Diff for /embedaddon/sudo/ChangeLog between versions 1.1.1.1 and 1.1.1.2

version 1.1.1.1, 2012/02/21 16:23:01 version 1.1.1.2, 2012/05/29 12:26:48
Line 1 Line 1
2012-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>2012-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           Update for 1.8.5p1
           [c33c49bf5b4b]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Fix #includedir; from Mike Frysinger
           [d4833d4e39a0]
   
           * plugins/sudoers/check.c:
           Don't prompt for a password if the user is in the exempt group, is
           root, or is running the command as themselves even if the -k option
           was specified. This makes "sudo -k command" consistent with the
           behavior one would get if the user ran "sudo -k" immediately before
           running the command.
           [632b3961df00]
   
   2012-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL:
           Fix capitalization
           [7258aa977caf]
   
           * mkpkg:
           Build PIE executable on Mac OS X 10.5 and above.
           [2a5c7ef92182]
   
   2012-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for sudo 1.8.4p5
           [21164f508b68]
   
           * plugins/sudoers/match_addr.c:
           Add missing break between AF_INET and AF_INET6 in
           addr_matches_if_netmask()
           [672a4793931a]
   
           * plugins/sudoers/mon_systrace.c:
           Move systrace monitor code to the attic
           [d6faf4754e9c]
   
   2012-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           The pointer to the siginfo_t struct in a signal handler may be NULL.
           [41a4ee934b53]
   
   2012-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/pwutil.c:
           Fix an alignment problem on NetBSD systems with a 64-bit time_t and
           strict alignment. Based on a patch from Martin Husemann.
           [1e5ba3c18f17]
   
           * include/missing.h:
           Add offsetof macro for those without it.
           [e44cb51d2587]
   
           * MANIFEST:
           add system_group plugin
           [6169793b510c]
   
   2012-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/dlopen.c:
           Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
           [85bd03bc5d94]
   
   2012-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention system_group plugin
           [05393dd4bdb8]
   
           * Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in:
           update depends
           [6feb0b824fc4]
   
           * plugins/system_group/system_group.c:
           Only call gr_delref() when use sudo's password caching functions.
           [1103442e21fa]
   
           * plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
           Add missing dependency on libreplace.la
           [05bfd9d4657f]
   
           * compat/dlopen.c:
           Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
           PROG_HANDLE.
           [2382d0693acc]
   
           * Makefile.in, configure, configure.in,
           plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c,
           plugins/system_group/system_group.sym:
           Add group plugin that does lookups by name using the system group
           database.
           [2ddbb604112f]
   
           * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
           src/po/pl.po:
           sync with translationproject.org
           [4ef05df4226d]
   
   2012-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
           src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
           src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [115c3f828fc5]
   
   2012-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Add mode for docdir and use '-' (default) for localedir mode. Fixes
           a problem on Linux when building in a directory with the setgid bit
           set.
           [582279c8bcb1]
   
   2012-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * pp:
           Match CentOS 6.0
           [1e99ef210f98]
   
   2012-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update with recent changes
           [c5fc220ba696]
   
           * pp:
           Fix version check on AIX
           [d272e39112f4]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [72b23509465a]
   
           * plugins/sudoers/ldap.c:
           Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
           SDK.
           [87b685e70b9a]
   
           * plugins/sudoers/ldap.c:
           Fix printing of invalid uri
           [645aa53acdde]
   
           * plugins/sudoers/auth/pam.c:
           Pass PAM_SILENT when deleting creds to remove an annoying warning
           message on Solaris.
           [1dd0301ef293]
   
   2012-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/utmp.c:
           Fix the setutxent and endutxent compatibility defines (this time
           correctly) when only setutent and endutent are available.
           [d136d2867db9]
   
           * plugins/sudoers/ldap.c:
           sudo_ldap_set_options_global() should not take an LDAP handle as an
           argument since the options affect the global settings.
           [1dc39b9d20f2]
   
           * mkpkg:
           Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
           [c7716291a856]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
           plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
           src/sudo.h:
           Call the policy's init_session() function before we fork the child.
           That way, the session is created and destroyed in the same process,
           which is needed by some modules, such as pam_mount.
           [ece552ba002e]
   
           * doc/TROUBLESHOOTING:
           Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
           not specified.
           [bd293e100b28]
   
           * plugins/sudoers/auth/pam.c:
           Delete creds after closing the PAM session.
           [5158d726d6a5]
   
           * plugins/sudoers/ldap.c:
           Provide a more useful error message if using a Mozilla-style LDAP
           SDK and you forgot to specify TLS_CERT in ldap.conf.
           [7cb78feb899c]
   
           * src/exec_pty.c:
           Add missing initialization of a sigaction structure when I/O
           logging. Fixes a potential problem when suspending the command.
           [f4480f2ba816]
   
           * plugins/sudoers/ldap.c:
           Split global and per-connection LDAP options into separate arrays.
           Set global LDAP options before calling ldap_initialize() or
           ldap_init(). After we have an LDAP handle, set the per-connection
           options. Fixes a problem with OpenLDAP using the nss crypto backend;
           bug #342
           [265c9d2dc12b]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
           src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [6d7fe44be21e]
   
   2012-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c, src/sudo.h:
           Move struct passwd pointer into struct command details.
           [d6fb1eff2065]
   
   2012-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * pp:
           Sync with upstream for Mac OS X (and other) fixes.
           [c2f4998d01b0]
   
           * mkpkg:
           Only built Mac intel universal binary on an intel machine.
           [0009e0b7e5a8]
   
           * src/Makefile.in:
           Do not pass libtool the -static-libtool-libs option when building
           sudo and sesh. Otherwise, libtool may prefer a static version of an
           installed library over a dynamic one when linking.
           [6fbac9adc885]
   
   2012-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
           plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
           Add German translation for sudo Add Croatian translation for sudoers
           [fa4da1a6530c]
   
           * plugins/sudoers/iolog.c:
           typo fix in comment
           [abd721d1288e]
   
   2012-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update with recent changes
           [6fa11e8448b9]
   
           * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Sort xgettext output by file name.
           [f650841810f0]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
           Clarify what "sudoreplay -l" displays and mention that it is sorted.
           [84031c117bd6]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Use AC_HEADER_MAJOR to determine where major/minor are defined.
           [3c949650a223]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Include sys/mkdev.h if present instead of sys/sysmacros.h for
           minor(). This is needed on Solaris (at least) where the makedev
           macros in sysmacros.h are obsolete and library functions should be
           used instead.
           [343928acf81e]
   
           * mkpkg:
           When building on Mac OS X, only set SDK_FLAGS if specified osversion
           doesn't match host.
           [d84c6efac872]
   
   2012-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Add back buf and tty variables for _ttyname() case that were
           inadvertantly removed.
           [a4a820b22a44]
   
   2012-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [5446b12c1250]
   
           * configure, configure.in:
           Remove b8 from version number.
           [5adc4dcec061]
   
           * src/ttyname.c:
           remove some XXX
           [187579a5f593]
   
           * src/ttyname.c:
           When looking for a device match, do a breadth-first search instead
           of depth-first. We already special case /dev/pts/ so chances are
           good that if it is not a pseudo-tty it is in the base of /dev/. Also
           avoid a stat(2) when possible if struct dirent has d_type.
           [0183f8a1b278]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
           src/sudo.c, src/sudo.h:
           Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
           [f0574d878491]
   
           * src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
           src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
           src/po/vi.mo:
           sync with translationproject.org
           [4527ea78fbd5]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
           src/po/hr.mo, src/po/hr.po:
           New Croatian and Galician translations from translationproject.org
           [ad4bd924b4de]
   
           * src/ttyname.c:
           Add depth-first traversal of /dev/ for the /proc case when not
           /dev/pts/N
           [499bd3456774]
   
           * config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
           If struct dirent has d_type, use it to avoid an extra stat().
           [741dabbe4bcd]
   
           * plugins/sudoers/sudoreplay.c:
           Sort output of "sudoreplay -l"
           [c0615795bd4b]
   
   2012-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Fix duplicate free introduced in last rev
           [efdaabe69d75]
   
   2012-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Instead of treating ^C from tgetpass() specially, always return
           AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
           like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
           [a3b17298d4d0]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Rototill code to determine the tty. For Linux, we now look up the
           tty device in /proc/pid/stat instead of trying to open
           /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
           device number to a string. On BSD, we can use devname(). On
           Solaris, _ttyname_dev() does what we want. TODO: write /dev/
           traversal code for the generic sudo_ttyname_dev().
           [6b22be4d09f0]
   
   2012-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Define PRNODEV for those w/o it.
           [f17290e64559]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Check for SVR4-style struct psinfo.pr_ttydev and use that to
           determine the tty if std{in,out,err} are not ttys.
           [76ad33a91f4b]
   
           * src/ttyname.c:
           Better support for SVR4-style /proc entries where we can't use
           ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
           attempt to map the device number back to the correct pseudo-tty
           slave device.
           [4f9f48cc79eb]
   
           * src/ttyname.c:
           When trying to determine the tty name, check parent's stderr in
           addition to its stdin and stdout.
           [604644056c7d]
   
           * src/exec_pty.c:
           Treat a tty read failure like EOF as it usually means the pty has
           gone away. Handle write() on the tty returning EIO.
           [16957f4a706f]
   
           * src/exec.c, src/exec_pty.c:
           Linux select() may return ENOMEM if there is a kernel resource
           shortage. Older Solaris select() may return EIO instead of EBADF
           when the tty goes away. If we get an unhandled select() failure,
           kill the child and exit cleanly.
           [d93940a311ab]
   
           * src/ttyname.c:
           Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
           block in open.
           [a9f809d09d52]
   
   2012-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Fix restoration of AIX permissions.
           [30c717115988]
   
           * src/parse_args.c:
           Allow the -k flag to be used along with the -i and -s flags.
           [0653b17c97f1]
   
           * plugins/sudoers/sudoreplay.c:
           Plug memory leak in parse_logfile() in the error path.
           [9cce86fa833b]
   
           * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
           src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
           src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [14af43d0b170]
   
   2012-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/regress/glob/globtest.c, config.h.in, configure,
           configure.in, plugins/sudoers/match.c:
           Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
           glob() and fnmatch() results to be consistent.
           [4226750d73c2]
   
   2012-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
           src/ttysize.c:
           Move ttysize.c to common so sudoreplay can use it.
           [b4a0aa514cd4]
   
           * plugins/sudoers/sudoreplay.c:
           If I/O log file includes rows + cols, warn if the user's tty is not
           big enough.
           [b980ef89efff]
   
           * plugins/sudoers/sudoreplay.c:
           Fix printing of TSID in "sudoreplay -l"
           [4221e3e108b4]
   
           * common/sudo_debug.c, include/sudo_debug.h,
           plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
           src/exec_pty.c:
           Log the process id in the debug file output. Since we don't want to
           keep calling getpid(), stash the value at init time and when we
           fork().
           [2782d30c024d]
   
           * src/exec_pty.c:
           Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
           is better to receive EIO from read()/write() than to be suspended
           when we don't expect it. Fixes a problem when our terminal is
           revoked which can happen when, e.g. our sshd is killed
           unceremoniously. Also, only change the value of "alive" from true to
           false, never from false to true. It is possible for us to receive
           notification of the child having stopped after it is already dead.
           This does not mean it has risen from the grave.
           [26c9fe8ce0f9]
   
           * src/exec_pty.c:
           Distinguish between signals we received from the parent vs. those
           delivered explicitly to the monitor process in debugging info.
           [40716cb180e5]
   
   2012-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
           Update tty_is_devpts() to match so we can determine when the tty has
           been reused.
           [2689665df027]
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h:
           Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
           and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
           This allows consumers of sudo_debug_printf() to log that data
           without having to specify it manually.
           [7c94c4879208]
   
           * src/exec_pty.c:
           Make this compile after last change.
           [ee09034f3266]
   
           * src/exec_pty.c:
           Don't try to restore the terminal if we are not the foreground
           process. Otherwise, we may be stopped by SIGTTOU when we try to
           update the terminal settings when cleaning up.
           [c48b24335456]
   
           * src/exec.c:
           If select() return EBADF in the main event loop, one of the ttys
           must have gone away so perform any I/O we can and close the bad fds.
           [3bc8678c03ce]
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l:
           Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
           function, file and line number in the debug log for warning() and
           error().
           [894cd131f11d]
   
   2012-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           src/conversation.c:
           Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
           Use this flag when wrapping error() and warning() so the debug
           output includes the error string.
           [1e2c67adaf1f]
   
   2012-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for sudo 1.8.5
           [7d2b62b823fe]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [718ad9de92cd]
   
           * doc/CONTRIBUTORS:
           sync
           [f48013aea641]
   
           * plugins/sudoers/pwutil.c:
           Use ecalloc()
           [fabd23c1f271]
   
           * src/exec_pty.c:
           Don't need zero_bytes() after ecalloc()
           [1a9d95cd10ef]
   
           * config.h.in, configure, configure.in, src/sudo_noexec.c:
           Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
           sudo_noexec.c.
           [cbaa1d4b0f8a]
   
           * src/utmp.c:
           Fix compat setutxent and endutxent macros for systems with
           setutent() but not setutxent(). From Gustavo Zacarias
           [d7ce622fc5f2]
   
   2012-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure.in:
           Add ignore_result definition to AH_BOTTOM
           [8d4096838a98]
   
           * common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
           src/exec.c, src/exec_pty.c, src/tgetpass.c:
           Fix compiler warnings on some platforms and provide a better method
           of defeating gcc's warn_unused_result attribute.
           [9a8f804fcc75]
   
           * configure, configure.in:
           Fix building the builtin zlib from a build dir. When a zlib dir was
           specified, prepend its include path instead of appending so we get
           the right zlib headers.
           [5f61d591b186]
   
           * doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
           zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
           zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
           zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
           zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
           Update zlib to version 1.2.6
           [173c4bc4d4fc]
   
   2012-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           g/c __unused which is no longer used
           [7ef3f23edcd6]
   
           * src/env_hooks.c:
           Fix compilation if RTLD_NEXT is not defined.
           [d5605f468b71]
   
           * src/po/sr.mo, src/po/sr.po:
           sync with translationproject.org
           [27d559f7985d]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
           doc/sudoers.man.in:
           regen
           [f9f63ce478b6]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [59035d82d15a]
   
           * Makefile.in:
           Ignore Project-Id-Version when comparing pot files.
           [22feb9ede46b]
   
           * plugins/sudoers/bsm_audit.c:
           Use error() instead of log_fatal()
           [54130bda4b50]
   
           * plugins/sudoers/env.c:
           Fix signedness of didvar in env_update_didvar()
           [77048a80b3e4]
   
           * plugins/sudoers/iolog.c:
           Quiet a compiler warning on some platforms.
           [8fdcaece0400]
   
           * compat/fnmatch.c:
           cast ctype(3) function/macro arguments from char to unsigned char to
           avoid potential negative subscripting.
           [bdcf7eef21ef]
   
           * common/setgroups.c:
           Quiet a warning on systems where the gids array in setgroups() is
           not prototyped as being const, even though it really is.
           [fdd758c6302d]
   
           * src/env_hooks.c:
           Quiet a compiler warning on systems where the argument to putenv(3)
           is const.
           [51bae2193b53]
   
           * plugins/sudoers/sudoreplay.c:
           Undo an incorrect int -> bool conversion.
           [b9a4ce320f14]
   
           * MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
           src/po/sv.mo, src/po/sv.po:
           Add Swedish sudo and sudoers translations from
           translationproject.org
           [f7ce1de9073f]
   
           * plugins/sudoers/env.c:
           No need to preserve ODMDIR on AIX now that we always read
           /etc/environment.
           [4aa04b2f0125]
   
   2012-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod, plugins/sudoers/env.c:
           When initializing the environment for env_reset, start out with the
           contents of /etc/environment on AIX and login.conf on BSD.
           [5717bdc321e2]
   
           * doc/TROUBLESHOOTING, src/sudo.c:
           If we are not running with an effective uid of 0, try to give the
           user enough information to debug the problem.
           [fa4894896d8a]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
           Quiet a clang-analyzer false positive.
           [c4c0c1b9c8b0]
   
           * src/tgetpass.c:
           If there is nothing to read from the askpass program, set errno to
           EINTR. This makes the cancel button behave like the user entered ^C
           at the password prompt when PAM is used.
           [594302cb9caf]
   
           * src/sudo.h, src/tgetpass.c:
           Fetch the value of "askpass" from the sudo conf struct.
           [4593ee8f1bd3]
   
           * common/sudo_conf.c:
           Fix matching of "Path askpass" and "Path noexec"
           [4df28d62afb9]
   
   2012-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Quiet a clang-analyzer dead store warning.
           [dd90bf385a3f]
   
           * plugins/sudoers/sudoers.c:
           If the "timestampowner" user cannot be resolved, use ROOT_UID
           instead of exiting with a fatal error.
           [8d62aae99715]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
           plugins/sudoers/check.c, plugins/sudoers/env.c,
           plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/parse.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
           Remove the NO_EXIT flag to log_error() and add a log_fatal()
           function that exits and is marked no_return. Fixes false positives
           from static analyzers and is easier for humans to read too.
           [a0fe785c2a3d]
   
   2012-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
           src/po/eo.po:
           sync with translationproject.org
           [df5e8777de13]
   
   2012-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/da.mo, src/po/da.po:
           sync with translationproject.org
           [629d99548b78]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
           sync with translationproject.org
           [9d122a2860d6]
   
   2012-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/it.mo, src/po/it.po:
           sync with translationproject.org
           [6397593b15cf]
   
           * common/sudo_conf.c, plugins/sudoers/alias.c,
           plugins/sudoers/defaults.c, plugins/sudoers/env.c,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
           src/load_plugins.c:
           Use ecalloc() when allocating structs.
           [8b5888868db2]
   
           * common/alloc.c, include/alloc.h:
           Add ecalloc() and commented out recalloc(). Use inline strnlen()
           instead of strlen() in estrndup().
           [7fb9aa46c1e0]
   
   2012-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
           src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [45a032c37334]
   
   2012-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Remove unused label
           [2660bb0c1313]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
           Document what changed in each plugin API revision
           [59b30a6fc4d1]
   
           * plugins/sudoers/set_perms.c:
           Remove bogus optimization that could lead to a double free of the
           group list.
           [b0bfbd2a83a8]
   
   2012-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Expand AIX /etc/security/privcmds entry.
           [9f3f072e034e]
   
           * NEWS:
           Update for sudo 1.8.5
           [086049011f25]
   
           * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
           doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
           doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
           include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
           src/sudo_plugin_int.h:
           Rename plugin "args" to "options"
           [f25624951bd2]
   
           * doc/CONTRIBUTORS:
           Add Lithuanian and Vietnamese translators
           [2b4c075b69e3]
   
           * Makefile.in:
           Ignore comments when comparing new and old pot files.
           [f872999347b3]
   
           * src/Makefile.in:
           regen
           [c8193b1b11c7]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
           regen
           [15e3c17e8a3a]
   
           * doc/sudo_plugin.pod, include/sudo_plugin.h,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
           src/sudo.c, src/sudo.h:
           Pass a pointer to user_env in to the init_session policy plugin
           function so session setup can modify the user environment as needed.
           For PAM authentication, merge the PAM environment with the user
           environment at init_session time. We no longer need to swap in the
           user_env for environ during session init, nor do we need to disable
           the env hooks at init_session time.
           [3f5277b359d8]
   
           * plugins/sample/sample_plugin.c:
           Add explicit NULL entries for init_session, register_hooks and
           deregister_hooks with appropriate comments.
           [727a57978b40]
   
           * compat/pw_dup.c:
           Quiet a gcc "used uninitialized in this function" false positive.
           [f14b68379ce9]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           We should always call warning() with a format string or a string
           literal. In this case, the argument (path) is not user-controlled.
           [e9ef51224024]
   
   2012-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/selinux.c:
           Include sudo_exec.h for the sudo_execve() prototype.
           [769e58065edc]
   
           * config.h.in, configure, configure.in:
           Add check for pam_getenvlist()
           [36bde3f26c60]
   
           * common/sudo_conf.c:
           Set args to NULL in default plugin info struct when there is no
           Plugin line in sudo.conf.
           [93ec67708f01]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [a9287677795c]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
           regen
           [a242769d7962]
   
           * configure, configure.in:
           Bump version to 1.8.5
           [e8618f0c2505]
   
           * doc/sudo_plugin.pod:
           Document hooks API
           [e6ad07d27958]
   
   2012-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
           [fd72340042d3]
   
           * include/sudo_plugin.h:
           Use sudo_hook_fn_t in struct sudo_hook.
           [938f93112d6e]
   
           * doc/TROUBLESHOOTING:
           If cross compiling, --host must include the OS in the tuple. E.g.
           --host powerpc-unknown-linux
           [b8c010070c1e]
   
   2012-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c:
           Fix bogus int -> bool conversion; tags can have a value of -1.
           [e63d6434a303]
   
           * plugins/sudoers/env.c:
           Add env_should_keep() and env_should_delete() wrapper functions to
           simplify things a bit and hide the fact that matches_env_check() is
           not bool.
           [7a03d7a12b50]
   
           * sudo.pp:
           Fix application of debian-specific sudoers mods when building
           packages as non-root.
           [34bf4c52c425]
   
           * plugins/sudoers/env.c:
           matches_env_check() returns int, not boolean
           [0ad915b8d5cb]
   
           * src/sudo_edit.c:
           Fix compilation when seteuid() is not available.
           [8a722f998000]
   
           * src/ttyname.c:
           Simply move the free of ki_proc outside the realloc() loop.
           [217b786da760]
   
           * src/ttyname.c:
           Bring back the erealloc() for the ENOMEM loop and just zero the
           pointer after we free it.
           [29a016e45127]
   
           * src/ttyname.c:
           Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
           [266e08844065]
   
   2012-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Use normal error path if unable to set sudoers gid.
           [01c816918c99]
   
           * plugins/sudoers/set_perms.c:
           Make this work again on systems w/o seteuid().
           [2e67f7421e97]
   
   2012-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Fix compilation if no seteuid/setreuid/setresuid available.
           [d0b3c1f88eb4]
   
           * plugins/sudoers/set_perms.c:
           Better error messages, and added debugging throughout. Fixed
           seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
           AIX version of restore_perms(). Added checks to avoid changing
           uid/gid when we don't have to. Never set gid/uid state to -1, use
           the old value instead.
           [29188d469b5c]
   
           * src/exec_pty.c, src/ttyname.c:
           Fix format string warning on Solaris with gcc 3.4.3.
           [d1eeb6e1dd0f]
   
         * src/sudo.c:          * src/sudo.c:
        Fixed a format string vulnerability when the sudo binary (or a         Always declare environ now that we swap it around unilaterally.
        symbolic link to the sudo binary) contains printf format escapes        [aaa3e92e7d0d]
        and the -D (debugging) flag is used. 
   
