Diff for /embedaddon/sudo/ChangeLog between versions 1.1.1.3 and 1.1.1.5

version 1.1.1.3, 2012/10/09 09:29:52 version 1.1.1.5, 2013/10/14 07:56:33
Line 1 Line 1
   2013-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Include stddef.h for rsize_t and errno_t on systems that support it
           natively.
           [bc547d47e9c6]
   
           * MANIFEST:
           Fix braino.
           [67b79747312f]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
           Rebuild message catalog files.
           [0a9befb0674e]
   
           * src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
           src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
           src/po/vi.mo, src/po/zh_CN.mo:
           Rebuild message catalog files.
           [25191089ddf2]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
           Czech translation for sudo from translationproject.org.
           [8bc0ed069ddb]
   
   2013-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
           src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
           src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
           src/po/zh_CN.po:
           Sync with translationproject.org
           [c16f9bb4579e]
   
           * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Change "next" back to 2. In the context of "next Friday" we really
           do want the friday of the upcoming (not current) week.
           Unfortunately, this means that things like "next week" and "next
           year" will match one more than we really want. Fixing this will
           require some fairly major changes to the grammar.
           [7f863c930121]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Mention that relative times don't always do what you might expect.
           [710a9b0dd36f]
   
   2013-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add diacritical for Zdenek Behan.
           [78d333f88e6c]
   
   2013-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/regress/ttyname/check_ttyname.c:
           Do not fail if ttyname() cannot determine the tty but sudo can.
           Should fix problems with running "make check" under pbuilder.
           [e6fc06a6c5cf]
   
           * plugins/sudoers/Makefile.in:
           Remove extraneous $$CWD; from Bdale Garbee
           [4d040ddd7446]
   
   2013-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Make "this" and "next" qualifiers work a bit better. There is still
           room for improvement as "this week" will use the current time
           instead of the beginning of the week. That's a separate issue
           though.
           [e844c02f754a]
   
   2013-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c:
           Mark main() public to silence a warning on HP-UX.
           [ac0b869b9842]
   
   2013-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
           Be specific that we are talking about the Unix epoch; bug #615
           [25887775371b]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
           src/po/sudo.pot, src/selinux.c:
           Do not use "setup" as a verb; bug #614
           [17c4750aac5f]
   
           * plugins/sudoers/iolog.c:
           Fix logic goof when checking open() status.
           [76ece1445d71]
   
           * plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
           src/po/nl.po, src/po/ru.mo, src/po/ru.po:
           Sync with translationproject.org
           [21351498000f]
   
           * NEWS, plugins/sudoers/sudoreplay.c:
           Work around a bug in sudo 1.8.7 timing files where the indexes are
           off by two.
           [4aa0cd58af58]
   
           * MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
           plugins/sudoers/sudoreplay.c:
           Repair writing of the I/O log file indices broken in sudo 1.8.7.
           [6a5f867884f5]
   
   2013-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Try to improve the PAGERS noexec example a bit.
           [226f11118daa]
   
   2013-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Document comment character in ldap.conf Clarify what is and is not
           supported in TLS_KEYPW Mention that gsk8capicmd can be used to
           create a stash file
           [fb8f06ab4458]
   
   2013-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           New bugs fixed for 1.8.8.
           [c158df7cd9d2]
   
           * plugins/sudoers/visudo.c:
           Fix setting of quiet flag when -q / --quiet is specified. Do not
           print "sudoers: parsed OK" in quiet mode.
           [df55acd57ce6]
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
           src/po/fi.po, src/po/it.mo, src/po/it.po:
           Updated translations from translationproject.org
           [e9e8abd23a28]
   
           * plugins/sudoers/check.c:
           Don't allow root to change its SELinux role without a password. Bug
           #611
           [f8b599acb29d]
   
   2013-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention new Mac OS X symbol interposition.
           [98293b7c4e0f]
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
           src/po/eo.po, src/po/fr.mo, src/po/fr.po:
           Updated translations from translationproject.org
           [865be7454354]
   
           * config.h.in, configure, configure.in, src/sudo_noexec.c:
           Add configure checks for the exec functions we will dummy out. This
           is only really needed on Mac OS X when symbol interposition is being
           performed but won't hurt elsewhere.
           [49c20cf6bab0]
   
   2013-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in, src/Makefile.in,
           src/sudo_noexec.c:
           Fix installation of sudo_noexec on Mac OS X. Use library symbol
           interposition on Mac OS X 10.4 and higher so we don't need to set
           DYLD_FORCE_FLAT_NAMESPACE=1.
           [a82999dff8e6]
   
   2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Fix error display from ldap_ssl_client_init(). There are two error
           codes. The return value can be decoded via ldap_err2string() but
           the ssl reason code cannot (you have to look it up in a table
           online).
           [0267125ce9f0]
   
   2013-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Fix typo in tls_key example for Tivoli
           [36599f424ac4]
   
           * src/parse_args.c:
           Don't escape '$' when running "sudo -i command". Bug #564
           [17542d52f714]
   
           * plugins/sudoers/iolog_path.c:
           Fix typo in comment.
           [d0510ed5eaba]
   
           * plugins/sudoers/auth/pam.c:
           Fix comment.
           [4e89e0bfd6af]
   
           * plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
           Quiet some gcc -Wformat=2 false positives
           [28a2014b9822]
   
   2013-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Remove now-obsolete arg to env_merge()
           [ba015cf5d935]
   
           * plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
           src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           Updated translations from translationproject.org
           [72b6aeaba505]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
           French translation for sudo from translationproject.org.
           [a72321771860]
   
           * plugins/sudoers/logging.h:
           Add __printflike to audit_failure.
           [1686b3699d41]
   
           * include/missing.h:
           Use __nonnull__ attribute in __printflike.
           [d123613a1fb6]
   
   2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
           When merging the PAM environment, allow environment variables set in
           PAM to override ones set by sudo as long as they do not match the
           env_keep or env_check lists.
           [f3c64967fed7]
   
           * plugins/sudoers/auth/pam.c:
           Call pam_getenvlist() after we've opened the session to get the
           session-specific environment variables.
           [b413fb9e1c77]
   
   2013-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           option not flag
           [08c31af7b818]
   
           * compat/getopt_long.c, config.h.in, configure, configure.in:
           Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
           a check for optreset which is a BSD extension and provide a
           definition in getopt_long.c if it is not present.
           [3393e8d83400]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [f38f65830118]
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
           Use lower case for the long option arguments to match the manual.
           This is inconsistent with GNU but it is better to match the sudo
           documentation.
           [8fac2d64f5d2]
   
           * NEWS:
           Sudo 1.8.8
           [105c73752474]
   
           * src/parse_args.c:
           Use lower card for the long option arguments to match the manual.
           This is inconsistent with GNU but it is better to match the sudo
           documentation.
           [af243dd39850]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Describe how remote command execution can be implemented.
           [3eba7f93b7f6]
   
           * doc/sudoers.ldap.cat:
           Bump version.
           [0ee7f02f3627]
   
   2013-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Make it a fatal error if the plugin returns invalid or out of range
           command info.
           [8a7e56c7584a]
   
           * plugins/sudoers/policy.c:
           Use strtol() instead of atoi() and perform error checking of
           parameters passed from the sudo front-end.
           [05e05be3c6c4]
   
           * plugins/sudoers/auth/pam.c:
           It is not possible for auth to be NULL here.
           [771500e776e9]
   
           * plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Initialize user_runhost and user_srunhost to user_host and
           user_shost in visudo and testsudoers.
           [c47cca74e1fc]
   
           * MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
           common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
           common/list.c, common/sudo_conf.c, common/sudo_debug.c,
           compat/Makefile.in, compat/getopt_long.c, include/error.h,
           include/fatal.h, plugins/sudoers/Makefile.in,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
           src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
           Rename error.h -> fatal.h now that there is no error() function.
           [3a3827f10f04]
   
           * common/sudo_debug.c, include/sudo_debug.h:
           Add support to the debug subsystem for zero-length strings. This
           can happen for things like warning(NULL) or fatal(NULL) where we
           just want to log the errno string.
           [3ed739c5cc91]
   
           * include/error.h:
           Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
           [57e65ed595d2]
   
           * plugins/sudoers/audit.c:
           Need to include gettext.h for BSM audit.
           [a87fda2d0123]
   
           * common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
           src/parse_args.c, src/sudo.c:
           Change some fatalx(NULL) that should be fatal(NULL).
           [8b1efda9f578]
   
           * include/error.h, include/missing.h:
           Use __printf0like for warning() and fatal() since the fmt string may
           be NULL.
           [858a890f00ad]
   
           * compat/pw_dup.c:
           Quiet a gcc "used uninitialized in this function" false positive.
           [98f47f89ce60]
   
           * mkpkg:
           Enable bsm audit on Mac OS X and Solaris >= 11.
           [8607488f986c]
   
           * plugins/sudoers/bsm_audit.c:
           Fix compilation on Solaris 11.
           [01aa46298ed7]
   
           * plugins/sudoers/bsm_audit.c:
           Add missing missing.h
           [080de69a55a1]
   
           * plugins/sudoers/sudoers.c:
           Move the -C (user_closefrom) check until after set_cmnd() so that
           closefrom_override can be used in a command-specific Defaults line.
           Fixes bug #610 from Mengtao Sun.
           [413565c6ff6b]
   
   2013-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           If not using a pty and the child process gets SIGTTOU or SIGTTIN and
           sudo is the foreground process, make the child the foreground
           process and continue it.
           [5ff433443bc4]
   
           * src/sudo.c:
           If sudo is not setuid and was not invoked with a full path, look in
           the user's PATH for the sudo binary to give a better error message.
           [a740129a38f0]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudoers.h:
           Add limited support for "sudo -l -h other_host". Since group
           lookups are done on the local host, rules that use group membership
           may be incorrect if the group database is not synchronized between
           hosts.
           [2c8b222a5f7f]
   
           * src/parse_args.c:
           Fix parsing of "-h host" when used in conjunction with the -l flag.
           [62f3d726d52b]
   
           * configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
           doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
           doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
           src/sudo_usage.h.in:
           Simplify usage messages a bit and make --help output more closely
           resemble GNU usage wrt long options. Sync usage and man page
           SYNOPSYS sections and improve long options in the manual pages. Now
           that we have long options we don't need to give the mnemonic for the
           single-character options in the description.
           [17b7e386955a]
   
   2013-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           Fix setting of mailer argv[0] to basename of mailerpath. No need to
           strdup() mailerpath as it is not modified.
           [8843cdd958ee]
   
           * plugins/sudoers/logging.c:
           Make sure the mailer exists and is a regular file before trying to
           exec it.
           [b73d6214014f]
   
           * plugins/sudoers/timestamp.c:
           If tty_tickets are enabled but there is no tty, use a ticket file
           based on the parent pid.
           [75408bd61ced]
   
           * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
           Allow default plugin dir to be configured in sudo.conf.
           [478883594cc5]
   
           * doc/CONTRIBUTORS:
           UTF8 for Ruusamae, Elan; from Tae Wong
           [02e0c95b4fa6]
   
   2013-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/regress/sudo_conf/test5.in,
           common/regress/sudo_conf/test5.out.ok,
           common/regress/sudo_conf/test6.in,
           common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
           doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
           Don't allow max_groups to be set to zero, it just complicates things
           needlessly. Fixes an assertion in visudo when there is a group-
           based Defaults entry.
           [d62a8ea32db9]
   
   2013-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/gidlist.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
           src/sudo.h:
           Refactor code to parse list of gids into its own function that is
           shared by the sudo front-end and the sudoers module. Make uid/gid
           parse error be fatal, not just a warning.
           [da3b2b06605c]
   
           * common/atoid.c:
           Add function comment block.
           [09a324de716f]
   
           * common/atoid.c:
           Default text domain is now sudo, not sudoers.
           [1acb1da6f304]
   
           * common/Makefile.in:
           Update dependency for atoid.lo
           [5e367cd44288]
   
           * common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
           src/sudo.h:
           Add endpointer and separator args to atoid()
           [2077e4ed8578]
   
   2013-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c:
           Use private version of atoid() to avoid a dependency on libcommon.a
           (since that already depends on libreplace.a).
           [7c12d63b0560]
   
           * doc/CONTRIBUTORS:
           More UTF8 in names; from Tae Wong
           [512b263f51c8]
   
           * compat/getgrouplist.c, plugins/sudoers/iolog.c,
           plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
           Use atoid() in more places.
           [06f4ae57c707]
   
           * MANIFEST, common/Makefile.in, common/atoid.c,
           plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
           Move atoid() to common so it can be used in src and compat too.
           [095d730701e4]
   
           * compat/closefrom.c:
           Avoid a crash on Mac OS X 10.8 (at least) when we close
           libdispatch's fds out from under it before executing the command.
           Switch to just setting the close on exec flag instead.
           [349ebf4987df]
   
           * doc/CONTRIBUTORS:
           Convert to last, first for easier sorting and use UTF8 (including a
           BOM).
           [8c30d221bd75]
   
           * plugins/sudoers/atoid.c:
           Add atoid() function to convert a string to an id_t (uid, gid or
           pid). We have to be careful to choose() either strtol() or
           strtoul() depending on whether the string appears to be signed or
           unsigned. Always using strtoul() is unsafe on 64-bit platforms since
           the uid might be represented as a negative number and (unsigned
           long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
           Fixes a problem with uids larger than 0x7fffffff on 32-bit
           platforms.
           [5d818e399157]
   
           * MANIFEST, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h:
           Add atoid() function to convert a string to an id_t (uid, gid or
           pid). We have to be careful to choose() either strtol() or
           strtoul() depending on whether the string appears to be signed or
           unsigned. Always using strtoul() is unsafe on 64-bit platforms since
           the uid might be represented as a negative number and (unsigned
           long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.
           Fixes a problem with uids larger than 0x7fffffff on 32-bit
           platforms.
           [cd92246a710f]
   
           * plugins/sudoers/sudoers.c:
           Avoid "perm stack underflow" error when logging the unknown uid
           error.
           [871514c713b7]
   
           * plugins/sudoers/set_perms.c:
           In rewind_perms() there is nothing to do if perm_stack_depth == 0.
           [98de335f47f0]
   
   2013-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
           Add pam_setcred sudoers option to allow the user to control whether
           pam_setcred() is called on the user's behalf.
           [4260a8e43073]
   
           * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
           Add pam_service and pam_login_service sudoers settings to control
           the service name passed to pam_start.
           [5ea0e3588f3a]
   
           * mkpkg:
           Newer Xcode places the SDKs under Xcode.app
           [4b54379d5c45]
   
   2013-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/zero_bytes.c,
           compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
           configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
           mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
           plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
           plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
           src/tgetpass.c:
           Implement memset_s() and use it instead of zero_bytes(). A new
           constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
           max conversation reply length. This constant can be used as a max
           value for memset_s() when clearing passwords filled in by the
           conversation function.
           [264ec146028e]
   
   2013-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/system_group/Makefile.in:
           Do not try to install plugins when shared modules are disabled
           (sudoers already had the check).
           [3d582c042042]
   
           * plugins/sudoers/Makefile.in:
           Update dependencies to take into account compat/getopt.h and
           compat/dlfcn.h.
           [301fb31cd121]
   
           * src/Makefile.in:
           Update dependencies now that sudo_usage.h is always included from
           the build dir.
           [c1ff70ec9515]
   
   2013-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Add some warnings and debugging to sasl ccname handling.
           [467f415861f0]
   
           * plugins/sudoers/ldap.c:
           Fix write loop invariant in sudo_krb5_copy_cc_file()
           [6948cf6e9b9f]
   
   2013-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Strip off leading FILE: or WRFILE: prefix before trying to copy the
           user's credential cache.
           [56c16feab62f]
   
   2013-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
           just save RLIMIT_NPROC in exec_setup() before the final setuid() and
           restore it immediately after. We don't need to modify RLIMIT_NPROC
           for simple euid changes, just for changing the real (and saved) uids
           before we exec. This also means we no longer need to worry about
           _SC_CHILD_MAX returning -1. Bug #565
           [1372f1909039]
   
   2013-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c, src/preload.c:
           Now that the ldap code runs with the real and effective uid set to
           0, it is not possible for the gssapi libs to find the user's krb5
           credential cache file. To work around this, we make a temporary
           copy of the user's credential cache specified by KRB5CCNAME (opened
           with the user's effective uid) and point gssapi to it. To set the
           credential cache file name, we dynamically look up
           gss_krb5_ccache_name() and use it if available, otherwise fall back
           to setting KRB5CCNAME.
           [8b86c134541a]
   
   2013-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
           doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
           doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c:
           Long option support for visudo and sudoreplay.
           [91427968be71]
   
   2013-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
           src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
           Add support for long options and fix inclusion of sudo_usage.h with
           modern gcc broken in 8597:1fcb7ba13018.
           [d13134819944]
   
           * src/Makefile.in:
           Add rule to rebuild sudo_usage.h when the .in file changes.
           [59a32899e251]
   
           * compat/Makefile.in, mkdep.pl, src/Makefile.in:
           Add make rules for building getopt_long.c
           [5f57593b3a8b]
   
           * src/parse_args.c:
           Make "-h hostname" work. Optional args in GNU getopt() only work
           when there is no space between the option flag and the argument.
           [b8258659cabb]
   
   2013-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
           configure, configure.in, doc/LICENSE, src/parse_args.c:
           Use getopt_long() so we can make the -h flag take an optional
           argument. Includes a version for those without it.
           [d1dd66c8a86b]
   
   2013-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document that the -h option can be used specify a host name for
           future plugins.
           [8470c74cf326]
   
           * include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
           Overload -h option to specify an optional hostname for remote
           access. This is future-proofing; no policy plugins currently support
           this.
           [0e01d8c3c623]
   
           * configure, configure.in:
           Bump version to 1.8.8
           [a1155bfaa28f]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document the remote_host setting (-h host)
           [c737db906f5d]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           fix "the the"
           [0025464a3942]
   
           * src/parse_args.c, src/sudo.c, src/sudo.h:
           Do not error out if arg to -U option cannot be resolved, that is for
           the plugin to decide. There is no need for runas_user and
           runas_group to be global, make them local to parse_args() instead.
           [fb02a62a72ba]
   
           * MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
           plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
           src/po/pt_BR.mo, src/po/pt_BR.po:
           Sync with translationproject.org
           [e8f4772d918a]
   
   2013-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Remove old bits about sudo setuid problems that should have been
           cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
           sudo to 04755 to match current packaging.
           [1e3904cdc2de]
   
           * plugins/sudoers/auth/pam.c:
           Go back to ignoring the return value of pam_setcred() since with
           stacked PAM auth modules a failure from one module may override
           PAM_SUCCESS from another. If the first module in the stack fails,
           the others may be run (and succeed) but an error will be returned.
           This can cause a spurious warning on systems with non-local users
           (e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
           [b6022e26135a]
   
           * src/net_ifs.c:
           Remove unused variable.
           [93dde7d82fde]
   
           * NEWS:
           Fix typo
           [5ef79671c2c7]
   
   2013-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sssd.c:
           Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
           From Dan Harnett.
           [4a0af6f12765]
   
   2013-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Fix formatting typo; from Eric S. Raymond
           [058b533ba460]
   
   2013-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg:
           Use -gxcoff on aix so dbx can be used to debug sudo.
           [4950e019ed2d]
   
   2013-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
           Fix typo; bug 605
           [41f7b46a6e51]
   
   2013-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
           src/po/tr.mo:
           Regen .mo files that were out of date.
           [9e25a254f9db]
   
   2013-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * NEWS, configure, configure.in:          * NEWS, configure, configure.in:
           On Solaris 11 and higher, tag binaries for ASLR if supported by the
           linker.
           [a2a6cafa3e60]
   
           * mkpkg:
           No longer need to disable PIE on Solaris.
           [cf90019ae67e]
   
