and        * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
         plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
         plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
         src/po/zh_CN.mo:
         Add new Russian sudo translation from translationproject.org and
         rebuild the other translation files.          rebuild the other translation files.
        [e953d7d1ca6d] <1.8>        [e20015459056]
   
 2011-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update Finish and Polish translations from translationproject.org        * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
        [17e408d73c85] <1.8>        Update Finish and Polish translations from translationproject.org
         [4e3dbba4a1de]
   
        * Go back to escaping the command args for "sudo -i" and "sudo -s"        * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
        before calling the plugin. Otherwise, spaces in the command args        Go back to escaping the command args for "sudo -i" and "sudo -s"
        are not treated properly. The sudoers plugin will unescape non-        before calling the plugin. Otherwise, spaces in the command args are
        spaces to make matching easier.        not treated properly. The sudoers plugin will unescape non- spaces
        [f666191a4e80] <1.8>        to make matching easier.
         [dfa2c4636f33]
   
 2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix some potential problems found by the clang static analyzer, none        * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
         plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
         plugins/sudoers/toke.l:
         Fix some potential problems found by the clang static analyzer, none
         serious.          serious.
        [c1ab4b940980] <1.8>        [ff64aa74aae6]
   
        * Updated Ukranian and Chinese (simplified) po files from        * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
         src/po/zh_CN.po:
         Updated Ukranian and Chinese (simplified) po files from
         translationproject.org          translationproject.org
        [792a66672715] <1.8>        [ec792becb48e]
   
 2011-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Updated Polish translation from translationproject.org        * plugins/sudoers/po/pl.po:
        [5f434cc04482] <1.8>        Updated Polish translation from translationproject.org
         [a3af53cb649c]
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:          * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         Rebuild pot files          Rebuild pot files
        [639230dbd741] <1.8>        [c650524c0f0a]
   
        * Don't try to audit failure if the runas user does not exist. We        * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
         Don't try to audit failure if the runas user does not exist. We
         don't have the user's command at this point so there is nothing to          don't have the user's command at this point so there is nothing to
         audit. Add a NULL check in audit_success() and audit_failure() just          audit. Add a NULL check in audit_success() and audit_failure() just
         to be on the safe side.          to be on the safe side.
        [2bfb96a32b00] <1.8>        [2a0007c2022f]
   
        * Add -g to CFLAG for PIE builds.        * mkpkg:
        [e4c94977ca4e] <1.8>        Add -g to CFLAG for PIE builds.
         [32a0a9693c9c]
   
 2011-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Remove fallback to per-group lookup when matching groups in sudoers.        * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h, src/sudo.c:
         Remove fallback to per-group lookup when matching groups in sudoers.
         The sudo front-end will now use getgrouplist() to get the user's          The sudo front-end will now use getgrouplist() to get the user's
         list of groups if getgroups() fails or returns zero groups so we          list of groups if getgroups() fails or returns zero groups so we
         always have a list of the user's groups. For systems with          always have a list of the user's groups. For systems with
         mbr_check_membership() which support more that NGROUPS_MAX groups          mbr_check_membership() which support more that NGROUPS_MAX groups
         (Mac OS X), skip the call to getgroups() and use getgrouplist() so          (Mac OS X), skip the call to getgroups() and use getgrouplist() so
         we get all the groups.          we get all the groups.
        [168d6d4a386b] <1.8>        [51b3ed8c600b]
   
 2011-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix setgroups() fallback code on EINVAL.        * common/setgroups.c:
        [dd1310945ab3] <1.8>        Fix setgroups() fallback code on EINVAL.
         [2b6faecd56a4]
   
        * Fix two PERM_INITIAL cases that were still using user_gids.        * plugins/sudoers/set_perms.c:
        [d497d0d47a23] <1.8>        Fix two PERM_INITIAL cases that were still using user_gids.
         [9680bab0acc6]
   
        * Add Polish sudo message catalog        * MANIFEST:
        [1a0aa3f9f179] <1.8>        Add Polish sudo message catalog
         [8bb40c3ba576]
   
        * user_group is no longer used, remove it        * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
        [379185a76094] <1.8>        user_group is no longer used, remove it
         [9acede0fe6c5]
   
2011-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>2011-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Polish translation from translationproject.org        * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
        [2e7cdfe4ef41] <1.8>        Add Polish translation from translationproject.org
         [afac5c638573]
   
        * Add a wrapper for setgroups() that trims off extra groups and        * MANIFEST, common/Makefile.in, common/setgroups.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
         src/sudo.h, src/sudo_edit.c:
         Add a wrapper for setgroups() that trims off extra groups and
         retries if setgroups() fails. Also add some missing addrefs for          retries if setgroups() fails. Also add some missing addrefs for
         PERM_USER and PERM_FULL_USER.          PERM_USER and PERM_FULL_USER.
        [bacb4170a510] <1.8>        [224dfd8aae5c]
   
        * configure, configure.in:        * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
         configure, configure.in, include/missing.h, mkdep.pl,
         plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
         Instead of keeping separate groups and gids arrays, create struct          Instead of keeping separate groups and gids arrays, create struct
         group_info and use it to store both, along with a count for each.          group_info and use it to store both, along with a count for each.
         Cache group info on a per-user basis using getgrouplist() to get the          Cache group info on a per-user basis using getgrouplist() to get the
         groups. We no longer need special to special case the user or list          groups. We no longer need special to special case the user or list
         user for user_in_group() and thus no longer need to reset the groups          user for user_in_group() and thus no longer need to reset the groups
         list when listing another user.          list when listing another user.
        [f1d8962821a0] <1.8>        [0ad849a8b2d5]
   
        * Don't rely on NULL since we don't include a header for it.        * src/preload.c:
        [ed46286f848b] <1.8>        Don't rely on NULL since we don't include a header for it.
         [b40937f1890c]
   
        * Fix typo2011-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
        [a38b8fbb0e70] <1.8> 
   
        * Do not shadow global sudo_mode with a local variable in set_cmnd()        * doc/sudoers.pod:
        [8e462ebafea4] <1.8>        Fix typo
         [c1035360e169]
   
   2011-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Do not shadow global sudo_mode with a local variable in set_cmnd()
           [0c72969503ad]
   
 2011-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * bash 2.x doesd not support the -l flag and exits with an error if it        * plugins/sudoers/sudoers.c:
         bash 2.x doesd not support the -l flag and exits with an error if it
         is specified so use --login instead. This causes an error with bash          is specified so use --login instead. This causes an error with bash
         1.x (which uses -login instead) but this version is hopefully less          1.x (which uses -login instead) but this version is hopefully less
         used than 2.x.          used than 2.x.
        [73020a67b9d5] <1.8>        [5c4c296e30e6]
   
        * Add Polish translation from translationproject.org        * src/po/pl.mo, src/po/pl.po:
        [8cac0da9ffb1] <1.8>        Add Polish translation from translationproject.org
         [48592dd6edcf]
   
 2011-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Make error strings translatable.        * plugins/sudoers/set_perms.c:
        [d1ff594f27b5] <1.8>        Make error strings translatable.
         [414c5c484768]
   
        * Only run configure with --with-pam-login for RHEL 5 and above.        * mkpkg:
        [2f1a0ff5230e] <1.8>        Only run configure with --with-pam-login for RHEL 5 and above.
         [6c16e4de4026]
   
        * Fix typo in summary        * sudo.pp:
        [1e1d7dcae9ab] <1.8>        Fix typo in summary
         [9ac618c9a749]
   
 2011-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add missing logwrap.c        * plugins/sudoers/logwrap.c:
        [abcd28c194d2] <1.8>        Add missing logwrap.c
         [c12a413ecc1d]
   
        * Split out log file word wrap code into its own file and add unit        * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
        tests. Fixes an off-by one in the word wrap when the log line        plugins/sudoers/logging.h,
        length matches loglinelen.        plugins/sudoers/regress/logging/check_wrap.c,
        [0ae1c7aa9ef1] <1.8>        plugins/sudoers/regress/logging/check_wrap.in,
         plugins/sudoers/regress/logging/check_wrap.out.ok:
         Split out log file word wrap code into its own file and add unit
         tests. Fixes an off-by one in the word wrap when the log line length
         matches loglinelen.
         [52ed277f6690]
   
 2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * For SuSE, only use /usr/lib64 as libexec if generating 64-bit        * mkpkg:
         For SuSE, only use /usr/lib64 as libexec if generating 64-bit
         binaries.          binaries.
        [4448fa1c639f] <1.8>        [645ab903cf77]
   
        * Fix build error when --without-noexec configure option is used.        * src/load_plugins.c, src/sudo.c:
        [f6bfd748ae45] <1.8>        Fix build error when --without-noexec configure option is used.
         [b994f7b0d8b4]
   
         * configure, configure.in:          * configure, configure.in:
        Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX        Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
        5.3 and above.        and above.
        [9d957ae1840d] <1.8>        [c2a6f9b472f3]
   
 2011-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS, doc/UPGRADE:  
         Document group lookup change and possible side effects.  
         [fe4b2d2701b2] <1.8>  
   
 2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Resolve the list of gids passed in from the sudo frontend (the        * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
         Resolve the list of gids passed in from the sudo frontend (the
         result of getgroups()) to names and store both the group names and          result of getgroups()) to names and store both the group names and
         ids in the sudo_user struct. When matching groups in the sudoers          ids in the sudo_user struct. When matching groups in the sudoers
         file, match based on the names in the groups list first and only do          file, match based on the names in the groups list first and only do
Line 637 Line 9559
         group name (as it is listed in sudoers) instead of id (which we          group name (as it is listed in sudoers) instead of id (which we
         would have to resolve) we save a lot of group lookups for sudoers          would have to resolve) we save a lot of group lookups for sudoers
         files with a lot of groups in them.          files with a lot of groups in them.
        [c10d208bd7e5] <1.8>        [8dc19353f148]
   
 2011-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS:  
         Update for 1.8.2rc5  
         [f6a3aa2edf7a] <1.8>  
   
 2011-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Workaround for "sudo -i command" and newer versions of bash which        * plugins/sudoers/sudoers.c:
         Workaround for "sudo -i command" and newer versions of bash which
         don't go into login mode when -c is specified unless -l is too.          don't go into login mode when -c is specified unless -l is too.
        [381e74d35006] <1.8>        [9393762b80f3]
   
 2011-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Rewrite logfile word wrapping code to be more straight-forward and        * plugins/sudoers/logging.c:
         Rewrite logfile word wrapping code to be more straight-forward and
         actually wrap at the correct place.          actually wrap at the correct place.
        [8a7862d6a82f] <1.8>        [f712a0c90f55]
   
 2011-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * NEWS:        * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
        Fix typo        Set use_pty=true in command details when use_pty is set in sudoers.
        [2456ad2ad3e3] <1.8> 
 
        * NEWS: 
        Mention use_pty bug fix 
        [f4eab5193452] <1.8> 
 
        * Set use_pty=true in command details when use_pty is set in sudoers. 
         From Ludwig Nussel          From Ludwig Nussel
        [abaafc5793d9] <1.8>        [8d95a163dfc1]
   
 2011-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Sync Chinese (simplified) PO files from translationproject.org        * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
        [a4cf84dd9ddf] <1.8>        src/po/zh_CN.mo, src/po/zh_CN.po:
         Sync Chinese (simplified) PO files from translationproject.org
         [acce8eb7be18]
   
 2011-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Danish translation from translationproject.org and add missing        * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
         plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
         Add Danish translation from translationproject.org and add missing
         Basque mo files.          Basque mo files.
        [672b88adcc34] <1.8>        [0c22bb21b9c4]
   
         * Makefile.in, configure, configure.in:          * Makefile.in, configure, configure.in:
         No longer need to specify LINGUAS in configure, "make install-nls"          No longer need to specify LINGUAS in configure, "make install-nls"
         now just installs all the .mo files it finds.          now just installs all the .mo files it finds.
        [c226a39ece48] <1.8>        [fcd45cf04885]
   
 2011-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Build CONTRIBUTORS from newly-added contributors.pod        * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
        [b8871dd293ff] <1.8>        Build CONTRIBUTORS from newly-added contributors.pod
         [8b192f2720f4]
   
        * Rework the wording in the leading paragraph        * doc/CONTRIBUTORS:
        [d8b081dedeb3] <1.8>        Rework the wording in the leading paragraph
         [312044145cdd]
   
2011-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>2011-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add a CONTRIBUTORS file with the names of folks who have contributed        * MANIFEST, doc/CONTRIBUTORS:
         Add a CONTRIBUTORS file with the names of folks who have contributed
         code or patches to sudo since I started maintaining it (plus the          code or patches to sudo since I started maintaining it (plus the
         original authors).          original authors).
        [8b064e8996af] <1.8>        [b8bdd8b59528]
   
 2011-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Preserve SHELL variable for "sudo -s". Otherwise we can end up with        * plugins/sudoers/env.c:
         Preserve SHELL variable for "sudo -s". Otherwise we can end up with
         a situation where the SHELL variable and the actual shell being run          a situation where the SHELL variable and the actual shell being run
         do not match.          do not match.
        [8f5bb61a8b76] <1.8>        [b8b3974aee3e]
   
 2011-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Only enable Solaris project support when setproject() is present in          Only enable Solaris project support when setproject() is present in
         libproject.          libproject.
        [bf370ff3c194] <1.8>        [49ad7857ab89]
   
        * Explicitly set mode and owner of /etc/sudoers instead of relying on        * sudo.pp:
         Explicitly set mode and owner of /etc/sudoers instead of relying on
         "cp -p" to work in the postinstall script. On AIX 6.1 at least the          "cp -p" to work in the postinstall script. On AIX 6.1 at least the
         postinstall script runs before the final file permissions are set.          postinstall script runs before the final file permissions are set.
        [7a4a87405349] <1.8>        [e41ffc0212b2]
   
        * Refer the user to the "Command Environment" section in description2011-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * doc/sudo.pod, doc/sudoers.pod:
         Refer the user to the "Command Environment" section in description
         of sudo's -i option.          of sudo's -i option.
        [1a063eaf9670] <1.8>        [263cc3be7eef]
   
        * Fix typo        * doc/sudo.pod:
        [442c50370c44] <1.8>        Fix typo
         [35dfac450f4d]
   
        * If there is no old dependency for an object file, use the MANIFEST2011-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * mkdep.pl:
         If there is no old dependency for an object file, use the MANIFEST
         to find its source.          to find its source.
        [d95c77ad283f] <1.8>        [d15e3b9899f9]
   
        * Remove dependency for getgrouplist.lo as we don't ship that source        * compat/Makefile.in:
         Remove dependency for getgrouplist.lo as we don't ship that source
         file.          file.
        [bbede77e6256] <1.8>        [312a6d5fe6b0]
   
        * Do not declare yyparse() static as the actual function generated by2011-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
         Do not declare yyparse() static as the actual function generated by
         yacc is extern.          yacc is extern.
        [8e615bd15a4c] <1.8>        [9017b79dcf55]
   
   2011-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * Makefile.in:          * Makefile.in:
         Remove locale files in "make uninstall"          Remove locale files in "make uninstall"
        [9791be90d5ac] <1.8>        [201ff261ecbe]
   
2011-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>        * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
        plugins/sudoers/po/uk.po, src/po/eu.po:
        * configure.in: 
         Add Basque translation and sync Finish and Ukranian translations.          Add Basque translation and sync Finish and Ukranian translations.
        [64af34789164] <1.8>        [66d2c78c8a13]
   
         * NEWS:  
         Update PAM change to reflect latest checkin.  
         [657cddf2077a] <1.8>  
   
         * configure, configure.in:          * configure, configure.in:
         FreeBSD no longer needs the main sudo binary to link with -lpam now          FreeBSD no longer needs the main sudo binary to link with -lpam now
         that plug-ins are loaded with RTLD_GLOBAL.          that plug-ins are loaded with RTLD_GLOBAL.
        [573a6f4b29af] <1.8>        [96c710df2457]
   
        * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes        * plugins/sudoers/group_plugin.c, src/load_plugins.c:
         Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
         problems with pam modules not having access to symbols provided by          problems with pam modules not having access to symbols provided by
         libpam on some platforms. Affects FreeBSD and SLES 10 at least.          libpam on some platforms. Affects FreeBSD and SLES 10 at least.
        [4ec864fdba46] <1.8>        [0d016983ec84]
   
         * Makefile.in:          * Makefile.in:
         Move xgettext invocation out of update-po target into update-pot          Move xgettext invocation out of update-po target into update-pot
        [421ac1a073ea] <1.8>        [19a73c6d017c]
   
 2011-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:          * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         Regenerate .pot files for 1.8.2rc2          Regenerate .pot files for 1.8.2rc2
        [d2a891e3d3dd] <1.8>        [c3037f591dd8]
   
        * Makefile.in:        * Makefile.in, common/Makefile.in, compat/Makefile.in,
         doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
         src/Makefile.in, zlib/Makefile.in:
         Move nls targets to the top level Makefile so the paths in the pot          Move nls targets to the top level Makefile so the paths in the pot
         file are saner          file are saner
        [6c256cb77f78] <1.8>        [65b9285cd8d9]
   
        * NEWS:        * src/po/fi.mo:
        Update 1.8.2 news        Add compiled version of sudo Finish translation
        [17bd04278b04] <1.8>        [8f2405384ea3]
   
        * Add compiled version of sudo Finish translation        * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
        [ff9d20a02aa0] <1.8>        Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
 
        * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo 
         files          files
        [60c4f3b3829c] <1.8>        [a165e70fa9ec]
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/po/fi.po:
         Add Finish translation from translationproject.org          Add Finish translation from translationproject.org
        [ade788a35521] <1.8>        [4466f8a96ceb]
   
        * The group named by exempt_group should not have a % prefix.2011-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
        [1f74c691c1e1] <1.8> 
   
        * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"        * doc/sudoers.pod:
        [58d36c0e76f9] <1.8>        The group named by exempt_group should not have a % prefix.
         [df084d6b32c8]
   
        * Fix compressed io log corruption in background mode by using _exit()2011-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * doc/sudoers.pod:
         Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
         [5113699a3f8b]
 
 2011-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * src/exec.c, src/exec_pty.c:
         Fix compressed io log corruption in background mode by using _exit()
         instead of exit() to avoid flushing buffers twice.          instead of exit() to avoid flushing buffers twice.
   