           * src/Makefile.in:
           Honor LDFLAGS when linking sesh; from Vita Cizek
           [498b41438f6e]
   
           * src/sesh.c:
           Include alloc.h for estrdup() prototype; from Vita Cizek
           [93203655a320]
   
   2012-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Don't read /etc/environment on Linux when using PAM, PAM should set
           the environment variables as needed via pam_env.
           [b1ef62cb2d40]
   
           * INSTALL:
           Fix editor goof.
           [0c3dd3bb8b57]
   
           * src/hooks.c, src/sudo.c, src/sudo.h:
           Disable environment hooks after we get user_env back to make sure a
           plugin can't to modify user_env after we "own" it. This is kind of
           a hack but we don't want the init_session plugin function to modify
           user_env.
           [8e6d119452a5]
   
           * src/hooks.c, src/sudo.c:
           Add support for deregistering hooks. If an I/O log plugin fails to
           initialize, deregister its hooks (if any).
           [ac00c93900c5]
   
   2012-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c, src/sudo.c:
           Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
           setenv.
           [e75469dd9908]
   
           * MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
           compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
           configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
           plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
           plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
           src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
           src/sudo_plugin_int.h:
           Initial cut at a hooks implementation. The plugin can register
           hooks for getenv, putenv, setenv and unsetenv. This makes it
           possible for the plugin to trap changes to the environment made by
           authentication methods such as PAM or BSD auth so that such changes
           are reflected in the environment passed back to sudo for execve().
           [61cffa06f863]
   
   2012-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, src/po/vi.mo, src/po/vi.po:
           Add Vietnamese sudo translation from translationproject.org
           [96df426790d5]
   
   2012-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
           doc/sudoers.pod:
           List sudo_noexec.so not noexec.so in the sample sudo.conf
           [53844e190ec5]
   
           * common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
           doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
           include/sudo_plugin.h, plugins/sample/sample_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
           src/sudo_plugin_int.h:
           Add support for plugin args at the end of a Plugin line in
           sudo.conf. Bump the minor number accordingly and update the
           documentation. A plugin must check the sudo front end's version
           before using the plugin_args parameter since it is only supported
           for API version 1.2 and higher.
           [587f1f819536]
   
   2012-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           update depends
           [6d2da44e11e5]
   
           * MANIFEST:
           secure_path.c is in common, not compat
           [619c4a663dde]
   
           * configure, configure.in:
           Add check for variadic macro support in cpp.
           [756854caf675]
   
   2012-02-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Add type param to sudo_secure_path() and add sudo_secure_file() and
           sudo_secure_dir() wrappers which get by #includedir in sudoers.
           [2ec2d3d8df04]
   
   2012-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.pod, plugins/sudoers/visudo.c:
           Check the owner and mode in -c (check) mode unless the -f option is
           specified. Previously, the owner and mode were checked on the main
           sudoers file when the -s (strict) option was given, but this was not
           documented.
           [b2d6ee1e547a]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some
           versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
           [159f6a50456a]
   
   2012-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add Eric Lakin for patch in bug #538
           [490c29c234c6]
   
           * src/exec_pty.c:
           Fix typo in safe_close() made while converting to debug framework
           that prevented it from actually closing anything.
           [a66422a62afd]
   
           * src/exec_pty.c:
           Add some more debugging.
           [b5667947dda9]
   
           * common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
           include/Makefile.in:
           We need sysconfdir in compat/Makfile to get the proper sudo.conf
           path. Add standard prefix and foodir expansion in all Makefiles to
           avoid this problem in the future.
           [62b6ce4ecae9]
   
   2012-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
           New Lithuanian sudoers translation from translationproject.org
           [10436b649035]
   
           * plugins/sudoers/po/ja.po:
           Update from translationproject.org
           [acb8db5f8ef1]
   
   2012-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           When adding gids to the LDAP filter, only add the primary gid once.
           This is consistent with the space computation/allocation. From Eric
           Lakin
           [35d9d99c92c6]
   
           * doc/TROUBLESHOOTING:
           Add entry for AIX enhanced RBAC config.
           [5e10b6f8def7]
   
           * mkpkg:
           Target Mac OS X 10.5 when building packages.
           [06fce9bbebee]
   
   2012-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/secure_path.c,
           common/sudo_conf.c, include/secure_path.h,
           plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
           Relax the user/group/mode checks on sudoers files. As long as the
           file is owned by the right user, not world-writable and not writable
           by a group other than the one specified at configure time (gid 0 by
           default), the file is considered OK. Note that visudo will still
           set the mode to the value specified at configure time.
           [241174babfcc]
   
   2012-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Add AIX-specific version of permission setting code to make sure
           that the saved uid gets restored properly.
           [9a6f5d22c301]
   
           * config.h.in, configure, configure.in, src/exec_common.c:
           Check for LD_PRELOAD variants in configure instead of checkign cpp
           symbols. In disable_execute(), compute the length of the new envp
           and allocate it once instead of reallocating on demand. Also append
           old value of LD_PRELOAD (if any) to the new value.
           [680266346917]
   
           * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
           Fix the description of noexec.
           [6a6d142f3c80]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
           The "op" parameter to set_default() must be int, not bool since it
           is set to '+' or '-' for list add and subtract.
           [8da5b137bea2]
   
           * sudo.pp:
           Make sure sudoers is writable before calling ed script.
           [95352ab6336b]
   
   2012-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, doc/contributors.pod:
           Update contributors. Now includes translators and authors of compat
           code.
           [4fb5b616b50a]
   
   2012-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/sudo.pot:
           regen
           [2c86e2c328fe]
   
           * pp, sudo.pp:
           Build flat packages, not package bundles, on Mac OS X.
           [57bda3cd5520]
   
   2012-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Move macos section to be with the other OS-specific sections.
           [51423bb2973a]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
           Sync with translationproject.org
           [8ce41cbb8da0]
   
           * configure, configure.in:
           Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
           [fa979aa6fe7d]
   
           * sudo.pp:
           Add Mac OS X support, printing the latest chunk of the NEWS file and
           the license text in the installer.
           [ffeab72387c0]
   
           * sudo.pp:
           Add explicit file modes that match those used by "make install"
           [7eb37242c920]
   
           * pp:
           Sync with upstream for Mac OS X fixes.
           [97cba179041e]
   
           * plugins/sudoers/Makefile.in, src/Makefile.in:
           Got back to using "install-sh -M" for files installed as non-
           readable by owner. This fixes "make install" as non-root for
           package building.
           [967804ee77d6]
   
   2012-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
           Sync with translationproject.org
           [0e53db12039a]
   
           * Makefile.in, doc/Makefile.in, include/Makefile.in,
           plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
           plugins/sudoers/Makefile.in, src/Makefile.in:
           Use -m not -M for install-sh for everything except setuid. Install
           locale .mo files mode 0444, not 0644. If timedir parent doesn't
           exist, use default dir mode, not 0700.
           [8b6f64c92090]
   
   2012-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * pp:
           Re-sync with upstream; no longer need a local patch.
           [97a2c7be5e59]
   
           * mkpkg:
           Add support for building Mac OS X packages.
           [94d49ac223a4]
   
           * pp:
           Sync with upstream
           [1c97654fc841]
   
           * src/Makefile.in:
           No longer need to define _PATH_SUDO_CONF here.
           [2560905b7482]
   
           * src/exec_common.c:
           Fix noexec for Mac OS X.
           [b7a744bca2c0]
   
   2012-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in:
           Move _PATH_SUDO_CONF override to common to match sudo_debug.c
           [f0788972a63a]
   
           * plugins/sudoers/set_perms.c:
           More complete fix for LDR_PRELOAD on AIX. The addition of
           set_perm(PERM_ROOT) before calling the nss open functions (needed to
           avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
           and then real uid to 0 for PERM_ROOT works around the issue.
           [5888eda051af]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [997fe403e219]
   
           * src/sudo.c:
           Set real uid to root before calling sudo_edit() or run_command() so
           that the monitor process is owned by root and not by the user.
           Otherwise, on AIX at least, the monitor process shows up in ps as
           belonging to the user (and can be killed by the user).
           [d4772d7d2fc5]
   
           * plugins/sudoers/set_perms.c:
           For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
           the call to setuid(0) if the current euid is non-zero. This
           effectively restores the state of things prior to rev 7bfeb629fccb.
           Fixes a problem on AIX where LDR_PRELOAD was not being honored for
           the command being executed.
           [b9b40325b4dc]
   
           * MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
           include/missing.h, src/sudo.c:
           Make a copy of the struct passwd in exec_setup() to make sure
           nothing in the policy init modifies it.
           [b721261c921f]
   
   2012-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod:
           update copyright
           [f9d229d1f65e]
   
           * common/sudo_debug.c, include/sudo_debug.h:
           g/c now-unused debug subsystems
           [8f21726e698f]
   
           * doc/sudo.pod, doc/sudoers.pod:
           Enumerate the debug subsystems used by sudo and sudoers.
           [ac4f84293d14]
   
   2012-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
           include/sudo_conf.h, src/sudo.c:
           Normally, sudo disables core dumps while it is running. This
           behavior can now be modified at run time with a line in sudo.conf
           like "Set disable_coredumps false"
           [ad14e0508b0d]
   
           * NEWS:
           Mention Spanish translation
           [600f3205bd6e]
   
           * common/sudo_debug.c:
           Make sure we don't try to fall back to using the conversation
           function for debugging in the main sudo process if we are unable to
           open the debug file.
           [ffa329aa908c]
   
           * MANIFEST, src/po/es.mo, src/po/es.po:
           Add sudo Spanish translation from translationproject.org
           [c1906654e740]
   
   2012-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Better debug subsystem usage
           [1a31f115743c]
   
           * src/sudo.c:
           Remove duplicate function prototypes
           [ae04b00532eb]
   
   2012-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Error out if user specified --with-pam but we can't find the headers
           or library. Also throw an error if the headers are present but the
           library is not and vice versa.
           [d6bf3e3d0aae]
   
   2012-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Fix the sudoers permission check when the expected sudoers mode is
           owner-writable.
           [8b0b7e770a22]
   
   2012-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Verify that we can link executables built with -D_FORTIFY_SOURCE
           before using it.
           [7578215d1a95]
   
           * src/exec_common.c:
           Fix potential off-by-one when making a copy of the environment for
           LD_PRELOAD insertion. Fixes bug #534
           [cc699cd551b6]
   
           * configure, configure.in:
           Add rudimentary check for _FORTIFY_SOURCE support by checking for
           __sprintf_chk, one of the functions used by gcc to support it.
           [a992673d2ef8]
   
           * compat/stdbool.h, config.h.in, configure, configure.in:
           Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
           [8ba1370884b3]
   
   2012-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [1e0b38397705]
   
   2012-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/sudo.c:
           The change in 818e82ecbbfc that caused to exit when the monitor dies
           created a race condition between the monitor exiting and the status
           being read. All we really want to do is make sure that select()
           notifies us that there is a status change when the monitor dies
           unexpectedly so shutdown the socketpair connected to the monitor for
           writing when it dies. That way we can still read the status that is
           pending on the socket and select() on Linux will tell us that the fd
           is ready.
           [7fb5b30ea48d]
   
           * MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
           src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
           src/sudo_exec.h:
           Refactor disable_execute() and my_execve() into exec_common.c for
           use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
           disabling exec in exec_setup(), disable it immediately before
           executing the command. Adapted from a diff by Arno Schuring.
           [ec4d8b53db6b]
   
   2012-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * aclocal.m4, configure, configure.in:
           Add custom version of AC_CHECK_LIB that uses the extra libs in the
           cache value name. With this we no longer need to rely on a modified
           version of autoconf.
           [1c3b1d482d6c]
   
   2012-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Better handling of network functions that need -lsocket -lnsl
           [cc386342ec2b]
   
           * src/sudo.c:
           When setting up the execution environment, set groups before
           gid/egid like sudo 1.7 did.
           [928e1c5fa6c1]
   
           * configure, configure.in:
           Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
           [84b23cdf138f]
   
           * plugins/sudoers/sudoers.c:
           For "sudo -g" prepend the specified group ID to the beginning of the
           groups list. This matches BSD convention where the effective gid is
           the first entry in the group list. This is required on newer
           FreeBSD where the effective gid is not tracked separately and thus
           setgroups() changes the egid if this convention is not followed.
           Fixes bug #532
           [782d6909108b]
   
   2012-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Fix sh warning; use "test" instead of "["
           [c6ee3407f65e]
   
           * src/exec.c:
           When not logging I/O, use a signal handler that only forwards
           SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
           Fixes a race in the non-I/O logging path where the command may
           receive two keyboard-generated signals; one from the kernel and one
           from the sudo process.
           [9638684e786a]
   
           * src/exec.c:
           Back out change that put the command in its own pgrp when not
           logging I/O. It causes problems with pipelines.
           [4fc9c6e1e770]
   
   2012-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in, configure, configure.in:
           Only run compat regress tests on compat objects we actually build.
           Fixes "make check" in the compat dir for systems that don't
           implement character classes in fnmatch() or glob(). Bug #531
           [a7addc305e83]
   
   2012-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
           Update po files from translationproject.org
           [5ea066af1356]
   
 2012-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.pp:          * sudo.pp:
         Include parent directories in case they don't already exist. This          Include parent directories in case they don't already exist. This
         fixes a directory permissions problem with the AIX package when the          fixes a directory permissions problem with the AIX package when the
         /usr/local directories don't already exist.          /usr/local directories don't already exist.
           [a14f783dc827]
   
           * pp:
           sync with git version
           [2f79d0543661]
   
           * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
           regen dependencies
           [24c92ca6c64d]
   
           * MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
           Move tty name lookup code to its own file.
           [58faf072cbf4]
   
   2012-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update with latest sudo 1.8.4 changes.
           [a4ffe4f42528]
   
           * config.h.in, configure, configure.in:
           Remove obsolete template for HAVE_TIMESPEC
           [75709007c906]
   
           * src/sudo.c:
           Add a check for devname() returning a fully-qualified pathname. None
           of the devname() implementations do this today but you never know
           when this might change.
           [16813ace38f9]
   
   2012-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           For "visudo -c" also list include files that were checked when
           everything is OK.
           [ad6f85b35c9c]
   
           * src/sudo.c:
           The device name returned by devname() does not include the /dev/
           prefix so we need to add it ourselves.
           [b55285abb7ed]
   
           * src/sudo.c:
           Add debug warning if KERN_PROC sysctl fails or devname() can't
           resolve the tty device to a name.
           [b5a23916ba3a]
   
           * common/sudo_debug.c:
           The result of writev() is never checked so just cast to NULL.
           [4be4e9b58d5b]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
           Update Esperanto, Finnish, Polish and Ukrainian translations from
           translationproject.org.
           [bb91bc6ad7e9]
   
   2012-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/sudo.c:
           Add support for determining tty via sysctl on other BSD variants.
           [fd15f63f719a]
   
           * configure, configure.in:
           Only check for struct kinfo_proc.ki_tdev on systems that support
           sysctl.
           [109b3f07a39d]
   
           * src/sudo.c:
           For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
           ttyname() of std{in,out,err}.
           [95969b70bd68]
   
   2012-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/sudo.c:
           On newer FreeBSD we can get the parent's tty name via sysctl().
           [3207290501ee]
   
           * plugins/sudoers/testsudoers.c:
           Include locale.h
           [a602cd0b8c2d]
   
           * src/sudo.c:
           Silence a gcc warning.
           [8c6d0e3cd534]
   
           * plugins/sudoers/bsm_audit.c:
           Need to include gettext.h and sudo_debug.h; from John Hein
           [447912aa7300]
   
           * plugins/sudoers/iolog.c:
           Initialize the debug framework from the I/O plugin too.
           [ce1bf44d96d2]
   
   2012-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/testsudoers.c:
           Enable debugging via sudo.conf.
           [d85669c749d0]
   
   2012-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Use SUDO_DEBUG_ALIAS for alias checking functions.
           [fb84af30dc76]
   
           * configure, configure.in:
           More complete test for getaddrinfo() that doesn't rely on the
           network libraries already being added to LIBS.
           [cbaf2369f4f0]
   
   2012-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/aix.c:
           Add debug support.
           [def1bdf24485]
   
           * configure, configure.in:
           Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
           [a2ea1c2eac61]
   
           * compat/getaddrinfo.c:
           Include errno.h and missing.h
           [7d15e17cc2f2]
   
           * .hgignore:
           ignore doc/varsub
           [417f9fc3231b]
   
           * configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
           src/parse_args.c, src/sudo.c, src/sudo.h:
           Update copyright year.
           [5d0ffc7dd567]
   
           * NEWS:
           Update for sudo 1.8.4
           [841e3eff9844]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen pot files
           [c509cb45b66a]
   
           * plugins/sudoers/sudoreplay.c:
           Enable debugging via sudo.conf.
           [5087aaee8484]
   
           * plugins/sudoers/visudo.c:
           Enable debugging via sudo.conf.
           [04b067c16ed3]
   
           * plugins/sudoers/visudo.c:
           Allow "visudo -c" to work when we only have read-only access to the
           sudoers include files.
           [d8c6713fe5c1]
   
           * doc/sudo.pod, doc/visudo.pod:
           Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
           HISTORY section in sudo that points to HISTORY file.
           [d1f1bcb051c5]
   
           * doc/sudo.pod, doc/sudo_plugin.pod:
           Document Debug setting in sudo.conf and debug_flags in plugin.
           [acfc505aa4a9]
   
   2012-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/match.c:
           Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
           bug where a pattern like "/usr/*" include /usr/bin/ in the results,
           which would be incorrectly be interpreted as if the sudoers file had
           specified a directory. From Vitezslav Cizek.
           [0cdb6252188c]
   
           * INSTALL, config.h.in, configure, configure.in,
           plugins/sudoers/auth/kerb5.c:
           Add --enable-kerb5-instance configure option to allow people using
           Kerberos V authentication to use a custom instance. Adapted from a
           diff by Michael E Burr.
           [e83af8bb7aa7]
   
           * doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
           Remove -D debug_level option.
           [cbcd05094347]
   
           * doc/LICENSE:
           Update copyright year.
           [9f43dd7aa852]
   