   2013-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
           Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
           OpenBSD also supports PIE but enables it by default so we don't need
           to do anything. This fixes problems on systems with a version of
           GNU ld that accepts -pie but where the run-time linker doesn't
           actually support PIE. Also verify that a trivial PIE binary works
           unless PIE is explicitly enabled.
           [3c5f125efeb1]
   
   2013-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * aclocal.m4, configure, configure.in:
           Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
           where we can end up crashing due to malloc() failures. Sems OK when
           Using Sun as and ld.
           [b8ba412102ab]
   
           * NEWS:
           Update with final changes.
           [78ff6d2ed47a]
   
   2013-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Add -fPIE to PIE_LDFLAGS as per gcc manual.
           [fe900cbb0780]
   
   2013-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in, compat/Makefile.in:
           Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
           [f84bc7482b78]
   
           * MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/regress/visudo/test4.out.ok,
           plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
           Replace sequence number-based cycle detection in visudo with a
           "used" flag in struct alias. The caller is required to call
           alias_put() when it is done with the alias. Inspired by a patch
           from Daniel Kopecek.
           [0bdbac1b3b39]
   
   2013-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Eliminate a few relocations related to sudoers_io.
           [18e9e2cc3367]
   
           * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
           Sync with translationproject.org
           [f38cc128a2ad]
   
   2013-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Clarify a comment.
           [7a045ee06e95]
   
   2013-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Handle d_type == DT_UNKNOWN when resolving the device to a name and
           sprinkle some more debugging.
           [8774133747d9]
   
   2013-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Add message about disabling PIE if sudo gets SIGSEGV.
           [c786af2a6751]
   
           * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
           No longer store the ctime of a devpts tty. The handling of ctime on
           devpts in Linux has been changed to conform to POSIX. As a result
           we can no longer assume that the ctime will stay unchanged
           throughout the life of the session. We store the session ID in the
           time stamp file so there is a much smaller chance of the time stamp
           file being reused by a new login. While here, store the uid/gid in
           the timestamp file too for good measure.
           [7028b21f7a9b]
   
           * configure, configure.in:
           PIE is broken on FreeBSD/arm
           [f232c60d6229]
   
           * mkpkg:
           Add explicit sendmail path for Linux since we may not have sendmail
           installed in the build chroot.
           [1ba2f84f4ff0]
   
   2013-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c, plugins/sudoers/iolog.c,
           plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
           Quiet a few -Wunused-result compiler warnings.
           [ef12afb61423]
   
   2013-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Mention what SHA-2 formats are supported.
           [bf298d0fdf8a]
   
           * doc/CONTRIBUTORS:
           List code and translations separately.
           [826547bc1295]
   
   2013-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
           Sync with translationproject.org
           [9499a6f438b8]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [cce449e284a6]
   
           * Makefile.in:
           Fix c-format for fatal/fatalx
           [4ad81d3faaeb]
   
   2013-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
           Change some error/errorx -> fatal/fatalx in comments and xgettext
           flags.
           [9d9b64fa2ec9]
   
           * NEWS:
           There is now a Turkish translation of sudoers.
           [701c5af6aa76]
   
           * MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
           Updated translations from translationproject.org including new
           Turkish translation.
           [9cedbb50d90f]
   
   2013-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document that sudoers will re-use existing I/O log paths unless they
           are mktemp-style with trailing X's.
           [4f43bd13d9e7]
   
           * NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
           Allow ldap_conf and ldap_secret to be specified as plugin arguments
           in sudo.conf
           [37c6c425b565]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           sudoers_debug is now deprecated in favor of the sudo debugging
           framework.
           [1195be1ec254]
   
           * plugins/sudoers/ldap.c:
           Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
           SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
           debug file with the ldap subsystem. The sudoers_debug setting in
           ldap.conf is still honored for now but will be removed in a future
           release.
           [cfa42b4b913e]
   
   2013-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers2ldif:
           Add support for converting sudoers files with SHA-2 command digests.
           [dc0d03485946]
   
           * doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
           plugins/sudoers/sudoers2ldif:
           Add copyright notice to scripts
           [5e8bd4e6083f]
   
           * MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
           plugins/sudoers/regress/sudoers/test14.out.ok,
           plugins/sudoers/regress/sudoers/test14.toke.ok:
           Add regress for SHA-2 digests.
           [0b258c2a2a95]
   
           * compat/getgrouplist.c:
           Solaris maps negative gids to GID_NOBODY.
           [57050e5c750f]
   
           * plugins/sudoers/visudo.c:
           Clear up an llvm checker warning which appears to be a false
           positive and fix an old XXX while I'm at it.
           [9ee13133e596]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
           doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Correct last change date
           [3bc1fa5b0f76]
   
           * plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
           No need to translate this error message.
           [4d9941970a26]
   
           * doc/UPGRADE:
           Mention .sl vs. .so extension handling on HP-UX Mention group
           membership changes Fix typos
           [40ac0efbdb2b]
   
           * aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
           common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
           common/setgroups.c, common/term.c, common/ttysize.c,
           compat/Makefile.in, compat/dlopen.c, compat/endian.h,
           compat/getline.c, compat/getprogname.c, compat/isblank.c,
           compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
           compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
           compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
           compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
           include/Makefile.in, include/alloc.h, include/fileops.h,
           include/gettext.h, include/lbuf.h, include/missing.h,
           include/sudo_plugin.h, pathnames.h.in,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
           plugins/sudoers/alias.c, plugins/sudoers/audit.c,
           plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
           plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
           plugins/sudoers/defaults.h, plugins/sudoers/env.c,
           plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
           plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
           plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
           plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
           plugins/sudoers/logging.h, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
           plugins/sudoers/redblack.h,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.h, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
           plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c, src/Makefile.in,
           src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
           src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
           src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
           src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
           src/utmp.c:
           Update copyright years.
           [5c6d72661bad]
   
           * plugins/sudoers/mon_systrace.h:
           Systrace support was removed long ago.
           [10a038a2da77]
   
   2013-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
           plugins/sudoers/regress/sudoers/test9.toke.out.ok:
           Remove some files that were mistakenly added.
           [833502da26de]
   
           * common/sudo_debug.c, config.h.in, configure, configure.in,
           plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
           plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
           Use time(&now) instead of now = time(NULL) when storing the current
           time in a time_t (better compiler error checking). Better parsing
           and printing of 64-bit time_t on 32-bit platforms.
           [c227dc72c04e]
   
   2013-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Don't check the tty of the parent process. Now that we get the
           controlling tty device number from the kernel there is no need. If
           the process has really disassociated from the tty then reporting
           "unknown" is appropriate.
           [62fb66e565db]
   
   2013-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/error.c:
           Use EXIT_FAILURE instead of 1 as the fatal() exit value.
           [ed94c2c5e88a]
   
           * src/sesh.c:
           Change remaining errorx -> fatalx
           [3f6d70e19303]
   
   2013-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
           error if the entry already exists in the cache.
           [94d45970400a]
   
           * plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
           Change "foo: failed" to just "foo" since we print the string form of
           errno. Gets rids of some useless translations.
           [476f37349dbc]
   
   2013-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/match.c:
           Fix pasto in debug_decl
           [08650186a239]
   
           * plugins/sudoers/Makefile.in:
           regen
           [acf4c34fba2c]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/parse.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
           Rename log_error() -> log_warning() for consistency with
           warning()/fatal()
           [474ed5a0e335]
   
           * plugins/sudoers/auth/API:
           The NO_EXIT flag was removed a while ago.
           [e0a4be270226]
   
           * common/aix.c, common/alloc.c, common/error.c, include/error.h,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
           plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
           src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
           src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
           src/utmp.c:
           Rename error/errorx -> fatal/fatalx and remove the exit value as it
           was always 1.
           [ea66f58c4da5]
   
           * NEWS:
           digests are supported in sudoers ldap too
           [77d6c25f7653]
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c:
           Print test failures to stdout like the final count so the outputis
           not displayed out of order.
           [f541b78ecb93]
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
           plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
           src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
           src/po/it.po, src/po/tr.po:
           Sync with translationproject.org
           [cbd70678b99f]
   
           * Makefile.in:
           Check for any uncommitted changes in dist target and add force-dist
           target that omit check-dist.
           [78dc3f41e37e]
   
   2013-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/regress/ttyname/check_ttyname.c:
           Fix logic bug when checking tty via ttyname().
           [279aee076194]
   
           * compat/endian.h:
           Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
           __BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
           [fe35e0b04502]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [0ddebccd3045]
   
           * NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
           doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document digest support.
           [d794c7b9a7bc]
   
           * MANIFEST, plugins/sudoers/Makefile.in,
           plugins/sudoers/regress/parser/check_base64.c:
           Simple bas64 decode unit test.
           [344b0df0fe50]
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.h:
           Move base64_decode into its own source file.
           [30497e7f88bc]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
           Only check year against 2038 if time_t is 32-bit.
           [9c1f2e3fc3ba]
   
   2013-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
           plugins/sudoers/sssd.c:
           Add digest support for sudoers in ldap and sss.
           [314937b5e59e]
   
           * INSTALL, configure, configure.in:
           Error out in configure if the compiler doesn't support "long long".
           [d3645c1d50d1]
   
           * plugins/sudoers/match.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l:
           Include stdint.h or inttypes.h before sha2.h
           [20ad1c20313d]
   
           * common/lbuf.c:
           Simplify lbuf append functions by moving the realloc code into
           lbuf_expand(). We now expand as needed each time bytes need to be
           written to the lbuf. Also handle a NULL pointer being passed in for
           paranoia's sake.
           [6283ee562ef4]
   
           * plugins/sudoers/iolog.c:
           Zero out struct iolog_details early to avoid a potential (though
           unlikely) dereference of stack garbage if we hit a fatal error
           before iolog_deserialize_info() is called.
           [2eeca8be05fb]
   
   2013-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Update copyright year.
           [b843c6a43238]
   