         Improved background mode support. When not allocating a pty, the          Improved background mode support. When not allocating a pty, the
         command is run in its own process group. This prevents write access          command is run in its own process group. This prevents write access
         to the tty. When running in a pty, stdin is not hooked up and we          to the tty. When running in a pty, stdin is not hooked up and we
         never read from /dev/tty, which results in similar behavior.          never read from /dev/tty, which results in similar behavior.
        [fe50d6a5c5b9] <1.8>        [87c15149894c]
   
2011-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>        * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
        Clean up regress files Generate proper dependencies for regress objs
        * Clean up regress files Generate proper dependencies for regress objs 
         in compat          in compat
        [264196584549] <1.8>        [88bfc728c1e7]
   
        * Add missing dependency for check_fill.o.        * plugins/sudoers/Makefile.in:
        [c41f4e6ff078] <1.8>        Add missing dependency for check_fill.o.
         [0bd6362e3e17]
   
2011-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>2011-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Add support for --enable-nls[=location]          Add support for --enable-nls[=location]
        [0ea8e7bd1739] <1.8>        [b90db44a050f]
   
 2011-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Include gettext.h        * plugins/sudoers/linux_audit.c:
        [fe8bab6403c6] <1.8>        Include gettext.h
         [7f909a6e48cb]
   
        * Quiet gcc warnings.        * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
        [aa16d09710a7] <1.8>        Quiet gcc warnings.
         [b41a6cdca583]
   
         * configure, configure.in:          * configure, configure.in:
         Don't install .mo files if gettext was not found.          Don't install .mo files if gettext was not found.
        [c6b233e829aa] <1.8>        [1397b34cc165]
   
 2011-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Always allocate a pty when running a command in the background but        * src/exec.c:
         Always allocate a pty when running a command in the background but
         call setsid() after forking to make sure we don't end up with a          call setsid() after forking to make sure we don't end up with a
         controlling tty.          controlling tty.
        [77c6b2923714] <1.8>        [b6454ba172e8]
   
        * Add missing space between command name and the first command line        * plugins/sudoers/iolog.c:
         Add missing space between command name and the first command line
         argument.          argument.
        [d0a36b9c0f38] <1.8>        [fe217f0a36d4]
   
        * Quiet a compiler warning on some platforms.        * plugins/sudoers/sudoreplay.c:
        [654e76cf0574] <1.8>        Quiet a compiler warning on some platforms.
         [de9f2849f236]
   
        * README file that directs people to translationproject.org        * plugins/sudoers/po/README, src/po/README:
        [5545e9a5ae37] <1.8>        README file that directs people to translationproject.org
         [30c0fc323281]
   
        * Sync translations with TP        * plugins/sudoers/po/uk.po, src/po/fi.po:
        [b054ce577022] <1.8>        Sync translations with TP
         [1d7d64559cba]
   
         * Makefile.in:          * Makefile.in:
         Add 'sync-po' target to top-level Makefile to rsync the po files          Add 'sync-po' target to top-level Makefile to rsync the po files
         from translationproject.org.          from translationproject.org.
        [87a5011b0410] <1.8>        [20508211aaa3]
   
        * install nls files from install target        * plugins/sudoers/Makefile.in:
        [a3feba9ef323] <1.8>        install nls files from install target
         [5fc07b6cab38]
   
        * Makefile.in:        * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
         Include .mo files in sudo binary packags.          Include .mo files in sudo binary packags.
        [bc3ee7e7fb44] <1.8>        [278d4821a916]
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
         plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
         Add simplified chinese translation          Add simplified chinese translation
        [c22e6842c766] <1.8>        [2b33ffc755b9]
   
 2011-05-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/po/uk.mo,
         plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
         Add ukranian translation          Add ukranian translation
        [0bb9e6437f0f] <1.8>        [2d8102688e93]
   
        * refer to siglist.c, not ./siglist.c since not all makes will treat        * compat/Makefile.in:
         refer to siglist.c, not ./siglist.c since not all makes will treat
         foo and ./foo the same.          foo and ./foo the same.
        [909051ff6061] <1.8>        [6639d293ffba]
   
        * Set def_preserve_groups before searching for the command when the -P        * plugins/sudoers/sudoers.c:
         Set def_preserve_groups before searching for the command when the -P
         flag is specified.          flag is specified.
        [08e9378f50e4] <1.8>        [0edc7942f875]
   
        * Makefile.in:        * Makefile.in, compat/Makefile.in, mkdep.pl,
        Add dependency for siglist.lo in compat. This is a generated file        plugins/sudoers/Makefile.in:
        so "make depend" needs to depend on it.        Add dependency for siglist.lo in compat. This is a generated file so
        [e6c0daf36af0] <1.8>        "make depend" needs to depend on it.
         [28d0932f8b50]
   
        * More dependency fixes.        * compat/Makefile.in:
        [7fed03624689] <1.8>        More dependency fixes.
         [aad0d05cd020]
   
        * Fix a few dependencies.        * compat/Makefile.in:
        [7cb86c721961] <1.8>        Fix a few dependencies.
         [eb21aa35a032]
   
        * Place compiled mo files in the src dir, not the build dir. When        * plugins/sudoers/Makefile.in, src/Makefile.in:
         Place compiled mo files in the src dir, not the build dir. When
         installing compiled mo files, display a status message.          installing compiled mo files, display a status message.
        [b87aa18a9968] <1.8>        [e15634c29cd3]
   
 2011-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Tivoli Directory Server requires that seconds be present in a        * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
         Tivoli Directory Server requires that seconds be present in a
         timestamp, even though RFC 4517 states that they are optional.          timestamp, even though RFC 4517 states that they are optional.
        [47ebf110ea7a] <1.8>        [55fe23dd4ef9]
   
        * Add missing bit of copyright        * plugins/sudoers/sudo_nss.h:
        [d05d28a91bc4] <1.8>        Add missing bit of copyright
         [d2eba3c364ca]
   
        * Mention cycle detection warnings        * doc/visudo.pod:
        [ee8231aa1aed] <1.8>        Mention cycle detection warnings
         [a76bef15ab67]
   
        * When checking aliases, also check the contents of the alias in case        * plugins/sudoers/visudo.c:
         When checking aliases, also check the contents of the alias in case
         there are problems with an alias that is referenced inside another.          there are problems with an alias that is referenced inside another.
         Replace the self reference check with real alias cycle detection.          Replace the self reference check with real alias cycle detection.
        [abcfe1bc95d8] <1.8>        [a66c904cf53b]
   
        * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to        * plugins/sudoers/alias.c:
         Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
         ENOENT in alias_find() and alias_remove() if the entry could not be          ENOENT in alias_find() and alias_remove() if the entry could not be
         found.          found.
        [e73d169f4e9b] <1.8>        [b4f0b89e433c]
   
        * Increment alias_seqno before calls to alias_remove_recursive() to        * plugins/sudoers/visudo.c:
         Increment alias_seqno before calls to alias_remove_recursive() to
         avoid false positives with the alias loop detection. Fixes spurious          avoid false positives with the alias loop detection. Fixes spurious
         warnings about unused aliases when they are nested.          warnings about unused aliases when they are nested.
        [ac094820ef19] <1.8>        [a344483b8193]
   
        * add mkdep.pl        * MANIFEST:
        [3721e9654ba6] <1.8>        add mkdep.pl
         [86b7ed33eab2]
   
        * Add dependency on convenience libs to binaries        * plugins/sudoers/Makefile.in:
        [8a4db8226dfe] <1.8>        Add dependency on convenience libs to binaries
         [cd3078b3c997]
   
         * Makefile.in:          * Makefile.in:
         mkdep.pl only works when run from the src dir          mkdep.pl only works when run from the src dir
        [2480427a0680] <1.8>        [f35a5e47c944]
   
        * Makefile.in:        * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
         plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
         plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
         Auto-generate Makefile dependencies with a perl script.          Auto-generate Makefile dependencies with a perl script.
        [ef5f56907d97] <1.8>        [a3e4afcd7975]
   
 2011-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * If the user specifies a runas group via sudo's -g option that        * plugins/sudoers/match.c:
         If the user specifies a runas group via sudo's -g option that
         matches the runas user's group in the passwd database and that group          matches the runas user's group in the passwd database and that group
         is not denied in the Runas_Spec, allow it. Thus, if user root's gid          is not denied in the Runas_Spec, allow it. Thus, if user root's gid
         in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if          in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
         no groups are present in the Runas_Spec.          no groups are present in the Runas_Spec.
        [942e1e7c5090] <1.8>        [e3f9732dc564]
   
 2011-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * NEWS:        * plugins/sudoers/Makefile.in, src/Makefile.in:
        Mention what is new in 1.8.2 (for now)        Add dependencies on gettext.h
        [d44b26eceee5] <1.8>        [a3a9dc51f78b]
   
        * Add dependencies on gettext.h        * plugins/sudoers/Makefile.in, src/Makefile.in:
        [32c61c6af852] <1.8>        Fix install-nls target with HP-UX sh when gettext is not present.
         [0c6b9655cd41]
   
         * Fix install-nls target with HP-UX sh when gettext is not present.  
         [3441cece9638] <1.8>  
   
         * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,  
         doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,  
         doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,  
         doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:  
         Regen for sudo 1.8.2  
         [9ea124b542cc] <1.8>  
   
 2011-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
         src/Makefile.in, src/po/sudo.pot:
         regenerate .pot files for lbuf changes          regenerate .pot files for lbuf changes
        [a8a9cc62c3a5] <1.8>        [918ded125a0b]
   
         * configure, configure.in:          * configure, configure.in:
         Add missing "checking" message for gettext when using the cache.          Add missing "checking" message for gettext when using the cache.
        [4136bc346576] <1.8>        [9c21187ad1d2]
   
        * Add primitive format string support to the lbuf code to make        * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
         plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
         src/parse_args.c:
         Add primitive format string support to the lbuf code to make
         translations simpler.          translations simpler.
        [22fc74618d09] <1.8>        [ee71c7ef5299]
   
        * configure, configure.in, plugins/sudoers/po/sudoers.pot,        * MANIFEST, plugins/sudoers/Makefile.in,
        src/po/sudo.pot:        plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
        Bump version to 1.8.2        Add message catalog template files for sudo and the sudoers module.
        [999de1ac5b3e] <1.8>        [f3f8acb1f014]
   
        * Add message catalog template files for sudo and the sudoers module.        * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
        [6afad75e7afa] <1.8>        config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
        plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
        * configure.in:        plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
         src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
         Add gettext.h convenience header. This is similar to but distinct          Add gettext.h convenience header. This is similar to but distinct
         from the one included with the gettext package.          from the one included with the gettext package.
        [5ae5a86e0d06] <1.8>        [930a0591f73c]
   
   2011-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Add checks for nroff -c and -Tascii flags          Add checks for nroff -c and -Tascii flags
        [580c21905280] <1.8>        [19ca990b3149]
   
         * configure, configure.in:          * configure, configure.in:
         Add check for HP bundled C Compiler (which cannot create shared          Add check for HP bundled C Compiler (which cannot create shared
         libs)          libs)
        [34f616cbb0f3] <1.8>        [517716a7072d]
   
        * Fix C format warnings.        * plugins/sudoers/sudoreplay.c:
        [f20a43a817f0] <1.8>        Fix C format warnings.
         [6514326013fa]
   
        * Add __printflike        * include/error.h:
        [76bf8a4bf075] <1.8>        Add __printflike
         [e1749a30a406]
   
        * Translate help / usage strings.        * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
        [16c5b7902d4c] <1.8>        plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
         plugins/sudoers/visudo.c, src/parse_args.c:
         Translate help / usage strings.
         [ee1cc9b1a8bd]
   
        * Set --msgid-bugs-address to the bugzilla url        * plugins/sudoers/Makefile.in, src/Makefile.in:
        [3e3cfa7b4ceb] <1.8>        Set --msgid-bugs-address to the bugzilla url
         [5a0aa250ca21]
   
        * INSTALL, Makefile.in, README, configure, configure.in:        * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
         configure.in, doc/Makefile.in, include/Makefile.in,
         plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
         plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
         Add scaffolding to update .po files and install .mo files.          Add scaffolding to update .po files and install .mo files.
        [a51e60b35e47] <1.8>        [f05f4eed1fe1]
   
        * Minor warning/error cleanup        * doc/license.pod:
        [593144ac87ff] <1.8>        update copyright year
         [fa0c62523875]
   
        * configure.in:        * INSTALL, README:
         No need to include version number at the top of these files.
         [9f2981325351]
 
 2011-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
         plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
         plugins/sudoers/visudo.c:
         Minor warning/error cleanup
         [9236dc85aeab]
 
         * config.h.in, configure.in:
         Emulate ngettext for the non-nls case          Emulate ngettext for the non-nls case
        [7cdf82de4dee] <1.8>        [13571d63fa36]
   
        * Do not mark untranslatable strings for translation        * plugins/sudoers/ldap.c:
        [088271ed02d0] <1.8>        Do not mark untranslatable strings for translation
         [735f5d4413fe]
   
        * Use ROOT_UID not 0.        * plugins/sudoers/check.c:
        [f901fa2fdaf2] <1.8>        Use ROOT_UID not 0.
         [09a268db8da4]
   
        * Minor warning/error message cleanup        * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
        [b99c7ef46236] <1.8>        plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
         src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
         Minor warning/error message cleanup
         [3c7b1a7939b5]
   
        * cannot -> "unable to" in warning/error messages can't -> "unable to"        * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
        in warning/error messages        plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
        [5119140fabc7] <1.8>        plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
         src/exec_pty.c, src/net_ifs.c, src/selinux.c:
         cannot -> "unable to" in warning/error messages
         [31c3897649e9]
   
           * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
           src/sudo.c, src/utmp.c:
           can't -> "unable to" in warning/error messages
           [127b75f15291]
   
         * configure, configure.in:          * configure, configure.in:
         FreeBSD needs the main sudo executable to link with -lpam when          FreeBSD needs the main sudo executable to link with -lpam when
         loading dynaic pam modules for some reason.          loading dynaic pam modules for some reason.
        [738b6778a505] <1.8>        [944522cc9bef]
   
        * We don't want to translate debugging messages.2011-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
        [357a575c2dfd] <1.8> 
   
        * configure, configure.in:        * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
         We don't want to translate debugging messages.
         [56a1a365815a]
 
         * configure, configure.in, plugins/sudoers/Makefile.in,
         plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
         src/Makefile.in, src/sesh.c, src/sudo.c:
         Add calls to bindtextdomain() and textdomain() Currently there are          Add calls to bindtextdomain() and textdomain() Currently there are
         two domains, one for the sudo front-end and one for the sudoers          two domains, one for the sudo front-end and one for the sudoers
         plugin and its associated utilities.          plugin and its associated utilities.
        [907f39439d80] <1.8>        [0426138f789e]
   
         * configure, configure.in:          * configure, configure.in:
         Fix caching of libc gettext check.          Fix caching of libc gettext check.
        [e229c21f412f] <1.8>        [942142d2c43a]
   
        * Mark defaults descriptions for translation        * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
        [65e03d1f8203] <1.8>        plugins/sudoers/mkdefaults:
         Mark defaults descriptions for translation
         [5b27f018e6cf]
   
         * NEWS:          * NEWS:
         Update for sudo 1.8.1p2          Update for sudo 1.8.1p2
        [89c31f2aa11e] <1.8>        [747c4dee2ca7]
   
        * Quiet compiler warning when SELinux is enabled.2011-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
        [51b1d7c8aa86] <1.8> 
   
        * dd missing includes of libintl.h.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [25662143d36d] <1.8>        Quiet compiler warning when SELinux is enabled.
         [1fbf77dda240]
   
        * Fix gettext marker.        * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
        [7618856ba5de] <1.8>        src/error.c, src/net_ifs.c, src/sesh.c:
         Add missing includes of libintl.h.
         [bc1d66316082]
   
        * Include libint.h where needed.        * plugins/sudoers/auth/pam.c:
        [cc256b297b9d] <1.8>        Fix gettext marker.
         [a5cf4ed66c66]
   