   2012-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           parse_error is now bool, not int
           [5ea7fb6fda38]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/parse.c:
           Print a more sensible error if yyparse() returns non-zero but
           yyerror() was not called.
           [d44ec88f1183]
   
           * plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
           plugins/sudoers/gram.c:
           Replace y.tab.c with the correct filename in #line directives.
           [3c84fcb7e959]
   
   2012-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
           if the main process's fds 0-2 are not hooked up to a tty. Adapted
           from a diff by Zdenek Behan.
           [b9dfce12af85]
   
           * src/exec.c:
           When not logging I/O, put command in its own pgrp and make that the
           controlling pgrp if the command is in the foreground. Fixes a race
           in the non-I/O logging path where the command may receive two
           keyboard-generated signals; one from the kernel and one from the
           sudo process.
           [d0e263ce496c]
   
   2011-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo_edit.c:
           Quiet a bogus gcc warning.
           [2009669e0608]
   
           * src/parse_args.c, src/sudo.h:
           Fix warnings related to sudo.conf accessors.
           [08ddc29ba50b]
   
           * common/sudo_conf.c, include/sudo_conf.h:
           Separate sudo.conf parsing from plugin loading and move the parse
           functions into the common lib so that visudo, etc. can use them.
           [f1fc659a8079]
   
           * MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
           src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
           Separate sudo.conf parsing from plugin loading and move the parse
           functions into the common lib so that visudo, etc. can use them.
           [e1f2cf6bd57a]
   
           * doc/sudoers.pod, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/sudoers.c, src/sudo.c:
           Remove support for noexec_file in sudoers and the plugin API
           [3e2fd58879b5]
   
           * plugins/sudoers/sudoers.c:
           Don't dump interfaces if there are none.
           [9081bb4d3e9e]
   
           * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
           Add missing %s printf escape to the group_plugin, iolog_dir and
           iolog_file descriptions.
           [7db03f2b737e]
   
   2011-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
           Fix typo in visiblepw description; from Joel Pickett
           [2fb4b26d5c2c]
   
   2011-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, configure, configure.in, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
           plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, src/sudo.c:
           When running a login shell with a login_class specified, use
           LOGIN_SETENV instead of rolling our own login.conf setenv support
           since FreeBSD's login.conf has more than just setenv capabilities.
           This requires us to swap the plugin-provided envp for the global
           environ before calling setusercontext() and then stash the resulting
           environ pointer back into the command details, which is kind of a
           hack.
           [ad4f1190143b]
   
           * plugins/sudoers/Makefile.in:
           If srcdir is "." just use the basename of the yacc/lex file when
           generating the C version. This matches the generated files
           currently in the repo.
           [0b11c3df87a8]
   
           * doc/Makefile.in, plugins/sudoers/Makefile.in:
           Clean up the DEVEL noise
           [9de2afe457fd]
   
           * src/exec.c:
           Handle different Unix domain socket (actually socketpair) semantics
           in BSD vs. Linux. In BSD if one end of the socketpair goes away
           select() returns the fd as readable and the read will fail with
           ECONNRESET. This doesn't appear to happen on Linux so if we notice
           that the monitor process has died when I/O logging is enabled,
           behave like the command has exited. This means we log the wait
           status of the monitor, not the command, but there is nothing else we
           can do at that point. This should only be an issue if SIGKILL is
           sent to the monitor process.
           [818e82ecbbfc]
   
           * src/exec_pty.c:
           Catch common signals in the monitor process so they get passed to
           the command. Fixes a problem when the entire login session is
           killed when ssh is disconnected or the terminal window is closed.
           Previously, the monitor would exit and plugin's close method would
           not be called.
           [0e4658263138]
   
           * INSTALL, configure, configure.in:
           Mention how to configure pam_hpsec on HP-UX to play nicely with
           sudo.
           [a7294cd8ce98]
   
   2011-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Escape values in the search expression as per RFC 4515.
           [c2adbc5db92b]
   
           * doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
           plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
           src/Makefile.in:
           No need for install target to depend explicitly on install-dirs, the
           install-foo targets all depend on it.
           [62a36ed98279]
   
   2011-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * .hgignore:
           ignore src/sesh
           [463d492f6782]
   
           * MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
           plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
           plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, src/Makefile.in:
           Add support for setenv entries in login.conf. We can't use
           LOGIN_SETENV since the plugin sets up the envp the command is
           executed with. Also regen the Makefile.in files while here. Fixes
           bug #527
           [088d507926e2]
   
   2011-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
           config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
           src/net_ifs.c:
           Add getaddrinfo() for those without it, written by Russ Allbery
           [4cf9ac831222]
   
           * doc/Makefile.in:
           Restore PACKAGE_TARNAME, it is used in docdir
           [9d65e893edb1]
   
           * MANIFEST, compat/stdbool.h:
           SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
           the MANIFEST
           [e67700dc5621]
   
           * common/atobool.c, common/term.c, src/exec.c:
           Remove duplicate return statements.
           [48a20d5215fd]
   
           * plugins/sudoers/auth/bsdauth.c:
           Remove inaccurate comment
           [e7f0265cf657]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
           Fetch the login class for the user we authenticate specifically when
           using BSD authentication. That user may have a different login
           class than what we will use to run the command. When setting the
           login class for the command, use the target user's struct passwd,
           not the invoking user's. Fixes bug 526
           [21bf0af892f7]
   
           * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
           plugins/sudoers/Makefile.in:
           Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
           [8ee6e0891f27]
   
           * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Fix "make check" fallout from the sudo_conv changes in sudo_debug.
           [b0aaa63c9081]
   
           * common/fileops.c, common/sudo_debug.c, configure, configure.in,
           include/fileops.h, plugins/sample/Makefile.in,
           plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
           plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
           plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/env.c, plugins/sudoers/find_path.c,
           plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
           plugins/sudoers/ldap.c, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
           plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
           src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
           src/sudo_plugin_int.h, src/utmp.c:
           Use stdbool.h instead of rolling our own TRUE/FALSE macros.
           [dcb0bbc42fc9]
   
   2011-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/stdbool.h, config.h.in, configure, configure.in:
           Add stdbool.h for systems without it.
           [18bd9dda1dcd]
   
           * aclocal.m4, config.h.in, configure, configure.in:
           No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
           includes have unistd.h in them. Add check for socklen_t for
           upcoming getaddrinfo compat.
           [d705465bef69]
   
           * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
           configure.in, plugins/sudoers/interfaces.c,
           plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
           plugins/sudoers/sudoreplay.c, src/net_ifs.c:
           Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
           HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
           [fa187c9bd2be]
   
           * src/sudo_noexec.c:
           No longer need to include time.h here as missing.h does not use
           time_t.
           [fa3a089bf5b1]
   
   2011-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Fix mode on sudoers as needed when the -f option is not specified.
           [7a1c40b0dc03]
   
           * MANIFEST, src/po/sr.mo, src/po/sr.po:
           Add Serbian translation for sudo from translationproject.org
           [9a0c25e25cba]
   
           * common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
           src/parse_args.c:
           No longer pass debug_file to plugin, plugins must now use
           CONV_DEBUG_MSG
           [810cda1abb0b]
   
           * mkpkg:
           Build PIE executables for newer Debian and Ubuntu
           [1c5f25f8904a]
   
           * common/sudo_debug.c:
           Include time.h for ctime() prototype.
           [10090cf3bca1]
   
   2011-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
           src/exec_pty.c:
           Do not close error pipe or debug fd via closefrom() as we need them
           to report an exec error should one occur.
           [732f6587fafa]
   
           * doc/sudoers.ldap.pod:
           Document that a sudoUser may now be a group ID.
           [2fef46b9d3d3]
   
           * plugins/sudoers/ldap.c:
           Add support for permitting access by group ID in addition to group
           name.
           [b9450fdf1f69]
   
           * plugins/sudoers/ldap.c:
           Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
           [d62a1e7cff4f]
   
           * compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
           Replace UCB fnmatch.c with a non-recursive version written by
           William A. Rowe Jr.
           [354d3384adb8]
   
           * plugins/sudoers/auth/pam.c:
           Fix typo, return_debug vs. debug_return
           [1b522efcbb0d]
   
   2011-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
           Update Japanese sudoers translation from translationproject.org
           [ec0f2beaad36]
   
           * doc/sudoers.pod:
           Make the env_reset descriptions consistent.
           [41c056f02688]
   
   2011-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Do multiple expansion when expanding paths to the noexec file, sesh
           and the plugin directory. Adapted from a diff by Mike Frysinger
           [d7e16c876c66]
   
           * common/Makefile.in:
           regen
           [9d729e09c186]
   
   2011-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * .hgignore:
           Add ignore file; from Mike Frysinger
           [1fa8d52425f8]
   
           * mkdep.pl:
           no longer save old Makefile.in to .old
           [378dd2395545]
   
           * plugins/sudoers/Makefile.in, src/Makefile.in:
           regen
           [769faf517720]
   
           * config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
           m4/ltoptions.m4, m4/ltversion.m4:
           Update to libtool 2.4.2
           [9dac78d84b4f]
   
   2011-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers_version.h:
           Bump grammar version for #include and #includedir relative path
           support.
           [82a4f7cd8f71]
   
   2011-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Add support for relative paths in #include and #includedir
           [4d6e3bd0c24f]
   
           * plugins/sudoers/Makefile.in:
           Fix install-plugin when shared objects are unsupported or disabled.
           [cbdd770a7a1b]
   
           * plugins/sudoers/goodpath.c:
           Don't write to sbp if it is NULL
           [fc438f8e8570]
   
   2011-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in:
           Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
           only install matching .mo files
           [c1dc30ab4ebc]
   
   2011-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/sudoers.c, src/conversation.c:
           Fix non-dynamic (no dlopen) sudo build.
           [b0bd3fa925a3]
   
           * configure, configure.in:
           Don't error out if the user specified --disable-shared
           [cf035dd1e5cc]
   
           * common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/conversation.c:
           Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
           the debug file.
           [640c62f83251]
   
           * plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
           plugins/sudoers/sudoers.h:
           Make sudo_goodpath() return value bolean
           [fea2d59a6e55]
   
           * INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
           Remove obsolete securid auth method.
           [4e54f860214b]
   
           * plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
           plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/auth/sudo_auth.h:
           Prefix authentication functions with a "sudo_" prefix to avoid
           namespace problems.
           [581d74063ea1]
   
           * INSTALL, MANIFEST, config.h.in, configure, configure.in,
           doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
           Remove the old Kerberos IV support
           [2e4b4a44209d]
   
   2011-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           Don't print garbage at the end of the custom lecture.
           [44bb788fafaa]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Add lexer tracing as debug@parser
           [d850f3f9d414]
   
           * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
           plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c:
           Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
           <def_data.h> and not "def_data.h" when generating the parser in a
           build dir.
           [7da701def753]
   
   2011-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkdep.pl, plugins/sudoers/Makefile.in:
           Better devdir support in mkdep.pl
           [7dcec57bd155]
   
           * plugins/sudoers/Makefile.in:
           Add devdir before srcdir in include path and fix up dependecies
           accordingly.
           [6e9958eca485]
   
           * plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
           plugins/sudoers/defaults.h, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
           #include "gram.h" not <gram.h> and "def_data.h" and not
           <def_data.h>.
           [003bdb078a15]
   
           * sudo.pp:
           Mark libexec files as optional. If we build without shared object
           support, libexec is not used.
           [4bffcf482219]
   
           * src/load_plugins.c:
           Change Debug sudo.conf setting to take a program name as the first
           argument. In the future, this will allow visudo and sudoreplay to
           use their own Debug entries.
           [cfb8f7e4867c]
   
           * src/sudo.c:
           fix sudo_debug_printf priority
           [dcb67e965609]
   
           * plugins/sudoers/sudoers.c:
           add missing debug_return_int
           [d88ec450c592]
   
   2011-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
           Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
           [dcee8efc294f]
   
           * doc/UPGRADE:
           Add missing word in HOME security note.
           [fd844fdcc1ac]
   
           * plugins/sudoers/testsudoers.c:
           Prevent "testsudoers -d username" from trying to malloc(0).
           [839126e56e8c]
   
   2011-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/sudoers/test10.in,
           plugins/sudoers/regress/sudoers/test10.out.ok,
           plugins/sudoers/regress/sudoers/test10.toke.ok,
           plugins/sudoers/regress/sudoers/test10.toke.out.ok,
           plugins/sudoers/regress/sudoers/test11.in,
           plugins/sudoers/regress/sudoers/test11.out.ok,
           plugins/sudoers/regress/sudoers/test11.toke.ok,
           plugins/sudoers/regress/sudoers/test11.toke.out.ok,
           plugins/sudoers/regress/sudoers/test12.in,
           plugins/sudoers/regress/sudoers/test12.out.ok,
           plugins/sudoers/regress/sudoers/test12.toke.ok,
           plugins/sudoers/regress/sudoers/test13.in,
           plugins/sudoers/regress/sudoers/test13.out.ok,
           plugins/sudoers/regress/sudoers/test13.toke.ok,
           plugins/sudoers/regress/sudoers/test9.in,
           plugins/sudoers/regress/sudoers/test9.out.ok,
           plugins/sudoers/regress/sudoers/test9.toke.ok,
           plugins/sudoers/regress/sudoers/test9.toke.out.ok:
           Tests for empty sudoers (should parse OK) and syntax errors within a
           line (should report correct line number) both with and without the
           trailing newline.
           [d57c879c4718]
   
           * plugins/sudoers/regress/sudoers/test4.out.ok,
           plugins/sudoers/regress/sudoers/test5.out.ok,
           plugins/sudoers/regress/sudoers/test7.out.ok,
           plugins/sudoers/regress/sudoers/test8.out.ok,
           plugins/sudoers/testsudoers.c:
           Print line number when there is a parser error.
           [5444ef6ac6dc]
   
   2011-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Keep track of the last token returned. On error, if the last token
           was COMMENT, decrement sudolineno since the error most likely
           occurred on the preceding line. Previously we always uses
           sudolineno-1 which will give the wrong line number for errors within
           a line.
           [d661a03a64da]
   
   2011-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           update with sudo 1.8.3p1 info
           [0f79ff31f602]
   
           * plugins/sudoers/sudoers.c:
           Fix crash when "sudo -g group -i" is run. Fixes bug 521
           [a3087ae337c4]
   
   2011-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Make alias_remove_recursive() return TRUE/FALSE as its callers
           expect and remove two unused arguments. Fixes bug 519.
           [2ee3b2882844]
   
           * plugins/sudoers/regress/visudo/test1.out.ok,
           plugins/sudoers/regress/visudo/test1.sh:
           Add regress test for bugzilla 519
           [48000ebedf97]
   
           * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Disable warning/error wrapping in regress tests.
           [373c589ba561]
   
 2011-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in:
           Do compile-po as part of sync-po so that the .mo files get rebuild
           automatically when we sync with translationproject.org
           [83f3cbfc2f33]
   
         * plugins/sudoers/Makefile.in:          * plugins/sudoers/Makefile.in:
         check_addr needs to link with the network libraries on Solaris          check_addr needs to link with the network libraries on Solaris
         [322bd70e316e]          [322bd70e316e]
Line 29 Line 2249
         process. Fixes a crash in the monitor on Solaris; bugzilla #518          process. Fixes a crash in the monitor on Solaris; bugzilla #518
         [e82809f86fb3]          [e82809f86fb3]
   
2011-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>2011-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * .hgtags:        * src/exec.c:
        Added tag SUDO_1_8_3 for changeset 82bec4d3a203        Get rid of done: label. If the child exits we still need to close
        [6c953ef6f577] <1.8>        the pty, update utmp and restore the SELinux tty context.
         [cc127bf48405]
   
        * Update Japanese sudoers translation from translationproject.org2011-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
        [82bec4d3a203] [SUDO_1_8_3] <1.8> 
   
           * common/Makefile.in, common/atobool.c, common/fileops.c,
           common/fmt_string.c, common/lbuf.c, common/list.c,
           common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
           plugins/sudoers/alias.c, plugins/sudoers/audit.c,
           plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
           plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
           plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
           plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
           plugins/sudoers/defaults.c, plugins/sudoers/env.c,
           plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
           plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
           plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
           plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
           src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
           src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
           src/tgetpass.c, src/ttysize.c, src/utmp.c:
           Add debug_decl/debug_return (almost) everywhere. Remove old
           sudo_debug() and convert users to sudo_debug_printf().
           [8f3bbf907b67]
   
           * common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c, src/error.c:
           Wrap error/errorx and warning/warningx functions with debug
           statements. Disable wrapping for standalone sudoers programs as well
           as memory allocation functions (to avoid infinite recursion).
           [562ed7b5ae8d]
   
           * README, config.h.in, configure, configure.in:
           Add checks for __func__ and __FUNCTION__ and mention that we now
           require a cpp that supports variadic macros.
           [314cfe4c5d23]
   
           * MANIFEST, common/Makefile.in, common/sudo_debug.c,
           include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
           src/load_plugins.c, src/parse_args.c, src/sudo.c,
           src/sudo_plugin_int.h:
           New debug framework for sudo and plugins using /etc/sudo.conf that
           also supports function call tracing.
           [cded741e9f10]
   
   2011-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
           Update Japanese sudoers translation from translationproject.org
           [c24725775e32]
   
 2011-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Override and ignore the --disable-static option. Sudo already runs          Override and ignore the --disable-static option. Sudo already runs
         libtool with -tag=disable-static where applicable and we need non-          libtool with -tag=disable-static where applicable and we need non-
         PIC objects to build the executables.          PIC objects to build the executables.
        [dff177464029] <1.8>        [aff1227b853a]
   
 2011-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * NEWS:          * NEWS:
         Add sudoedit fix          Add sudoedit fix
        [3238dc7e4fb2] <1.8>        [74655c7ccad1]
   
         * plugins/sudoers/po/sudoers.pot:          * plugins/sudoers/po/sudoers.pot:
         regen pot files          regen pot files
        [7981d6cbf1ab] <1.8>        [28d89a831ed3]
   
        * Ignore set_logname (which is now the default) for sudoedit since we        * plugins/sudoers/env.c:
         Ignore set_logname (which is now the default) for sudoedit since we
         want the LOGNAME, USER and USERNAME environment variables to refer          want the LOGNAME, USER and USERNAME environment variables to refer
         to the calling user since that is who the editor runs as. This          to the calling user since that is who the editor runs as. This
         allows the editor to find the user's startup files. Fixes bugzilla          allows the editor to find the user's startup files. Fixes bugzilla
         #515          #515
        [3b9486e5fddb] <1.8>        [6c5dddf5ff05]
   
        * Instead of trying to grow the buffer in make_grlist_item(), simply        * plugins/sudoers/pwutil.c:
         Instead of trying to grow the buffer in make_grlist_item(), simply
         increase the total length, free the old buffer and allocate a new          increase the total length, free the old buffer and allocate a new
         one. This is less error prone and saves us from having to adjust          one. This is less error prone and saves us from having to adjust
         all the pointers in the buffer. This code path is only taken when          all the pointers in the buffer. This code path is only taken when
         there are groups longer than the length of the user field in struct          there are groups longer than the length of the user field in struct
         utmp or utmpx, which should be quite rare.          utmp or utmpx, which should be quite rare.
        [cb7c5ac834b5] <1.8>        [5587dc8cffaf]
   
        * Add Italian translation for sudo from translationproject.org        * src/po/it.mo:
        [c7876fccbc38] <1.8>        Add Italian translation for sudo from translationproject.org
         [1b3dd886e7e3]
   
        * NEWS:        * MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
         src/po/ja.mo, src/po/ja.po:
         Japanese translation for sudo and sudoers from          Japanese translation for sudo and sudoers from
         translationproject.org          translationproject.org
        [9945a3ef7ff7] <1.8>        [c06dd866be6e]
   
 2011-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * sudoreplay depends on timestr.lo too; from Mike Frysinger        * plugins/sudoers/Makefile.in:
        [ad9ae493205f] <1.8>        sudoreplay depends on timestr.lo too; from Mike Frysinger
         [b9e73214b2f1]
   
 2011-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * plugins/sudoers/po/sudoers.pot:          * plugins/sudoers/po/sudoers.pot:
         Regen sudoers pot file.          Regen sudoers pot file.
        [2c4d99361994] <1.8>        [019588bafdb3]
   
         * NEWS:          * NEWS:
         Update with latest sudo 1.8.3 news          Update with latest sudo 1.8.3 news
        [4e7f59d339d4] <1.8>        [6868042a88e9]
   