           * plugins/sudoers/sudoers_version.h:
           Bump SUDOERS_GRAMMAR_VERSION for new digest support.
           [188556fb8156]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.h,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Sanity check digest in parser so visudo can catch errors. Add base64
           support
           [b8586d5cc7ed]
   
           * MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
           For big endian architectures just use memcpy() instead of BE macros
           in a loop.
           [c71a0f4a8a8e]
   
   2013-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, config.h.in, configure, configure.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
           plugins/sudoers/gram.h, plugins/sudoers/gram.y,
           plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
           plugins/sudoers/match.c, plugins/sudoers/parse.h,
           plugins/sudoers/regress/parser/check_digest.c,
           plugins/sudoers/regress/parser/check_digest.out.ok,
           plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c:
           Initial implementation of checksum support in sudoers. Currently
           supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
           validation in parser and base64 support. checksum support for
           ldap sudoers
           [b8f196346eca]
   
   2013-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
           SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
           domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
           respectively.
           [7511d07c0a83]
   
   2013-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Add sudo 1.8.6p8
           [0666fd0321ae]
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
           Add missing "not" in error message when mixing standalone and non-
           standalone authentication methods.
           [7eba4439db73]
   
           * plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
           Check for crypt() returning NULL. Traditionally, crypt() never
           returned NULL but newer versions of eglibc have a crypt() that does.
           Bug #598
           [887b9df243df]
   
           * plugins/sudoers/auth/pam.c:
           Better PAM error messages
           [fd7eda53cdd7]
   
           * plugins/sudoers/auth/kerb5.c:
           Better error messages
           [98142874a2f4]
   
           * plugins/sudoers/bsm_audit.c:
           Use same error message for getauid() failure.
           [07f0d88cb1df]
   
           * plugins/sudoers/sssd.c:
           Start warning with a lower case letter for consistency and to match
           existing translated strings.
           [b719ac52c9e3]
   
   2013-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * mkpkg:
           Disable PIE on Solaris where it is not really supported.
           [c36c84cdcc7a]
   
           * src/ttyname.c:
           AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
           before we try to match it against st_rdev.
           [5dab449fb962]
   
           * src/ttyname.c:
           Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
           a problem finding the tty name when it is not in /dev/pts.
           [6c205d087fa0]
   
           * compat/snprintf.c:
           Support %lld and %llu
           [feabfa06c954]
   
           * .hgignore, MANIFEST, src/Makefile.in,
           src/regress/ttyname/check_ttyname.c:
           Add ttyname test.
           [e987038f8c07]
   
   2013-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
           src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
           src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
           src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
           Sync with translationproject.org
           [4d7b73b22079]
   
           * plugins/sudoers/timestamp.c:
           Log timestampfile to debug file.
           [e997281146c0]
   
           * plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
           Don't add the "Password: " string we look up in the PAM text domain
           to the sudoers.pot file.
           [771b52244abf]
   
   2013-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot:
           Synce with regcomp() error message change.
           [fc6d3dfb8eb8]
   
           * plugins/sudoers/sudoreplay.c:
           Be consistent with error message when regcomp() fails.
           [de6c69ba04e4]
   
   2013-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/testsudoers/test5.out.ok,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Use group -1 instead of 1 as the invalid group since the running
           user might have group 1 as their default group.
           [71404a9fa75d]
   
           * plugins/sudoers/Makefile.in:
           PWD may be a shell builtin, use CWD instead.
           [c443105c5091]
   
   2013-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           Split up check_user().
           [ce7cc0767589]
   
   2013-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure.in:
           Cosmetic fixes in the comments.
           [640abee43c14]
   
   2013-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
           message for visibility checks when the test fails.
           [99665477ee55]
   
           * config.h.in:
           regen
           [00c22606719a]
   
           * configure, configure.in:
           We no longer use mbr_check_membership() and setrlimit64() is AIX-
           specific.
           [43caf685a1f1]
   
           * Makefile.in:
           The first (all) target must be by itself or some makes will choose
           the run the entire target list.
           [16cf3def49f5]
   
           * configure, configure.in:
           Do exec_prefix expansion when enable_shared even if noexec is not
           enabled.
           [7ed28cb32d8d]
   
           * compat/getgrouplist.c:
           Use free() not efree() since we don't include alloc.h here
           [1a008737be24]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           regen
           [b939f941346f]
   
           * plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Pass in expected gid to testsudoers in addition to the uid that
           matches the test sudoers files.
           [6a1710e8cac1]
   
   2013-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Tru64 5.x does declare innetgr() and getdomainname().
           [c75598e69c7e]
   
           * plugins/sudoers/match.c:
           Fix compilation when getdomainame() is not present.
           [e831b017a962]
   
           * config.h.in, configure.in, include/missing.h:
           Move SET/CLR/ISSET from config.h.in to missing.h
           [3a3dd29fd7f0]
   
           * configure, configure.in:
           Fix getgrouplist() check.
           [12a2adf60e98]
   
           * MANIFEST:
           No more timestamp.h
           [5677e26afc0f]
   
           * plugins/sudoers/check.c:
           Neded sys/time.h for struct timeval in struct sudo_tty_info.
           [aceaadd8c400]
   
           * plugins/sudoers/Makefile.in:
           regen depends
           [21675a8b67e5]
   
           * NEWS:
           Mention libibmldap on HP-UX
           [75b4e4b22950]
   
           * NEWS, plugins/sudoers/match.c:
           Instead of checking the domain name explicitly for "(none)", just
           check for illegal characters.
           [ce35dda811db]
   
           * plugins/sudoers/visudo.c:
           Only warn once when we are unable to open the sudoers file.
           [9e27e3aa5b10]
   
           * plugins/sudoers/sudoers.c:
           Fall back to opening /dev/tty to determine whether there is a tty if
           the system doesn't have kernel support for determing the tty.
           [2775bcf9a9b5]
   
           * compat/getprogname.c:
           Update guard to take __progname into account
           [60eae3f20232]
   
           * compat/snprintf.c:
           Some older systems have inttypes.h but not stdint.h
           [ed1ef160015f]
   
           * compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
           compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
           compat/getline.c, compat/getprogname.c, compat/glob.c,
           compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
           compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
           compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
           compat/strsignal.c, compat/utimes.c:
           Add guards in compat source files. Not really needed since we only
           include them in the Makefile if they are needed but should not hurt
           either.
           [8cbd3b4595b9]
   
   2013-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Don't include gram.h in gram.y, its contents are already included.
           Move sudoerserror to the end of gram.y so COMMENT is declared when
           we need to use it.
           [7d72ebdd7222]
   
   2013-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure.in:
           Remove some pre-ANSI cruft.
           [6a95704b2116]
   
           * plugins/sudoers/match.c:
           Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
           when it is set.
           [da40c550ffed]
   
           * NEWS, plugins/sudoers/iolog_path.c:
           We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
           just leave it as-is.
           [9a22de140d28]
   
   2013-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Add missing semicolon in rule.
           [817d3f1b2a21]
   
           * plugins/sudoers/sudoers.c:
           Now that we can determine the terminal even when file descriptors
           are redirected we can check user_ttypath rather than opening
           /dev/tty when enforcing requiretty.
           [56a28bc09041]
   
           * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Stash umask in struct sudo_user so we don't need to look it up
           later.
           [9f85749199dc]
   
           * plugins/sudoers/sudoers.c:
           Minor cosmetic change
           [c373e106ed49]
   
           * plugins/sudoers/regress/parser/check_addr.c:
           No longer need to declare interfaces
           [d7ff7e579557]
   
           * plugins/sudoers/logging.c:
           Fix compilation in SUDOERS_NO_SEQ case
           [9a6db9247534]
   
           * plugins/sudoers/regress/parser/check_addr.c:
           No longer need to define sudo_printf
           [578ad13c3546]
   
           * plugins/sudoers/check.c, plugins/sudoers/check.h,
           plugins/sudoers/timestamp.c:
           Pass auth_pw to the timestamp functions.
           [f603649177d6]
   
           * plugins/sudoers/iolog_path.c:
           Fix SUDOERS_NO_SEQ
           [17881f9bcd68]
   
           * plugins/sudoers/locale.c:
           Don't need all of sudoers.h in here
           [c518150c6483]
   
           * plugins/sudoers/sudoers.c:
           Don't need to include sudoers_version.h here.
           [8abb31102119]
   
   2013-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c:
           DEFAULT_LECTURE is no longer used.
           [f565c00a68c1]
   
           * plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
           Move sudo_conv into policy.c
           [f699aee7136b]
   
           * plugins/sudoers/pwutil.c:
           cosmetic fixes
           [930e60389ca8]
   
           * plugins/sudoers/match.c:
           RHEL (and perhaps other Linux distros) use the string "(none)"
           instead of an empty string when there is no actual NIS-style domain
           name. Bug #596
           [11aec11489ac]
   
           * plugins/sudoers/match.c:
           Fix return values when NAME_MATCH is defined.
           [ce030be9ccef]
   
   2013-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
           Update copyright year.
           [7e4b8d49addd]
   
           * plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
           plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
           Add sudo_set_grlist(), currently unused by the back end.
           [b37ac1d0e8fc]
   
           * plugins/sudoers/pwutil.c:
           Remove unused macros, fix a debug_decl
           [6136fb4a0d3b]
   
           * include/missing.h:
           Tru64 Unix doesn't prototype innetgr() or getdomainname().
           [585ac1874dfe]
   
           * include/missing.h:
           Whitespace fixes
           [0bb28cd91d97]
   
           * common/error.c:
           Don't need to include setjmp.h here, error.h already includes it.
           [fd05ab00e186]
   
   2013-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in, plugins/sudoers/Makefile.in:
           regen depends
           [57991f5e16b4]
   
           * plugins/sudoers/check.h:
           Rename guard define.
           [ccf4dba241d6]
   
           * plugins/sudoers/check.c, plugins/sudoers/check.h,
           plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
           Move contents of timestamp.h into check.h.
           [c139757a9283]
   