        * Prepare sudoers module messages for translation.        * common/aix.c, common/alloc.c, compat/strsignal.c,
        [1b7f0bbaa55f] <1.8>        plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
         Include libint.h where needed.
         [2b0e5a663c7b]
   
        * Only check gid of sudoers file if it is group-readable.        * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
        [f3cae943f35a] <1.8>        plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
         plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
         plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
         plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
         plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
         plugins/sudoers/defaults.c, plugins/sudoers/env.c,
         plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
         plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
         plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
         plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
         plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
         plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
         plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
         plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
         plugins/sudoers/toke.c, plugins/sudoers/toke.l,
         plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
         Prepare sudoers module messages for translation.
         [7212ae1909c5]
   
        * For AIX, keep calling authenticate() until reenter reaches 0.        * plugins/sudoers/sudoers.c:
        [e412676bac73] <1.8>        Only check gid of sudoers file if it is group-readable.
         [50e3bc0cb242]
   
           * plugins/sudoers/auth/aix_auth.c:
           For AIX, keep calling authenticate() until reenter reaches 0.
           [e240815b74b1]
   
   2011-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Cache the status of the initial gettext() check.          Cache the status of the initial gettext() check.
        [c32281768c0f] <1.8>        [32751ebe1704]
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Add --disable-nls flag and improve checks for gettext.          Add --disable-nls flag and improve checks for gettext.
        [b39674c1e538] <1.8>        [c7e6b17052de]
   
         * configure, configure.in:          * configure, configure.in:
         When building with gcc on HP-UX, use -march=1.1 to produce portable          When building with gcc on HP-UX, use -march=1.1 to produce portable
         binaries on a pa-risc2 host. Previously, the +Dportable option was          binaries on a pa-risc2 host. Previously, the +Dportable option was
         used for the HP-UX C compiler but gcc always produced native          used for the HP-UX C compiler but gcc always produced native
         binaries.          binaries.
        [41351c23ad41] <1.8>        [8f4c749324d7]
   
        * Prepare sudo front end messages for translation.2011-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
        [7807d6f74dac] <1.8> 
   
        * configure, configure.in:        * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
        Add initial scaffolding to support localization via gettext()        src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
        [cdbbff7e6376] <1.8>        src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
         src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
         Prepare sudo front end messages for translation.
         [2fc2fabceccb]
   
 2011-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * doc/license.pod:  
         update copyright year  
         [d681661f03cc] <1.8>  
   
         * INSTALL, README:  
         No need to include version number at the top of these files.  
         [7e11f673f773] <1.8>  
   
         * README:  
         This is sudo 1.8.1 not 1.8.0  
         [4d674f230d8a] <1.8>  
   
 2011-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't let the fnmatch/glob macros expand the function prototype.        * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
        [d449e9a8f447] <1.8>        Add initial scaffolding to support localization via gettext()
         [7d47b59fcf95]
   
           * compat/fnmatch.h, compat/glob.h:
           Don't let the fnmatch/glob macros expand the function prototype.
           [a9014aa0288e]
   
 2011-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Resolve namespace collisions on HP-UX ia64 and possibly others by        * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
         Resolve namespace collisions on HP-UX ia64 and possibly others by
         adding a rpl_ prefix to our fnmatch and glob replacements and          adding a rpl_ prefix to our fnmatch and glob replacements and
         #defining rpl_foo to foo in the header files.          #defining rpl_foo to foo in the header files.
        [d23889375b21] <1.8>        [caa9b690a15d]
   
 2011-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Split ALL, ROLE and TYPE into their own actions. Since you can only        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Split ALL, ROLE and TYPE into their own actions. Since you can only
         have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in          have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
         the non-SELinux case. This is safe because the actions are in one          the non-SELinux case. This is safe because the actions are in one
         big switch() statement.          big switch() statement.
        [0bd9b7e37ab1] <1.8>        [7473fc2cfa2c]
   
        * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [8dec97b359e0] <1.8>        Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
         [9be3480c2865]
   
        * askpass moved from sudoers to sudo.conf in sudo 1.8.02011-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
        [1001d87d82ed] <1.8> 
   
        * Remove obsolete warning about runas_default and ordering. Move        * doc/UPGRADE, doc/sudoers.pod:
         askpass moved from sudoers to sudo.conf in sudo 1.8.0
         [b2c2956cec4e]
 
         * doc/sudoers.pod:
         Remove obsolete warning about runas_default and ordering. Move
         syslog facility and priority lists into the section where the          syslog facility and priority lists into the section where the
         relevant options are described.          relevant options are described.
        [1286b9624021] <1.8>        [e57b8dc3f779]
   
 2011-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix SIA support; we no longer have access to the real argc and argv        * plugins/sudoers/auth/sia.c:
         Fix SIA support; we no longer have access to the real argc and argv
         so allocate space for a fake one and use the argv passed to the          so allocate space for a fake one and use the argv passed to the
         plugin with "sudo" for argv[0].          plugin with "sudo" for argv[0].
        [7c11eeffb91c] <1.8>        [1c0552772ad2]
   
        * Remove useless realloc when trying to get the buffer size right.2011-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
        [58128e7f4e28] <1.8> 
   
        * Be explicit when setting euid to 0 before call to setreuid(0, 0)        * src/net_ifs.c:
        [95769a564ab8] <1.8>        Remove useless realloc when trying to get the buffer size right.
         [792225380a62]
   
           * plugins/sudoers/set_perms.c:
           Be explicit when setting euid to 0 before call to setreuid(0, 0)
           [7bfeb629fccb]
   
 2011-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * NEWS:  
         sudo 1.8.1p1 updates  
         [de3d688b5bb1] <1.8>  
   
         * configure, configure.in:          * configure, configure.in:
         Need to do checks for krb5_verify_user, krb5_init_secure_context and          Need to do checks for krb5_verify_user, krb5_init_secure_context and
        krb5_get_init_creds_opt_alloc regardless of whether or        krb5_get_init_creds_opt_alloc regardless of whether or not
        notkrb5-config is present.        krb5-config is present.
        [456c4a9cd5d6] <1.8>        [9d1b98ece1d3]
   
 2011-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Work around weird AIX saved uid semantics on setuid() and        * plugins/sudoers/set_perms.c:
         Work around weird AIX saved uid semantics on setuid() and
         setreuid(). On AIX, setuid() will only set the saved uid if the euid          setreuid(). On AIX, setuid() will only set the saved uid if the euid
         is already 0.          is already 0.
        [5d0a69e9d181] <1.8>        [069fc08150ca]
   
 2011-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * update copyright year        * sudo.pp:
        [fa8da6d55783] <1.8>        update copyright year
         [1c42d579ba6e]
   
        * Treat a missing includedir like an empty one and do not return an        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Treat a missing includedir like an empty one and do not return an
         error.          error.
        [5fd9fe004728] <1.8>        [92f71d8cbfd4]
   
 2011-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix ARCH setting in cross-compile Solaris packages.        * pp:
        [8ce40940f6c9] <1.8>        Fix ARCH setting in cross-compile Solaris packages.
         [b0de281cc889]
   
        * Fix aix version setting.        * sudo.pp:
        [02a9e25d46ba] <1.8>        Fix aix version setting.
         [98437dbfb085]
   
        * Remove extraneous parens in LDAP filter when sudoers_search_filter        * plugins/sudoers/ldap.c:
         Remove extraneous parens in LDAP filter when sudoers_search_filter
         is enabled that causes a search error. From Matthew Thomas.          is enabled that causes a search error. From Matthew Thomas.
        [b67be9b51ec6] <1.8>        [1d75bf1fc8d9]
   
 2011-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Correct sizeof() to fix test failure.        * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
        [a11b89fd13f9] <1.8>        Correct sizeof() to fix test failure.
         [fd2f7c0c0572]
   
        * "install" target should depend on "install-dirs". Fixes "make -j"        * plugins/sudoers/Makefile.in:
         "install" target should depend on "install-dirs". Fixes "make -j"
         problem and closes bz #487. From Chris Coleman.          problem and closes bz #487. From Chris Coleman.
        [06ab0558f848] <1.8>        [083902d38edb]
   
 2011-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * .hgtags:  
         Added tag SUDO_1_8_1 for changeset 0ed6281995f0  
         [543d41a163e9] <1.8>  
   
         * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,  
         doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,  
         doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,  
         doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:  
         Regen man pages for 1.8.1  
         [0ed6281995f0] [SUDO_1_8_1] <1.8>  
   
 2011-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add HAVE_RFC1938_SKEYCHALLENGE        * config.h.in:
        [c0d7eb39799d] <1.8>        Add HAVE_RFC1938_SKEYCHALLENGE
         [a94cb33758a8]
   
 2011-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Mention plugin loading and libgcc changes        * NEWS:
        [b74929cba37c] <1.8>        Mention plugin loading and libgcc changes
         [e11b30b5026a]
   
        * Load plugins after parsing arguments and potentially printing the        * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
        version. That way, an error loading or initializing a plugin        Load plugins after parsing arguments and potentially printing the
        doesn't break "sudo -h" or "sudo -V".        version. That way, an error loading or initializing a plugin doesn't
        [c1ecb5979cf0] <1.8>        break "sudo -h" or "sudo -V".
         [1b76f2b096a2]
   
         * Makefile.in:          * Makefile.in:
         When using a sub-shell to invoke the sub-make, exec make instead of          When using a sub-shell to invoke the sub-make, exec make instead of
         running it inside the shell to avoid an extra process.          running it inside the shell to avoid an extra process.
        [9439f016c993] <1.8>        [fd2c04a71fbf]
   
        * Stop testing unspecified behavior in fnmatch Make glob test more        * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
         Stop testing unspecified behavior in fnmatch Make glob test more
         portable          portable
        [87a91d76fbff] <1.8>        [229803093725]
   
        * No need to add current dir to include path and having it breaks the        * compat/Makefile.in:
         No need to add current dir to include path and having it breaks the
         test programs that expect to get the system glob.h and fnmatch.h          test programs that expect to get the system glob.h and fnmatch.h
        [3ae7f9e7b710] <1.8>        [68085f624be4]
   
        * configure, configure.in:        * INSTALL, configure, configure.in:
         Fix and document --with-plugindir; partially from Diego Elio Petteno          Fix and document --with-plugindir; partially from Diego Elio Petteno
        [0220a0c2606f] <1.8>        [07edc52ea89e]
   
        * Fix fnmatch and glob tests to not use hard-coded flag values in the        * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
         compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
         compat/regress/glob/globtest.in:
         Fix fnmatch and glob tests to not use hard-coded flag values in the
         input file. Link test programs with libreplace so we get our          input file. Link test programs with libreplace so we get our
         replacement verions as needed.          replacement verions as needed.
        [66bab80241e0] <1.8>        [c2cca448f660]
   
         * Makefile.in:          * Makefile.in:
         If make in a subdir fails, fail the target in the upper level          If make in a subdir fails, fail the target in the upper level
         Makefile too. Adapted from a patch from Diego Elio Petteno          Makefile too. Adapted from a patch from Diego Elio Petteno
        [bc35b7813507] <1.8>        [76fc9a0d96fd]
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
         Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also          Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
         has this. Adapted from a patch from Diego Elio Petteno          has this. Adapted from a patch from Diego Elio Petteno
        [bb6228f484b9] <1.8>        [a97279a59b93]
   
        * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@        * plugins/sudoers/Makefile.in:
         Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
         directly.          directly.
        [47e6d5fadc6d] <1.8>        [47b884029b3b]
   
         * configure, configure.in:          * configure, configure.in:
         Fix warnings when -without-skey, --without-opie, --without-kerb4,          Fix warnings when -without-skey, --without-opie, --without-kerb4,
         --without-kerb5 or --without-SecurID were specified.          --without-kerb5 or --without-SecurID were specified.
        [1b75035dd129] <1.8>        [71ad150f4d24]
   
        * Add plugins/sudoers/sudoers_version.h        * MANIFEST:
        [1d470c6033ca] <1.8>        Add plugins/sudoers/sudoers_version.h
         [7423966de440]
   
        * configure, configure.in:        * configure, configure.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
         Back out the --with-libpath addition to SUDOERS_LDFLAGS since that          Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
         now include LDFLAGS in the sudoers Makefile.in. Add missing settng          now include LDFLAGS in the sudoers Makefile.in. Add missing settng
         of @LDFLAGS@ in plugin Makefile.in files.          of @LDFLAGS@ in plugin Makefile.in files.
        [dd237f43aa12] <1.8>        [b835826f889c]
   
 2011-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Mention %#gid support in User_List and Runas_List        * NEWS:
        [37e259b9181b] <1.8>        Mention %#gid support in User_List and Runas_List
         [5a983dff017a]
   
        * Keep track of sudoers grammar version and report it in the -V        * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
         plugins/sudoers/visudo.c:
         Keep track of sudoers grammar version and report it in the -V
         output.          output.
        [0e0b891dd8a4] <1.8>        [52901a3c0296]
   
        * Add multiple inclusion guard        * plugins/sudoers/sudo_nss.h:
        [ec6884f51ea8] <1.8>        Add multiple inclusion guard
         [50853aed046e]
   
        * configure, configure.in:        * configure, configure.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
         The --with-libpath option now adds to SUDOERS_LDFLAGS as well as          The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
         LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and          LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
        set it to -Wc,-static-libgcc if not using GNU ld so we don't        set it to -Wc,-static-libgcc if not using GNU ld so we don't have a
        have a dependency on the shared libgcc in sudoers.so.        dependency on the shared libgcc in sudoers.so.
        [28d03f3eb0d2] <1.8>        [66ad8bc5e32d]
   
        * Fix typo; from Petr Uzel        * doc/sudoers.pod:
        [d19b9bd92bd3] <1.8>        Fix typo; from Petr Uzel
         [f9a7afd80892]
   
 2011-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * In dump-only mode, use "root" as the default username instead of        * plugins/sudoers/testsudoers.c:
         In dump-only mode, use "root" as the default username instead of
         "nobody" as the latter may not be available on all systems.          "nobody" as the latter may not be available on all systems.
        [b304111616dd] <1.8>        [0c48e6414337]
   
 2011-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Remove NewArgv/NewArgc, they are no longer needed.        * plugins/sudoers/testsudoers.c:
        [c0a36a42a68c] <1.8>        Remove NewArgv/NewArgc, they are no longer needed.
         [16e18f734c7e]
   
        * Fix setting of user_args        * plugins/sudoers/testsudoers.c:
        [529e79ea95d1] <1.8>        Fix setting of user_args
         [aa29e0d0a54a]
   
        * Add '!' token to lex tracing        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [aef295d428e7] <1.8>        Add '!' token to lex tracing
         [5227ad266235]
   
        * Use group bin in test, not wheel as most systems have the bin group        * plugins/sudoers/regress/testsudoers/test1.sh:
         Use group bin in test, not wheel as most systems have the bin group
         but the same is no longer true of wheel.          but the same is no longer true of wheel.
        [350347f09c1a] <1.8>        [718802b3b45e]
   
        * Avoid using pre or post increment in a parameter to a ctype(3)        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Avoid using pre or post increment in a parameter to a ctype(3)
         function as it might be a macro that causes the increment to happen          function as it might be a macro that causes the increment to happen
         more than once.          more than once.
        [8a94ebdd53b8] <1.8>        [78e281152c3a]
   
 2011-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Strip off the beta or release candidate version when building AIX        * sudo.pp:
         Strip off the beta or release candidate version when building AIX
         packages.          packages.
        [00ad950764e2] <1.8>        [28fe31668559]
   
         * configure, configure.in:          * configure, configure.in:
         We need to include OSDEFS in CFLAGS when doing the utmp/utmpx          We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
         structure checks for glibc which only has __e_termination visible          structure checks for glibc which only has __e_termination visible
         when _GNU_SOURCE is *not* defined.          when _GNU_SOURCE is *not* defined.
        [1d58420a4a4a] <1.8>        [59ae1698911f]
   
        * getuserattr(user, ...) will fall back to the "default" entry        * common/aix.c:
         getuserattr(user, ...) will fall back to the "default" entry
         automatically, there's no need to check "default" manually.          automatically, there's no need to check "default" manually.
        [cefffa82967d] <1.8>        [3c7a47a61fdb]
   
         * Document parser changes.  
         [5038238f60eb] <1.8>  
   
 2011-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Makefile.in:        * doc/UPGRADE:
         Document parser changes.
         [ec415503308d]
 
         * Makefile.in, common/Makefile.in, compat/Makefile.in,
         doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
         src/Makefile.in, zlib/Makefile.in:
         If there is an existing sudoers file, only install if it passes a          If there is an existing sudoers file, only install if it passes a
         syntax check.          syntax check.
        [b1e4c9c56fe0] <1.8>        [37427c73e8cb]
   
        * Add runasgroup support to testsudoers        * plugins/sudoers/regress/sudoers/test6.out.ok,
        [30838590e9de] <1.8>        plugins/sudoers/testsudoers.c:
         Add runasgroup support to testsudoers
         [047ea5571f33]
   
        * For "make check", keep going even if a test fails.        * plugins/sudoers/Makefile.in:
        [d3a72f67227e] <1.8>        For "make check", keep going even if a test fails.
         [ce6a0a73c372]
   