        * ldap_start_tls_s() on Debian (at least) sets the effective and saved        * plugins/sudoers/sudoers.c:
        uids to the same value as the real uid. This prevents sudo from        It appears that LDAP or NSS may modify the euid so we need to be
        setting the uid or gid later on. As a workaround, we now set perms        root for the open(). We restore the old perms at the end of
        to root during sudoers_policy_open().        sudoers_policy_open().
        [eb4c4f15833a] <1.8>        [2da67a5497ef]
   
        * Better warning message on setuid() failure for the setreuid()        * plugins/sudoers/set_perms.c:
         Better warning message on setuid() failure for the setreuid()
         version of set_perms().          version of set_perms().
        [308c72f601e4] <1.8>        [07abcfe7bd9a]
   
 2011-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS:  
         Combine new translations in NEWS item  
         [0aa07471a5e6] <1.8>  
   
 2011-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Delref auth_pw at the end of check_user() instead of getting a ref        * plugins/sudoers/check.c:
         Delref auth_pw at the end of check_user() instead of getting a ref
         twice.          twice.
        [1c882f2fb46c] <1.8>        [cb665f55e6a5]
   
        * Make sudo_auth_{init,cleanup} return TRUE on success and check for        * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
         Make sudo_auth_{init,cleanup} return TRUE on success and check for
         sudo_auth_init() return value in check_user().          sudo_auth_init() return value in check_user().
        [573bf35ecac9] <1.8>        [92631c919356]
   
        * Do not return without restoring permissions.        * plugins/sudoers/auth/sudo_auth.c:
        [2444a0b96469] <1.8>        Do not return without restoring permissions.
         [59ef40b6696a]
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:          * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         regen pot files          regen pot files
        [d286bce8dbb1] <1.8>        [9f320a340b7c]
   
        * NEWS:        * plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
        Update for latest release candidate        plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
        [63d184ba6263] <1.8>        plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
        plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
        regen pot files        plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
        [ac3ec1315df7] <1.8>        plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
        plugins/sudoers/sudoers.h:
        * Modify the authentication API such that the init and cleanup        Modify the authentication API such that the init and cleanup
         functions are always called, regardless of whether or not we are          functions are always called, regardless of whether or not we are
         going to verify a password. This is needed for proper PAM session          going to verify a password. This is needed for proper PAM session
         support.          support.
        [ea281ca46d94] <1.8>        [19a53f3fb596]
   
        * Add missing dependency for getspwgen other depends.        * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
        [9c124272910d] <1.8>        Add missing dependency for getspwuid.lo and regen other depends.
         [f7f70eae819a]
   
        * Fix a PAM_USER mismatch in session open/close. We update PAM_USER        * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
         plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
         Fix a PAM_USER mismatch in session open/close. We update PAM_USER
         to the target user immediately before setting resource limits, which          to the target user immediately before setting resource limits, which
         is after the monitor process has forked (so it has the old value).          is after the monitor process has forked (so it has the old value).
         Also, if the user did not authenticate, there is no pamh in the          Also, if the user did not authenticate, there is no pamh in the
         monitor so we need to init pam here too. This means we end up          monitor so we need to init pam here too. This means we end up
         calling pam_start() twice, which should be fixed, but at least the          calling pam_start() twice, which should be fixed, but at least the
         session is always properly closed now.          session is always properly closed now.
        [d0866ee5f190] <1.8>        [fbc063a2a872]
   
        * Add check for old being NULL in utmp_setid(); from Steven McDonald        * src/utmp.c:
        [30cc283ac2b4] <1.8>        Add check for old being NULL in utmp_setid(); from Steven McDonald
         [e87126442f2e]
   
 2011-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * If the invoking user cannot be resolved by uid fake the struct        * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h:
         If the invoking user cannot be resolved by uid fake the struct
         passwd and store it in the cache so we can delref it on exit.          passwd and store it in the cache so we can delref it on exit.
        [19d44f44d45d] <1.8>        [a27e2f8b9f5e]
   
 2011-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't error out if the group plugin cannot be loaded, just warn.        * plugins/sudoers/sudoers.c:
        [e91d9912c9a0] <1.8>        Don't error out if the group plugin cannot be loaded, just warn.
         [0fbfcd381e33]
   
 2011-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Quiet a false positive found by several static analysis tools. These        * plugins/sudoers/sudoers.c:
         Quiet a false positive found by several static analysis tools. These
         tools don't know that log_error() does not return (it longjmps to          tools don't know that log_error() does not return (it longjmps to
         error_jmp which returns to the sudo front-end).          error_jmp which returns to the sudo front-end).
        [3cc319e31ed6] <1.8>        [33d0469df21b]
   
 2011-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Italian translation for sudo from translationproject.org Regen        * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
         plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
         plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
         Add Italian translation for sudo from translationproject.org Regen
         .mo files          .mo files
        [c0b27f9d7e57] <1.8>        [c3c888a82be6]
   
         * .hgtags:  
         Added tag SUDO_1_8_2 for changeset 3682e51af1d0  
         [f0be566e9ea2] <1.8>  
   
 2011-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update to current reality and add bit about ssh auth        * doc/TROUBLESHOOTING:
        [48dcb86ce9be] <1.8>        Update to current reality and add bit about ssh auth
         [184a1e7c2eeb]
   
        * Make "verbose" static; fixes a namespace clash with        * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
         Make "verbose" static; fixes a namespace clash with
         pam_ssh_agent_auth (and it doesn't need to be extern these days).          pam_ssh_agent_auth (and it doesn't need to be extern these days).
        [b60fdd82de94] <1.8>        [cc38d2eb2f4c]
   
        * configure, configure.in:        * config.h.in, configure, configure.in, src/get_pty.c:
         FreeBSD has libutil.h not util.h          FreeBSD has libutil.h not util.h
        [c03b121e0193] <1.8>        [dab4c94b6d4f]
   
         * configure, configure.in:          * configure, configure.in:
         Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD          Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
        [002e3e0bb173] <1.8>        [41c362f0a92a]
   
        * Update po files from translationproject.org2011-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
        [2b36af902213] <1.8> 
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
           Update po files from translationproject.org
           [1e99e147c7fa]
   
 2011-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * NEWS:        * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
        Mention DEREF support 
        [dfeb152f1686] <1.8> 
 
        * plugins/sudoers/po/sudoers.pot: 
        sync pot files 
        [1fba22e927a3] <1.8> 
 
        * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in: 
         Add support for DEREF in ldap.conf.          Add support for DEREF in ldap.conf.
        [fe1cf6ad0add] <1.8>        [3c1937a98547]
   
         * Makefile.in:          * Makefile.in:
         install target should depend on ChangeLog too, not just install-doc          install target should depend on ChangeLog too, not just install-doc
        [f54e2ab633b8] <1.8>        [1a7c83941175]
   
        * NEWS, configure.in, doc/sudoers.cat, doc/sudoers.man.in:        * doc/sudoers.pod:
         Only iolog_file (not iolog_dir) supports mktemp-style suffixes.          Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
        [44a25099594e] <1.8>        [0eca47d60a2c]
   
        * configure.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        * NEWS:
        regen pot files        Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
        [e14ee85cf49b] <1.8>        [0501415cc5ff]
   
           * doc/UPGRADE:
           Document group lookup change and possible side effects.
           [585743e1ebf7]
   
         * configure, configure.in:          * configure, configure.in:
         Fix some square brackets in case statements that needed to be          Fix some square brackets in case statements that needed to be
         doubled up. While here, use $OSMAJOR when it makes sense.          doubled up. While here, use $OSMAJOR when it makes sense.
        [853c6e5f994c] <1.8>        [8973343f4696]
   
        * Fix a crash in make_grlist_item() on 64-bit machines with strict        * plugins/sudoers/pwutil.c:
         Fix a crash in make_grlist_item() on 64-bit machines with strict
         alignment.          alignment.
        [e877c89ae32f] <1.8>        [c89508c73c46]
   
        * Remove list_options() function that is no longer used now that "sudo        * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
         Remove list_options() function that is no longer used now that "sudo
         -L" is gone.          -L" is gone.
        [f31543c80b98] <1.8>        [fcc6a776c135]
   
         * configure, configure.in:          * configure, configure.in:
         Error message if user tries --with-CC          Error message if user tries --with-CC
        [0ed7558b8924] <1.8>        [ec5b478f813a]
   
         * configure, configure.in:          * configure, configure.in:
         Check for -libmldap too when looking for ldap libs, which is the          Check for -libmldap too when looking for ldap libs, which is the
         Tivoli Directory Server client library.          Tivoli Directory Server client library.
        [831e32d1453c] <1.8>        [bb3007a97206]
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:  
         regen pot files for 1.8.3  
         [df2fb085cff2] <1.8>  
   
         * NEWS, configure, configure.in, doc/sudo.cat, doc/sudo.man.in,  
         doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,  
         doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,  
         doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,  
         doc/visudo.man.in:  
         Update for version 1.8.3  
         [38cf153add0a] <1.8>  
   
 2011-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Honor NOPASSWD tag for denied commands too.        * plugins/sudoers/parse.c:
        [f473c443ad54] <1.8>        Honor NOPASSWD tag for denied commands too.
         [8dd92656db92]
   
   2011-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Remove --with-CC option; it doesn't work correctly now that we use          Remove --with-CC option; it doesn't work correctly now that we use
         libtool. Users can get the same effect by setting the CC          libtool. Users can get the same effect by setting the CC
         environment variable when running configure.          environment variable when running configure.
        [4f04869d74fd] <1.8>        [ec22bd1a55e0]
   
 2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
         src/sudo_edit.c:
         Assume all modern systems support fstat(2).          Assume all modern systems support fstat(2).
        [0422b19dced3] <1.8>        [6a5a8985f6a0]
   
 2011-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * compat/regress/glob/globtest.c, config.h.in, configure,
         configure.in, include/missing.h, plugins/sudoers/sudoers.h,
         src/sudo.h, src/sudo_noexec.c:
         Add configure test for missing errno declaration and only declare it          Add configure test for missing errno declaration and only declare it
         ourselves if it is missing.          ourselves if it is missing.
        [6d26974f7e16] <1.8>        [456e76c809a2]
   
        * Include errno.h before sudo.h to avoid conflicting with the system        * plugins/sudoers/alias.c:
         Include errno.h before sudo.h to avoid conflicting with the system
         definition of errno.          definition of errno.
        [8000bdc0968f] <1.8>        [d0b97e392512]
   
 2011-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Only print individual check status when there is a failure.        * plugins/sudoers/regress/parser/check_addr.c:
        [bbdd669e7615] <1.8>        Only print individual check status when there is a failure.
         [2ac704c91441]
   
        * Add calls to setprogname() for test programs.        * plugins/sudoers/regress/iolog_path/check_iolog_path.c,
        [c721f3466a3a] <1.8>        plugins/sudoers/regress/logging/check_wrap.c,
         plugins/sudoers/regress/parser/check_addr.c:
         Add calls to setprogname() for test programs.
         [a8d9b420e826]
   
         * configure, configure.in:          * configure, configure.in:
         Add -Wall and -Werror after all tests so they don't cause failures.          Add -Wall and -Werror after all tests so they don't cause failures.
        [20d75ce40086] <1.8>        [2661188ff3fa]
   
        * Actually run check_addr in the check target        * plugins/sudoers/Makefile.in:
        [dcd96ef0dc57] <1.8>        Actually run check_addr in the check target
         [0b2778bc86bf]
   
        * Split out address matching into its own file and add regression        * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
         plugins/sudoers/match_addr.c,
         plugins/sudoers/regress/parser/check_addr.c,
         plugins/sudoers/regress/parser/check_addr.in:
         Split out address matching into its own file and add regression
         tests for it.          tests for it.
        [863f28589c24] <1.8>        [12b9a2bf8dba]
   
 2011-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix matching a network number with netmask when the network number        * plugins/sudoers/match.c:
        is not the first address in the CIDR block.        When matching an address with a netmask in sudoers, AND the mask and
        [719942c986e9] <1.8>        addr before checking against the local addresses.
         [9747bb6d7b1c]
   
 2011-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't assume all editors support the +linenumber command line        * plugins/sudoers/match.c:
         Fix netmask matching.
         [a3c8f8cc1464]
 
         * plugins/sudoers/visudo.c:
         Don't assume all editors support the +linenumber command line
         argument, use a whitelist of known good editors.          argument, use a whitelist of known good editors.
        [d8d884af3b05] <1.8>        [21d43a91fd10]
   
 2011-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Silence compiler warnings on Solaris with gcc 3.4.3        * plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
        [8047cdb5d6a1] <1.8>        src/exec_pty.c, src/sudo.c:
         Silence compiler warnings on Solaris with gcc 3.4.3
         [da620bae6fdb]
   
        * Fix building on RHEL 3        * mkpkg:
        [6bb0464a7450] <1.8>        Fix building on RHEL 3
         [f3227fb2a252]
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Add --enable-werror configure option.          Add --enable-werror configure option.
        [aa40fd459836] <1.8>        [fec2cdb95543]
   
        * setgroups() proto lives in grp.h on RHEL4, perhaps others.        * common/setgroups.c:
        [92f98cbaebf0] <1.8>        setgroups() proto lives in grp.h on RHEL4, perhaps others.
         [de91c0de5a98]
   
         * configure, configure.in:          * configure, configure.in:
         Use PAM by default on AIX 6 and higher.          Use PAM by default on AIX 6 and higher.
        [7ef53d5ac819] <1.8>        [e16493208e5f]
   
 2011-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add new Esperanto translation from translationproject.org        * MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
        [109ed683b885] <1.8>        src/po/eo.mo, src/po/eo.po:
         Add new Esperanto translation from translationproject.org
         [0d9a59e04c64]
   
 2011-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Quiet an innocuous valgrind warning.        * plugins/sudoers/iolog_path.c:
        [fc453e49f9dd] <1.8>        Quiet an innocuous valgrind warning.
         [0582b6027161]
   
 2011-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix expansion of strftime() escapes in log_dir and add a regress        * plugins/sudoers/iolog_path.c,
         plugins/sudoers/regress/iolog_path/data:
         Fix expansion of strftime() escapes in log_dir and add a regress
         test that exhibited the problem.          test that exhibited the problem.
        [784e60d21f11] <1.8>        [a5c7c1c4c589]
   
        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        * plugins/sudoers/Makefile.in:
         Fix "make check" return value.          Fix "make check" return value.
        [d3608efd8da6] <1.8>        [33b58e175230]
   
 2011-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * plugins/sudoers/po/sudoers.pot:        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         Regen pot files          Regen pot files
        [3682e51af1d0] [SUDO_1_8_2] <1.8>        [063841aac19b]
   
         * Makefile.in:          * Makefile.in:
         Fix logic inversion in pot file up to date check.          Fix logic inversion in pot file up to date check.
        [343dbbca9422] <1.8>        [f6a8ca8654df]
   
         * doc/sudo.cat, doc/sudo.man.in, doc/sudoers.cat,  
         doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,  
         doc/visudo.cat, doc/visudo.man.in:  
         regen docs  
         [96234478bde2] <1.8>  
   
 2011-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Add caching for gettext() checks.          Add caching for gettext() checks.
        [4039d21424c3] <1.8>        [01b7200f6105]
   
         * configure, configure.in:          * configure, configure.in:
         Better handling of libintl header and library mismatch.          Better handling of libintl header and library mismatch.
        [cc9faee8e486] <1.8>        [9a49b1d4db69]
   
 2011-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS:  
         sync  
         [73649a44d934] <1.8>  
   
 2011-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Also check sudoers gid if sudoers is group writable.        * plugins/sudoers/sudoers.c:
        [3d345347f6ac] <1.8>        Also check sudoers gid if sudoers is group writable.
         [23ef96ca0d33]
   
         * NEWS:  
         Update for 1.8.2 final  
         [441c22fea363] <1.8>  
   
 2011-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         If dlopen is present but libtool doesn't find it, error out since it          If dlopen is present but libtool doesn't find it, error out since it
         probably means that libtool doesn't support the system.          probably means that libtool doesn't support the system.
        [6fc7c0de4f6d] <1.8>        [a9da0a5f7941]
   
        * configure args on the command line should override builtin defaults.        * mkpkg:
         configure args on the command line should override builtin defaults.
         Disable NLS for non-Linux/Solaris unless explicitly enabled.          Disable NLS for non-Linux/Solaris unless explicitly enabled.
        [0ef165f892c2] <1.8>        [b2fb05614504]
   
        * Fix loop that calls authenticate(). If there was an error message        * plugins/sudoers/auth/aix_auth.c:
         Fix loop that calls authenticate(). If there was an error message
         from authenticate(), display it.          from authenticate(), display it.
        [f0686011ff2e] <1.8>        [063a0c4f0b9a]
   
 2011-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * m4/libtool.m4, m4/ltversion.m4:
         Update to autoconf 2.68 and libtool 2.4          Update to autoconf 2.68 and libtool 2.4
        [00df5f3647e1] <1.8>        [5a912a6eb67b]
   
        * Fix typo; OPT should be OTP        * config.guess, config.sub, configure, configure.in, ltmain.sh:
        [31da1f989740] <1.8>        Update to autoconf 2.68 and libtool 2.4
         [931ab56aecf6]
   
        * Rename libsudoers convenience library to libparsesudoers to avoid        * doc/sudoers.pod:
         Fix typo; OPT should be OTP
         [e97bd2e46544]
 
         * plugins/sudoers/Makefile.in:
         Rename libsudoers convenience library to libparsesudoers to avoid
         libtool confusion.          libtool confusion.
        [e9ae9d611dd5] <1.8>        [2a89a613f537]
   
 2011-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Danish sudoers translation from translationproject.org        * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
        [fa9cd9758249] <1.8>        Add Danish sudoers translation from translationproject.org
         [27b96e85eb13]
   
        * Add dedicated callback function for runas_default sudoers setting        * plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
         Add dedicated callback function for runas_default sudoers setting
         that only sets runas_pw if no runas user or group was specified by          that only sets runas_pw if no runas user or group was specified by
         the user.          the user.
        [3fb4b18525de] <1.8>        [b8382d8eea34]
   
 2011-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update Finish, Polish, Russian and Ukrainian translations from        * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
         plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
         plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
         src/po/ru.po:
         Update Finish, Polish, Russian and Ukrainian translations from
         translationproject.org.          translationproject.org.
        [0fcd8f6aff0a] <1.8>        [f9339aff664e]
   
        * Makefile.in:        * plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
         plugins/sudoers/testsudoers.c:
         Go back to using a callback for runas_default to keep runas_pw in          Go back to using a callback for runas_default to keep runas_pw in
         sync. This is needed to make per-entry runas_default settings work          sync. This is needed to make per-entry runas_default settings work
         with LDAP-based sudoers. Instead of declaring it a callback in          with LDAP-based sudoers. Instead of declaring it a callback in
         def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a          def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
         bit naughty, but avoids requiring stub functions in visudo and the          bit naughty, but avoids requiring stub functions in visudo and the
         tests.          tests.
        [4e8e70832f06] <1.8>        [9aaefb908415]
   
 2011-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:  
         Regen pot files  
         [ca5c58c599a6] <1.8>  
   
         * Makefile.in:          * Makefile.in:
         Add check for out of date message catalogs when doing "make dist".          Add check for out of date message catalogs when doing "make dist".
        [36414e5c762b] <1.8>        [e45a29b612f4]
   
 2011-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * configure:
         regen
         [d6f9ad26774a]
 
         * configure.in:
         Make sure compiler supports static-libgcc before using it.          Make sure compiler supports static-libgcc before using it.
        [6c98e8809291] <1.8>        [b01bd9566e50]
   
 2011-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc        * src/Makefile.in:
        [a0a3a3fa6470] <1.8>        Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
         [c99c7ab3edef]
   
 2011-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add new Russian sudo translation from translationproject.org and        * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
         plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
         plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
         src/po/zh_CN.mo:
         Add new Russian sudo translation from translationproject.org and
         rebuild the other translation files.          rebuild the other translation files.
        [e953d7d1ca6d] <1.8>        [e20015459056]
   
 2011-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update Finish and Polish translations from translationproject.org        * plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
        [17e408d73c85] <1.8>        Update Finish and Polish translations from translationproject.org
         [4e3dbba4a1de]
   