           * plugins/sudoers/sudoers.h:
           expand_prompt() is now in prompt.c sudo_printf extern is now in
           error.h
           [219bd74ca62b]
   
           * plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
           plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
           plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
           plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
           plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
           plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
           plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
           plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
           plugins/sudoers/toke.h:
           Change multiple inclusion guards to be _SUDOERS_FOO_H
           [faace6d55e78]
   
   2013-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
           src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
           New Dutch translation for sudo and sudoers New Turkish translation
           for sudo From translationproject.org
           [bc918b7b23a4]
   
   2013-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.in:
           Fix a typo in a comment and make sure we don't mistakenly include
           _PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
           [694d12ac70ec]
   
   2013-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           Don't build check_symbols if we are linking sudoers in statically.
           [f6602723bab7]
   
           * configure, configure.in:
           Use $host_os not $host when we only care about the os name and
           version.
           [05e4f4fcba06]
   
           * aclocal.m4, configure, configure.in:
           Suppress duplicate -L and -I flags.
           [228f2f581aed]
   
           * common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
           Fix regress tests on non-OpenBSD platforms.
           [9d91bc859c50]
   
           * configure, configure.in:
           If we find sasl/sasl.h there's no need to check for sasl.h too
           [889efaa86012]
   
           * aclocal.m4, configure, configure.in:
           Add -R flags at the very end after configure link tests are done
           since we can only count on libtool to accept -R, the compiler front
           end may not. Also unify the libldap and libibmldap tests using
           AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
           libibmldap (but is not an explicit dependency).
           [ab1451894351]
   
   2013-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Back out changes that broke detection of skey, opie and ldap
           libraries.
           [ffa82b8f8641]
   
           * plugins/sudoers/regress/testsudoers/test1.sh,
           plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test4.sh,
           plugins/sudoers/regress/testsudoers/test5.sh,
           plugins/sudoers/regress/visudo/test1.sh,
           plugins/sudoers/regress/visudo/test2.sh,
           plugins/sudoers/regress/visudo/test3.sh:
           Add explicit "exit 0" to prevent the check target from ending
           prematurely.
           [cca411b492bd]
   
           * plugins/sudoers/Makefile.in:
           Fix exit values in check target so we don't have to ignore errors.
           [cbc429c409e9]
   
           * plugins/sudoers/Makefile.in:
           Fail a test if there is unexpected stderr output.
           [4fc24d536bec]
   
           * MANIFEST:
           Fix path to sudo.conf manuals; remove non-existant test2.err.ok
           [6b8bcd60dd85]
   
           * src/load_plugins.c:
           Fix compilation in dynamic mode.
           [679856fa0774]
   
           * configure, configure.in:
           On HP-UX, libibmldap has a hidden dependency on libCsup
           [22994709d77c]
   
           * compat/dlopen.c:
           Pass BIND_VERBOSE to shl_load()
           [0060b9cfa9ab]
   
           * configure, configure.in:
           Only create static helper libs when --disable-shared is specified.
           [1fcdb1a437e0]
   
           * src/load_plugins.c:
           Ubreak static build.
           [4ac9f96be285]
   
           * INSTALL, aclocal.m4, configure, configure.in:
           Replace --with-rpath and --with-blibpath with --disable-rpath. Now
           that we use libtool for linking we can just use the -R flag and have
           libtool translate it to the proper linker flag.
           [09798fad6888]
   
   2013-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Bump I/O buffer size 32K
           [4ef793225309]
   
   2013-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in:
           Document sesh Path setting.
           [34b0b903b4f8]
   
           * src/exec.c, src/exec_common.c:
           Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
           [06aa1956f38d]
   
           * common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
           src/selinux.c:
           Make sesh path configurable in sudo.conf
           [91d331f273b7]
   
           * configure, configure.in:
           Use -fno-pie and -nopie if supported when --disable-pie is
           specified.
           [777138c04dcc]
   
   2013-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document direct execution of the command if the policy plugin has no
           close function.
           [6a14145c6e80]
   
   2013-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/pam.c:
           Only delete creds if we actually established them. Print an error if
           pam_setcred() fails and we actually authenticated.
           [1e015314903b]
   
           * common/Makefile.in, plugins/group_file/Makefile.in:
           regen
           [dd8cee2a5e1b]
   
           * common/alloc.c, include/alloc.h:
           Convert efree() to a macro that just casts to void * and does
           free(). If the system free() can't handle free(NULL) this may crash
           but C89 was a long time ago.
           [efd0ff9270fb]
   
           * configure, configure.in:
           Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
           Fixes a problem with errno sometimes not being set on error on HP-
           UX.
           [54b419d58320]
   
           * common/sudo_debug.c:
           Fix debug logging from the plugin when there is no error number.
           This was broken in the big debugging reorg for 1.8.7.
           [2ea7e145e928]
   
   2013-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in, plugins/group_file/Makefile.in,
           plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
           plugins/system_group/Makefile.in, src/load_plugins.c:
           Always install plugins with a .so extension regardless of what
           extension the system uses for shared libraries. That way the
           group_plugin sudoers setting can be shared between heterogenous
           systems.
           [a7e6ecff6fdf]
   
           * plugins/sudoers/match.c:
           Mac OS X has netgroup functions in netdb.h.
           [243881a974aa]
   
           * plugins/sudoers/parse.h:
           Tags in struct cmndtag can be set to IMPLIED as well.
           [cb6926988cc8]
   
           * plugins/sudoers/parse.c:
           Quiet a compiler warning.
           [14e608c2001d]
   
           * plugins/sudoers/testsudoers.c:
           Quiet an llvm checker warning.
           [2eeb9f3d08f3]
   
           * plugins/sudoers/parse.c:
           Quiet gcc -Wuninitialized false positive
           [643ad987503d]
   
   2013-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in:
           Document group_file and system_group plugins.
           [b56511e79230]
   
           * NEWS:
           Sudo 1.8.7
           [e95183b8fa27]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Try to clarify that sudoedit in sudoers should not include a leading
           pathname.
           [7b2beac92a9c]
   
           * plugins/sudoers/pwutil_impl.c:
           Make sure groupname_len is at least 32 just to be on the safe side.
           It is better to allocate a little extra and not need it than to have
           to reallocate and start over.
           [6d3e1ba47de9]
   
           * include/alloc.h, include/missing.h:
           Add __malloc_like macro to apply __malloc__ attribute to emalloc,
           ecalloc and estrdup. It cannot be applied to realloc since that may
           return the same pointer.
           [8d70cb81d1f1]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Fix potential double free in an error path.
           [657573feb6a4]
   
           * src/exec_pty.c:
           When running the command in a pty, defer the call to exec_setup()
           until just before we exec the command. This is consistent with the
           non-pty path. As a side effect, the monitor process runs as root
           and not the runas user.
           [e2a7f8c7ee4c]
   
   2013-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/closefrom.c:
           Update copyright year.
           [9b652af4dfc0]
   
   2013-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/closefrom.c:
           Use pst_highestfd from pstat_getproc() on HP-UX.
           [09f3fea46a3d]
   
   2013-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, common/Makefile.in, doc/Makefile.in,
           plugins/sudoers/Makefile.in:
           Clean up generated test files and other minor housekeeping.
           [f5f4fdd908e1]
   
           * plugins/sudoers/iolog.c:
           Add back gettimeofday() call inadvertantly removed in e1abb9810a83
           [675cce8401ae]
   
           * config.h.in, configure, configure.in, src/ttyname.c:
           Use pstat() on HP-UX to determine the tty device.
           [2884af22a9df]
   
           * plugins/sudoers/auth/pam.c:
           Fix PAM compilation: def_pam_session, not just pam_session.
           [5417d7acc6ea]
   
           * doc/fixmdoc.sh:
           Don't remove the -S option description when trimming out selinux.
           Bug #592
           [8a94f2cfa0a0]
   
   2013-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Update for Sudo 1.8.6p7
           [0858a73e9c40]
   
   2013-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Document when sudo may exec the command directly instead of forking.
           [da41951edc28]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document that close and version be NULL for plugin API >= 1.3 and
           that sudo may execute the command directly if there is no close, or
           pty or timeout needed.
           [e5f929ddeaf8]
   
           * plugins/sudoers/auth/sudo_auth.c:
           Fix debug_decl for sudo_auth_begin_session and
           sudo_auth_end_session.
           [58243392c0df]
   
           * configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
           Add pam_session sudoers option.
           [d994465db9f1]
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h:
           Dummy out close function if there is no end_session for the auth
           method and the front-end can handle a NULL close function. Avoids
           the extra sudo process when we don't actually need it.
           [74886d5b0fb6]
   
   2013-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, aclocal.m4:
           Add m4/ to paths m4_include parameters so we don't need to use
           autoconf's -I flag.
           [4fd86e7a84f3]
   
           * src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
           src/sudo_plugin_int.h:
           If the policy plugin does not provide a close function, there is no
           command timeout and no pty is required, skip the event loop and just
           exec the command directly.
           [ad532f107170]
   
           * src/sudo.c:
           Do not crash if the plugin close and version functions are not
           defined. If there is no policy close function, simply print a
           warning that the command was not found.
           [c789a9dd54e8]
   
   2013-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c:
           Fix typos in selinux/solaris privs specific code.
           [9af3999361b4]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, src/parse_args.c:
           Pass the default plugin directory to the plugin via the settings
           list. Could be used by a stacking plugin.
           [688e771fc145]
   
           * plugins/sudoers/timestamp.c:
           Completely ignore time stamp file if it is set to the epoch,
           regardless of what gettimeofday() returns.
           [df58842af660]
   
           * doc/CONTRIBUTORS:
           Add Nikolai Kondrashov
           [df59791438f9]
   
           * plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
           Use userpw_matches() for username matching so #uid works for
           sudoRunAsUser.
           [a124062334df]
   
           * plugins/sudoers/sssd.c:
           Avoid calling realloc3() with a zero size parameter when all
           retrieved sssd rules fail. Otherwise we'll get a run-time error due
           to malloc(0) checking.
           [84dfcb73ebd7]
   