        * More useful exit codes:        * plugins/sudoers/testsudoers.c:
         More useful exit codes:
          * 0 - parsed OK and command matched.           * 0 - parsed OK and command matched.
          * 1 - parse error           * 1 - parse error
          * 2 - command not matched           * 2 - command not matched
          * 3 - command denied           * 3 - command denied
        [59301e0769cd] <1.8>        [1d2ce1361903]
   
        * Document %#gid, and %:#nonunix_gid syntax.        * doc/sudoers.pod:
        [39ee15af58e9] <1.8>        Document %#gid, and %:#nonunix_gid syntax.
         [492d4f9696c4]
   
        * Add support to user_in_group() for treating group names that begin        * plugins/sudoers/pwutil.c:
         Add support to user_in_group() for treating group names that begin
         with a '#' as gids.          with a '#' as gids.
        [0eb19980cf5f] <1.8>        [20240c94a134]
   
        * configure, configure.in:        * config.h.in, configure, configure.in, src/utmp.c:
         Add explicit check for struct utmpx.ut_exit.e_termination and struct          Add explicit check for struct utmpx.ut_exit.e_termination and struct
         utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update          utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
         ut_exit if we detect one or the other.          ut_exit if we detect one or the other.
        [ab5b665fc04b] <1.8>        [b4e8cab777e6]
   
 2011-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add back missing #include of config.h        * plugins/sudoers/toke.c:
        [9c82bec81018] <1.8>        Add back missing #include of config.h
         [9ab3897a1b2e]
   
        * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like        * plugins/sudoers/iolog_path.c,
         plugins/sudoers/regress/iolog_path/data:
         Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
         strftime() does.          strftime() does.
        [1ae630470f8a] <1.8>        [93395762cdcd]
   
        * Quote first argument to AC_DEFUN(); from Elan Ruusamae        * aclocal.m4:
        [c467e9e3b399] <1.8>        Quote first argument to AC_DEFUN(); from Elan Ruusamae
         [97f53ad31d77]
   
 2011-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * add new sudoers tests        * MANIFEST:
        [05f2a0924acc] <1.8>        add new sudoers tests
         [476af91b3da3]
   
        * Add test for a newline in the middle of a string when no line        * plugins/sudoers/regress/sudoers/test8.in,
         plugins/sudoers/regress/sudoers/test8.out.ok,
         plugins/sudoers/regress/sudoers/test8.toke.ok:
         Add test for a newline in the middle of a string when no line
         continuation character is used.          continuation character is used.
        [24b79be5822b] <1.8>        [de2394bc86ab]
   
        * Use bitwise AND instead of modulus to check for length being odd. A        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Use bitwise AND instead of modulus to check for length being odd. A
         newline in the middle of a string is an error unless a line          newline in the middle of a string is an error unless a line
         continuation character is used.          continuation character is used.
        [65c468599688] <1.8>        [bdb1d762a1d5]
   
        * Move lexer globals initialization into init_lexer.        * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
        [07a1171a1853] <1.8>        plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Move lexer globals initialization into init_lexer.
         [1ce62211aadb]
   
        * Fix a potential crash when a non-regular file is present in an        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Fix a potential crash when a non-regular file is present in an
         includedir. Fixes bz #452          includedir. Fixes bz #452
        [5057cb9516e4] <1.8>        [1586760c3525]
   
        * On some Linux systems, "uname -p" contains detailed processor info        * pp:
         On some Linux systems, "uname -p" contains detailed processor info
         so check "uname -m" first and then "uname -p" if needed. Recognize          so check "uname -m" first and then "uname -p" if needed. Recognize
         PLD Linux.          PLD Linux.
        [56226c84a060] <1.8>        [b8535cb9012e]
   
 2011-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't need all sudoers.h here.        * plugins/sudoers/redblack.c:
        [43b6ae5999c5] <1.8>        Don't need all sudoers.h here.
         [8c0929f42dab]
   
        * Print sudo version early, in case policy plugin init fails.        * src/sudo.c:
        [620f2d0ec4b1] <1.8>        Print sudo version early, in case policy plugin init fails.
         [47cddc4358bc]
   
 2011-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update to match change in input.        * plugins/sudoers/regress/sudoers/test4.toke.ok:
        [69540f84721d] <1.8>        Update to match change in input.
         [4a3af8e68790]
   
        * Make an empty group or netgroup a syntax error.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [4b85bddc494e] <1.8>        Make an empty group or netgroup a syntax error.
         [66f51ddc2ff6]
   
        * An empty group or netgroup should be a syntax error.        * plugins/sudoers/regress/sudoers/test7.in,
        [6ec796972eff] <1.8>        plugins/sudoers/regress/sudoers/test7.out.ok,
         plugins/sudoers/regress/sudoers/test7.toke.ok:
         An empty group or netgroup should be a syntax error.
         [bd5bf1e2edce]
   
        * Check that uids work in per-user and per-runas Defaults Check that        * plugins/sudoers/regress/sudoers/test6.in,
         plugins/sudoers/regress/sudoers/test6.out.ok,
         plugins/sudoers/regress/sudoers/test6.toke.ok:
         Check that uids work in per-user and per-runas Defaults Check that
         uids and gids work in a Command_Spec          uids and gids work in a Command_Spec
        [68cf62353420] <1.8>        [c5e848e6082b]
   
        * Test empty string in User_Alias and Command_Spec        * plugins/sudoers/regress/sudoers/test5.in,
        [017d487c31be] <1.8>        plugins/sudoers/regress/sudoers/test5.out.ok,
         plugins/sudoers/regress/sudoers/test5.toke.ok:
         Test empty string in User_Alias and Command_Spec
         [3a084d777e03]
   
        * Allow a group ID in the User_Spec.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [37e0bf69c8d8] <1.8>        Allow a group ID in the User_Spec.
         [bc2859eb71dc]
   
         * Return an error for the empty string when a word is expected. Allow  
         an ID for per-user or per-runas Defaults.  
         [4c9020779582] <1.8>  
   
 2011-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix printing "User_Alias FOO = ALL"        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [97c9fd7caeb7] <1.8>        Return an error for the empty string when a word is expected. Allow
         an ID for per-user or per-runas Defaults.
         [915c259b00ff]
   
           * plugins/sudoers/testsudoers.c:
           Fix printing "User_Alias FOO = ALL"
           [ba58c3d548b3]
   
 2011-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Better error message about invalid -C argument        * src/parse_args.c:
        [2301e7a3835b] <1.8>        Better error message about invalid -C argument
         [c9a8d15bbf5d]
   
        * fix typo        * NEWS:
        [c5acde62a309] <1.8>        fix typo
         [cdcfbafed013]
   
        * Fix placement of equal size ('=') in user specification summary.        * doc/sudoers.pod:
        [4d0ffef77ae4] <1.8>        Fix placement of equal size ('=') in user specification summary.
         [5ad7178b230d]
   
 2011-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * update to match sudoers regress        * MANIFEST:
        [0efb8dc9092a] <1.8>        update to match sudoers regress
         [e04db0648717]
   
        * Restore ability to define TRACELEXER and have trace output go to        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Restore ability to define TRACELEXER and have trace output go to
         stderr.          stderr.
        [441c8b372217] <1.8>        [d9531e4d1b20]
   
        * Restore old behavior of setting sawspace = TRUE for command line        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Restore old behavior of setting sawspace = TRUE for command line
         args when a line continuation character is hit to avoid causing          args when a line continuation character is hit to avoid causing
         problems for existing sudoers files.          problems for existing sudoers files.
        [963ded6ce070] <1.8>        [fd930ad25550]
   
        * Add test for line continuation and aliases        * plugins/sudoers/regress/sudoers/test4.in,
        [5703d11a3c46] <1.8>        plugins/sudoers/regress/sudoers/test4.out.ok,
         plugins/sudoers/regress/sudoers/test4.toke.ok:
         Add test for line continuation and aliases
         [29ab538ca6bb]
   
        * Make test output line up nicely for parse vs. toke        * plugins/sudoers/Makefile.in:
        [15321ce2d7d9] <1.8>        Make test output line up nicely for parse vs. toke
         [257ef82c1434]
   
        * plugins/sudoers/regress/testsudoers/test1.ok,        * plugins/sudoers/Makefile.in,
         plugins/sudoers/regress/sudoers/test1.in,
         plugins/sudoers/regress/sudoers/test1.out.ok,
         plugins/sudoers/regress/sudoers/test1.toke.ok,
         plugins/sudoers/regress/sudoers/test2.in,
         plugins/sudoers/regress/sudoers/test2.out.ok,
         plugins/sudoers/regress/sudoers/test2.toke.ok,
         plugins/sudoers/regress/sudoers/test3.in,
         plugins/sudoers/regress/sudoers/test3.out.ok,
         plugins/sudoers/regress/sudoers/test3.toke.ok,
         plugins/sudoers/regress/testsudoers/test1.ok,
         plugins/sudoers/regress/testsudoers/test1.out.ok,
         plugins/sudoers/regress/testsudoers/test1.sh,
         plugins/sudoers/regress/testsudoers/test2.out,          plugins/sudoers/regress/testsudoers/test2.out,
         plugins/sudoers/regress/testsudoers/test2.sh,          plugins/sudoers/regress/testsudoers/test2.sh,
         plugins/sudoers/regress/testsudoers/test3.ok,          plugins/sudoers/regress/testsudoers/test3.ok,
Line 1511 Line 10636
         plugins/sudoers/regress/visudo/test1.sh:          plugins/sudoers/regress/visudo/test1.sh:
         Move parser tests to sudoers directory and test the tokenizer output          Move parser tests to sudoers directory and test the tokenizer output
         too.          too.
        [111c1ccda334] <1.8>        [44f529b3cdb6]
   
        * If we match a rule anchored to the beginning of a line after parsing        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         If we match a rule anchored to the beginning of a line after parsing
         a line continuation character, return an ERROR token. It would be          a line continuation character, return an ERROR token. It would be
         nicer to use REJECT instead but that substantially slows down the          nicer to use REJECT instead but that substantially slows down the
         lexer.          lexer.
        [67e54b14aa9d] <1.8>        [355478293f8c]
   
        * Move LEXTRACE macro to toke.h so we can use it in yyerror().        * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
        [e6e04037deed] <1.8>        plugins/sudoers/toke.c, plugins/sudoers/toke.h,
         plugins/sudoers/toke.l:
         Move LEXTRACE macro to toke.h so we can use it in yyerror().
         [72ee7a06d3ca]
   
        * Make lex tracing settable at run-time in testsudoers via the -t2011-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
        flag. Trace output goes to stderr. Will be used by regress tests 
        to check lexer. 
        [a973f43cc0c2] <1.8> 
   
        * Allow whitespace after the modifier in a Defaults entry. E.g.        * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
         plugins/sudoers/toke.l:
         Make lex tracing settable at run-time in testsudoers via the -t
         flag. Trace output goes to stderr. Will be used by regress tests to
         check lexer.
         [93bd53c413c8]
 
         * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Allow whitespace after the modifier in a Defaults entry. E.g.
         "Defaults: username set_home"          "Defaults: username set_home"
        [bf876c9fc5bb] <1.8>        [9dfcf8dd8a3a]
   
 2011-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't set CC when cross-compiling.        * mkpkg:
        [d3c33dcb02f2] <1.8>        Don't set CC when cross-compiling.
         [4b95b0c04e1c]
   
        * Credit Matthew Thomas for the sudoers_search_filter changes.        * NEWS:
        [2209b80664af] <1.8>        Credit Matthew Thomas for the sudoers_search_filter changes.
         [a65998ab09f7]
   
        * Add the .sym files to the MANIFEST        * MANIFEST:
        [bb452b28a009] <1.8>        Add the .sym files to the MANIFEST
         [f599225cc861]
   
        * Update for sudo 1.8.1 beta        * NEWS:
        [700d42d80e00] <1.8>        Update for sudo 1.8.1 beta
         [71021e854c49]
   
        * user_shell -> run_shell to avoid confusion with the user's SHELL        * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
         user_shell -> run_shell to avoid confusion with the user's SHELL
         variable.          variable.
        [451b96d5f97e] <1.8>        [dc0ac6dafc21]
   
        * Save the controlling tty process group before suspending in pty        * src/exec_pty.c:
        mode. Previously, we assumed that the child pgrp == child pid        Save the controlling tty process group before suspending in pty
        (which is usually, but not always, the case).        mode. Previously, we assumed that the child pgrp == child pid (which
        [b0841d861191] <1.8>        is usually, but not always, the case).
         [10b2883b7875]
   
        * Add support for sudoers_search_filter setting in ldap.conf. This        * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
        can be used to restrict the set of records returned by the LDAP        Add support for sudoers_search_filter setting in ldap.conf. This can
        query.        be used to restrict the set of records returned by the LDAP query.
        [70c5f496e2b3] <1.8>        [b0f1b721d102]
   
 2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Remove the hack to disable -g in CFLAGS unless --with-devel          Remove the hack to disable -g in CFLAGS unless --with-devel
        [9459839f50ba] <1.8>        [89822cf84ef4]
   
        * The '@' character does not normally need to be quoted.        * doc/sudoers.pod:
        [e66c4c64e514] <1.8>        The '@' character does not normally need to be quoted.
         [7823f5ed829a]
   
        * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
         if that whitespace is followed by a comma, we want to treat it as          if that whitespace is followed by a comma, we want to treat it as
         part of a list and not transition.          part of a list and not transition.
        [52ae2df9959d] <1.8>        [1ca6943e1824]
   
        * Add check for whitespace when a User_List is used for a per-user        * plugins/sudoers/regress/testsudoers/test3.ok,
         plugins/sudoers/regress/testsudoers/test3.sh:
         Add check for whitespace when a User_List is used for a per-user
         Defaults entry.          Defaults entry.
        [44a4db95be86] <1.8>        [91f75e6dd19a]
   
        * Expand quoted name checks to cover recent fixes.        * plugins/sudoers/regress/testsudoers/test2.out,
        [bd494b5c2bed] <1.8>        plugins/sudoers/regress/testsudoers/test2.sh:
         Expand quoted name checks to cover recent fixes.
         [ce4f76bca146]
   
        * Fix parsing of double-quoted names in Defaults and Aliases which was        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Fix parsing of double-quoted names in Defaultd and Aliases which was
         broken in 601d97ea8792.          broken in 601d97ea8792.
        [dfdd58c3eb3b] <1.8>        [424b0d6c1dc4]
   
        * toke_util.c lives in $(srcdir) not $(devdir)        * plugins/sudoers/Makefile.in:
        [94f8f024782e] <1.8>        toke_util.c lives in $(srcdir) not $(devdir)
         [94866bebee83]
   
 2011-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
        Update version to 1.8.1        Change trunk version to 1.8.x to distinguish from real 1.8.0.
        [531a7d520f18] <1.8>        [a9781e61d064]
   
        * Document major changes in 1.8.1 and add upgrade notes.        * NEWS, doc/UPGRADE:
        [116821646140] <1.8>        Document major changes in 1.8.1 and add upgrade notes.
         [f2cf51b0d9ce]
   
        * Be careful not to deref user_stat if it is NULL. This cannot        * plugins/sudoers/match.c:
         Be careful not to deref user_stat if it is NULL. This cannot
         currently happen in sudo but might in other programs using the          currently happen in sudo but might in other programs using the
         parser.          parser.
        [d72a9c7151c4] <1.8>        [06a2334dd674]
   
        * configure will not add -O2 to CFLAGS if it is already defined to add        * mkpkg:
         configure will not add -O2 to CFLAGS if it is already defined to add
         -O2 to the CFLAGS we pass in when PIE is being used.          -O2 to the CFLAGS we pass in when PIE is being used.
        [2c7fe82be93d] <1.8>        [1ce6481ece59]
   
        * Warn about the dangers of log_input and mention iolog_file and        * doc/sudoers.pod:
         Warn about the dangers of log_input and mention iolog_file and
         iolog_dir in the log_input and log_output descriptions.          iolog_dir in the log_input and log_output descriptions.
        [edc6aa59aa45] <1.8>        [ae854ffb0768]
   
        * sync with git version        * pp:
        [b121cf739c77] <1.8>        sync with git version
         [a993e39ce3cb]
   
        * It seems that h comes after i        * doc/sudoers.pod:
        [99ad15015f05] <1.8>        It seems that h comes after i
         [0f621109220d]
   
        * Move log_input and log_output to their proper, sorted, location.        * doc/sudoers.pod:
         Move log_input and log_output to their proper, sorted, location.
         Document set_utmp and utmp_runas.          Document set_utmp and utmp_runas.
        [216ce8b0ae1a] <1.8>        [273b234b9c34]
   
        * Save the controlling tty process group before suspending so we can        * src/exec.c:
         Save the controlling tty process group before suspending so we can
         restore it when we resume. Fixes job control problems on Linux          restore it when we resume. Fixes job control problems on Linux
         caused by the previous attemp to fix resuming a shell when I/O          caused by the previous attemp to fix resuming a shell when I/O
         logging not enabled.          logging not enabled.
        [dfe038f733be] <1.8>        [f03a660315ee]
   