        * Go back to escaping the command args for "sudo -i" and "sudo -s"        * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
         Go back to escaping the command args for "sudo -i" and "sudo -s"
         before calling the plugin. Otherwise, spaces in the command args          before calling the plugin. Otherwise, spaces in the command args
         are not treated properly. The sudoers plugin will unescape non-          are not treated properly. The sudoers plugin will unescape non-
         spaces to make matching easier.          spaces to make matching easier.
        [f666191a4e80] <1.8>        [dfa2c4636f33]
   
 2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix some potential problems found by the clang static analyzer, none        * plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
         plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
         plugins/sudoers/toke.l:
         Fix some potential problems found by the clang static analyzer, none
         serious.          serious.
        [c1ab4b940980] <1.8>        [ff64aa74aae6]
   
        * Updated Ukranian and Chinese (simplified) po files from        * plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
         src/po/zh_CN.po:
         Updated Ukranian and Chinese (simplified) po files from
         translationproject.org          translationproject.org
        [792a66672715] <1.8>        [ec792becb48e]
   
 2011-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Updated Polish translation from translationproject.org        * plugins/sudoers/po/pl.po:
        [5f434cc04482] <1.8>        Updated Polish translation from translationproject.org
         [a3af53cb649c]
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:          * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         Rebuild pot files          Rebuild pot files
        [639230dbd741] <1.8>        [c650524c0f0a]
   
        * Don't try to audit failure if the runas user does not exist. We        * plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
         Don't try to audit failure if the runas user does not exist. We
         don't have the user's command at this point so there is nothing to          don't have the user's command at this point so there is nothing to
         audit. Add a NULL check in audit_success() and audit_failure() just          audit. Add a NULL check in audit_success() and audit_failure() just
         to be on the safe side.          to be on the safe side.
        [2bfb96a32b00] <1.8>        [2a0007c2022f]
   
        * Add -g to CFLAG for PIE builds.        * mkpkg:
        [e4c94977ca4e] <1.8>        Add -g to CFLAG for PIE builds.
         [32a0a9693c9c]
   
 2011-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Remove fallback to per-group lookup when matching groups in sudoers.        * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h, src/sudo.c:
         Remove fallback to per-group lookup when matching groups in sudoers.
         The sudo front-end will now use getgrouplist() to get the user's          The sudo front-end will now use getgrouplist() to get the user's
         list of groups if getgroups() fails or returns zero groups so we          list of groups if getgroups() fails or returns zero groups so we
         always have a list of the user's groups. For systems with          always have a list of the user's groups. For systems with
         mbr_check_membership() which support more that NGROUPS_MAX groups          mbr_check_membership() which support more that NGROUPS_MAX groups
         (Mac OS X), skip the call to getgroups() and use getgrouplist() so          (Mac OS X), skip the call to getgroups() and use getgrouplist() so
         we get all the groups.          we get all the groups.
        [168d6d4a386b] <1.8>        [51b3ed8c600b]
   
 2011-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix setgroups() fallback code on EINVAL.        * common/setgroups.c:
        [dd1310945ab3] <1.8>        Fix setgroups() fallback code on EINVAL.
         [2b6faecd56a4]
   
        * Fix two PERM_INITIAL cases that were still using user_gids.        * plugins/sudoers/set_perms.c:
        [d497d0d47a23] <1.8>        Fix two PERM_INITIAL cases that were still using user_gids.
         [9680bab0acc6]
   
        * Add Polish sudo message catalog        * MANIFEST:
        [1a0aa3f9f179] <1.8>        Add Polish sudo message catalog
         [8bb40c3ba576]
   
        * user_group is no longer used, remove it        * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
        [379185a76094] <1.8>        user_group is no longer used, remove it
         [9acede0fe6c5]
   
2011-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>2011-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Polish translation from translationproject.org        * MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
        [2e7cdfe4ef41] <1.8>        Add Polish translation from translationproject.org
         [afac5c638573]
   
        * Add a wrapper for setgroups() that trims off extra groups and        * MANIFEST, common/Makefile.in, common/setgroups.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
         src/sudo.h, src/sudo_edit.c:
         Add a wrapper for setgroups() that trims off extra groups and
         retries if setgroups() fails. Also add some missing addrefs for          retries if setgroups() fails. Also add some missing addrefs for
         PERM_USER and PERM_FULL_USER.          PERM_USER and PERM_FULL_USER.
        [bacb4170a510] <1.8>        [224dfd8aae5c]
   
        * configure, configure.in:        * MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
         configure, configure.in, include/missing.h, mkdep.pl,
         plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
         Instead of keeping separate groups and gids arrays, create struct          Instead of keeping separate groups and gids arrays, create struct
         group_info and use it to store both, along with a count for each.          group_info and use it to store both, along with a count for each.
         Cache group info on a per-user basis using getgrouplist() to get the          Cache group info on a per-user basis using getgrouplist() to get the
         groups. We no longer need special to special case the user or list          groups. We no longer need special to special case the user or list
         user for user_in_group() and thus no longer need to reset the groups          user for user_in_group() and thus no longer need to reset the groups
         list when listing another user.          list when listing another user.
        [f1d8962821a0] <1.8>        [0ad849a8b2d5]
   
        * Don't rely on NULL since we don't include a header for it.        * src/preload.c:
        [ed46286f848b] <1.8>        Don't rely on NULL since we don't include a header for it.
         [b40937f1890c]
   
        * Fix typo2011-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
        [a38b8fbb0e70] <1.8> 
   
        * Do not shadow global sudo_mode with a local variable in set_cmnd()        * doc/sudoers.pod:
        [8e462ebafea4] <1.8>        Fix typo
         [c1035360e169]
   
   2011-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c:
           Do not shadow global sudo_mode with a local variable in set_cmnd()
           [0c72969503ad]
   
 2011-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * bash 2.x doesd not support the -l flag and exits with an error if it        * plugins/sudoers/sudoers.c:
         bash 2.x doesd not support the -l flag and exits with an error if it
         is specified so use --login instead. This causes an error with bash          is specified so use --login instead. This causes an error with bash
         1.x (which uses -login instead) but this version is hopefully less          1.x (which uses -login instead) but this version is hopefully less
         used than 2.x.          used than 2.x.
        [73020a67b9d5] <1.8>        [5c4c296e30e6]
   
        * Add Polish translation from translationproject.org        * src/po/pl.mo, src/po/pl.po:
        [8cac0da9ffb1] <1.8>        Add Polish translation from translationproject.org
         [48592dd6edcf]
   
 2011-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Make error strings translatable.        * plugins/sudoers/set_perms.c:
        [d1ff594f27b5] <1.8>        Make error strings translatable.
         [414c5c484768]
   
        * Only run configure with --with-pam-login for RHEL 5 and above.        * mkpkg:
        [2f1a0ff5230e] <1.8>        Only run configure with --with-pam-login for RHEL 5 and above.
         [6c16e4de4026]
   
        * Fix typo in summary        * sudo.pp:
        [1e1d7dcae9ab] <1.8>        Fix typo in summary
         [9ac618c9a749]
   
 2011-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add missing logwrap.c        * plugins/sudoers/logwrap.c:
        [abcd28c194d2] <1.8>        Add missing logwrap.c
         [c12a413ecc1d]
   
        * Split out log file word wrap code into its own file and add unit        * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
         plugins/sudoers/logging.h,
         plugins/sudoers/regress/logging/check_wrap.c,
         plugins/sudoers/regress/logging/check_wrap.in,
         plugins/sudoers/regress/logging/check_wrap.out.ok:
         Split out log file word wrap code into its own file and add unit
         tests. Fixes an off-by one in the word wrap when the log line          tests. Fixes an off-by one in the word wrap when the log line
         length matches loglinelen.          length matches loglinelen.
        [0ae1c7aa9ef1] <1.8>        [52ed277f6690]
   
 2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * For SuSE, only use /usr/lib64 as libexec if generating 64-bit        * mkpkg:
         For SuSE, only use /usr/lib64 as libexec if generating 64-bit
         binaries.          binaries.
        [4448fa1c639f] <1.8>        [645ab903cf77]
   
        * Fix build error when --without-noexec configure option is used.        * src/load_plugins.c, src/sudo.c:
        [f6bfd748ae45] <1.8>        Fix build error when --without-noexec configure option is used.
         [b994f7b0d8b4]
   
         * configure, configure.in:          * configure, configure.in:
         Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX          Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX
         5.3 and above.          5.3 and above.
        [9d957ae1840d] <1.8>        [c2a6f9b472f3]
   
 2011-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS, doc/UPGRADE:  
         Document group lookup change and possible side effects.  
         [fe4b2d2701b2] <1.8>  
   
 2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Resolve the list of gids passed in from the sudo frontend (the        * plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
         Resolve the list of gids passed in from the sudo frontend (the
         result of getgroups()) to names and store both the group names and          result of getgroups()) to names and store both the group names and
         ids in the sudo_user struct. When matching groups in the sudoers          ids in the sudo_user struct. When matching groups in the sudoers
         file, match based on the names in the groups list first and only do          file, match based on the names in the groups list first and only do
Line 637 Line 3000
         group name (as it is listed in sudoers) instead of id (which we          group name (as it is listed in sudoers) instead of id (which we
         would have to resolve) we save a lot of group lookups for sudoers          would have to resolve) we save a lot of group lookups for sudoers
         files with a lot of groups in them.          files with a lot of groups in them.
        [c10d208bd7e5] <1.8>        [8dc19353f148]
   
 2011-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * NEWS:  
         Update for 1.8.2rc5  
         [f6a3aa2edf7a] <1.8>  
   
 2011-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Workaround for "sudo -i command" and newer versions of bash which        * plugins/sudoers/sudoers.c:
         Workaround for "sudo -i command" and newer versions of bash which
         don't go into login mode when -c is specified unless -l is too.          don't go into login mode when -c is specified unless -l is too.
        [381e74d35006] <1.8>        [9393762b80f3]
   
 2011-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Rewrite logfile word wrapping code to be more straight-forward and        * plugins/sudoers/logging.c:
         Rewrite logfile word wrapping code to be more straight-forward and
         actually wrap at the correct place.          actually wrap at the correct place.
        [8a7862d6a82f] <1.8>        [f712a0c90f55]
   
 2011-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * NEWS:        * doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
        Fix typo        Set use_pty=true in command details when use_pty is set in sudoers.
        [2456ad2ad3e3] <1.8> 
 
        * NEWS: 
        Mention use_pty bug fix 
        [f4eab5193452] <1.8> 
 
        * Set use_pty=true in command details when use_pty is set in sudoers. 
         From Ludwig Nussel          From Ludwig Nussel
        [abaafc5793d9] <1.8>        [8d95a163dfc1]
   
 2011-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Sync Chinese (simplified) PO files from translationproject.org        * plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
        [a4cf84dd9ddf] <1.8>        src/po/zh_CN.mo, src/po/zh_CN.po:
         Sync Chinese (simplified) PO files from translationproject.org
         [acce8eb7be18]
   
 2011-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add Danish translation from translationproject.org and add missing        * MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
         plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
         Add Danish translation from translationproject.org and add missing
         Basque mo files.          Basque mo files.
        [672b88adcc34] <1.8>        [0c22bb21b9c4]
   
         * Makefile.in, configure, configure.in:          * Makefile.in, configure, configure.in:
         No longer need to specify LINGUAS in configure, "make install-nls"          No longer need to specify LINGUAS in configure, "make install-nls"
         now just installs all the .mo files it finds.          now just installs all the .mo files it finds.
        [c226a39ece48] <1.8>        [fcd45cf04885]
   
 2011-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Build CONTRIBUTORS from newly-added contributors.pod        * MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
        [b8871dd293ff] <1.8>        Build CONTRIBUTORS from newly-added contributors.pod
         [8b192f2720f4]
   
        * Rework the wording in the leading paragraph        * doc/CONTRIBUTORS:
        [d8b081dedeb3] <1.8>        Rework the wording in the leading paragraph
         [312044145cdd]
   
2011-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>2011-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add a CONTRIBUTORS file with the names of folks who have contributed        * MANIFEST, doc/CONTRIBUTORS:
         Add a CONTRIBUTORS file with the names of folks who have contributed
         code or patches to sudo since I started maintaining it (plus the          code or patches to sudo since I started maintaining it (plus the
         original authors).          original authors).
        [8b064e8996af] <1.8>        [b8bdd8b59528]
   
 2011-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Preserve SHELL variable for "sudo -s". Otherwise we can end up with        * plugins/sudoers/env.c:
         Preserve SHELL variable for "sudo -s". Otherwise we can end up with
         a situation where the SHELL variable and the actual shell being run          a situation where the SHELL variable and the actual shell being run
         do not match.          do not match.
        [8f5bb61a8b76] <1.8>        [b8b3974aee3e]
   
 2011-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Only enable Solaris project support when setproject() is present in          Only enable Solaris project support when setproject() is present in
         libproject.          libproject.
        [bf370ff3c194] <1.8>        [49ad7857ab89]
   
        * Explicitly set mode and owner of /etc/sudoers instead of relying on        * sudo.pp:
         Explicitly set mode and owner of /etc/sudoers instead of relying on
         "cp -p" to work in the postinstall script. On AIX 6.1 at least the          "cp -p" to work in the postinstall script. On AIX 6.1 at least the
         postinstall script runs before the final file permissions are set.          postinstall script runs before the final file permissions are set.
        [7a4a87405349] <1.8>        [e41ffc0212b2]
   
        * Refer the user to the "Command Environment" section in description2011-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * doc/sudo.pod, doc/sudoers.pod:
         Refer the user to the "Command Environment" section in description
         of sudo's -i option.          of sudo's -i option.
        [1a063eaf9670] <1.8>        [263cc3be7eef]
   
        * Fix typo        * doc/sudo.pod:
        [442c50370c44] <1.8>        Fix typo
         [35dfac450f4d]
   
        * If there is no old dependency for an object file, use the MANIFEST2011-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * mkdep.pl:
         If there is no old dependency for an object file, use the MANIFEST
         to find its source.          to find its source.
        [d95c77ad283f] <1.8>        [d15e3b9899f9]
   
        * Remove dependency for getgrouplist.lo as we don't ship that source        * compat/Makefile.in:
         Remove dependency for getgrouplist.lo as we don't ship that source
         file.          file.
        [bbede77e6256] <1.8>        [312a6d5fe6b0]
   
        * Do not declare yyparse() static as the actual function generated by2011-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
         Do not declare yyparse() static as the actual function generated by
         yacc is extern.          yacc is extern.
        [8e615bd15a4c] <1.8>        [9017b79dcf55]
   
   2011-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * Makefile.in:          * Makefile.in:
         Remove locale files in "make uninstall"          Remove locale files in "make uninstall"
        [9791be90d5ac] <1.8>        [201ff261ecbe]
   
2011-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>        * configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
        plugins/sudoers/po/uk.po, src/po/eu.po:
        * configure.in: 
         Add Basque translation and sync Finish and Ukranian translations.          Add Basque translation and sync Finish and Ukranian translations.
        [64af34789164] <1.8>        [66d2c78c8a13]
   
         * NEWS:  
         Update PAM change to reflect latest checkin.  
         [657cddf2077a] <1.8>  
   
         * configure, configure.in:          * configure, configure.in:
         FreeBSD no longer needs the main sudo binary to link with -lpam now          FreeBSD no longer needs the main sudo binary to link with -lpam now
         that plug-ins are loaded with RTLD_GLOBAL.          that plug-ins are loaded with RTLD_GLOBAL.
        [573a6f4b29af] <1.8>        [96c710df2457]
   
        * Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes        * plugins/sudoers/group_plugin.c, src/load_plugins.c:
         Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
         problems with pam modules not having access to symbols provided by          problems with pam modules not having access to symbols provided by
         libpam on some platforms. Affects FreeBSD and SLES 10 at least.          libpam on some platforms. Affects FreeBSD and SLES 10 at least.
        [4ec864fdba46] <1.8>        [0d016983ec84]
   
         * Makefile.in:          * Makefile.in:
         Move xgettext invocation out of update-po target into update-pot          Move xgettext invocation out of update-po target into update-pot
        [421ac1a073ea] <1.8>        [19a73c6d017c]
   
 2011-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:          * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
         Regenerate .pot files for 1.8.2rc2          Regenerate .pot files for 1.8.2rc2
        [d2a891e3d3dd] <1.8>        [c3037f591dd8]
   
        * Makefile.in:        * Makefile.in, common/Makefile.in, compat/Makefile.in,
         doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
         src/Makefile.in, zlib/Makefile.in:
         Move nls targets to the top level Makefile so the paths in the pot          Move nls targets to the top level Makefile so the paths in the pot
         file are saner          file are saner
        [6c256cb77f78] <1.8>        [65b9285cd8d9]
   
        * NEWS:        * src/po/fi.mo:
        Update 1.8.2 news        Add compiled version of sudo Finish translation
        [17bd04278b04] <1.8>        [8f2405384ea3]
   
        * Add compiled version of sudo Finish translation        * MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
        [ff9d20a02aa0] <1.8>        Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
 
        * Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo 
         files          files
        [60c4f3b3829c] <1.8>        [a165e70fa9ec]
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/po/fi.po:
         Add Finish translation from translationproject.org          Add Finish translation from translationproject.org
        [ade788a35521] <1.8>        [4466f8a96ceb]
   
        * The group named by exempt_group should not have a % prefix.2011-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
        [1f74c691c1e1] <1.8> 
   
        * Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"        * doc/sudoers.pod:
        [58d36c0e76f9] <1.8>        The group named by exempt_group should not have a % prefix.
         [df084d6b32c8]
   
        * Fix compressed io log corruption in background mode by using _exit()2011-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * doc/sudoers.pod:
         Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
         [5113699a3f8b]
 
 2011-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * src/exec.c, src/exec_pty.c:
         Fix compressed io log corruption in background mode by using _exit()
         instead of exit() to avoid flushing buffers twice.          instead of exit() to avoid flushing buffers twice.
   