           * plugins/sudoers/sssd.c:
           Do not send error mail if a user is not found in SSSD. Local users
           can run sudo too. From Nikolai Kondrashov
           [3d2ae99ee468]
   
   2013-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/regress/sudo_conf/test4.in,
           common/regress/sudo_conf/test4.out.ok:
           Test setting disable_coredump to illegal value.
           [3c71c6c49027]
   
           * common/sudo_conf.c:
           Fix atobool() usage.
           [d40c9f4d06b0]
   
           * common/regress/sudo_conf/conf_test.c:
           Remove unused variable.
           [328b524b365b]
   
           * plugins/sudoers/sudoers.c:
           Make "sudo -l non_existent_command" warn that non_existent_command
           doesn't exist, not the "list" pseudo-command.
           [9dc0388fc4f3]
   
           * plugins/sudoers/parse.c:
           Make sudoers file long list output better match the format used by
           ldap sudoers. Tags are now converted to options and there is a
           single command per line.
           [6e6dc3f20d84]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Use the correct the sudoers policy symbol names and undo an editor
           goof committed when adding max_groups to sudo.conf.
           [2a6f7ddf5cc3]
   
           * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
           For "sudo -l" start a new line if the runas list changes to make the
           output easier to read.
           [7dc3d724c924]
   
   2013-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
           For "sudo -l" and "sudo -ll" only print the runas info for
           subsequent commands in a list if the runas info has changed. If we
           have new runas info, print out the tags again so as to be less
           confusing to the user. For "sudo -ll" set the line continuation
           indent to 8.
           [b5ec02fe7fc1]
   
   2013-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
           doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
           plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
           plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
           plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
           plugins/sample_group/sample_group.c,
           plugins/sample_group/sample_group.exp:
           Rename sample_group plugin to group_file. Install group_file and
           system_group plugins by default.
           [951b3e446fae]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h:
           Add maxseq sudoers option to limit the max number of I/O log files.
           [e1abb9810a83]
   
   2013-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Log lines and columns in the iolog file.
           [03adb6230e05]
   
   2013-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_conf/test1.in,
           common/regress/sudo_conf/test1.out.ok,
           common/regress/sudo_conf/test2.in,
           common/regress/sudo_conf/test2.out.ok,
           common/regress/sudo_conf/test3.in,
           common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
           include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
           src/sudo.c:
           Add simple regress tests for sudo.conf parsing.
           [3c36b61bf61c]
   
           * src/sudo.c:
           Always display the I/O plugin version as long as its open functions
           doesn't return an error. Previously it was only displayed if the
           plugin open returned 1.
           [4b0277db3f8c]
   
           * plugins/sudoers/pwutil_impl.c:
           Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
           of poking around in struct utmpx.
           [2c0cc5c42958]
   
           * plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
           #include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
           build directory and not the src dir when using a separate build
           directory.
           [1fcb7ba13018]
   
   2013-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/fileops.c:
           If a line was longer that 0x80000000 the bit hack to round to the
           next power of two would roll over to zero.
           [f4f729cf6f0f]
   
           * plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
           plugins/sudoers/sudoers.h, src/sudo.c:
           Use max_groups in front-end and plugin.
           [bf1e74166831]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, src/parse_args.c:
           Pass max_groups to plugin in settings list.
           [d7d76e8651f4]
   
           * common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h:
           Add max_groups setting to sudo.conf (currently unused) and remove
           unused return value from setters.
           [f6494f71e1f0]
   
   2013-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL:
           Reorganize configure options
           [23475de8039f]
   
   2013-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Add Sudo 1.8.6p7
           [5192fc511cbe]
   
   2013-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL.configure:
           Sync with autoconf 2.68
           [985e5c8efa4e]
   
           * INSTALL, README:
           Remove obsolete OS notes and move build requirements to INSTALL.
           [bf0dd53ca164]
   
   2013-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Sort elements of the settings, user_info and command_info lists.
           [663062ada5b7]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Remove trailing white space
           [027916a6c8e7]
   
           * plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
           Store the session ID in the tty ticket file too. A tty may only be
           in one session at a time so if the session ID doesn't match we
           ignore the ticket.
           [4eb2cb8df48b]
   
   2013-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoers.c, src/sudo.c:
           Move tzset() call from sudoers plugin to sudo front end.
           [3c058dad8772]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
           doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Mention line continuation
           [399873f8c805]
   
           * MANIFEST, common/Makefile.in, common/fileops.c,
           common/regress/sudo_parseln/parseln_test.c,
           common/regress/sudo_parseln/test1.in,
           common/regress/sudo_parseln/test1.out.ok,
           common/regress/sudo_parseln/test2.in,
           common/regress/sudo_parseln/test2.out.ok,
           common/regress/sudo_parseln/test3.in,
           common/regress/sudo_parseln/test3.out.ok,
           common/regress/sudo_parseln/test4.in,
           common/regress/sudo_parseln/test4.out.ok,
           common/regress/sudo_parseln/test5.in,
           common/regress/sudo_parseln/test5.out.ok,
           common/regress/sudo_parseln/test6.in,
           common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
           include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
           plugins/sudoers/sudo_nss.c:
           Add line continuation support to sudo_parseln() and make it use
           getline() instead of fgets() internally.
           [d02bf3973fc5]
   
   2013-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sample/sample_plugin.c:
           Fix memory leak in error path; found by llvm checker
           [d090c26a5b00]
   
           * plugins/sudoers/sudoreplay.c:
           Remove useless store detected by llvm checker.
           [12a4db91651a]
   
           * configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
           src/load_plugins.c, sudo.pp:
           Sudo now stores its libexec files in a "sudo" subdirectory instead
           of in libexec itself. For backwards compatibility, if the plugin is
           not found in the default plugin directory, sudo will check the
           parent directory default directory ends in "/sudo".
           [5de67de76489]
   
           * plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
           plugins/system_group/system_group.c:
           Add missing __dso_public to plugin structs so they are exported.
           [dde703577621]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
           Mention that sudoers has its own plugins too.
           [0a6c6203b512]
   
   2013-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
           Correct last change date.
           [45894291d792]
   
           * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in:
           Remove duplicated sudo.conf info in the sudo, sudoers and
           sudo_plugin manuals and cross-reference the new sudo.conf manual.
           [b808ba29cf3a]
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
           Fix typos
           [0e70964150c6]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Fix some typos.
           [94ae045cfbc6]
   
           * MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in:
           Add standalone sudo.conf manual page.
           [d64d949b700c]
   
           * doc/sample.sudo.conf:
           add group_source example
           [118c1ba1c014]
   
           * configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
           doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
           doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
           [f5bd6006dc1c]
   
           * plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
           src/po/it.po:
           Sync with translationproject.org
           [a6f2b9aac371]
   
   2013-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
           src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
           src/po/vi.po:
           Sync with translationproject.org
           [ba546666969d]
   
   2013-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
           plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
           src/po/es.po, src/po/gl.po:
           Sync with translationproject.org
           [cdc454e34c03]
   
   2013-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Clarify ttyname changes.
           [cbf2f80fe582]
   
           * NEWS:
           Add 1.8.6p6
           [3aa591e98b3b]
   
           * src/ttyname.c:
           Remove ttyname() fall back code on systems where we can query the
           kernel for the tty device via /proc or sysctl(). If there is no
           controlling tty, it is better to just treat the tty as unknown
           rather than to blindly use what is hooked up to std{in,out,err}.
           [b2bd3005d2e4]
   
   2013-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
           Add group_source setting in sudo.conf to allow the admin to specify
           how a user's groups are looked up. Legal values are static (just
           the kernel list from getgroups), dynamic (whatever the group
           database includes) and adaptive (only use group db if kernel group
           list is full).
           [87a5b02e22ad]
   
           * plugins/sudoers/policy.c:
           Pass back exec_background to front end if it is enabled in sudoers.
           [8230e1cd0bbd]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Mention that exec_background is for 1.8.7 and higher only.
           [fdf0d5a3e182]
   
   2013-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST:
           Add missing test files.
           [1165389aa5e6]
   
           * plugins/sudoers/regress/visudo/test3.err.ok,
           plugins/sudoers/regress/visudo/test3.out.ok,
           plugins/sudoers/regress/visudo/test3.sh:
           Add regress test for bug 361
           [54c7fb61b82d]
   
           * plugins/sudoers/iolog.c:
           Add __dso_public to extern declaration of declaration to match
           actual definition.
           [4695ded501e6]
   
           * NEWS:
           Add 1.8.6p5
           [b07b28c5c4d7]
   
   2013-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
           plugins/sudoers/regress/visudo/test2.out.ok,
           plugins/sudoers/regress/visudo/test2.sh:
           Add test for visudo cycle check core dump; test case from Daniel
           Kopecek
           [41074541147a]
   
           * plugins/sudoers/visudo.c:
           Fix potential stack overflow due to infinite recursion in alias
           cycle detection. From Daniel Kopecek.
           [d7e018a87434]
   
           * common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
           Ignore duplicate entries in sudo.conf and report the line number
           when there is an error. Warn, don't abort if there is more than one
           policy plugin.
           [dfcb5a698f0a]
   
           * plugins/sudoers/tsgetgrpw.c:
           Use strtoul() not atoi().
           [58a52cf9b6b8]
   
   2013-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/Makefile.in:
           regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
           [9b44e9d26d16]
   
           * compat/nss_dbdefs.h:
           Fix typo that breaks the build on HP-UX.
           [b9ab6ba23485]
   
           * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
           configure, configure.in:
           Use nss_search() to implement getgrouplist() where available.
           Tested on Solaris and HP-UX. We need to include a compatibility
           header for HP-UX which uses the Solaris nsswitch implementation but
           doesn't ship nss_dbdefs.h.
           [d29dbc4dc06d]
   
   2013-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
           Remove extra flag to sudo_sigaction(). We want to trap the signal
           regardless of whether or not it is ignored by the underlying command
           since there's no way to know what signal handlers the command will
           install. Now we just use sudo_sigaction() to set a flag in
           saved_signals[] to indicate whether a signal needs to be restored
           before exec.
           [c042d52c7192]
   