        * Fix printing of the remainder after a newline. Fixes "sudo -l"        * common/lbuf.c:
         Fix printing of the remainder after a newline. Fixes "sudo -l"
         output corruption that could occur in some cases.          output corruption that could occur in some cases.
        [ab2f0a629e0d] <1.8>        [25d83fb501fc]
   
        * Add support for ut_exit2011-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
        [7039ec6a73fa] <1.8> 
   
        * Add support for controlling whether utmp is updated and which user        * config.h.in, configure, configure.in, src/exec_pty.c,
         src/sudo_exec.h, src/utmp.c:
         Add support for ut_exit
         [b574c13f1bba]
 
         * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
         plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
         plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
         src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
         Add support for controlling whether utmp is updated and which user
         is listed in the entry.          is listed in the entry.
        [1b008ce71eab] <1.8>        [44a81632133f]
   
        * Fix typo; tupple vs. tuple        * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
        [67bb5c67ae3d] <1.8>        plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
         plugins/sudoers/parse.c:
         Fix typo; tupple vs. tuple
         [697744acb710]
   
        * For legacy utmp, strip the /dev/ prefix before trying to determine        * src/utmp.c:
         For legacy utmp, strip the /dev/ prefix before trying to determine
         slot since the ttys file does not include the /dev/ prefix.          slot since the ttys file does not include the /dev/ prefix.
        [8f597114381d] <1.8>        [7ad5b81ff90c]
   
        * Add check for _PATH_UTMP        * aclocal.m4, configure, configure.in, pathnames.h.in:
        [fe7e2456f017] <1.8>        Add check for _PATH_UTMP
         [21e638029bfd]
   
        * Adapt check_iolog_path to sessid changes2011-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
        [3016201869b6] <1.8> 
   
        * Redo utmp handling. If no getutent()/getutxent() is available,        * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
         Adapt check_iolog_path to sessid changes
         [728b5fe2be6f]
 
         * config.h.in, configure, configure.in, src/Makefile.in,
         src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
         Redo utmp handling. If no getutent()/getutxent() is available,
         assume a ttyslot-based utmp. If getttyent() is available, use that          assume a ttyslot-based utmp. If getttyent() is available, use that
         directly instead of ttyslot() so we don't have to do the stdin dup2          directly instead of ttyslot() so we don't have to do the stdin dup2
         dance.          dance.
        [817490c7c20e] <1.8>        [18aa455cd140]
   
        * Move utmp handling into utmp.c2011-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
        [e4729d9259e9] <1.8> 
   
        * Update copyright years.        * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
        [1065afc00233] <1.8>        src/utmp.c:
         Move utmp handling into utmp.c
         [f6eae6c8e012]
   
2011-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>        * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
         common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
         compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
         compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
         compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
         include/sudo_plugin.h, plugins/sample/sample_plugin.c,
         plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
         plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
         plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
         plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
         plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
         plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
         plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
         plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
         plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
         plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
         plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
         plugins/sudoers/logging.c, plugins/sudoers/parse.c,
         plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
         plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
         src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
         src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
         src/sudo_plugin_int.h, src/tgetpass.c:
         Update copyright years.
         [16aa39f9060a]
   
        * Add "user_shell" boolean as a way to indicate to the plugin that the        * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h, src/parse_args.c:
         Add "user_shell" boolean as a way to indicate to the plugin that the
         -s flag was given.          -s flag was given.
        [6e8bc49b7ea7] <1.8>        [fb1ef0897b32]
   
        * Move sessid out of sudo_user.        * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
        [00d67d5ba894] <1.8>        plugins/sudoers/sudoers.h:
         Move sessid out of sudo_user.
         [ba298ddb57f4]
   
        * Log the TSID even if it is not a simple session ID.        * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
        [490cf0adae29] <1.8>        plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h:
         Log the TSID even if it is not a simple session ID.
         [d7cc1b9c513c]
   
        * Document noexec in sample.sudo.conf and add back noexec_file section        * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
         Document noexec in sample.sudo.conf and add back noexec_file section
         in sudoers with a note that it is deprecated.          in sudoers with a note that it is deprecated.
        [c7a2d8d0c563] <1.8>        [4a6e961e494d]
   
        * Fix running commands as non-root on systems where setreuid() changes        * plugins/sudoers/set_perms.c:
         Fix running commands as non-root on systems where setreuid() changes
         the saved uid based on the effective uid we are changing to.          the saved uid based on the effective uid we are changing to.
        [f3b27db56ba6] <1.8>        [df0769b71b34]
   
 2011-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Move noexec path into sudo.conf now that sudo itself handles noexec.        * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
         src/sudo.h:
         Move noexec path into sudo.conf now that sudo itself handles noexec.
         Currently can be configured in sudoers too but is now undocumented          Currently can be configured in sudoers too but is now undocumented
         and will be removed in a future release.          and will be removed in a future release.
        [9c5f64709994] <1.8>        [6fa8befdc110]
   
        * Document "Path noexec ..." in sudo.conf. No longer document        * doc/sudo.pod, doc/sudoers.pod:
         Document "Path noexec ..." in sudo.conf. No longer document
         noexec_file in sudoers, it will be removed in a future release.          noexec_file in sudoers, it will be removed in a future release.
        [959fa6b5217b] <1.8>        [24eee3a0b3e5]
   
        * Move noexec handling to sudo front-end where it is documented as        * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
         Move noexec handling to sudo front-end where it is documented as
         being.          being.
        [ef6cd4a40c61] <1.8>        [3ed4f10d7052]
   
        * Add support for disabling exec via solaris privileges. Includes        * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
         src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
         src/sudo_exec.h:
         Add support for disabling exec via solaris privileges. Includes
         preparation for moving noexec support out of sudoers and into front          preparation for moving noexec support out of sudoers and into front
         end as documented.          end as documented.
        [d9c05ba9a24f] <1.8>        [dec843ed553e]
   
        * Only export the symbols corresponding to the plugin structs.        * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
        [cb07af1d9b39] <1.8>        plugins/sample_group/Makefile.in,
         plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
         plugins/sudoers/sudoers.sym:
         Only export the symbols corresponding to the plugin structs.
         [8d8d03b0ca54]
   
        * Install plugins manually instead of using libtool. This works        * configure, configure.in, plugins/sample/Makefile.in,
        around a problem on AIX where libtool will install a .a file        plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
        containing the .so file instead of the .so file itself.        Install plugins manually instead of using libtool. This works around
        [1ccf5af58c05] <1.8>        a problem on AIX where libtool will install a .a file containing the
         .so file instead of the .so file itself.
         [796971cfbddb]
   
         * Makefile.in:          * Makefile.in:
         Move check into its own rule since some versions of make will run          Move check into its own rule since some versions of make will run
         both targets as the default rule.          both targets as the default rule.
        [7159f37eb552] <1.8>        [34d759979176]
   
        * Update to libtool 2.2.10        * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
        [9e49773b32b7] <1.8>        m4/ltversion.m4, m4/lt~obsolete.m4:
         Update to libtool 2.2.10
         [34c130de6af7]
   
        * In handle_signals(), restart the read() on EINTR to make sure we2011-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * src/exec.c:
         In handle_signals(), restart the read() on EINTR to make sure we
         keep up with the signal pipe. Don't return -1 on EAGAIN, it just          keep up with the signal pipe. Don't return -1 on EAGAIN, it just
         means we have emptied the pipe.          means we have emptied the pipe.
        [dc2926097b2d] <1.8>        [d5b9c8eb9000]
   
        * Reorder functions to quiet a compiler warning.        * compat/mktemp.c:
        [5201367e5db4] <1.8>        Reorder functions to quiet a compiler warning.
         [c9e9a23729f0]
   
        * Use the Sun Studio C compiler on Solaris if possible        * mkpkg:
        [b8d43b423fb9] <1.8>        Use the Sun Studio C compiler on Solaris if possible
         [11a86e27891e]
   
 2011-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix default setting of osversion variable.        * mkpkg:
        [e12905851be5] <1.8>        Fix default setting of osversion variable.
         [52e49ca1cedd]
   
        * Make two login_class entris consistent.        * doc/sudo_plugin.pod:
        [0671d7b204be] <1.8>        Make two login_class entris consistent.
         [18ff1fa94a91]
   
        * Add support for adding a utmp entry when allocating a new pty.        * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
         src/sudo_exec.h:
         Add support for adding a utmp entry when allocating a new pty.
         Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().          Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
         Currently only creates a new entry if the existing tty has a utmp          Currently only creates a new entry if the existing tty has a utmp
         entry.          entry.
        [40ff30099e79] <1.8>        [32db72b81d80]
   
        * Avoid pulling in headers we don't need on Linux For getutx?id(),        * plugins/sudoers/boottime.c:
         Avoid pulling in headers we don't need on Linux For getutx?id(),
         call setutx?ent() first and always call endutx?ent().          call setutx?ent() first and always call endutx?ent().
        [b86f7a13aae9] <1.8>        [5dad21e1ee1b]
   
        * Add some more libs to SUDOERS_LIBS instead of relying on them to be        * configure, configure.in:
         Add some more libs to SUDOERS_LIBS instead of relying on them to be
         pulled in by SUDO_LIBS.          pulled in by SUDO_LIBS.
        [bcbd16ec56c6] <1.8>        [18a7c21c09a7]
   
        * Fix return value of "sudo -l command" when command is not allowed,        * plugins/sudoers/sudoers.c:
        broken in [c7097ea22111]. The default return value is now TRUE and        Fix return value of "sudo -l command" when command is not allowed,
        a bad: label is used when permission is denied. Also fixed missing        broken in [c7097ea22111]. The default return value is now TRUE and a
         bad: label is used when permission is denied. Also fixed missing
         permissions restoration on certain errors. On error()/errorx(), the          permissions restoration on certain errors. On error()/errorx(), the
         password and group files are now closed before returning.          password and group files are now closed before returning.
        [757c941a47b2] <1.8>        [4f2d0e869ae5]
   
 2011-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix passing of login class back to sudo front end.        * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
        [5e649de6b7f5] <1.8>        Fix passing of login class back to sudo front end.
         [6f70a784ce48]
   
        * Add --osversion flag to specify OS instead of running "pp        * mkpkg:
         Add --osversion flag to specify OS instead of running "pp
         --probeonly"          --probeonly"
        [8a03943ac5e8] <1.8>        [a8efdccb7bc1]
   
        * Fix expr usage w/ GNU expr        * sudo.pp:
        [bdecfa1f54fc] <1.8>        Fix expr usage w/ GNU expr
         [48895599ee63]
   
 2011-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix exit value for validate and list mode.        * plugins/sudoers/sudoers.c:
        [6f8b20199935] <1.8>        Fix exit value for validate and list mode.
         [c7097ea22111]
   
        * Fix non-interactive mode with sudoers plugin.        * plugins/sudoers/sudoers.c:
        [cf5aca4fcbcf] <1.8>        Fix non-interactive mode with sudoers plugin.
         [172f29597bd2]
   
 2011-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * sudoreplay can now find IDs other than %{seq} and display the        * doc/sudoreplay.pod:
         sudoreplay can now find IDs other than %{seq} and display the
         session.          session.
        [60396b417633] <1.8>        [fc3dd3be67e9]
   
         * Add support for replaying sessions when iolog_file is set to  
         something other than %{seq}.  
         [1cd2baa74d56] <1.8>  
   
 2011-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * If we are killed by a signal, display the name of the signal that        * plugins/sudoers/sudoreplay.c:
         Add support for replaying sessions when iolog_file is set to
         something other than %{seq}.
         [ca3131243874]
 
         * plugins/sudoers/visudo.c:
         If we are killed by a signal, display the name of the signal that
         got us.          got us.
        [1b38c4d42282] <1.8>        [994bb76a990e]
   
        * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS        * configure, configure.in:
         Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
         where they belong.          where they belong.
        [78e97a921104] <1.8>        [40f94b936fa4]
   
        * Fix bug in skey/opie check that could cause a shell warning.        * configure.in:
        [f20229a04f30] <1.8>        Fix bug in skey/opie check that could cause a shell warning.
         [83c043072be5]
   
        * No longer need sudo_getepw() stubs.        * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
        [795631ac7db0] <1.8>        No longer need sudo_getepw() stubs.
         [bbee15c36912]
   
 2011-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix exit value of "sudo -l command" in sudoers module.        * plugins/sudoers/sudo_nss.c:
        [4a05d6019b3d] <1.8>        Fix exit value of "sudo -l command" in sudoers module.
         [a6541867521b]
   
 2011-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Use fgets() not fgetln() for portability.        * compat/regress/glob/globtest.c:
        [1f2050745096] <1.8>        Use fgets() not fgetln() for portability.
         [df1bb67fb168]
   
        * Don't use the beta or release candidate version as the rpm release.        * sudo.pp:
        [a5b049477646] <1.8>        Don't use the beta or release candidate version as the rpm release.
         [d661ef78021a]
   
 2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * Makefile.in:  
         Adjust ChangeLog rule now that 1.8 is branched  
         [a994ac361e44] <1.8>  
   
         * .hgtags:  
         Added tag SUDO_1_8_0 for changeset f6530d56f6ae  
         [99a2b3801419] <1.8>  
   
 2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * configure, configure.in:          * configure, configure.in:
         version 1.8.0          version 1.8.0
         [f6530d56f6ae] [SUDO_1_8_0]          [f6530d56f6ae] [SUDO_1_8_0]
Line 2238 Line 11480
   
         * plugins/sudoers/ldap.c:          * plugins/sudoers/ldap.c:
         Stash pointer to user group vector in LDAP handle and only reuse the          Stash pointer to user group vector in LDAP handle and only reuse the
        query if it has not changed. We always allocate a new buffer when        query if it has not changed. We always allocate a new buffer when we
        we reset the group vector so a simple pointer check is sufficient.        reset the group vector so a simple pointer check is sufficient.
         [88861d4eba69]          [88861d4eba69]
   
         * plugins/sudoers/sudo_nss.c:          * plugins/sudoers/sudo_nss.c:
Line 2559 Line 11801
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:          plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
         Allow sudoers to specify the iolog file in addition to the iolog          Allow sudoers to specify the iolog file in addition to the iolog
         dir. Add escape sequence support to iolog file and dir: sequence          dir. Add escape sequence support to iolog file and dir: sequence
        number, user, group, runas_user, runas_group, hostname and        number, user, group, runas_user, runas_group, hostname and command
        command in addition to any escape sequence recognized by        in addition to any escape sequence recognized by strftime(3).
        strftime(3). 
         [75cd32ee0435]          [75cd32ee0435]
   
         * plugins/sudoers/iolog.c:          * plugins/sudoers/iolog.c:
Line 2578 Line 11819
         [d29784fd2a66]          [d29784fd2a66]
   
         * common/term.c:          * common/term.c:
        Clear OPOST from c_oflag like we used to. Fixes screen-based        Clear OPOST from c_oflag like we used to. Fixes screen-based editors
        editors such as vi.        such as vi.
         [506ad5ae9b4e]          [506ad5ae9b4e]
   
         * doc/sudoers.pod:          * doc/sudoers.pod:
Line 3315 Line 12556
         * plugins/sudoers/match.c:          * plugins/sudoers/match.c:
         When matching the runas user and runas group (-u and -g command line          When matching the runas user and runas group (-u and -g command line
         options), keep track of runas group and runas user matches          options), keep track of runas group and runas user matches
        separately. Only return a positive match if we have a match for        separately. Only return a positive match if we have a match for both
        both runas user and runas group (if specified).        runas user and runas group (if specified).
         [815219e04cc8]          [815219e04cc8]
   
 2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 3541 Line 12782
         * plugins/sudoers/check.c, plugins/sudoers/ldap.c,          * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
         plugins/sudoers/match.c, plugins/sudoers/pwutil.c,          plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:          plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
        Reference count cached passwd and group structs. The cache holds        Reference count cached passwd and group structs. The cache holds one
        one reference itself and another is added by sudo_getgr{gid,nam} and        reference itself and another is added by sudo_getgr{gid,nam} and
         sudo_getpw{uid,nam}. The final ref on the runas and user passwd and          sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
         group structs are persistent for now.          group structs are persistent for now.
         [e544685523c3]          [e544685523c3]
Line 3675 Line 12916
   
         * plugins/sudoers/sudoreplay.c:          * plugins/sudoers/sudoreplay.c:
         Add setlocale() so the command line arguments that use floating          Add setlocale() so the command line arguments that use floating
        point work in different locales. Since sudo now logs the timing        point work in different locales. Since sudo now logs the timing data
        data in the C locale we must Parse the seconds in the timing file        in the C locale we must Parse the seconds in the timing file
         manually instead of using strtod(). Furthermore, sudo 1.7.3 logged          manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
         the number of seconds with the user's locale so if the decimal point          the number of seconds with the user's locale so if the decimal point
         is not '.' try using the locale-specific version.          is not '.' try using the locale-specific version.
Line 3855 Line 13096
   
         * common/aix.c:          * common/aix.c:
         setauthdb() only sets the "old" registry if it was set by a previous          setauthdb() only sets the "old" registry if it was set by a previous
        call to setauthdb(). To restore the original value, passing NULL        call to setauthdb(). To restore the original value, passing NULL (or
        (or an empty string) to setauthdb() is sufficient.        an empty string) to setauthdb() is sufficient.
         [470da190a254]          [470da190a254]
   