         Improved background mode support. When not allocating a pty, the          Improved background mode support. When not allocating a pty, the
         command is run in its own process group. This prevents write access          command is run in its own process group. This prevents write access
         to the tty. When running in a pty, stdin is not hooked up and we          to the tty. When running in a pty, stdin is not hooked up and we
         never read from /dev/tty, which results in similar behavior.          never read from /dev/tty, which results in similar behavior.
        [fe50d6a5c5b9] <1.8>        [87c15149894c]
   
2011-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>        * compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
        Clean up regress files Generate proper dependencies for regress objs
        * Clean up regress files Generate proper dependencies for regress objs 
         in compat          in compat
        [264196584549] <1.8>        [88bfc728c1e7]
   
        * Add missing dependency for check_fill.o.        * plugins/sudoers/Makefile.in:
        [c41f4e6ff078] <1.8>        Add missing dependency for check_fill.o.
         [0bd6362e3e17]
   
2011-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>2011-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Add support for --enable-nls[=location]          Add support for --enable-nls[=location]
        [0ea8e7bd1739] <1.8>        [b90db44a050f]
   
 2011-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Include gettext.h        * plugins/sudoers/linux_audit.c:
        [fe8bab6403c6] <1.8>        Include gettext.h
         [7f909a6e48cb]
   
        * Quiet gcc warnings.        * plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
        [aa16d09710a7] <1.8>        Quiet gcc warnings.
         [b41a6cdca583]
   
         * configure, configure.in:          * configure, configure.in:
         Don't install .mo files if gettext was not found.          Don't install .mo files if gettext was not found.
        [c6b233e829aa] <1.8>        [1397b34cc165]
   
 2011-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Always allocate a pty when running a command in the background but        * src/exec.c:
         Always allocate a pty when running a command in the background but
         call setsid() after forking to make sure we don't end up with a          call setsid() after forking to make sure we don't end up with a
         controlling tty.          controlling tty.
        [77c6b2923714] <1.8>        [b6454ba172e8]
   
        * Add missing space between command name and the first command line        * plugins/sudoers/iolog.c:
         Add missing space between command name and the first command line
         argument.          argument.
        [d0a36b9c0f38] <1.8>        [fe217f0a36d4]
   
        * Quiet a compiler warning on some platforms.        * plugins/sudoers/sudoreplay.c:
        [654e76cf0574] <1.8>        Quiet a compiler warning on some platforms.
         [de9f2849f236]
   
        * README file that directs people to translationproject.org        * plugins/sudoers/po/README, src/po/README:
        [5545e9a5ae37] <1.8>        README file that directs people to translationproject.org
         [30c0fc323281]
   
        * Sync translations with TP        * plugins/sudoers/po/uk.po, src/po/fi.po:
        [b054ce577022] <1.8>        Sync translations with TP
         [1d7d64559cba]
   
         * Makefile.in:          * Makefile.in:
         Add 'sync-po' target to top-level Makefile to rsync the po files          Add 'sync-po' target to top-level Makefile to rsync the po files
         from translationproject.org.          from translationproject.org.
        [87a5011b0410] <1.8>        [20508211aaa3]
   
        * install nls files from install target        * plugins/sudoers/Makefile.in:
        [a3feba9ef323] <1.8>        install nls files from install target
         [5fc07b6cab38]
   
        * Makefile.in:        * Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
         Include .mo files in sudo binary packags.          Include .mo files in sudo binary packags.
        [bc3ee7e7fb44] <1.8>        [278d4821a916]
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/po/zh_CN.mo,
         plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
         Add simplified chinese translation          Add simplified chinese translation
        [c22e6842c766] <1.8>        [2b33ffc755b9]
   
 2011-05-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/po/uk.mo,
         plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
         Add ukranian translation          Add ukranian translation
        [0bb9e6437f0f] <1.8>        [2d8102688e93]
   
        * refer to siglist.c, not ./siglist.c since not all makes will treat        * compat/Makefile.in:
         refer to siglist.c, not ./siglist.c since not all makes will treat
         foo and ./foo the same.          foo and ./foo the same.
        [909051ff6061] <1.8>        [6639d293ffba]
   
        * Set def_preserve_groups before searching for the command when the -P        * plugins/sudoers/sudoers.c:
         Set def_preserve_groups before searching for the command when the -P
         flag is specified.          flag is specified.
        [08e9378f50e4] <1.8>        [0edc7942f875]
   
        * Makefile.in:        * Makefile.in, compat/Makefile.in, mkdep.pl,
         plugins/sudoers/Makefile.in:
         Add dependency for siglist.lo in compat. This is a generated file          Add dependency for siglist.lo in compat. This is a generated file
         so "make depend" needs to depend on it.          so "make depend" needs to depend on it.
        [e6c0daf36af0] <1.8>        [28d0932f8b50]
   
        * More dependency fixes.        * compat/Makefile.in:
        [7fed03624689] <1.8>        More dependency fixes.
         [aad0d05cd020]
   
        * Fix a few dependencies.        * compat/Makefile.in:
        [7cb86c721961] <1.8>        Fix a few dependencies.
         [eb21aa35a032]
   
        * Place compiled mo files in the src dir, not the build dir. When        * plugins/sudoers/Makefile.in, src/Makefile.in:
         Place compiled mo files in the src dir, not the build dir. When
         installing compiled mo files, display a status message.          installing compiled mo files, display a status message.
        [b87aa18a9968] <1.8>        [e15634c29cd3]
   
 2011-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Tivoli Directory Server requires that seconds be present in a        * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
         Tivoli Directory Server requires that seconds be present in a
         timestamp, even though RFC 4517 states that they are optional.          timestamp, even though RFC 4517 states that they are optional.
        [47ebf110ea7a] <1.8>        [55fe23dd4ef9]
   
        * Add missing bit of copyright        * plugins/sudoers/sudo_nss.h:
        [d05d28a91bc4] <1.8>        Add missing bit of copyright
         [d2eba3c364ca]
   
        * Mention cycle detection warnings        * doc/visudo.pod:
        [ee8231aa1aed] <1.8>        Mention cycle detection warnings
         [a76bef15ab67]
   
        * When checking aliases, also check the contents of the alias in case        * plugins/sudoers/visudo.c:
         When checking aliases, also check the contents of the alias in case
         there are problems with an alias that is referenced inside another.          there are problems with an alias that is referenced inside another.
         Replace the self reference check with real alias cycle detection.          Replace the self reference check with real alias cycle detection.
        [abcfe1bc95d8] <1.8>        [a66c904cf53b]
   
        * Set errno to ELOOP in alias_find() if there is a cycle. Set errno to        * plugins/sudoers/alias.c:
         Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
         ENOENT in alias_find() and alias_remove() if the entry could not be          ENOENT in alias_find() and alias_remove() if the entry could not be
         found.          found.
        [e73d169f4e9b] <1.8>        [b4f0b89e433c]
   
        * Increment alias_seqno before calls to alias_remove_recursive() to        * plugins/sudoers/visudo.c:
         Increment alias_seqno before calls to alias_remove_recursive() to
         avoid false positives with the alias loop detection. Fixes spurious          avoid false positives with the alias loop detection. Fixes spurious
         warnings about unused aliases when they are nested.          warnings about unused aliases when they are nested.
        [ac094820ef19] <1.8>        [a344483b8193]
   
        * add mkdep.pl        * MANIFEST:
        [3721e9654ba6] <1.8>        add mkdep.pl
         [86b7ed33eab2]
   
        * Add dependency on convenience libs to binaries        * plugins/sudoers/Makefile.in:
        [8a4db8226dfe] <1.8>        Add dependency on convenience libs to binaries
         [cd3078b3c997]
   
         * Makefile.in:          * Makefile.in:
         mkdep.pl only works when run from the src dir          mkdep.pl only works when run from the src dir
        [2480427a0680] <1.8>        [f35a5e47c944]
   
        * Makefile.in:        * Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
         plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
         plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
         Auto-generate Makefile dependencies with a perl script.          Auto-generate Makefile dependencies with a perl script.
        [ef5f56907d97] <1.8>        [a3e4afcd7975]
   
 2011-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * If the user specifies a runas group via sudo's -g option that        * plugins/sudoers/match.c:
         If the user specifies a runas group via sudo's -g option that
         matches the runas user's group in the passwd database and that group          matches the runas user's group in the passwd database and that group
         is not denied in the Runas_Spec, allow it. Thus, if user root's gid          is not denied in the Runas_Spec, allow it. Thus, if user root's gid
         in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if          in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
         no groups are present in the Runas_Spec.          no groups are present in the Runas_Spec.
        [942e1e7c5090] <1.8>        [e3f9732dc564]
   
 2011-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * NEWS:        * plugins/sudoers/Makefile.in, src/Makefile.in:
        Mention what is new in 1.8.2 (for now)        Add dependencies on gettext.h
        [d44b26eceee5] <1.8>        [a3a9dc51f78b]
   
        * Add dependencies on gettext.h        * plugins/sudoers/Makefile.in, src/Makefile.in:
        [32c61c6af852] <1.8>        Fix install-nls target with HP-UX sh when gettext is not present.
         [0c6b9655cd41]
   
         * Fix install-nls target with HP-UX sh when gettext is not present.  
         [3441cece9638] <1.8>  
   
         * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,  
         doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,  
         doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,  
         doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:  
         Regen for sudo 1.8.2  
         [9ea124b542cc] <1.8>  
   
 2011-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:        * plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
         src/Makefile.in, src/po/sudo.pot:
         regenerate .pot files for lbuf changes          regenerate .pot files for lbuf changes
        [a8a9cc62c3a5] <1.8>        [918ded125a0b]
   
         * configure, configure.in:          * configure, configure.in:
         Add missing "checking" message for gettext when using the cache.          Add missing "checking" message for gettext when using the cache.
        [4136bc346576] <1.8>        [9c21187ad1d2]
   
        * Add primitive format string support to the lbuf code to make        * common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
         plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
         src/parse_args.c:
         Add primitive format string support to the lbuf code to make
         translations simpler.          translations simpler.
        [22fc74618d09] <1.8>        [ee71c7ef5299]
   
        * configure, configure.in, plugins/sudoers/po/sudoers.pot,        * MANIFEST, plugins/sudoers/Makefile.in,
        src/po/sudo.pot:        plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
        Bump version to 1.8.2        Add message catalog template files for sudo and the sudoers module.
        [999de1ac5b3e] <1.8>        [f3f8acb1f014]
   
        * Add message catalog template files for sudo and the sudoers module.        * MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
        [6afad75e7afa] <1.8>        config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
        plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
        * configure.in:        plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
         src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
         Add gettext.h convenience header. This is similar to but distinct          Add gettext.h convenience header. This is similar to but distinct
         from the one included with the gettext package.          from the one included with the gettext package.
        [5ae5a86e0d06] <1.8>        [930a0591f73c]
   
   2011-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Add checks for nroff -c and -Tascii flags          Add checks for nroff -c and -Tascii flags
        [580c21905280] <1.8>        [19ca990b3149]
   
         * configure, configure.in:          * configure, configure.in:
         Add check for HP bundled C Compiler (which cannot create shared          Add check for HP bundled C Compiler (which cannot create shared
         libs)          libs)
        [34f616cbb0f3] <1.8>        [517716a7072d]
   
        * Fix C format warnings.        * plugins/sudoers/sudoreplay.c:
        [f20a43a817f0] <1.8>        Fix C format warnings.
         [6514326013fa]
   
        * Add __printflike        * include/error.h:
        [76bf8a4bf075] <1.8>        Add __printflike
         [e1749a30a406]
   
        * Translate help / usage strings.        * plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
        [16c5b7902d4c] <1.8>        plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
         plugins/sudoers/visudo.c, src/parse_args.c:
         Translate help / usage strings.
         [ee1cc9b1a8bd]
   
        * Set --msgid-bugs-address to the bugzilla url        * plugins/sudoers/Makefile.in, src/Makefile.in:
        [3e3cfa7b4ceb] <1.8>        Set --msgid-bugs-address to the bugzilla url
         [5a0aa250ca21]
   
        * INSTALL, Makefile.in, README, configure, configure.in:        * Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
         configure.in, doc/Makefile.in, include/Makefile.in,
         plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
         plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
         Add scaffolding to update .po files and install .mo files.          Add scaffolding to update .po files and install .mo files.
        [a51e60b35e47] <1.8>        [f05f4eed1fe1]
   
        * Minor warning/error cleanup        * doc/license.pod:
        [593144ac87ff] <1.8>        update copyright year
         [fa0c62523875]
   
        * configure.in:        * INSTALL, README:
         No need to include version number at the top of these files.
         [9f2981325351]
 
 2011-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
         plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
         plugins/sudoers/visudo.c:
         Minor warning/error cleanup
         [9236dc85aeab]
 
         * config.h.in, configure.in:
         Emulate ngettext for the non-nls case          Emulate ngettext for the non-nls case
        [7cdf82de4dee] <1.8>        [13571d63fa36]
   
        * Do not mark untranslatable strings for translation        * plugins/sudoers/ldap.c:
        [088271ed02d0] <1.8>        Do not mark untranslatable strings for translation
         [735f5d4413fe]
   
        * Use ROOT_UID not 0.        * plugins/sudoers/check.c:
        [f901fa2fdaf2] <1.8>        Use ROOT_UID not 0.
         [09a268db8da4]
   
        * Minor warning/error message cleanup        * plugins/sudoers/check.c, plugins/sudoers/iolog.c,
        [b99c7ef46236] <1.8>        plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
         src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
         Minor warning/error message cleanup
         [3c7b1a7939b5]
   
        * cannot -> "unable to" in warning/error messages can't -> "unable to"        * plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
        in warning/error messages        plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
        [5119140fabc7] <1.8>        plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
         src/exec_pty.c, src/net_ifs.c, src/selinux.c:
         cannot -> "unable to" in warning/error messages
         [31c3897649e9]
   
           * plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
           src/sudo.c, src/utmp.c:
           can't -> "unable to" in warning/error messages
           [127b75f15291]
   
         * configure, configure.in:          * configure, configure.in:
         FreeBSD needs the main sudo executable to link with -lpam when          FreeBSD needs the main sudo executable to link with -lpam when
         loading dynaic pam modules for some reason.          loading dynaic pam modules for some reason.
        [738b6778a505] <1.8>        [944522cc9bef]
   
        * We don't want to translate debugging messages.2011-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
        [357a575c2dfd] <1.8> 
   
        * configure, configure.in:        * plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
         We don't want to translate debugging messages.
         [56a1a365815a]
 
         * configure, configure.in, plugins/sudoers/Makefile.in,
         plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
         src/Makefile.in, src/sesh.c, src/sudo.c:
         Add calls to bindtextdomain() and textdomain() Currently there are          Add calls to bindtextdomain() and textdomain() Currently there are
         two domains, one for the sudo front-end and one for the sudoers          two domains, one for the sudo front-end and one for the sudoers
         plugin and its associated utilities.          plugin and its associated utilities.
        [907f39439d80] <1.8>        [0426138f789e]
   
         * configure, configure.in:          * configure, configure.in:
         Fix caching of libc gettext check.          Fix caching of libc gettext check.
        [e229c21f412f] <1.8>        [942142d2c43a]
   
        * Mark defaults descriptions for translation        * plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
        [65e03d1f8203] <1.8>        plugins/sudoers/mkdefaults:
         Mark defaults descriptions for translation
         [5b27f018e6cf]
   
         * NEWS:          * NEWS:
         Update for sudo 1.8.1p2          Update for sudo 1.8.1p2
        [89c31f2aa11e] <1.8>        [747c4dee2ca7]
   
        * Quiet compiler warning when SELinux is enabled.2011-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
        [51b1d7c8aa86] <1.8> 
   
        * dd missing includes of libintl.h.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [25662143d36d] <1.8>        Quiet compiler warning when SELinux is enabled.
         [1fbf77dda240]
   
        * Fix gettext marker.        * plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
        [7618856ba5de] <1.8>        src/error.c, src/net_ifs.c, src/sesh.c:
         Add missing includes of libintl.h.
         [bc1d66316082]
   
        * Include libint.h where needed.        * plugins/sudoers/auth/pam.c:
        [cc256b297b9d] <1.8>        Fix gettext marker.
         [a5cf4ed66c66]
   
        * Prepare sudoers module messages for translation.        * common/aix.c, common/alloc.c, compat/strsignal.c,
        [1b7f0bbaa55f] <1.8>        plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
         Include libint.h where needed.
         [2b0e5a663c7b]
   
        * Only check gid of sudoers file if it is group-readable.        * plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
        [f3cae943f35a] <1.8>        plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
         plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
         plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
         plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
         plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
         plugins/sudoers/defaults.c, plugins/sudoers/env.c,
         plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
         plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
         plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
         plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
         plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
         plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
         plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
         plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
         plugins/sudoers/toke.c, plugins/sudoers/toke.l,
         plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
         Prepare sudoers module messages for translation.
         [7212ae1909c5]
   
        * For AIX, keep calling authenticate() until reenter reaches 0.        * plugins/sudoers/sudoers.c:
        [e412676bac73] <1.8>        Only check gid of sudoers file if it is group-readable.
         [50e3bc0cb242]
   
           * plugins/sudoers/auth/aix_auth.c:
           For AIX, keep calling authenticate() until reenter reaches 0.
           [e240815b74b1]
   
   2011-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Cache the status of the initial gettext() check.          Cache the status of the initial gettext() check.
        [c32281768c0f] <1.8>        [32751ebe1704]
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Add --disable-nls flag and improve checks for gettext.          Add --disable-nls flag and improve checks for gettext.
        [b39674c1e538] <1.8>        [c7e6b17052de]
   
         * configure, configure.in:          * configure, configure.in:
         When building with gcc on HP-UX, use -march=1.1 to produce portable          When building with gcc on HP-UX, use -march=1.1 to produce portable
         binaries on a pa-risc2 host. Previously, the +Dportable option was          binaries on a pa-risc2 host. Previously, the +Dportable option was
         used for the HP-UX C compiler but gcc always produced native          used for the HP-UX C compiler but gcc always produced native
         binaries.          binaries.
        [41351c23ad41] <1.8>        [8f4c749324d7]
   
        * Prepare sudo front end messages for translation.2011-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
        [7807d6f74dac] <1.8> 
   
        * configure, configure.in:        * common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
        Add initial scaffolding to support localization via gettext()        src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
        [cdbbff7e6376] <1.8>        src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
         src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
         Prepare sudo front end messages for translation.
         [2fc2fabceccb]
   
 2011-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * doc/license.pod:  
         update copyright year  
         [d681661f03cc] <1.8>  
   
         * INSTALL, README:  
         No need to include version number at the top of these files.  
         [7e11f673f773] <1.8>  
   
         * README:  
         This is sudo 1.8.1 not 1.8.0  
         [4d674f230d8a] <1.8>  
   
 2011-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't let the fnmatch/glob macros expand the function prototype.        * config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
        [d449e9a8f447] <1.8>        Add initial scaffolding to support localization via gettext()
         [7d47b59fcf95]
   
           * compat/fnmatch.h, compat/glob.h:
           Don't let the fnmatch/glob macros expand the function prototype.
           [a9014aa0288e]
   
 2011-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Resolve namespace collisions on HP-UX ia64 and possibly others by        * compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
         Resolve namespace collisions on HP-UX ia64 and possibly others by
         adding a rpl_ prefix to our fnmatch and glob replacements and          adding a rpl_ prefix to our fnmatch and glob replacements and
         #defining rpl_foo to foo in the header files.          #defining rpl_foo to foo in the header files.
        [d23889375b21] <1.8>        [caa9b690a15d]
   
 2011-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Split ALL, ROLE and TYPE into their own actions. Since you can only        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Split ALL, ROLE and TYPE into their own actions. Since you can only
         have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in          have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
         the non-SELinux case. This is safe because the actions are in one          the non-SELinux case. This is safe because the actions are in one
         big switch() statement.          big switch() statement.
        [0bd9b7e37ab1] <1.8>        [7473fc2cfa2c]
   
        * Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [8dec97b359e0] <1.8>        Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
         [9be3480c2865]
   
        * askpass moved from sudoers to sudo.conf in sudo 1.8.02011-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
        [1001d87d82ed] <1.8> 
   
        * Remove obsolete warning about runas_default and ordering. Move        * doc/UPGRADE, doc/sudoers.pod:
         askpass moved from sudoers to sudo.conf in sudo 1.8.0
         [b2c2956cec4e]
 
         * doc/sudoers.pod:
         Remove obsolete warning about runas_default and ordering. Move
         syslog facility and priority lists into the section where the          syslog facility and priority lists into the section where the
         relevant options are described.          relevant options are described.
        [1286b9624021] <1.8>        [e57b8dc3f779]
   
 2011-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix SIA support; we no longer have access to the real argc and argv        * plugins/sudoers/auth/sia.c:
         Fix SIA support; we no longer have access to the real argc and argv
         so allocate space for a fake one and use the argv passed to the          so allocate space for a fake one and use the argv passed to the
         plugin with "sudo" for argv[0].          plugin with "sudo" for argv[0].
        [7c11eeffb91c] <1.8>        [1c0552772ad2]
   
        * Remove useless realloc when trying to get the buffer size right.2011-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
        [58128e7f4e28] <1.8> 
   
        * Be explicit when setting euid to 0 before call to setreuid(0, 0)        * src/net_ifs.c:
        [95769a564ab8] <1.8>        Remove useless realloc when trying to get the buffer size right.
         [792225380a62]
   
           * plugins/sudoers/set_perms.c:
           Be explicit when setting euid to 0 before call to setreuid(0, 0)
           [7bfeb629fccb]
   
 2011-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * NEWS:  
         sudo 1.8.1p1 updates  
         [de3d688b5bb1] <1.8>  
   
         * configure, configure.in:          * configure, configure.in:
         Need to do checks for krb5_verify_user, krb5_init_secure_context and          Need to do checks for krb5_verify_user, krb5_init_secure_context and
        krb5_get_init_creds_opt_alloc regardless of whether or        krb5_get_init_creds_opt_alloc regardless of whether or not
        notkrb5-config is present.        krb5-config is present.
        [456c4a9cd5d6] <1.8>        [9d1b98ece1d3]
   
 2011-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Work around weird AIX saved uid semantics on setuid() and        * plugins/sudoers/set_perms.c:
         Work around weird AIX saved uid semantics on setuid() and
         setreuid(). On AIX, setuid() will only set the saved uid if the euid          setreuid(). On AIX, setuid() will only set the saved uid if the euid
         is already 0.          is already 0.
        [5d0a69e9d181] <1.8>        [069fc08150ca]
   
 2011-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * update copyright year        * sudo.pp:
        [fa8da6d55783] <1.8>        update copyright year
         [1c42d579ba6e]
   
        * Treat a missing includedir like an empty one and do not return an        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Treat a missing includedir like an empty one and do not return an
         error.          error.
        [5fd9fe004728] <1.8>        [92f71d8cbfd4]
   
 2011-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix ARCH setting in cross-compile Solaris packages.        * pp:
        [8ce40940f6c9] <1.8>        Fix ARCH setting in cross-compile Solaris packages.
         [b0de281cc889]
   