   2013-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c, config.h.in, configure, configure.in:
           Use _getgroupsbymember() on Solaris to get the groups list. Fixes
           performance problems with the getgroupslist() compat on Solaris
           systems with network-based group databases.
           [287d3ae2ce8d]
   
   2013-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document signal handler behavior in plugin API 1.3
           [20dc9d1c105f]
   
           * MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
           src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
           Move signal code into its own source file and add sudo_sigaction()
           wrapper that has an extra flag to check the saved_signals list to
           only install the handler if the signal is not already ignored. Bump
           plugin API version for the new front-end signal behavior.
           [5d2f27a1b404]
   
           * plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
           src/sudo_exec.h:
           Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
           the command. If we get SIGINT or SIGQUIT, call the plugin close()
           functions as if the command was interrupted. If we get SIGTSTP,
           uninstall the handler and deliver SIGTSTP to ourselves.
           [332baf3a81b7]
   
           * src/exec.c, src/exec_pty.c:
           Rename handle_signals() to dispatch_signals(). Block other signals
           in handler() so we don't have to worry about the write() being
           interrupted.
           [666e95c9a0f1]
   
   2013-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/tgetpass.c:
           Rename signal handler to avoid name clash with one in exec.c
           [8913101a29b6]
   
   2013-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo.c:
           Add missing call to save_signals().
           [47d075d7326b]
   
   2013-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Fill in the comment block at the top of the .pot files and preserve
           it when regenerating them.
           [6449497b76db]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
           doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
           Add exec_background option in plugin command info and a sudoers
           option to match. When set, commands are started in the background
           and automatically foregrounded as needed. There are issues with
           some ill-mannered programs (like Linux su) so this is not the
           default.
           [c0b32b0938f2]
   
           * common/Makefile.in:
           regen
           [2b2b220e7aea]
   
           * src/Makefile.in:
           Add SESH_OBJS variable for sesh object files.
           [d3e04ae8fd1f]
   
           * configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
           Update copyright year.
           [61a0f0cedb13]
   
           * src/exec_pty.c:
           Always resume the command in the foreground if sudo itself is the
           foreground process. This helps work around poorly behaved programs
           that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
           worst, sudo will go into the background but upon resume the command
           will be runnable. Otherwise, we can get into a situation where the
           command will immediately suspend itself.
           [c368ac3eb2e4]
   
           * configure, configure.in:
           Use -fstack-protector-all in preference to -fstack-protector where
           supported.
           [f930c95ceb51]
   
   2013-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Only test for -fstack-protector and -fvisibility=hidden on GNU
           compatible compilers.
           [796f4696d863]
   
   2013-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Add Sudo 1.8.6p4
           [8a928de8e717]
   
           * common/Makefile.in, compat/Makefile.in, configure, configure.in,
           plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in:
           Break out stack smashing protector options into SSP_CFLAGS and
           SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
           [01be114fc9fb]
   
   2013-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
           In rbrepair(), make sure we never try to change the color of the
           sentinel node, which is the first entry, not the root. From Michael
           King
           [3fc4dc4004ec]
   
   2012-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           No need to restore default signal handler for SIGSTOP as it is not
           catchable. Attempting to do so is harmless but sigaction() will
           fail and set errno to EINVAL which makes it looks like there is an
           error.
           [be7c0b759e9a]
   
           * src/exec.c:
           Print SIGCONT_FG and SIGCONT_BG properly in debug output.
           [93e59e301c8f]
   
   2012-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.in:
           Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
           [9ed48f696595]
   
   2012-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Add howmany() macro since some systems have this in sys/param.h
           which we no longer include.
           [2c5efaa16c45]
   
   2012-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/sudoers/test11.toke.out.ok:
           Remove errant file.
           [a91699beffc6]
   
   2012-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Remove obsolete sudoers_cleanup() stubs.
           [89153025a2ae]
   
           * common/alloc.c, common/atobool.c, common/fileops.c,
           common/fmt_string.c, common/lbuf.c, common/secure_path.c,
           common/sudo_conf.c, common/sudo_debug.c, common/term.c,
           compat/closefrom.c, compat/getcwd.c, compat/glob.c,
           compat/snprintf.c, include/missing.h,
           plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
           plugins/sample_group/plugin_test.c,
           plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
           plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
           plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
           plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
           plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
           plugins/sudoers/check.c, plugins/sudoers/defaults.c,
           plugins/sudoers/env.c, plugins/sudoers/find_path.c,
           plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
           plugins/sudoers/redblack.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
           plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
           plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
           src/exec_common.c, src/exec_pty.c, src/get_pty.c,
           src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
           src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
           Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
           MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
           HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
           MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
           [f4807d46f504]
   
           * include/missing.h, plugins/sudoers/match.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
           Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
           (sys/param.h or netdb.h).
           [2544f5e306dd]
   
   2012-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           Move debug_decl() in log_failure() to be after the variable
           declarations for C89.
           [f48d2035ab44]
   
   2012-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/error.c, include/error.h, plugins/sudoers/iolog.c,
           plugins/sudoers/logging.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Cannot wrap sigsetjmp() or we end up returning to the wrong place.
           Use a macro instead.
           [749ee6acdad8]
   
   2012-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/policy.c:
           Fix return in sudoers_policy_open that should be debug_return.
           [a78b795b6846]
   
   2012-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
           too.
           [acfa891c229e]
   
           * src/solaris.c:
           Quiet a gcc warning and add comment about needing to keep the handle
           open.
           [f954f228960f]
   
   2012-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL:
           mention --disable-shared
           [6954d39e2d0f]
   
           * doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Add missing command_info argument in I/O plugin open() prototype.
           Bug #579
           [72beb07aba0e]
   
   2012-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/gram.c:
           Regen for proper line numbers.
           [6cf6e132e764]
   
           * configure, configure.in:
           Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
           [d604dc8ca38a]
   
           * common/sudo_printf.c:
           Include missing.h for __printflike.
           [a33640600faf]
   
           * plugins/sudoers/iolog.c:
           Saner loop invariant in io_mkdirs (cosmetic only).
           [dc30274afe38]
   
           * MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
           configure, configure.in, include/error.h, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
           src/sesh.c:
           Move warn/error into common and make static builds work.
           [4d3f374f4e4c]
   
           * MANIFEST, common/Makefile.in, common/sudo_debug.c,
           common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
           plugins/sudoers/gram.c, plugins/sudoers/gram.y,
           plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/Makefile.in, src/conversation.c, src/sesh.c:
           Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
           Add sudo_printf function pointer that is initialized to
           _sudo_printf() instead of requiring a sudo_conv function pointer
           everywhere. The plugin will reset sudo_printf to point to the
           version passed in via the plugin open function. Now plugin_error.c
           can just call sudo_printf in all cases. The sudoers binaries no
           longer need their own version of sudo_printf.
           [9b09d3f63790]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
           plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
           need error_jmp to be extern. Also add plugin_clearjmp() that clears
           a flag so error()/errorx() knows when to call exit() vs. longjmp().
           [5a4617148e70]
   
           * plugins/sudoers/set_perms.c:
           Let warning() call gettext() for us.
           [ab8d502ba4ac]
   
           * include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
           Do locale swapping in the warning()/error() macros themselves
           instead of in the underlying functions.
           [4cd205540e17]
   
           * common/alloc.c, common/list.c, include/error.h,
           plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
           src/hooks.c:
           Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
           [48346393634d]
   
           * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
           plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
           src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
           src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
           src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
           Call gettext() on parameters for warning()/warningx() instead of
           having warning() do it for us.
           [c71088bc9d3e]
   
           * Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
           Call gettext() in sudoerserror() in the user's locale and pass the
           untranslated string to it.
           [cdbfc231b848]
   
           * plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
           plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Allow sudoers programs (visudo, sudoreplay, visudo) to use
           plugin_error.c instead of the error.c from the front-end. This
           means sudoers_setlocale() needs to be independent of the sudo_user
           struct and the defaults table. The sudoers locale is now updated
           via a callback.
           [e356f5f8cd6a]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
           plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
           Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
           warning/error functions work when sudo_conv is NULL
           [7365ee24a779]
   
           * src/error.c:
           No need to change locale in front-end warning()/error().
           [23dc1df7f93b]
   
           * plugins/sudoers/tsgetgrpw.c:
           Ignore bad lines in passwd/group file instead if stopping processing
           when we hit one.
           [79b790559075]
   
           * plugins/sudoers/regress/testsudoers/test2.sh,
           plugins/sudoers/regress/testsudoers/test3.sh,
           plugins/sudoers/regress/testsudoers/test5.sh:
           Bash doesn't let you set UID to use MYUID instead.
           [5be56335f059]
   
           * plugins/sudoers/visudo.c:
           Avoid NULL deref for unknown Defaults in strict mode.
           [545c21c1e7d6]
   
           * common/sudo_conf.c, common/sudo_debug.c:
           See DEFAULT_TEXT_DOMAIN
           [3d723e1d27db]
   
   2012-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * .hgignore:
           Add signame.c and mksigname.
           [d59bbf423f00]
   
           * plugins/sudoers/Makefile.in:
           Fold preinstall into install-plugin and pass the path to the plugin
           binary to the preinstall command.
           [2c2205af8bb7]
   
           * pp:
           sync with upstream
           [a4b7336b3256]
   
           * src/sudo.h:
           repair spacing
           [f5c1255ce514]
   
   2012-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c:
           Set group on sudo_debug when creating it to gid 0 so systems without
           BSD group semantics don't get the invoking user's group.
           [7dda01196554]
   
           * plugins/sudoers/iolog.c:
           Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
           path is a temporary, in which case the final component is created
           via mkdtemp() instead of mkdir().
           [79c0c4e7ed58]
   
           * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
           For PERM_ROOT set egid to 0 so log files are not created with the
           gid of the user.
           [5b964ea43474]
   