 2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 3966 Line 13207
         Use tab indents to reduce the chance of problem with <<- Fix the          Use tab indents to reduce the chance of problem with <<- Fix the
         debian %set section, pp does not set pp_deb_distro Uncomment %sudo          debian %set section, pp does not set pp_deb_distro Uncomment %sudo
         line in sudoers for debian Uncomment some env_keep lines for RHEL,          line in sudoers for debian Uncomment some env_keep lines for RHEL,
        SLES and debian to more closely match the vendor sudoers files.        SLES and debian to more closely match the vendor sudoers files. Add
        Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on        /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
         debian for ldap flavor          debian for ldap flavor
         [c5b49feb1a0c]          [c5b49feb1a0c]
   
Line 4605 Line 13846
   
         * plugins/sudoers/toke.c, plugins/sudoers/toke.l:          * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         A comment character may not be part of a command line argument          A comment character may not be part of a command line argument
        unless it is quoted with a backslash. Fixes parsing of:        unless it is quoted with a backslash. Fixes parsing of: testuser
        testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441        ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
         [ea2e990f85ed]          [ea2e990f85ed]
   
         * doc/sudoers.pod:          * doc/sudoers.pod:
Line 4727 Line 13968
         include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,          include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
         src/conversation.c, src/sudo.h, src/tgetpass.c:          src/conversation.c, src/sudo.h, src/tgetpass.c:
         Add SUDO_CONV_PROMPT_MASK define which corresponds to the          Add SUDO_CONV_PROMPT_MASK define which corresponds to the
        "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is        "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set.
        set. 
         [e0550590cabe]          [e0550590cabe]
   
         * src/exec_pty.c:          * src/exec_pty.c:
Line 4780 Line 14020
   
         * plugins/sudoers/toke.c, plugins/sudoers/toke.l:          * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         If a file in a #includedir has improper permissions or owner just          If a file in a #includedir has improper permissions or owner just
        skip it. This prevents packages that incorrectly install a file        skip it. This prevents packages that incorrectly install a file into
        into /etc/sudoers.d from breaking sudo so easily. Syntax errors in        /etc/sudoers.d from breaking sudo so easily. Syntax errors in
         #includedir files still result in a parse error (for now).          #includedir files still result in a parse error (for now).
         [ade99a4549a4]          [ade99a4549a4]
   
Line 5279 Line 14519
         [31b69a6ecda7]          [31b69a6ecda7]
   
         * src/script.c, src/sudo.h:          * src/script.c, src/sudo.h:
        Cosmetic changes: add comments, remove orphaned prototype and        Cosmetic changes: add comments, remove orphaned prototype and make a
        make a global static.        global static.
         [f7851af0143e]          [f7851af0143e]
   
 2010-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5354 Line 14594
         * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,          * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
         src/sudo_edit.c:          src/sudo_edit.c:
         If plugin sets "sudoedit=true" in the command info, enable sudoedit          If plugin sets "sudoedit=true" in the command info, enable sudoedit
        mode even if not invoked as sudoedit. This allows a plugin to        mode even if not invoked as sudoedit. This allows a plugin to enable
        enable sudoedit when the user runs an editor.        sudoedit when the user runs an editor.
         [96d67b99e42e]          [96d67b99e42e]
   
 2010-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5407 Line 14647
         [4cbf5196d993]          [4cbf5196d993]
   
         * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:          * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
        Change how we handle the sudoedit argv. We now require that there        Change how we handle the sudoedit argv. We now require that there be
        be a "--" in argv to separate the editor and any command line        a "--" in argv to separate the editor and any command line arguments
        arguments from the files to be edited.        from the files to be edited.
         [20623d549a3c]          [20623d549a3c]
   
         * include/sudo_plugin.h, plugins/sample/sample_plugin.c,          * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
Line 5501 Line 14741
         [dd5464257c69]          [dd5464257c69]
   
         * src/script.c:          * src/script.c:
        Fix SIGPIPE handling. Now that we use may use pipes for        Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout
        stdin/stdout we need to pass any SIGPIPE we receive to the running        we need to pass any SIGPIPE we receive to the running command.
        command. 
         [3f6b1991f4fd]          [3f6b1991f4fd]
   
         * src/script.c:          * src/script.c:
Line 5716 Line 14955
         * src/script.c:          * src/script.c:
         Defer call to alarm() until after we fork the child. Pass correct          Defer call to alarm() until after we fork the child. Pass correct
         pid to terminate_child() If the command exits due to signal, set          pid to terminate_child() If the command exits due to signal, set
        alive to false like we do when it exits normally. Add missing        alive to false like we do when it exits normally. Add missing check
        check for errpipe[0] != -1 before using it in FD_ISSET        for errpipe[0] != -1 before using it in FD_ISSET
         [22f0a1549391]          [22f0a1549391]
   
 2010-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 6582 Line 15821
         [04a233b6c491]          [04a233b6c491]
   
         * include/compat.h:          * include/compat.h:
        Add definition of WCOREDUMP for systems without it. This is known        Add definition of WCOREDUMP for systems without it. This is known to
        to work on AIX and SunOS 4, but may be incorrect on other systems        work on AIX and SunOS 4, but may be incorrect on other systems that
        that lack WCOREDUMP.        lack WCOREDUMP.
         [c85b3ce6b77d]          [c85b3ce6b77d]
   
 2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7191 Line 16430
   
         * match.c:          * match.c:
         cmnd_matches() already deals with negation so _cmndlist_matches()          cmnd_matches() already deals with negation so _cmndlist_matches()
        does not need to do so itself. Fixes a bug with negated entries in        does not need to do so itself. Fixes a bug with negated entries in a
        a Cmnd_List.        Cmnd_List.
         [71c845f6ce73]          [71c845f6ce73]
   
 2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7236 Line 16475
         allows the parent to distinguish between signals it has been sent          allows the parent to distinguish between signals it has been sent
         directly and signals the command has received. It also means the          directly and signals the command has received. It also means the
         parent can once again print the signal notifications to the tty so          parent can once again print the signal notifications to the tty so
        all writes to the pty master occur in the parent. The command is        all writes to the pty master occur in the parent. The command is now
        now always started in background mode with tty signals handled by        always started in background mode with tty signals handled by the
        the parent.        parent.
         [c6790b82986d]          [c6790b82986d]
   
 2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7498 Line 16737
         [85f590a03275]          [85f590a03275]
   
         * script.c:          * script.c:
        Don't set stdout to blocking mode when flushing remaining output.        Don't set stdout to blocking mode when flushing remaining output. It
        It can cause us to hang when trying to exit. Need to investigate        can cause us to hang when trying to exit. Need to investigate why.
        why. 
         [6f803a3e33ca]          [6f803a3e33ca]
   
         * script.c:          * script.c:
Line 8025 Line 17263
         configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,          configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
         gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,          gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
         tgetpass.c:          tgetpass.c:
        First cut at session logging for sudo. Still need to write        First cut at session logging for sudo. Still need to write get_pty()
        get_pty() for Unix 98 and old-style BSD ptys. Also needs        for Unix 98 and old-style BSD ptys. Also needs documentation and
        documentation and general cleanup.        general cleanup.
         [77e3f5e25738]          [77e3f5e25738]
   
 2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 8543 Line 17781
         [2bcbbb45d389]          [2bcbbb45d389]
   
         * auth/pam.c:          * auth/pam.c:
        Make sure def_prompt is always defined. This is a workaround for        Make sure def_prompt is always defined. This is a workaround for pam
        pam configs that prompt for a password in the session but don't have        configs that prompt for a password in the session but don't have an
        an auth line. A better fix is to expand the sudo prompt earlier and        auth line. A better fix is to expand the sudo prompt earlier and set
        set def_prompt to that when initializing.        def_prompt to that when initializing.
         [ee073c04aec3]          [ee073c04aec3]
   
         * sudo.pod:          * sudo.pod:
Line 9697 Line 18935
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Disable use of gss_krb5_ccache_name() by default and add          Disable use of gss_krb5_ccache_name() by default and add
        --enable-gss-krb5-ccache-name configure option to enable it. It        --enable-gss-krb5-ccache-name configure option to enable it. It seems
        seems that gss_krb5_ccache_name() doesn't work properly with some        that gss_krb5_ccache_name() doesn't work properly with some
         combinations of Heimdal and OpenLDAP.          combinations of Heimdal and OpenLDAP.
         [f61ebd3b19bd]          [f61ebd3b19bd]
   
Line 9768 Line 19006
   
         * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:          * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
         Remove the =cut on the first line (above the copyright notice) to          Remove the =cut on the first line (above the copyright notice) to
        quiet pod2man. Also remove the hackery in the FILES section and        quiet pod2man. Also remove the hackery in the FILES section and just
        just deal with the fact that there will a newline between each        deal with the fact that there will a newline between each pathname.
        pathname. 
         [2ac1ab191835]          [2ac1ab191835]
   
 2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 9834 Line 19071
         * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,          * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
         sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,          sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
         testsudoers.c, toke.c, toke.l:          testsudoers.c, toke.c, toke.l:
        Add support for SELinux RBAC. Sudoers entries may specify a role        Add support for SELinux RBAC. Sudoers entries may specify a role and
        and type. There are also role and type defaults that may be used.        type. There are also role and type defaults that may be used. To
        To make sure a transition occurs, when using RBAC commands are        make sure a transition occurs, when using RBAC commands are executed
        executed via the new sesh binary. Based on initial changes from Dan        via the new sesh binary. Based on initial changes from Dan Walsh.
        Walsh. 
         [1d4abfe2c004]          [1d4abfe2c004]
   
         * sesh.c:          * sesh.c:
        Add support for SELinux RBAC. Sudoers entries may specify a role        Add support for SELinux RBAC. Sudoers entries may specify a role and
        and type. There are also role and type defaults that may be used.        type. There are also role and type defaults that may be used. To
        To make sure a transition occurs, when using RBAC commands are        make sure a transition occurs, when using RBAC commands are executed
        executed via the new sesh binary. Based on initial changes from Dan        via the new sesh binary. Based on initial changes from Dan Walsh.
        Walsh. 
         [1e3b395ce049]          [1e3b395ce049]
   
         * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,          * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
         def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,          def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
         pathnames.h.in, selinux.c:          pathnames.h.in, selinux.c:
        Add support for SELinux RBAC. Sudoers entries may specify a role        Add support for SELinux RBAC. Sudoers entries may specify a role and
        and type. There are also role and type defaults that may be used.        type. There are also role and type defaults that may be used. To
        To make sure a transition occurs, when using RBAC commands are        make sure a transition occurs, when using RBAC commands are executed
        executed via the new sesh binary. Based on initial changes from Dan        via the new sesh binary. Based on initial changes from Dan Walsh.
        Walsh. 
         [6b421948286e]          [6b421948286e]
   
 2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>  2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 9887 Line 19121
         * sudo.c:          * sudo.c:
         Unlimit nproc on Linux systems where calling the setuid() family of          Unlimit nproc on Linux systems where calling the setuid() family of
         syscalls causes the nroc resource limit to be checked. The limits          syscalls causes the nroc resource limit to be checked. The limits
        will be reset by pam_limits.so when PAM is used. In the non-PAM        will be reset by pam_limits.so when PAM is used. In the non-PAM case
        case the nproc limit will remain unlimited but there doesn't seem to        the nproc limit will remain unlimited but there doesn't seem to be a
        be a way around that other than having sudo parse        way around that other than having sudo parse
         /etc/security/limits.conf directly.          /etc/security/limits.conf directly.
         [df024b415a8d]          [df024b415a8d]
   
Line 9985 Line 19219
   
         * pwutil.c:          * pwutil.c:
         When copying gr_mem we must guarantee that the storage space for          When copying gr_mem we must guarantee that the storage space for
        gr_mem is properly aligned. The simplest way to do this is to        gr_mem is properly aligned. The simplest way to do this is to simply
        simply store gr_mem directly after struct group. This is not a        store gr_mem directly after struct group. This is not a problem for
        problem for gr_passwd or gr_name as they are simple strings.        gr_passwd or gr_name as they are simple strings.
         [af58fc76f1ed]          [af58fc76f1ed]
   
         * ldap.c:          * ldap.c:
Line 10335 Line 19569
 2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * env.c, pathnames.h.in, sudo.c, sudo.h:          * env.c, pathnames.h.in, sudo.c, sudo.h:
        Add support for reading and /etc/environment file. Still needs to        Add support for reading and /etc/environment file. Still needs to be
        be documented and should probably only applies to OSes that have it        documented and should probably only applies to OSes that have it
         (AIX and Linux, maybe others).          (AIX and Linux, maybe others).
         [15d3edae27e4]          [15d3edae27e4]
   
Line 10568 Line 19802
         [e486024574a1]          [e486024574a1]
   
         * ldap.c:          * ldap.c:
        Make sudo ALL imply setenv. Note that unlike with file-based        Make sudo ALL imply setenv. Note that unlike with file-based sudoers
        sudoers this does affect all the commands in the sudoRole.        this does affect all the commands in the sudoRole.
         [bc12f54321d1]          [bc12f54321d1]
   
         * gram.c, gram.y, parse.c, parse.h:          * gram.c, gram.y, parse.c, parse.h:
Line 10670 Line 19904
   
         * tgetpass.c:          * tgetpass.c:
         Avoid printing the prompt if we are already backgrounded. E.g. if          Avoid printing the prompt if we are already backgrounded. E.g. if
        the user runs "sudo foo &" from the shell. In this case, the call        the user runs "sudo foo &" from the shell. In this case, the call to
        to tcsetattr() will cause SIGTTOU to be delivered.        tcsetattr() will cause SIGTTOU to be delivered.
         [db2139a8d8b8]          [db2139a8d8b8]
   
 2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 10882 Line 20116
   
         * match.c, parse.c, testsudoers.c:          * match.c, parse.c, testsudoers.c:
         Use LH_FOREACH_REV when checking permission and short-circuit on the          Use LH_FOREACH_REV when checking permission and short-circuit on the
        first non-UNSPEC hit we get for the command. This means that        first non-UNSPEC hit we get for the command. This means that instead
        instead of cycling through the all the parsed sudoers entries we        of cycling through the all the parsed sudoers entries we start at
        start at the end and work backwards and quit after the first        the end and work backwards and quit after the first positive or
        positive or negative match.        negative match.
         [881474532f3e]          [881474532f3e]
   
         * gram.c:          * gram.c:
Line 10916 Line 20150
         * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,          * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
         testsudoers.c, visudo.c:          testsudoers.c, visudo.c:
         Use a list head struct when storing the semi-circular lists and          Use a list head struct when storing the semi-circular lists and
        convert to tail queues in the process. This will allow us to        convert to tail queues in the process. This will allow us to reverse
        reverse foreach loops more easily and it makes it clearer which        foreach loops more easily and it makes it clearer which functions
        functions expect a list as opposed to a single member.        expect a list as opposed to a single member.
   
         Add macros for manipulating lists. Some of these should become          Add macros for manipulating lists. Some of these should become
         functions.          functions.
Line 11042 Line 20276
   
         * toke.l:          * toke.l:
         Require that the first character after a comment not be a digit or a          Require that the first character after a comment not be a digit or a
        dash. This allows us to remove the GOTRUNAS state and treat        dash. This allows us to remove the GOTRUNAS state and treat uid/gids
        uid/gids similar to other words. It also means that we can now        similar to other words. It also means that we can now specify uids
        specify uids in User_Lists and a User_Spec may now contain a uid.        in User_Lists and a User_Spec may now contain a uid.
         [461fe01f8392]          [461fe01f8392]
   
         * gram.y, toke.l:          * gram.y, toke.l:
Line 11859 Line 21093
   
         * auth/kerb5.c:          * auth/kerb5.c:
         If we cannot get a valid service key using the default keytab it is          If we cannot get a valid service key using the default keytab it is
        a fatal error. Fixes a bug where sudo could be tricked into        a fatal error. Fixes a bug where sudo could be tricked into allowing
        allowing access when it should not by a fake KDC. From Thor Lancelot        access when it should not by a fake KDC. From Thor Lancelot Simon.
        Simon. 
         [a3ae6a47cb23]          [a3ae6a47cb23]
   
 2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 11943 Line 21176
   
         * env.c:          * env.c:
         Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and          Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
        LDR_PRELOAD64. The 64-bit version is not currently supported.        LDR_PRELOAD64. The 64-bit version is not currently supported. Remove
        Remove zero_env() prototype as it no longer exists.        zero_env() prototype as it no longer exists.
         [b4fe65027fb6]          [b4fe65027fb6]
   
 2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 12329 Line 21562
         [1dfc2e8c9f2b]          [1dfc2e8c9f2b]
   
         * ldap.c:          * ldap.c:
        Reorganize LDAP code to better match normal sudoers parsing.        Reorganize LDAP code to better match normal sudoers parsing. Instead
        Instead of storing strings for later printing in -l mode we do        of storing strings for later printing in -l mode we do another query
        another query since the authenticating user and the user being        since the authenticating user and the user being listed may not be
        listed may not be the same (the new -U flag). Also add support for        the same (the new -U flag). Also add support for "sudo -l command".
        "sudo -l command". 
   