        * Fix aix version setting.        * sudo.pp:
        [02a9e25d46ba] <1.8>        Fix aix version setting.
         [98437dbfb085]
   
        * Remove extraneous parens in LDAP filter when sudoers_search_filter        * plugins/sudoers/ldap.c:
         Remove extraneous parens in LDAP filter when sudoers_search_filter
         is enabled that causes a search error. From Matthew Thomas.          is enabled that causes a search error. From Matthew Thomas.
        [b67be9b51ec6] <1.8>        [1d75bf1fc8d9]
   
 2011-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Correct sizeof() to fix test failure.        * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
        [a11b89fd13f9] <1.8>        Correct sizeof() to fix test failure.
         [fd2f7c0c0572]
   
        * "install" target should depend on "install-dirs". Fixes "make -j"        * plugins/sudoers/Makefile.in:
         "install" target should depend on "install-dirs". Fixes "make -j"
         problem and closes bz #487. From Chris Coleman.          problem and closes bz #487. From Chris Coleman.
        [06ab0558f848] <1.8>        [083902d38edb]
   
 2011-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>  
   
         * .hgtags:  
         Added tag SUDO_1_8_1 for changeset 0ed6281995f0  
         [543d41a163e9] <1.8>  
   
         * doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,  
         doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,  
         doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,  
         doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:  
         Regen man pages for 1.8.1  
         [0ed6281995f0] [SUDO_1_8_1] <1.8>  
   
 2011-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add HAVE_RFC1938_SKEYCHALLENGE        * config.h.in:
        [c0d7eb39799d] <1.8>        Add HAVE_RFC1938_SKEYCHALLENGE
         [a94cb33758a8]
   
 2011-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Mention plugin loading and libgcc changes        * NEWS:
        [b74929cba37c] <1.8>        Mention plugin loading and libgcc changes
         [e11b30b5026a]
   
        * Load plugins after parsing arguments and potentially printing the        * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
         Load plugins after parsing arguments and potentially printing the
         version. That way, an error loading or initializing a plugin          version. That way, an error loading or initializing a plugin
         doesn't break "sudo -h" or "sudo -V".          doesn't break "sudo -h" or "sudo -V".
        [c1ecb5979cf0] <1.8>        [1b76f2b096a2]
   
         * Makefile.in:          * Makefile.in:
         When using a sub-shell to invoke the sub-make, exec make instead of          When using a sub-shell to invoke the sub-make, exec make instead of
         running it inside the shell to avoid an extra process.          running it inside the shell to avoid an extra process.
        [9439f016c993] <1.8>        [fd2c04a71fbf]
   
        * Stop testing unspecified behavior in fnmatch Make glob test more        * compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
         Stop testing unspecified behavior in fnmatch Make glob test more
         portable          portable
        [87a91d76fbff] <1.8>        [229803093725]
   
        * No need to add current dir to include path and having it breaks the        * compat/Makefile.in:
         No need to add current dir to include path and having it breaks the
         test programs that expect to get the system glob.h and fnmatch.h          test programs that expect to get the system glob.h and fnmatch.h
        [3ae7f9e7b710] <1.8>        [68085f624be4]
   
        * configure, configure.in:        * INSTALL, configure, configure.in:
         Fix and document --with-plugindir; partially from Diego Elio Petteno          Fix and document --with-plugindir; partially from Diego Elio Petteno
        [0220a0c2606f] <1.8>        [07edc52ea89e]
   
        * Fix fnmatch and glob tests to not use hard-coded flag values in the        * compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
         compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
         compat/regress/glob/globtest.in:
         Fix fnmatch and glob tests to not use hard-coded flag values in the
         input file. Link test programs with libreplace so we get our          input file. Link test programs with libreplace so we get our
         replacement verions as needed.          replacement verions as needed.
        [66bab80241e0] <1.8>        [c2cca448f660]
   
         * Makefile.in:          * Makefile.in:
         If make in a subdir fails, fail the target in the upper level          If make in a subdir fails, fail the target in the upper level
         Makefile too. Adapted from a patch from Diego Elio Petteno          Makefile too. Adapted from a patch from Diego Elio Petteno
        [bc35b7813507] <1.8>        [76fc9a0d96fd]
   
        * configure, configure.in:        * configure, configure.in, plugins/sudoers/auth/rfc1938.c:
         Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also          Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
         has this. Adapted from a patch from Diego Elio Petteno          has this. Adapted from a patch from Diego Elio Petteno
        [bb6228f484b9] <1.8>        [a97279a59b93]
   
        * Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@        * plugins/sudoers/Makefile.in:
         Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
         directly.          directly.
        [47e6d5fadc6d] <1.8>        [47b884029b3b]
   
         * configure, configure.in:          * configure, configure.in:
         Fix warnings when -without-skey, --without-opie, --without-kerb4,          Fix warnings when -without-skey, --without-opie, --without-kerb4,
         --without-kerb5 or --without-SecurID were specified.          --without-kerb5 or --without-SecurID were specified.
        [1b75035dd129] <1.8>        [71ad150f4d24]
   
        * Add plugins/sudoers/sudoers_version.h        * MANIFEST:
        [1d470c6033ca] <1.8>        Add plugins/sudoers/sudoers_version.h
         [7423966de440]
   
        * configure, configure.in:        * configure, configure.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
         Back out the --with-libpath addition to SUDOERS_LDFLAGS since that          Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
         now include LDFLAGS in the sudoers Makefile.in. Add missing settng          now include LDFLAGS in the sudoers Makefile.in. Add missing settng
         of @LDFLAGS@ in plugin Makefile.in files.          of @LDFLAGS@ in plugin Makefile.in files.
        [dd237f43aa12] <1.8>        [b835826f889c]
   
 2011-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Mention %#gid support in User_List and Runas_List        * NEWS:
        [37e259b9181b] <1.8>        Mention %#gid support in User_List and Runas_List
         [5a983dff017a]
   
        * Keep track of sudoers grammar version and report it in the -V        * plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
         plugins/sudoers/visudo.c:
         Keep track of sudoers grammar version and report it in the -V
         output.          output.
        [0e0b891dd8a4] <1.8>        [52901a3c0296]
   
        * Add multiple inclusion guard        * plugins/sudoers/sudo_nss.h:
        [ec6884f51ea8] <1.8>        Add multiple inclusion guard
         [50853aed046e]
   
        * configure, configure.in:        * configure, configure.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
         The --with-libpath option now adds to SUDOERS_LDFLAGS as well as          The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
         LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and          LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
         set it to -Wc,-static-libgcc if not using GNU ld so we don't          set it to -Wc,-static-libgcc if not using GNU ld so we don't
         have a dependency on the shared libgcc in sudoers.so.          have a dependency on the shared libgcc in sudoers.so.
        [28d03f3eb0d2] <1.8>        [66ad8bc5e32d]
   
        * Fix typo; from Petr Uzel        * doc/sudoers.pod:
        [d19b9bd92bd3] <1.8>        Fix typo; from Petr Uzel
         [f9a7afd80892]
   
 2011-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * In dump-only mode, use "root" as the default username instead of        * plugins/sudoers/testsudoers.c:
         In dump-only mode, use "root" as the default username instead of
         "nobody" as the latter may not be available on all systems.          "nobody" as the latter may not be available on all systems.
        [b304111616dd] <1.8>        [0c48e6414337]
   
 2011-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Remove NewArgv/NewArgc, they are no longer needed.        * plugins/sudoers/testsudoers.c:
        [c0a36a42a68c] <1.8>        Remove NewArgv/NewArgc, they are no longer needed.
         [16e18f734c7e]
   
        * Fix setting of user_args        * plugins/sudoers/testsudoers.c:
        [529e79ea95d1] <1.8>        Fix setting of user_args
         [aa29e0d0a54a]
   
        * Add '!' token to lex tracing        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [aef295d428e7] <1.8>        Add '!' token to lex tracing
         [5227ad266235]
   
        * Use group bin in test, not wheel as most systems have the bin group        * plugins/sudoers/regress/testsudoers/test1.sh:
         Use group bin in test, not wheel as most systems have the bin group
         but the same is no longer true of wheel.          but the same is no longer true of wheel.
        [350347f09c1a] <1.8>        [718802b3b45e]
   
        * Avoid using pre or post increment in a parameter to a ctype(3)        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Avoid using pre or post increment in a parameter to a ctype(3)
         function as it might be a macro that causes the increment to happen          function as it might be a macro that causes the increment to happen
         more than once.          more than once.
        [8a94ebdd53b8] <1.8>        [78e281152c3a]
   
 2011-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Strip off the beta or release candidate version when building AIX        * sudo.pp:
         Strip off the beta or release candidate version when building AIX
         packages.          packages.
        [00ad950764e2] <1.8>        [28fe31668559]
   
         * configure, configure.in:          * configure, configure.in:
         We need to include OSDEFS in CFLAGS when doing the utmp/utmpx          We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
         structure checks for glibc which only has __e_termination visible          structure checks for glibc which only has __e_termination visible
         when _GNU_SOURCE is *not* defined.          when _GNU_SOURCE is *not* defined.
        [1d58420a4a4a] <1.8>        [59ae1698911f]
   
        * getuserattr(user, ...) will fall back to the "default" entry        * common/aix.c:
         getuserattr(user, ...) will fall back to the "default" entry
         automatically, there's no need to check "default" manually.          automatically, there's no need to check "default" manually.
        [cefffa82967d] <1.8>        [3c7a47a61fdb]
   
         * Document parser changes.  
         [5038238f60eb] <1.8>  
   
 2011-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Makefile.in:        * doc/UPGRADE:
         Document parser changes.
         [ec415503308d]
 
         * Makefile.in, common/Makefile.in, compat/Makefile.in,
         doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
         src/Makefile.in, zlib/Makefile.in:
         If there is an existing sudoers file, only install if it passes a          If there is an existing sudoers file, only install if it passes a
         syntax check.          syntax check.
        [b1e4c9c56fe0] <1.8>        [37427c73e8cb]
   
        * Add runasgroup support to testsudoers        * plugins/sudoers/regress/sudoers/test6.out.ok,
        [30838590e9de] <1.8>        plugins/sudoers/testsudoers.c:
         Add runasgroup support to testsudoers
         [047ea5571f33]
   
        * For "make check", keep going even if a test fails.        * plugins/sudoers/Makefile.in:
        [d3a72f67227e] <1.8>        For "make check", keep going even if a test fails.
         [ce6a0a73c372]
   
        * More useful exit codes:        * plugins/sudoers/testsudoers.c:
         More useful exit codes:
          * 0 - parsed OK and command matched.           * 0 - parsed OK and command matched.
          * 1 - parse error           * 1 - parse error
          * 2 - command not matched           * 2 - command not matched
          * 3 - command denied           * 3 - command denied
        [59301e0769cd] <1.8>        [1d2ce1361903]
   
        * Document %#gid, and %:#nonunix_gid syntax.        * doc/sudoers.pod:
        [39ee15af58e9] <1.8>        Document %#gid, and %:#nonunix_gid syntax.
         [492d4f9696c4]
   
        * Add support to user_in_group() for treating group names that begin        * plugins/sudoers/pwutil.c:
         Add support to user_in_group() for treating group names that begin
         with a '#' as gids.          with a '#' as gids.
        [0eb19980cf5f] <1.8>        [20240c94a134]
   
        * configure, configure.in:        * config.h.in, configure, configure.in, src/utmp.c:
         Add explicit check for struct utmpx.ut_exit.e_termination and struct          Add explicit check for struct utmpx.ut_exit.e_termination and struct
         utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update          utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
         ut_exit if we detect one or the other.          ut_exit if we detect one or the other.
        [ab5b665fc04b] <1.8>        [b4e8cab777e6]
   
 2011-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Add back missing #include of config.h        * plugins/sudoers/toke.c:
        [9c82bec81018] <1.8>        Add back missing #include of config.h
         [9ab3897a1b2e]
   
        * Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like        * plugins/sudoers/iolog_path.c,
         plugins/sudoers/regress/iolog_path/data:
         Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
         strftime() does.          strftime() does.
        [1ae630470f8a] <1.8>        [93395762cdcd]
   
        * Quote first argument to AC_DEFUN(); from Elan Ruusamae        * aclocal.m4:
        [c467e9e3b399] <1.8>        Quote first argument to AC_DEFUN(); from Elan Ruusamae
         [97f53ad31d77]
   
 2011-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * add new sudoers tests        * MANIFEST:
        [05f2a0924acc] <1.8>        add new sudoers tests
         [476af91b3da3]
   
        * Add test for a newline in the middle of a string when no line        * plugins/sudoers/regress/sudoers/test8.in,
         plugins/sudoers/regress/sudoers/test8.out.ok,
         plugins/sudoers/regress/sudoers/test8.toke.ok:
         Add test for a newline in the middle of a string when no line
         continuation character is used.          continuation character is used.
        [24b79be5822b] <1.8>        [de2394bc86ab]
   
        * Use bitwise AND instead of modulus to check for length being odd. A        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Use bitwise AND instead of modulus to check for length being odd. A
         newline in the middle of a string is an error unless a line          newline in the middle of a string is an error unless a line
         continuation character is used.          continuation character is used.
        [65c468599688] <1.8>        [bdb1d762a1d5]
   
        * Move lexer globals initialization into init_lexer.        * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
        [07a1171a1853] <1.8>        plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Move lexer globals initialization into init_lexer.
         [1ce62211aadb]
   
        * Fix a potential crash when a non-regular file is present in an        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Fix a potential crash when a non-regular file is present in an
         includedir. Fixes bz #452          includedir. Fixes bz #452
        [5057cb9516e4] <1.8>        [1586760c3525]
   
        * On some Linux systems, "uname -p" contains detailed processor info        * pp:
         On some Linux systems, "uname -p" contains detailed processor info
         so check "uname -m" first and then "uname -p" if needed. Recognize          so check "uname -m" first and then "uname -p" if needed. Recognize
         PLD Linux.          PLD Linux.
        [56226c84a060] <1.8>        [b8535cb9012e]
   
 2011-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't need all sudoers.h here.        * plugins/sudoers/redblack.c:
        [43b6ae5999c5] <1.8>        Don't need all sudoers.h here.
         [8c0929f42dab]
   
        * Print sudo version early, in case policy plugin init fails.        * src/sudo.c:
        [620f2d0ec4b1] <1.8>        Print sudo version early, in case policy plugin init fails.
         [47cddc4358bc]
   
 2011-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Update to match change in input.        * plugins/sudoers/regress/sudoers/test4.toke.ok:
        [69540f84721d] <1.8>        Update to match change in input.
         [4a3af8e68790]
   
        * Make an empty group or netgroup a syntax error.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [4b85bddc494e] <1.8>        Make an empty group or netgroup a syntax error.
         [66f51ddc2ff6]
   
        * An empty group or netgroup should be a syntax error.        * plugins/sudoers/regress/sudoers/test7.in,
        [6ec796972eff] <1.8>        plugins/sudoers/regress/sudoers/test7.out.ok,
         plugins/sudoers/regress/sudoers/test7.toke.ok:
         An empty group or netgroup should be a syntax error.
         [bd5bf1e2edce]
   
        * Check that uids work in per-user and per-runas Defaults Check that        * plugins/sudoers/regress/sudoers/test6.in,
         plugins/sudoers/regress/sudoers/test6.out.ok,
         plugins/sudoers/regress/sudoers/test6.toke.ok:
         Check that uids work in per-user and per-runas Defaults Check that
         uids and gids work in a Command_Spec          uids and gids work in a Command_Spec
        [68cf62353420] <1.8>        [c5e848e6082b]
   
        * Test empty string in User_Alias and Command_Spec        * plugins/sudoers/regress/sudoers/test5.in,
        [017d487c31be] <1.8>        plugins/sudoers/regress/sudoers/test5.out.ok,
         plugins/sudoers/regress/sudoers/test5.toke.ok:
         Test empty string in User_Alias and Command_Spec
         [3a084d777e03]
   
        * Allow a group ID in the User_Spec.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [37e0bf69c8d8] <1.8>        Allow a group ID in the User_Spec.
         [bc2859eb71dc]
   
         * Return an error for the empty string when a word is expected. Allow  
         an ID for per-user or per-runas Defaults.  
         [4c9020779582] <1.8>  
   
 2011-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix printing "User_Alias FOO = ALL"        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
        [97c9fd7caeb7] <1.8>        Return an error for the empty string when a word is expected. Allow
         an ID for per-user or per-runas Defaults.
         [915c259b00ff]
   
           * plugins/sudoers/testsudoers.c:
           Fix printing "User_Alias FOO = ALL"
           [ba58c3d548b3]
   
 2011-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Better error message about invalid -C argument        * src/parse_args.c:
        [2301e7a3835b] <1.8>        Better error message about invalid -C argument
         [c9a8d15bbf5d]
   
        * fix typo        * NEWS:
        [c5acde62a309] <1.8>        fix typo
         [cdcfbafed013]
   
        * Fix placement of equal size ('=') in user specification summary.        * doc/sudoers.pod:
        [4d0ffef77ae4] <1.8>        Fix placement of equal size ('=') in user specification summary.
         [5ad7178b230d]
   
 2011-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * update to match sudoers regress        * MANIFEST:
        [0efb8dc9092a] <1.8>        update to match sudoers regress
         [e04db0648717]
   
        * Restore ability to define TRACELEXER and have trace output go to        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Restore ability to define TRACELEXER and have trace output go to
         stderr.          stderr.
        [441c8b372217] <1.8>        [d9531e4d1b20]
   
        * Restore old behavior of setting sawspace = TRUE for command line        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Restore old behavior of setting sawspace = TRUE for command line
         args when a line continuation character is hit to avoid causing          args when a line continuation character is hit to avoid causing
         problems for existing sudoers files.          problems for existing sudoers files.
        [963ded6ce070] <1.8>        [fd930ad25550]
   
        * Add test for line continuation and aliases        * plugins/sudoers/regress/sudoers/test4.in,
        [5703d11a3c46] <1.8>        plugins/sudoers/regress/sudoers/test4.out.ok,
         plugins/sudoers/regress/sudoers/test4.toke.ok:
         Add test for line continuation and aliases
         [29ab538ca6bb]
   
        * Make test output line up nicely for parse vs. toke        * plugins/sudoers/Makefile.in:
        [15321ce2d7d9] <1.8>        Make test output line up nicely for parse vs. toke
         [257ef82c1434]
   
        * plugins/sudoers/regress/testsudoers/test1.ok,        * plugins/sudoers/Makefile.in,
         plugins/sudoers/regress/sudoers/test1.in,
         plugins/sudoers/regress/sudoers/test1.out.ok,
         plugins/sudoers/regress/sudoers/test1.toke.ok,
         plugins/sudoers/regress/sudoers/test2.in,
         plugins/sudoers/regress/sudoers/test2.out.ok,
         plugins/sudoers/regress/sudoers/test2.toke.ok,
         plugins/sudoers/regress/sudoers/test3.in,
         plugins/sudoers/regress/sudoers/test3.out.ok,
         plugins/sudoers/regress/sudoers/test3.toke.ok,
         plugins/sudoers/regress/testsudoers/test1.ok,
         plugins/sudoers/regress/testsudoers/test1.out.ok,
         plugins/sudoers/regress/testsudoers/test1.sh,
         plugins/sudoers/regress/testsudoers/test2.out,          plugins/sudoers/regress/testsudoers/test2.out,
         plugins/sudoers/regress/testsudoers/test2.sh,          plugins/sudoers/regress/testsudoers/test2.sh,
         plugins/sudoers/regress/testsudoers/test3.ok,          plugins/sudoers/regress/testsudoers/test3.ok,
Line 1511 Line 4077
         plugins/sudoers/regress/visudo/test1.sh:          plugins/sudoers/regress/visudo/test1.sh:
         Move parser tests to sudoers directory and test the tokenizer output          Move parser tests to sudoers directory and test the tokenizer output
         too.          too.
        [111c1ccda334] <1.8>        [44f529b3cdb6]
   
        * If we match a rule anchored to the beginning of a line after parsing        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         If we match a rule anchored to the beginning of a line after parsing
         a line continuation character, return an ERROR token. It would be          a line continuation character, return an ERROR token. It would be
         nicer to use REJECT instead but that substantially slows down the          nicer to use REJECT instead but that substantially slows down the
         lexer.          lexer.
        [67e54b14aa9d] <1.8>        [355478293f8c]
   