           * plugins/sudoers/logging.c:
           Add calls to set_perms(PERM_ROOT) becore logging to a file. We
           should already be root but since we cache the current permission
           status it is basically free. That way, if more of sudoers runs as
           non-root in the future logging will still work correctly.
           [c591d4973f41]
   
           * common/sudo_conf.c, config.h.in, configure, configure.in,
           include/gettext.h, plugins/sudoers/locale.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
           #unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
           [41f6bb4926f4]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Mention that sudo.conf is parsed in the C locale.
           [f711c416e30c]
   
           * common/sudo_conf.c:
           Parse sudo.conf in the "C" locale.
           [776658f651ea]
   
           * plugins/sudoers/locale.c, plugins/sudoers/logging.h,
           plugins/sudoers/sudoers.h:
           Fix compilation on systems w/o setlocale()
           [6940d1c1c1ce]
   
           * doc/TROUBLESHOOTING:
           Sudo now includes a workaround for the Solaris 11 locale issue.
           [ab93787a552c]
   
   2012-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/gettext.h, plugins/sudoers/iolog_path.c,
           plugins/sudoers/locale.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
           src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
           Always include locale.h from gettext.h so we no longer need to
           include locale.h from the .c files.
           [93d39182ccfa]
   
           * MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
           plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
           src/solaris.c, src/sudo.c, src/sudo.h:
           Add os-specific initialization functions for solaris (workaround
           setuid locale problem in Solaris 11) and openbsd (set malloc_options
           if SUDO_DEVEL). Also move set_project() to solaris.c.
           [1d6581afbaf4]
   
   2012-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
           Avoid strerror() when possible and just rely on warning/error to
           handle errno in the proper locale.
           [bf612caae97c]
   
           * plugins/sudoers/logging.c:
           Set sudoers locale in log_allowed()
           [2dd0ac704cae]
   
           * plugins/sudoers/check.c:
           Make the sudo lecture translatable.
           [3cdfc183d72d]
   
           * Makefile.in:
           Add the values of badpass_message, passprompt and mailsub to
           sudoers.pot so they can be translated.
           [51cbe8adcb94]
   
           * plugins/sudoers/logging.c:
           Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
           up by xgettext.
           [c5b74115caf0]
   
   2012-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
           plugins/sudoers/sudoers.h:
           Make expand_prompt() args const and free the prompt when we are done
           with it.
           [995ef8519fe6]
   
           * plugins/sudoers/policy.c:
           Fix cut and pasto
           [e002921c1d15]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
           Expand def_mailsub in the sudoers locale, not the user's.
           [a4775f2fb385]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
           plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
           plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
           plugins/sudoers/env.c, plugins/sudoers/iolog.c,
           plugins/sudoers/locale.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/parse.c,
           plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/timestamp.c:
           Call gettext inside log_error et al instead of having the caller do
           it. This way we can display any messages to the user in their own
           locale but log in the sudoers local.
           [286e0444f785]
   
           * common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/visudo.c, src/error.c, src/exec.c,
           src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
           src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
           src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
           Display warning/error messages in the user's locale.
           [00a04165c0cf]
   
           * plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
           plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
           audit_failure() now calls gettext itself using the sudoers locale.
           [d77f1d78799a]
   
           * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
           plugins/sudoers/sudoers.c:
           Convert setlocale() to sudoers_setlocale() in the sudoers module.
           This only converts existing uses, there are more places where we
           need to sprinkle sudoers_setlocale() calls.
           [8ee0cbf0d0a9]
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
           plugins/sudoers/locale.c, plugins/sudoers/logging.h,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
           Add simple locale switching to make it easy to switch from the
           user's locale to the sudoers locale without making excessive
           setlocale() calls when we don't need to.
           [5c61582fdeee]
   
           * common/sudo_debug.c, include/error.h, include/sudo_debug.h,
           plugins/sudoers/plugin_error.c, src/error.c:
           Add variants of warn/error and sudo_debug_printf that take a va_list
           instead of a variable number of args.
           [00392bdc063c]
   
           * INSTALL, doc/TROUBLESHOOTING:
           Document Solaris 11 locale issues and workarounds.
           [05f7d34af3ae]
   
           * Makefile.in, configure, configure.in:
           Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
           locales. Make links from localdir/lang -> localdir/lang.UTF-8
           [5ca9326480e2]
   
   2012-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/audit.c, plugins/sudoers/logging.c,
           plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
           Do not inform the user that the command was not permitted by the
           policy if they do not successfully authenticate. This is a
           regression introduced in sudo 1.8.6.
           [c1279df08bfb]
   
           * plugins/sudoers/Makefile.in:
           Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
           the rpath in HP-UX SOM shared libraries for the LDAP libs.
           [b07185657b42]
   
           * src/parse_args.c:
           The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
           [22c73cbe3ff9]
   
   2012-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL, configure, configure.in:
           Allow the user to specify and alternate libtool
           [c9d6fc9521fd]
   
   2012-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
           Allow sudo to be build with sss support without also including ldap
           support. From Stephane Graber.
           [b992a80ebea1]
   
   2012-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
           plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
           plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           Refactor policy plugin interface code from sudoers.c into policy.c
           [393e62910b8a]
   
           * plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
           Refactor command_info setting into its own function.
           [a952b948324c]
   
           * plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
           plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Make interfaces pointer private to interfaces.c and add
           get_interfaces() accessor.
           [b69b9334ed3c]
   
   2012-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
           plugins/sudoers/sudoers.h:
           Make user_cwd const since it is either a string literal or passed in
           from the front-end.
           [90751b81e8bc]
   
           * configure, configure.in:
           sudo 1.8.7
           [bf727adb8af0]
   
           * plugins/sudoers/sudoers.c:
           Avoid nested strtok() calls.
           [9d9f22ab52a9]
   
   2012-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
           plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
           Move expand_prompt() into its own source file for easier unit
           testing.
           [b419b48a436f]
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
           plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
           Make check.c independent of the underlying timestamp implementation.
           [895071bd6065]
   
           * plugins/sudoers/iolog_path.c:
           Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
           [8ac38f02dd6d]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Use a list for the possible values of Tag_Spec with a minimal indent
           to improve readability. In the pod version, these were =head3. Also
           use .St -p1003.1 instead of just POSIX when talking about glob() and
           fnmatch().
           [361a6f7a5c44]
   
   2012-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           sudo_ttyname_dev() is unused if there is no /proc or sysctl().
           [6598dbf81e16]
   
           * compat/mksiglist.c, compat/mksigname.c,
           compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
           plugins/sample_group/plugin_test.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
           Explicitly mark main() as public in executables to avoid an HP-UX ld
           warning.
           [72a40ce218be]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Remove grep from SEE ALSO section.
           [c7cafee1621f]
   
           * common/alloc.c:
           If vasprintf() fails, just use the errno it sets instead of assuming
           ENOMEM.
           [1be5bfdc0cab]
   
   2012-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/TROUBLESHOOTING:
           Mention HP-UX pam.conf settings.
           [8b8e745b49fd]
   
   2012-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
           plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/timestamp.h:
           Split off timestamp functions into their own source file.
           [d5833332511d]
   
   2012-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Mention how !foo is not the same as ALL,!foo
           [51f8e470757d]
   
   2012-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Start commands in the background when I/O logging is enabled. We
           can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
           which returns EINTR on signal instead of restarting automatically.
           [83b1d59146f7]
   
           * src/exec_pty.c:
           Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
           string in deliver_signal().
           [2cefea7a976e]
   
   2012-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Fix running commands that need the terminal in the background when
           I/O logging is enabled. E.g. "sudo vi &". When the command is
           foregrounded, it will now resume properly.
           [0bc13a253429]
   
           * plugins/sudoers/match.c:
           Add rudimentary support for name-based matching as a compile-time
           option. This unsafe when used in conjunction with the '!' operator.
           [f93bc8e6db15]
   
   2012-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
           plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
           Split out implementation-specific back end code out of pwutil.c into
           pwutil_impl.c. This will allow the main pwutil code to be used for
           lookup methods other than getpw* and getgr*.
           [999c2dde60e4]
   
   2012-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
         sudo 1.8.6p3          sudo 1.8.6p3
         [97fef3d9ed65]          [97fef3d9ed65]
   
Line 11 Line 3241
         at some point. Bug #573          at some point. Bug #573
         [6652f834b8f5]          [6652f834b8f5]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y:
           Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
           really needed due to the #defines that yacc makes but it is less
           confusing this way as the lexer calls sudoerserror().
           [a0577be6527d]
   
           * common/alloc.c, plugins/sample_group/plugin_test.c,
           plugins/sudoers/env.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           src/exec_common.c, src/parse_args.c, src/sudo.c:
           No need to translate "unable to allocate memory" when we can just
           use the system translation via strerror().
           [377499e5827c]
   
         * plugins/sudoers/sudoreplay.c:          * plugins/sudoers/sudoreplay.c:
         Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not          Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
         all file systems support d_type. Bug #572          all file systems support d_type. Bug #572
Line 32 Line 3276
         non-I/O log mode, store the old handler value for when we restore it          non-I/O log mode, store the old handler value for when we restore it
         after resume.          after resume.
         [242628694e42]          [242628694e42]
   
           * plugins/sudoers/env.c:
           Replace the guts of sudo_setenv_nodebug() with our old setenv.c
           which supports non-standard BSD and glibc semantics. sudo_setenv()
           now simply calls sudo_setenv2().
           [57ffb6c9efaa]
   
   2012-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document non-Unix group support in LDAP sudoers.
           [33c89f3aeee6]
   
           * plugins/sudoers/ldap.c:
           Enable non-Unix group support for LDAP sudoers. We now check for
           non-Unix groups and netgroups with the same query in the second
           pass. Bug #571
           [eb98fdff54d9]
   
   2012-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
           plugins/sudoers/gram.h, plugins/sudoers/parse.c,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.h,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c:
           Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
           [cb6c0d93215e]
   
 2012-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   

Removed from v.1.1.1.3  
changed lines
  Added in v.1.1.1.5


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>