         There is still a fair bit if duplicated code that can probably be          There is still a fair bit if duplicated code that can probably be
         refactored.          refactored.
Line 12918 Line 22150
   
         * match.c, testsudoers.c, visudo.c:          * match.c, testsudoers.c, visudo.c:
         Only check group vector in usergr_matches() if we are matching the          Only check group vector in usergr_matches() if we are matching the
        invoking or list user. Always check the group members, even if        invoking or list user. Always check the group members, even if there
        there was a group vector.        was a group vector.
         [d0c7ceb2a041]          [d0c7ceb2a041]
   
 2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 12994 Line 22226
         [d69959681c87]          [d69959681c87]
   
         * getspwuid.c:          * getspwuid.c:
        Check rbinsert() return value. In the case of faked up entries        Check rbinsert() return value. In the case of faked up entries there
        there is usually a negative response cached that we need to        is usually a negative response cached that we need to overwrite.
        overwrite. 
   
         In pwfree() don't try to zero out a NULL pw_passwd pointer.          In pwfree() don't try to zero out a NULL pw_passwd pointer.
         [00b32d1a48c1]          [00b32d1a48c1]
Line 13088 Line 22319
         [e56fe33db916]          [e56fe33db916]
   
         * ldap.c, parse.c, sudo.c, sudo.h:          * ldap.c, parse.c, sudo.c, sudo.h:
        Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.        Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead,
        Instead, we just set the approriate defaults variable.        we just set the approriate defaults variable.
         [756eeecc1d86]          [756eeecc1d86]
   
         * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:          * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
Line 13105 Line 22336
         * defaults.c, match.c, parse.c, parse.h, testsudoers.c:          * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
         Change an occurence of user_matches() -> runas_matches() missed          Change an occurence of user_matches() -> runas_matches() missed
         previously runas_matches(), host_matches() and cmnd_matches() only          previously runas_matches(), host_matches() and cmnd_matches() only
        really need to pass in a list of members. user_matches() still        really need to pass in a list of members. user_matches() still needs
        needs to pass in a passwd struct because of "sudo -l"        to pass in a passwd struct because of "sudo -l"
         [833b22fc6fa0]          [833b22fc6fa0]
   
         * parse.c:          * parse.c:
Line 13414 Line 22645
         [ad462ede3094]          [ad462ede3094]
   
         * testsudoers.c:          * testsudoers.c:
        Rewrite for the new parser. Now supports a -d flag (dump) and adds        Rewrite for the new parser. Now supports a -d flag (dump) and adds a
        a -h flag (host). It now defaults to the local hostname unless        -h flag (host). It now defaults to the local hostname unless
         otherwise specified.          otherwise specified.
         [1b69685cc601]          [1b69685cc601]
   
Line 13597 Line 22828
 2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * mon_systrace.c:          * mon_systrace.c:
        Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably        Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means
        means we are out of space in the stack gap...        we are out of space in the stack gap...
         [5b02b702021e]          [5b02b702021e]
   
         * CHANGES:          * CHANGES:
Line 13744 Line 22975
         [ba481d9ed1aa]          [ba481d9ed1aa]
   
         * visudo.c:          * visudo.c:
        Overhaul visudo for editing multiple files: o visudo has been        Overhaul visudo for editing multiple files: o visudo has been broken
        broken out into functions (more work needed here) o each file is        out into functions (more work needed here) o each file is now edited
        now edited before sudoers is re-parsed o if a #include line is        before sudoers is re-parsed o if a #include line is added that file
        added that file will be edited too        will be edited too
   
         TODO: o cleanup temp files when exiting via err() or errx() o          TODO: o cleanup temp files when exiting via err() or errx() o
         continue breaking things out into separate functions          continue breaking things out into separate functions
Line 13803 Line 23034
   
         * parse.c, parse.h, parse.lex, parse.yacc:          * parse.c, parse.h, parse.lex, parse.yacc:
         More scaffolding for dealing with multiple sudoers files: o          More scaffolding for dealing with multiple sudoers files: o
        init_parser() now takes a path used to populate the sudoers global        init_parser() now takes a path used to populate the sudoers global o
        o the sudoers global is used to print the correct file in yyerror()        the sudoers global is used to print the correct file in yyerror() o
        o when switching to a new sudoers file, perserve old file name and        when switching to a new sudoers file, perserve old file name and
         line number          line number
         [d9be4970b8bd]          [d9be4970b8bd]
   
Line 13889 Line 23120
   
         * getspwuid.c:          * getspwuid.c:
         Add flag to sudo_pwdup that indicates whether or not to lookup the          Add flag to sudo_pwdup that indicates whether or not to lookup the
        shadow password. Will be used to a struct passwd that has the        shadow password. Will be used to a struct passwd that has the shadow
        shadow password already filled in.        password already filled in.
         [e19d43dd7238]          [e19d43dd7238]
   
         * mon_systrace.c:          * mon_systrace.c:
Line 13940 Line 23171
         [1703fd2fdef6]          [1703fd2fdef6]
   
         * mon_systrace.c:          * mon_systrace.c:
        systrace(4) support for sudo. On systems with the systrace(4)        systrace(4) support for sudo. On systems with the systrace(4) kernel
        kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can        facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
        intercept exec calls and check the exec args against the sudoers        calls and check the exec args against the sudoers file. In other
        file. In other words, sudo can now control subcommands and shell        words, sudo can now control subcommands and shell escapes.
        escapes. 
         [928c9217c386]          [928c9217c386]
   
         * sudo.c, sudo.h:          * sudo.c, sudo.h:
Line 14853 Line 24083
 2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * INSTALL, README.LDAP, config.h.in, configure.in:          * INSTALL, README.LDAP, config.h.in, configure.in:
        o --with-ldap now takes an optional dir as a parameter o added        o --with-ldap now takes an optional dir as a parameter o added check
        check for ldap_initialize() and start_tls_s()        for ldap_initialize() and start_tls_s()
         [2b846c7974c6]          [2b846c7974c6]
   
         * README.LDAP:          * README.LDAP:
Line 14920 Line 24150
         * parse.c:          * parse.c:
         In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was          In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
         explicitly denied and the command matched. This fixes a long-          explicitly denied and the command matched. This fixes a long-
        standing bug and makes: foo machine = (ALL) /usr/bin/blah        standing bug and makes: foo machine = (ALL) /usr/bin/blah foo
        foo machine = (!bar) /usr/bin/blah        machine = (!bar) /usr/bin/blah
   
         equivalent to: foo machine = (ALL, !bar) /usr/bin/blah          equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
         [2f5ee244985a]          [2f5ee244985a]
Line 15020 Line 24250
         [6058c4cefcec]          [6058c4cefcec]
   
         * set_perms.c, sudo.c, tgetpass.c, visudo.c:          * set_perms.c, sudo.c, tgetpass.c, visudo.c:
        Preliminary changes to support nsr-tandem-nsk. Based on patches        Preliminary changes to support nsr-tandem-nsk. Based on patches from
        from Tom Bates.        Tom Bates.
         [2e5f81834383]          [2e5f81834383]
   
         * logging.c:          * logging.c:
        Preliminary changes to support nsr-tandem-nsk. Based on patches        Preliminary changes to support nsr-tandem-nsk. Based on patches from
        from Tom Bates.        Tom Bates.
         [934bbe6872b6]          [934bbe6872b6]
   
         * check.c, compat.h:          * check.c, compat.h:
        Preliminary changes to support nsr-tandem-nsk. Based on patches        Preliminary changes to support nsr-tandem-nsk. Based on patches from
        from Tom Bates.        Tom Bates.
         [390b698b5924]          [390b698b5924]
   
 2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 15379 Line 24609
         [773165eb6057]          [773165eb6057]
   
         * visudo.c:          * visudo.c:
        Use WIFEXITED and WEXITSTATUS macros. If there are systems out        Use WIFEXITED and WEXITSTATUS macros. If there are systems out there
        there that want to run sudo that still don't support these we can        that want to run sudo that still don't support these we can try to
        try to deal with that later.        deal with that later.
         [6af68e4aff60]          [6af68e4aff60]
   
         * lex.yy.c:          * lex.yy.c:
Line 15415 Line 24645
         * sudo.h:          * sudo.h:
         Add a new flag, -e, that makes it possible to give users the ability          Add a new flag, -e, that makes it possible to give users the ability
         to edit files with the editor of their choice as the invoking user,          to edit files with the editor of their choice as the invoking user,
        not the runas user. Temporary files are used for the actual edit        not the runas user. Temporary files are used for the actual edit and
        and the temp file is copied over the original after the editor is        the temp file is copied over the original after the editor is done.
        done. 
         [c4051414c1f4]          [c4051414c1f4]
   
         * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:          * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
         Add a new flag, -e, that makes it possible to give users the ability          Add a new flag, -e, that makes it possible to give users the ability
         to edit files with the editor of their choice as the invoking user,          to edit files with the editor of their choice as the invoking user,
        not the runas user. Temporary files are used for the actual edit        not the runas user. Temporary files are used for the actual edit and
        and the temp file is copied over the original after the editor is        the temp file is copied over the original after the editor is done.
        done. 
         [37ac05c8ac3c]          [37ac05c8ac3c]
   
         * env.c, sudo.c:          * env.c, sudo.c:
         If real uid == 0 and the SUDO_USER environment variables is set, use          If real uid == 0 and the SUDO_USER environment variables is set, use
         that to determine the invoking user's true identity. That way the          that to determine the invoking user's true identity. That way the
         proper info gets logged by someone who has done "sudo su" but still          proper info gets logged by someone who has done "sudo su" but still
        uses sudo to as root. We can't do this for non-root users since        uses sudo to as root. We can't do this for non-root users since that
        that would open up a security hole, though perhaps it would be        would open up a security hole, though perhaps it would be acceptable
        acceptable to use getlogin(2) on OSes where this a system call (and        to use getlogin(2) on OSes where this a system call (and doesn't
        doesn't just look in the utmp file).        just look in the utmp file).
         [c2f9198708a1]          [c2f9198708a1]
   
         * pathnames.h.in:          * pathnames.h.in:
Line 15484 Line 24712
 2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.c:          * sudo.c:
        Change euid to runas user before calling find_path().        Change euid to runas user before calling find_path(). Unfortunately,
        Unfortunately, though runas_user can be modified in sudoers we        though runas_user can be modified in sudoers we haven't parsed
        haven't parsed sudoers yet.        sudoers yet.
         [f469fdf2e313]          [f469fdf2e313]
   
         * sudoers.man.in, sudoers.pod:          * sudoers.man.in, sudoers.pod:
Line 15495 Line 24723
         [f7bed6e909bf]          [f7bed6e909bf]
   
         * sudo.c:          * sudo.c:
        Fix a bug when set_runaspw() is used as a callback. We don't want        Fix a bug when set_runaspw() is used as a callback. We don't want to
        to reset the contents of runas_pw if the user specified a user via        reset the contents of runas_pw if the user specified a user via the
        the -u flag.        -u flag.
   
         Avoid unnecessary passwd lookups in set_authpw(). In most cases we          Avoid unnecessary passwd lookups in set_authpw(). In most cases we
         already have the info in runas_pw.          already have the info in runas_pw.
Line 15522 Line 24750
         [42aa37050053]          [42aa37050053]
   
         * sudo.c:          * sudo.c:
        Add set_runaspw() function to fill in runas_pw. This will be used        Add set_runaspw() function to fill in runas_pw. This will be used as
        as a callback to update runas_pw when the runas user changes.        a callback to update runas_pw when the runas user changes.
         [e570aa0088d0]          [e570aa0088d0]
   
         * env.c, sudo.c:          * env.c, sudo.c:
Line 15739 Line 24967
         Add support for preloading a shared object containing a dummy          Add support for preloading a shared object containing a dummy
         execve() function that just sets error and returns -1. This adds a          execve() function that just sets error and returns -1. This adds a
         "noexec_file" option to load the filename as well as a "noexec" flag          "noexec_file" option to load the filename as well as a "noexec" flag
        to enable it unconditionally. There is also a NOEXEC tag that can        to enable it unconditionally. There is also a NOEXEC tag that can be
        be attached to specific commands and an EXEC tag to disable it.        attached to specific commands and an EXEC tag to disable it.
         [c8b6712feb91]          [c8b6712feb91]
   
         * mkdefaults:          * mkdefaults:
Line 15877 Line 25105
   
         * auth/pam.c:          * auth/pam.c:
         Fix a core dump on Solaris by preserving the pam_handle_t we used          Fix a core dump on Solaris by preserving the pam_handle_t we used
        during authentication for pam_prep_user(). If we didn't        during authentication for pam_prep_user(). If we didn't authenticate
        authenticate (ie: ticket still valid), we call pam_init() from        (ie: ticket still valid), we call pam_init() from pam_prep_user().
        pam_prep_user(). This is something of a hack; it may be better to        This is something of a hack; it may be better to change the auth API
        change the auth API and add an auth_final() function that acts like        and add an auth_final() function that acts like pam_prep_user().
        pam_prep_user(). 
         [f787de49b175]          [f787de49b175]
   
 2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 16081 Line 25308
         [aba0126f0059]          [aba0126f0059]
   
         * auth/kerb5.c:          * auth/kerb5.c:
        Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is        Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no
        no longer defined by MIT kerb5 (though it used to be and indeed        longer defined by MIT kerb5 (though it used to be and indeed remains
        remains so in Heimdal).        so in Heimdal).
         [e5a6c64d7cd5]          [e5a6c64d7cd5]
   
 2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>  2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 16626 Line 25853
         [587f8a2df857]          [587f8a2df857]
   
         * parse.lex:          * parse.lex:
        Better fix for sudoers files w/o a newline before EOF. It looks        Better fix for sudoers files w/o a newline before EOF. It looks like
        like the issue is that yyrestart() does not reset the start        the issue is that yyrestart() does not reset the start condition to
        condition to INITIAL which is an issue since we parse sudoers        INITIAL which is an issue since we parse sudoers multiple times.
        multiple times. 
         [920f8326968a]          [920f8326968a]
   
 2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 16643 Line 25869
   
         * visudo.c:          * visudo.c:
         o The parser needs sudoers to end with a newline but some editors          o The parser needs sudoers to end with a newline but some editors
        (emacs) may not add one. Check for a missing newline at EOF and        (emacs) may not add one. Check for a missing newline at EOF and add
        add one if needed. o Set quiet flag during initial sudoers parse (to        one if needed. o Set quiet flag during initial sudoers parse (to get
        get options) o Move yyrestart() call and always use freopen() to        options) o Move yyrestart() call and always use freopen() to open
        open yyin after initial sudoers parse.        yyin after initial sudoers parse.
         [12d12f9b07aa]          [12d12f9b07aa]
   
 2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 16863 Line 26089
   
         * env.c:          * env.c:
         Don't try to pre-compute the size of the new envp, just allocate          Don't try to pre-compute the size of the new envp, just allocate
        space up front and realloc as needed. Changes to the new env        space up front and realloc as needed. Changes to the new env pointer
        pointer must all be made through insert_env() which now keeps track        must all be made through insert_env() which now keeps track of
        of spaced used and allocates as needed.        spaced used and allocates as needed.
         [39bc934a9f2c]          [39bc934a9f2c]
   
 2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 16895 Line 26121
   
         * check.c:          * check.c:
         The the loop used to expand %h and %u, the lastchar variable was not          The the loop used to expand %h and %u, the lastchar variable was not
        being initialized. This means that if the last char in the prompt        being initialized. This means that if the last char in the prompt is
        is '%' and the first char is 'h' or 'u' a extra copy of the host or        '%' and the first char is 'h' or 'u' a extra copy of the host or
         user name would be copied, for which space had not been allocated.          user name would be copied, for which space had not been allocated.
         [b2e27197857d]          [b2e27197857d]
   
Line 17316 Line 26542
 2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * Makefile.in:          * Makefile.in:
        o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and        o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g
        -g to facilitate non-root installs        to facilitate non-root installs
         [619216038f56]          [619216038f56]
   
         * install-sh:          * install-sh:
Line 17360 Line 26586
         * auth/pam.c:          * auth/pam.c:
         o Add pam_prep_user function to call pam_setcred() for the target          o Add pam_prep_user function to call pam_setcred() for the target
         user; on Linux this often sets resource limits. o When calling          user; on Linux this often sets resource limits. o When calling
        pam_end(), try to convert the auth->result to a PAM_FOO value.        pam_end(), try to convert the auth->result to a PAM_FOO value. This
        This is a hack--we really need to stash the last PAM_FOO value        is a hack--we really need to stash the last PAM_FOO value received
        received and use that instead.        and use that instead.
         [6ad6f340dd2a]          [6ad6f340dd2a]
   
         * set_perms.c, sudo.h:          * set_perms.c, sudo.h:
Line 17568 Line 26794
         [6fa41c89ab20]          [6fa41c89ab20]
   
         * sudo.c:          * sudo.c:
        XXX - should call find_path() as runas user, not root. Can't do        XXX - should call find_path() as runas user, not root. Can't do that
        that until the parser changes though.        until the parser changes though.
         [f0b4f85651bd]          [f0b4f85651bd]
   