        * Move LEXTRACE macro to toke.h so we can use it in yyerror().        * plugins/sudoers/gram.c, plugins/sudoers/gram.y,
        [e6e04037deed] <1.8>        plugins/sudoers/toke.c, plugins/sudoers/toke.h,
         plugins/sudoers/toke.l:
         Move LEXTRACE macro to toke.h so we can use it in yyerror().
         [72ee7a06d3ca]
   
        * Make lex tracing settable at run-time in testsudoers via the -t2011-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
         plugins/sudoers/toke.l:
         Make lex tracing settable at run-time in testsudoers via the -t
         flag. Trace output goes to stderr. Will be used by regress tests          flag. Trace output goes to stderr. Will be used by regress tests
         to check lexer.          to check lexer.
        [a973f43cc0c2] <1.8>        [93bd53c413c8]
   
        * Allow whitespace after the modifier in a Defaults entry. E.g.        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Allow whitespace after the modifier in a Defaults entry. E.g.
         "Defaults: username set_home"          "Defaults: username set_home"
        [bf876c9fc5bb] <1.8>        [9dfcf8dd8a3a]
   
 2011-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Don't set CC when cross-compiling.        * mkpkg:
        [d3c33dcb02f2] <1.8>        Don't set CC when cross-compiling.
         [4b95b0c04e1c]
   
        * Credit Matthew Thomas for the sudoers_search_filter changes.        * NEWS:
        [2209b80664af] <1.8>        Credit Matthew Thomas for the sudoers_search_filter changes.
         [a65998ab09f7]
   
        * Add the .sym files to the MANIFEST        * MANIFEST:
        [bb452b28a009] <1.8>        Add the .sym files to the MANIFEST
         [f599225cc861]
   
        * Update for sudo 1.8.1 beta        * NEWS:
        [700d42d80e00] <1.8>        Update for sudo 1.8.1 beta
         [71021e854c49]
   
        * user_shell -> run_shell to avoid confusion with the user's SHELL        * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
         user_shell -> run_shell to avoid confusion with the user's SHELL
         variable.          variable.
        [451b96d5f97e] <1.8>        [dc0ac6dafc21]
   
        * Save the controlling tty process group before suspending in pty        * src/exec_pty.c:
         Save the controlling tty process group before suspending in pty
         mode. Previously, we assumed that the child pgrp == child pid          mode. Previously, we assumed that the child pgrp == child pid
         (which is usually, but not always, the case).          (which is usually, but not always, the case).
        [b0841d861191] <1.8>        [10b2883b7875]
   
        * Add support for sudoers_search_filter setting in ldap.conf. This        * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
         Add support for sudoers_search_filter setting in ldap.conf. This
         can be used to restrict the set of records returned by the LDAP          can be used to restrict the set of records returned by the LDAP
         query.          query.
        [70c5f496e2b3] <1.8>        [b0f1b721d102]
   
 2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
         Remove the hack to disable -g in CFLAGS unless --with-devel          Remove the hack to disable -g in CFLAGS unless --with-devel
        [9459839f50ba] <1.8>        [89822cf84ef4]
   
        * The '@' character does not normally need to be quoted.        * doc/sudoers.pod:
        [e66c4c64e514] <1.8>        The '@' character does not normally need to be quoted.
         [7823f5ed829a]
   
        * We normaly transition from GOTDEFS to STARTDEFS on whitespace, but        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
         if that whitespace is followed by a comma, we want to treat it as          if that whitespace is followed by a comma, we want to treat it as
         part of a list and not transition.          part of a list and not transition.
        [52ae2df9959d] <1.8>        [1ca6943e1824]
   
        * Add check for whitespace when a User_List is used for a per-user        * plugins/sudoers/regress/testsudoers/test3.ok,
         plugins/sudoers/regress/testsudoers/test3.sh:
         Add check for whitespace when a User_List is used for a per-user
         Defaults entry.          Defaults entry.
        [44a4db95be86] <1.8>        [91f75e6dd19a]
   
        * Expand quoted name checks to cover recent fixes.        * plugins/sudoers/regress/testsudoers/test2.out,
        [bd494b5c2bed] <1.8>        plugins/sudoers/regress/testsudoers/test2.sh:
         Expand quoted name checks to cover recent fixes.
         [ce4f76bca146]
   
        * Fix parsing of double-quoted names in Defaults and Aliases which was        * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         Fix parsing of double-quoted names in Defaultd and Aliases which was
         broken in 601d97ea8792.          broken in 601d97ea8792.
        [dfdd58c3eb3b] <1.8>        [424b0d6c1dc4]
   
        * toke_util.c lives in $(srcdir) not $(devdir)        * plugins/sudoers/Makefile.in:
        [94f8f024782e] <1.8>        toke_util.c lives in $(srcdir) not $(devdir)
         [94866bebee83]
   
 2011-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * configure, configure.in:          * configure, configure.in:
        Update version to 1.8.1        Change trunk version to 1.8.x to distinguish from real 1.8.0.
        [531a7d520f18] <1.8>        [a9781e61d064]
   
        * Document major changes in 1.8.1 and add upgrade notes.        * NEWS, doc/UPGRADE:
        [116821646140] <1.8>        Document major changes in 1.8.1 and add upgrade notes.
         [f2cf51b0d9ce]
   
        * Be careful not to deref user_stat if it is NULL. This cannot        * plugins/sudoers/match.c:
         Be careful not to deref user_stat if it is NULL. This cannot
         currently happen in sudo but might in other programs using the          currently happen in sudo but might in other programs using the
         parser.          parser.
        [d72a9c7151c4] <1.8>        [06a2334dd674]
   
        * configure will not add -O2 to CFLAGS if it is already defined to add        * mkpkg:
         configure will not add -O2 to CFLAGS if it is already defined to add
         -O2 to the CFLAGS we pass in when PIE is being used.          -O2 to the CFLAGS we pass in when PIE is being used.
        [2c7fe82be93d] <1.8>        [1ce6481ece59]
   
        * Warn about the dangers of log_input and mention iolog_file and        * doc/sudoers.pod:
         Warn about the dangers of log_input and mention iolog_file and
         iolog_dir in the log_input and log_output descriptions.          iolog_dir in the log_input and log_output descriptions.
        [edc6aa59aa45] <1.8>        [ae854ffb0768]
   
        * sync with git version        * pp:
        [b121cf739c77] <1.8>        sync with git version
         [a993e39ce3cb]
   
        * It seems that h comes after i        * doc/sudoers.pod:
        [99ad15015f05] <1.8>        It seems that h comes after i
         [0f621109220d]
   
        * Move log_input and log_output to their proper, sorted, location.        * doc/sudoers.pod:
         Move log_input and log_output to their proper, sorted, location.
         Document set_utmp and utmp_runas.          Document set_utmp and utmp_runas.
        [216ce8b0ae1a] <1.8>        [273b234b9c34]
   
        * Save the controlling tty process group before suspending so we can        * src/exec.c:
         Save the controlling tty process group before suspending so we can
         restore it when we resume. Fixes job control problems on Linux          restore it when we resume. Fixes job control problems on Linux
         caused by the previous attemp to fix resuming a shell when I/O          caused by the previous attemp to fix resuming a shell when I/O
         logging not enabled.          logging not enabled.
        [dfe038f733be] <1.8>        [f03a660315ee]
   
        * Fix printing of the remainder after a newline. Fixes "sudo -l"        * common/lbuf.c:
         Fix printing of the remainder after a newline. Fixes "sudo -l"
         output corruption that could occur in some cases.          output corruption that could occur in some cases.
        [ab2f0a629e0d] <1.8>        [25d83fb501fc]
   
        * Add support for ut_exit2011-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
        [7039ec6a73fa] <1.8> 
   
        * Add support for controlling whether utmp is updated and which user        * config.h.in, configure, configure.in, src/exec_pty.c,
         src/sudo_exec.h, src/utmp.c:
         Add support for ut_exit
         [b574c13f1bba]
 
         * doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
         plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
         plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
         src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
         Add support for controlling whether utmp is updated and which user
         is listed in the entry.          is listed in the entry.
        [1b008ce71eab] <1.8>        [44a81632133f]
   
        * Fix typo; tupple vs. tuple        * plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
        [67bb5c67ae3d] <1.8>        plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
         plugins/sudoers/parse.c:
         Fix typo; tupple vs. tuple
         [697744acb710]
   
        * For legacy utmp, strip the /dev/ prefix before trying to determine        * src/utmp.c:
         For legacy utmp, strip the /dev/ prefix before trying to determine
         slot since the ttys file does not include the /dev/ prefix.          slot since the ttys file does not include the /dev/ prefix.
        [8f597114381d] <1.8>        [7ad5b81ff90c]
   
        * Add check for _PATH_UTMP        * aclocal.m4, configure, configure.in, pathnames.h.in:
        [fe7e2456f017] <1.8>        Add check for _PATH_UTMP
         [21e638029bfd]
   
        * Adapt check_iolog_path to sessid changes2011-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
        [3016201869b6] <1.8> 
   
        * Redo utmp handling. If no getutent()/getutxent() is available,        * plugins/sudoers/regress/iolog_path/check_iolog_path.c:
         Adapt check_iolog_path to sessid changes
         [728b5fe2be6f]
 
         * config.h.in, configure, configure.in, src/Makefile.in,
         src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
         Redo utmp handling. If no getutent()/getutxent() is available,
         assume a ttyslot-based utmp. If getttyent() is available, use that          assume a ttyslot-based utmp. If getttyent() is available, use that
         directly instead of ttyslot() so we don't have to do the stdin dup2          directly instead of ttyslot() so we don't have to do the stdin dup2
         dance.          dance.
        [817490c7c20e] <1.8>        [18aa455cd140]
   
        * Move utmp handling into utmp.c2011-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
        [e4729d9259e9] <1.8> 
   
        * Update copyright years.        * MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
        [1065afc00233] <1.8>        src/utmp.c:
         Move utmp handling into utmp.c
         [f6eae6c8e012]
   
2011-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>        * common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
         common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
         compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
         compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
         compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
         include/sudo_plugin.h, plugins/sample/sample_plugin.c,
         plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
         plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
         plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
         plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
         plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
         plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
         plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
         plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
         plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
         plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
         plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
         plugins/sudoers/logging.c, plugins/sudoers/parse.c,
         plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
         plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
         plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
         src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
         src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
         src/sudo_plugin_int.h, src/tgetpass.c:
         Update copyright years.
         [16aa39f9060a]
   
        * Add "user_shell" boolean as a way to indicate to the plugin that the        * doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h, src/parse_args.c:
         Add "user_shell" boolean as a way to indicate to the plugin that the
         -s flag was given.          -s flag was given.
        [6e8bc49b7ea7] <1.8>        [fb1ef0897b32]
   
        * Move sessid out of sudo_user.        * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
        [00d67d5ba894] <1.8>        plugins/sudoers/sudoers.h:
         Move sessid out of sudo_user.
         [ba298ddb57f4]
   
        * Log the TSID even if it is not a simple session ID.        * plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
        [490cf0adae29] <1.8>        plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h:
         Log the TSID even if it is not a simple session ID.
         [d7cc1b9c513c]
   
        * Document noexec in sample.sudo.conf and add back noexec_file section        * doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
         Document noexec in sample.sudo.conf and add back noexec_file section
         in sudoers with a note that it is deprecated.          in sudoers with a note that it is deprecated.
        [c7a2d8d0c563] <1.8>        [4a6e961e494d]
   
        * Fix running commands as non-root on systems where setreuid() changes        * plugins/sudoers/set_perms.c:
         Fix running commands as non-root on systems where setreuid() changes
         the saved uid based on the effective uid we are changing to.          the saved uid based on the effective uid we are changing to.
        [f3b27db56ba6] <1.8>        [df0769b71b34]
   
 2011-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Move noexec path into sudo.conf now that sudo itself handles noexec.        * plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
         src/sudo.h:
         Move noexec path into sudo.conf now that sudo itself handles noexec.
         Currently can be configured in sudoers too but is now undocumented          Currently can be configured in sudoers too but is now undocumented
         and will be removed in a future release.          and will be removed in a future release.
        [9c5f64709994] <1.8>        [6fa8befdc110]
   
        * Document "Path noexec ..." in sudo.conf. No longer document        * doc/sudo.pod, doc/sudoers.pod:
         Document "Path noexec ..." in sudo.conf. No longer document
         noexec_file in sudoers, it will be removed in a future release.          noexec_file in sudoers, it will be removed in a future release.
        [959fa6b5217b] <1.8>        [24eee3a0b3e5]
   
        * Move noexec handling to sudo front-end where it is documented as        * plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
         plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
         Move noexec handling to sudo front-end where it is documented as
         being.          being.
        [ef6cd4a40c61] <1.8>        [3ed4f10d7052]
   
        * Add support for disabling exec via solaris privileges. Includes        * config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
         src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
         src/sudo_exec.h:
         Add support for disabling exec via solaris privileges. Includes
         preparation for moving noexec support out of sudoers and into front          preparation for moving noexec support out of sudoers and into front
         end as documented.          end as documented.
        [d9c05ba9a24f] <1.8>        [dec843ed553e]
   
        * Only export the symbols corresponding to the plugin structs.        * plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
        [cb07af1d9b39] <1.8>        plugins/sample_group/Makefile.in,
         plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
         plugins/sudoers/sudoers.sym:
         Only export the symbols corresponding to the plugin structs.
         [8d8d03b0ca54]
   
        * Install plugins manually instead of using libtool. This works        * configure, configure.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
         Install plugins manually instead of using libtool. This works
         around a problem on AIX where libtool will install a .a file          around a problem on AIX where libtool will install a .a file
         containing the .so file instead of the .so file itself.          containing the .so file instead of the .so file itself.
        [1ccf5af58c05] <1.8>        [796971cfbddb]
   
         * Makefile.in:          * Makefile.in:
         Move check into its own rule since some versions of make will run          Move check into its own rule since some versions of make will run
         both targets as the default rule.          both targets as the default rule.
        [7159f37eb552] <1.8>        [34d759979176]
   
        * Update to libtool 2.2.10        * configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
        [9e49773b32b7] <1.8>        m4/ltversion.m4, m4/lt~obsolete.m4:
         Update to libtool 2.2.10
         [34c130de6af7]
   
        * In handle_signals(), restart the read() on EINTR to make sure we2011-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 
         * src/exec.c:
         In handle_signals(), restart the read() on EINTR to make sure we
         keep up with the signal pipe. Don't return -1 on EAGAIN, it just          keep up with the signal pipe. Don't return -1 on EAGAIN, it just
         means we have emptied the pipe.          means we have emptied the pipe.
        [dc2926097b2d] <1.8>        [d5b9c8eb9000]
   
        * Reorder functions to quiet a compiler warning.        * compat/mktemp.c:
        [5201367e5db4] <1.8>        Reorder functions to quiet a compiler warning.
         [c9e9a23729f0]
   
        * Use the Sun Studio C compiler on Solaris if possible        * mkpkg:
        [b8d43b423fb9] <1.8>        Use the Sun Studio C compiler on Solaris if possible
         [11a86e27891e]
   
 2011-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix default setting of osversion variable.        * mkpkg:
        [e12905851be5] <1.8>        Fix default setting of osversion variable.
         [52e49ca1cedd]
   
        * Make two login_class entris consistent.        * doc/sudo_plugin.pod:
        [0671d7b204be] <1.8>        Make two login_class entris consistent.
         [18ff1fa94a91]
   
        * Add support for adding a utmp entry when allocating a new pty.        * config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
         src/sudo_exec.h:
         Add support for adding a utmp entry when allocating a new pty.
         Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().          Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
         Currently only creates a new entry if the existing tty has a utmp          Currently only creates a new entry if the existing tty has a utmp
         entry.          entry.
        [40ff30099e79] <1.8>        [32db72b81d80]
   
        * Avoid pulling in headers we don't need on Linux For getutx?id(),        * plugins/sudoers/boottime.c:
         Avoid pulling in headers we don't need on Linux For getutx?id(),
         call setutx?ent() first and always call endutx?ent().          call setutx?ent() first and always call endutx?ent().
        [b86f7a13aae9] <1.8>        [5dad21e1ee1b]
   
        * Add some more libs to SUDOERS_LIBS instead of relying on them to be        * configure, configure.in:
         Add some more libs to SUDOERS_LIBS instead of relying on them to be
         pulled in by SUDO_LIBS.          pulled in by SUDO_LIBS.
        [bcbd16ec56c6] <1.8>        [18a7c21c09a7]
   
        * Fix return value of "sudo -l command" when command is not allowed,        * plugins/sudoers/sudoers.c:
         Fix return value of "sudo -l command" when command is not allowed,
         broken in [c7097ea22111]. The default return value is now TRUE and          broken in [c7097ea22111]. The default return value is now TRUE and
         a bad: label is used when permission is denied. Also fixed missing          a bad: label is used when permission is denied. Also fixed missing
         permissions restoration on certain errors. On error()/errorx(), the          permissions restoration on certain errors. On error()/errorx(), the
         password and group files are now closed before returning.          password and group files are now closed before returning.
        [757c941a47b2] <1.8>        [4f2d0e869ae5]
   
 2011-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix passing of login class back to sudo front end.        * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
        [5e649de6b7f5] <1.8>        Fix passing of login class back to sudo front end.
         [6f70a784ce48]
   
        * Add --osversion flag to specify OS instead of running "pp        * mkpkg:
         Add --osversion flag to specify OS instead of running "pp
         --probeonly"          --probeonly"
        [8a03943ac5e8] <1.8>        [a8efdccb7bc1]
   
        * Fix expr usage w/ GNU expr        * sudo.pp:
        [bdecfa1f54fc] <1.8>        Fix expr usage w/ GNU expr
         [48895599ee63]
   
 2011-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix exit value for validate and list mode.        * plugins/sudoers/sudoers.c:
        [6f8b20199935] <1.8>        Fix exit value for validate and list mode.
         [c7097ea22111]
   
        * Fix non-interactive mode with sudoers plugin.        * plugins/sudoers/sudoers.c:
        [cf5aca4fcbcf] <1.8>        Fix non-interactive mode with sudoers plugin.
         [172f29597bd2]
   
 2011-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * sudoreplay can now find IDs other than %{seq} and display the        * doc/sudoreplay.pod:
         sudoreplay can now find IDs other than %{seq} and display the
         session.          session.
        [60396b417633] <1.8>        [fc3dd3be67e9]
   
         * Add support for replaying sessions when iolog_file is set to  
         something other than %{seq}.  
         [1cd2baa74d56] <1.8>  
   
 2011-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * If we are killed by a signal, display the name of the signal that        * plugins/sudoers/sudoreplay.c:
         Add support for replaying sessions when iolog_file is set to
         something other than %{seq}.
         [ca3131243874]
 
         * plugins/sudoers/visudo.c:
         If we are killed by a signal, display the name of the signal that
         got us.          got us.
        [1b38c4d42282] <1.8>        [994bb76a990e]
   
        * Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS        * configure, configure.in:
         Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
         where they belong.          where they belong.
        [78e97a921104] <1.8>        [40f94b936fa4]
   
        * Fix bug in skey/opie check that could cause a shell warning.        * configure.in:
        [f20229a04f30] <1.8>        Fix bug in skey/opie check that could cause a shell warning.
         [83c043072be5]
   
        * No longer need sudo_getepw() stubs.        * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
        [795631ac7db0] <1.8>        No longer need sudo_getepw() stubs.
         [bbee15c36912]
   
 2011-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Fix exit value of "sudo -l command" in sudoers module.        * plugins/sudoers/sudo_nss.c:
        [4a05d6019b3d] <1.8>        Fix exit value of "sudo -l command" in sudoers module.
         [a6541867521b]
   
 2011-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
        * Use fgets() not fgetln() for portability.        * compat/regress/glob/globtest.c:
        [1f2050745096] <1.8>        Use fgets() not fgetln() for portability.
         [df1bb67fb168]
   
        * Don't use the beta or release candidate version as the rpm release.        * sudo.pp:
        [a5b049477646] <1.8>        Don't use the beta or release candidate version as the rpm release.
        [d661ef78021a]
2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com> 
 
        * Makefile.in: 
        Adjust ChangeLog rule now that 1.8 is branched 
        [a994ac361e44] <1.8> 
 
        * .hgtags: 
        Added tag SUDO_1_8_0 for changeset f6530d56f6ae 
        [99a2b3801419] <1.8> 
   
 2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   

Removed from v.1.1.1.1  
changed lines
  Added in v.1.1.1.2


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>