         * sudo.c:          * sudo.c:
Line 17826 Line 27052
   
         * parse.lex:          * parse.lex:
         o Use exclusive start conditions to remove some ambiguity in the          o Use exclusive start conditions to remove some ambiguity in the
        lexer. Also reorder some things for clarity. o Add support for        lexer. Also reorder some things for clarity. o Add support for "+="
        "+=" and "-=" list operators. o Use the new DEFVAR token to denote        and "-=" list operators. o Use the new DEFVAR token to denote a
        a Defaults variable name.        Defaults variable name.
         [3a2cf8323e26]          [3a2cf8323e26]
   
         * sudo.h:          * sudo.h:
Line 17836 Line 27062
         [b74916469dab]          [b74916469dab]
   
         * env.c:          * env.c:
        o Convert environment handling to use lists instead of strings.        o Convert environment handling to use lists instead of strings. This
        This greatly simplifies routines that need to do "foreach" type        greatly simplifies routines that need to do "foreach" type
        operations. o Add new init_envtables() function to set env_check        operations. o Add new init_envtables() function to set env_check and
        and env_delete defaults based on initial_badenv_table and        env_delete defaults based on initial_badenv_table and
         initial_checkenv_table (formerly sudo_badenv_table).          initial_checkenv_table (formerly sudo_badenv_table).
         [0a8b404658b6]          [0a8b404658b6]
   
         * defaults.c, defaults.h:          * defaults.c, defaults.h:
         o Add a new LIST type and functions to manipulate it. o This is for          o Add a new LIST type and functions to manipulate it. o This is for
        use with environment handling variables. o Call new        use with environment handling variables. o Call new init_envtables()
        init_envtables() routine inside init_defaults() to initialize the        routine inside init_defaults() to initialize the environment lists.
        environment lists. 
         [ae73e64f0902]          [ae73e64f0902]
   
         * def_data.c, def_data.h, def_data.in:          * def_data.c, def_data.h, def_data.in:
Line 18167 Line 27392
   
         * check.c:          * check.c:
         Use stashed user_gid when checking against exempt gid since sudo          Use stashed user_gid when checking against exempt gid since sudo
        sets its gid to a a value that makes sudoers readable. Previously        sets its gid to a a value that makes sudoers readable. Previously if
        if you used gid 0 as the exempt group everyone would be exempt. From        you used gid 0 as the exempt group everyone would be exempt. From
         Paul Kranenburg <pk@cs.few.eur.nl>          Paul Kranenburg <pk@cs.few.eur.nl>
         [0b140cc3a817]          [0b140cc3a817]
   
Line 18213 Line 27438
 2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * visudo.c:          * visudo.c:
        Block all signals in Exit() to avoid a signal race. There is still        Block all signals in Exit() to avoid a signal race. There is still a
        a tiny window but I'm not going to worry about it.        tiny window but I'm not going to worry about it.
         [6661805c0458]          [6661805c0458]
   
 2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 18654 Line 27879
 2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.c:          * sudo.c:
        Fix -H flag. runas_homedir is only valid after        Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS,
        set_perms(PERM_RUNAS, mode)        mode)
         [ce9b1c6f68a6]          [ce9b1c6f68a6]
   
 2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 18705 Line 27930
         sensible error if it does not exist.          sensible error if it does not exist.
   
         The path to the editor for visudo is now a colon-separated list of          The path to the editor for visudo is now a colon-separated list of
        allowable editors. If the user has $EDITOR set and it matches one        allowable editors. If the user has $EDITOR set and it matches one of
        of the allowed editors that editor will be used. If not, the first        the allowed editors that editor will be used. If not, the first
         editor in the list that actually exists is used.          editor in the list that actually exists is used.
         [cc86eb9f5440]          [cc86eb9f5440]
   
Line 19164 Line 28389
         [055fa61a7c61]          [055fa61a7c61]
   
         * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:          * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
        Add 'shell_noargs' runtime option back in. We have to defer        Add 'shell_noargs' runtime option back in. We have to defer checking
        checking until after the sudoers file has been parsed but since        until after the sudoers file has been parsed but since there are now
        there are now other options that operate that way this one can too.        other options that operate that way this one can too. Based on a
        Based on a patch from bguillory@email.com.        patch from bguillory@email.com.
         [231db7a007a6]          [231db7a007a6]
   
         * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:          * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
Line 19292 Line 28517
         * CHANGES, parse.yacc, sudo.tab.c:          * CHANGES, parse.yacc, sudo.tab.c:
         fix parsing of runas lists: o oprunasuser and runaslist now return a          fix parsing of runas lists: o oprunasuser and runaslist now return a
         value o in a runasspec, if a runaslist does not return TRUE, set          value o in a runasspec, if a runaslist does not return TRUE, set
        runas_matches to FALSE. Normally, a runaslist only returns FALSE        runas_matches to FALSE. Normally, a runaslist only returns FALSE for
        for explicitly denied users. o since runaslist does not modify the        explicitly denied users. o since runaslist does not modify the stack
        stack there is no need for a push/pop in runasalias.        there is no need for a push/pop in runasalias.
         [82b305b34a8c]          [82b305b34a8c]
   
         * check.c, sudo.c:          * check.c, sudo.c:
Line 19319 Line 28544
         o Kill shell_noargs option, it cannot work since the command needs          o Kill shell_noargs option, it cannot work since the command needs
         to be set before sudoers is parsed. o Fix the "set_home" sudoers          to be set before sudoers is parsed. o Fix the "set_home" sudoers
         option (only worked at compile time). o Fix "fqdn" sudoers option.          option (only worked at compile time). o Fix "fqdn" sudoers option.
        We now set host/shost via set_fqdn which gets called when the        We now set host/shost via set_fqdn which gets called when the "fqdn"
        "fqdn" option is set in sudoers. o Move the openlog() to        option is set in sudoers. o Move the openlog() to store_syslogfac()
        store_syslogfac() so this gets overridden correctly from the        so this gets overridden correctly from the sudoers file.
        sudoers file. 
         [3dca861f0f5d]          [3dca861f0f5d]
   
         * auth/securid.c:          * auth/securid.c:
Line 19453 Line 28677
   
         * lex.yy.c, parse.lex:          * lex.yy.c, parse.lex:
         Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c          Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
        since it might not get called in yywrap if we get a parse error        since it might not get called in yywrap if we get a parse error (and
        (and we only reread the file on error anyway).        we only reread the file on error anyway).
         [37f4b449e28e]          [37f4b449e28e]
   
         * lex.yy.c, parse.lex:          * lex.yy.c, parse.lex:
Line 19537 Line 28761
         [e3ed0c1f312b]          [e3ed0c1f312b]
   
         * logging.h:          * logging.h:
        Fix compilation problem when --with-logging=file was specified.        Fix compilation problem when --with-logging=file was specified. This
        This means that syslog is now required to build sudo but that should        means that syslog is now required to build sudo but that should not
        not be a problem. If it is it can be fixed trivially with a        be a problem. If it is it can be fixed trivially with a configure
        configure check for syslog() or syslog.h.        check for syslog() or syslog.h.
         [839a4b069190]          [839a4b069190]
   
         * tgetpass.c:          * tgetpass.c:
Line 19562 Line 28786
 1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * defaults.c:          * defaults.c:
        Error out if syslog parameters are given without a value. For        Error out if syslog parameters are given without a value. For Ultrix
        Ultrix or 4.2BSD "syslog" is allowed without a value since there are        or 4.2BSD "syslog" is allowed without a value since there are no
        no facilities in the 4.2BSD syslog.        facilities in the 4.2BSD syslog.
         [69e7a686f5f0]          [69e7a686f5f0]
   
 1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 19670 Line 28894
         getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:          getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
         o Change defaults stuff to put the value right in the struct. o          o Change defaults stuff to put the value right in the struct. o
         Implement mailer_flags o Store syslog stuff both in int and string          Implement mailer_flags o Store syslog stuff both in int and string
        form. Setting the string form magically updates the int version.        form. Setting the string form magically updates the int version. o
        o Add boolean attribute to strings where it makes sense to say !foo        Add boolean attribute to strings where it makes sense to say !foo
         [4698953f9a36]          [4698953f9a36]
   
         * tgetpass.c:          * tgetpass.c:
Line 19981 Line 29205
   
         * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:          * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
         In "sudo -l" mode, the type of the stored (expanded) alias was not          In "sudo -l" mode, the type of the stored (expanded) alias was not
        stored with the contents. This could lead to incorrect output if        stored with the contents. This could lead to incorrect output if the
        the sudoers file had different alias types with the same name.        sudoers file had different alias types with the same name. Normal
        Normal parsing (ie: not in '-l' mode) is unaffected.        parsing (ie: not in '-l' mode) is unaffected.
         [823fe2bc4b79]          [823fe2bc4b79]
   
 1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 20165 Line 29389
         * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,          * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
         configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,          configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
         visudo.c:          visudo.c:
        o Add a "pedentic" flag to the parser. This makes sudo warn in        o Add a "pedentic" flag to the parser. This makes sudo warn in cases
        cases where an alias may be used before it is defined. Only turned        where an alias may be used before it is defined. Only turned on for
        on for visudo and testsudoers. o Add --disable-authentication option        visudo and testsudoers. o Add --disable-authentication option that
        that makes sudo not require authentication by default. The PASSWD        makes sudo not require authentication by default. The PASSWD tag can
        tag can be used to require authentication for an entry. We no        be used to require authentication for an entry. We no longer
        longer overload --without-passwd.        overload --without-passwd.
         [f307e09adf98]          [f307e09adf98]
   
         * lex.yy.c, parse.lex:          * lex.yy.c, parse.lex:
Line 20236 Line 29460
         version.c, visudo.c:          version.c, visudo.c:
         o Move lock_file() and touch() into fileops.c so visudo can use them          o Move lock_file() and touch() into fileops.c so visudo can use them
         o Visudo now locks the sudoers temp file instead of bailing when the          o Visudo now locks the sudoers temp file instead of bailing when the
        temp file already exists. This fixes the problem of stale temp        temp file already exists. This fixes the problem of stale temp files
        files but it does *require* that you not try to put the temp file in        but it does *require* that you not try to put the temp file in a
        a world-writable directory. This shoud not be an issue as the temp        world-writable directory. This shoud not be an issue as the temp
         file should live in the same dir as sudoers. o Visudo now only          file should live in the same dir as sudoers. o Visudo now only
         installs the temp file as sudoers if it changed.          installs the temp file as sudoers if it changed.
         [2517cd06c070]          [2517cd06c070]
Line 20327 Line 29551
         o Add '!' correctly when expanding Aliases. o Add shortcut macros          o Add '!' correctly when expanding Aliases. o Add shortcut macros
         for append() to make things more readable. o The separator in          for append() to make things more readable. o The separator in
         append() is now a string instead of a char. o In append(), only          append() is now a string instead of a char. o In append(), only
        prepend the separator if the last char is not a '!'. This is a        prepend the separator if the last char is not a '!'. This is a hack
        hack but it greatly simplifies '!' handling. o In -l mode, Runas        but it greatly simplifies '!' handling. o In -l mode, Runas lists
        lists and NOPASSWD/PASSWD tags are now inherited across entries in        and NOPASSWD/PASSWD tags are now inherited across entries in a list
        a list (matches current behavior). o Fix formatting in -l mode such        (matches current behavior). o Fix formatting in -l mode such that
        that items in a list are separated by a space. Greatlt improves        items in a list are separated by a space. Greatlt improves
         readability. o Space for name field in struct aliasinfo is now          readability. o Space for name field in struct aliasinfo is now
         allocated dyanically instead of using a (big) buffer. o In          allocated dyanically instead of using a (big) buffer. o In
         add_alias(), only search the list once (lsearch instead of lfind +          add_alias(), only search the list once (lsearch instead of lfind +
Line 20352 Line 29576
         set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since          set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
         it gets fill()'d in parse.lex--fixes a small memory leak. In the          it gets fill()'d in parse.lex--fixes a small memory leak. In the
         long run it may be better to just fix parse.lex and make ALL back          long run it may be better to just fix parse.lex and make ALL back
        into a token. However, having it be a string is useful since it        into a token. However, having it be a string is useful since it can
        can be easily passed back to the parent rule if we so desire.        be easily passed back to the parent rule if we so desire.
         [b3c64b443018]          [b3c64b443018]
   
         * parse.lex:          * parse.lex:
Line 20615 Line 29839
         [db48202df1bb]          [db48202df1bb]
   
         * Makefile.in:          * Makefile.in:
        BSD-style copyright. Update to reflect reality wrt new files and        BSD-style copyright. Update to reflect reality wrt new files and new
        new auth modules.        auth modules.
         [61a2ca7940fb]          [61a2ca7940fb]
   
         * INSTALL:          * INSTALL:
Line 20654 Line 29878
         user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible          user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
         to mix tty and non-tty based ticket schemes but this may change in          to mix tty and non-tty based ticket schemes but this may change in
         the future (it requires sudo to use a directory instead of a file in          the future (it requires sudo to use a directory instead of a file in
        the non-tty case). Also, ``sudo -k'' now sets the ticket back to        the non-tty case). Also, ``sudo -k'' now sets the ticket back to the
        the epoch and ``sudo -K'' really deletes the file. That way you        epoch and ``sudo -K'' really deletes the file. That way you don't
        don't get the lecture again just because you killed your ticket in        get the lecture again just because you killed your ticket in
         .logout. BSD-style copyright now.          .logout. BSD-style copyright now.
         [ec3460f85be8]          [ec3460f85be8]
   
Line 20909 Line 30133
         parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:          parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
         o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It          o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
         turns out the old DES crypt does the right thing with passwords          turns out the old DES crypt does the right thing with passwords
        longert than 8 characters. o Fix common typo (necesary ->        longert than 8 characters. o Fix common typo (necesary -> necessary)
        necessary) o Update TODO list        o Update TODO list
         [ad75007a6f13]          [ad75007a6f13]
   
 1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 21221 Line 30445
 1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * CHANGES, lex.yy.c, parse.lex:          * CHANGES, lex.yy.c, parse.lex:
        Fix a bug wrt quoting characters in command args. Stop processing        Fix a bug wrt quoting characters in command args. Stop processing an
        an arg when you hit a backslash so the quoted-character detection        arg when you hit a backslash so the quoted-character detection can
        can catch it.        catch it.
         [2281438d7f41]          [2281438d7f41]
   
 1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 21310 Line 30534
   
         * check.c, sudo.h:          * check.c, sudo.h:
         If the user enters an empty password and really has no password,          If the user enters an empty password and really has no password,
        accept the empty password they entered. Perviously, they could        accept the empty password they entered. Perviously, they could enter
        enter anything        anything
         *but* an empty password. Also, add GETPASS macro that calls either          *but* an empty password. Also, add GETPASS macro that calls either
         tgetpass() or getpass() depending on how sudo was configured.          tgetpass() or getpass() depending on how sudo was configured.
         Problem noted by jdg@maths.qmw.ac.uk          Problem noted by jdg@maths.qmw.ac.uk
Line 24350 Line 33574
   
         * sudo.h:          * sudo.h:
         added support for NO_PASSWD and runas from garp@opustel.com replaced          added support for NO_PASSWD and runas from garp@opustel.com replaced
        SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support        SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
        fro SUDOERS_MODE        SUDOERS_MODE
         [cea6f26679b7]          [cea6f26679b7]
   
         * sudo.c:          * sudo.c:
Line 26996 Line 36220
         [044023063eca]          [044023063eca]
   
         * aclocal.m4:          * aclocal.m4:
        OS was being set to unknown before non-uname based host checks.        OS was being set to unknown before non-uname based host checks. This
        This caused no checks to happen since $OS was not zero-length.        caused no checks to happen since $OS was not zero-length.
         [335a7267479d]          [335a7267479d]
   
         * sudo.c:          * sudo.c:
Line 27466 Line 36690
         [1194d01fa5c5]          [1194d01fa5c5]
   
         * visudo.c:          * visudo.c:
        whatnow_help was prototyped to be static be was not declared as        whatnow_help was prototyped to be static be was not declared as such
        such 
         [0f85489dd426]          [0f85489dd426]
   
         * configure.in:          * configure.in:
Line 29607 Line 38830
         [34331c7dee90]          [34331c7dee90]
   
         * logging.c:          * logging.c:
        split long log lines. FOr syslog, split into multiple entries, for        split long log lines. FOr syslog, split into multiple entries, for a
        a log file, indent the extra for readability        log file, indent the extra for readability
         [72c9e4cdba6e]          [72c9e4cdba6e]
   
 1994-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>  1994-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 29630 Line 38853
 1994-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>  1994-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.c:          * sudo.c:
        added rmenv() to remove stuff from environ. can now uses execvp()        added rmenv() to remove stuff from environ. can now uses execvp() OR
        OR execve() becuase of this.        execve() becuase of this.
         [e7fc2535bd67]          [e7fc2535bd67]
   
         * logging.c:          * logging.c:
Line 29929 Line 39152
         [5c4bf716de21]          [5c4bf716de21]
   
         * check.c, find_path.c, parse.c, sudo.c:          * check.c, find_path.c, parse.c, sudo.c:
        added patches from John_Rouillard directory spec        added patches from John_Rouillard directory spec uses EDITOR
        uses EDITOR 
         [f62a435f8c41]          [f62a435f8c41]
   
 1993-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>  1993-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>

Removed from v.1.1  
changed lines
  Added in v.1.1.1.6


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>