Diff for /embedaddon/sudo/ChangeLog between versions 1.1.1.5 and 1.1.1.6

version 1.1.1.5, 2013/10/14 07:56:33 version 1.1.1.6, 2014/06/15 16:12:53
Line 1 Line 1
   2014-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/getgrouplist.c, plugins/group_file/group_file.c,
           plugins/system_group/system_group.c:
           deal with NULL gr_mem here too
           [0db43ed71001]
   
           * NEWS, configure, configure.ac:
           Sudo 1.8.10p3
           [3f415a180023]
   
   2014-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event.c:
           Fix non-blocking mode. We only want to exit the event loop when
           poll() or select() returns 0 and there are no active events. This
           fixes a problem on some systems where the last buffer was not being
           written when the command exited.
           [deb6b1a7b241]
   
   2014-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
           Make get_boottime() return bool.
           [9ff15a995d01]
   
           * doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
           Fix fd leak on Linux when determing boot time. This is usually
           masked by the closefrom() call in sudo. From Jamie Anderson. Bug
           #645
           [0b4c430e8b88]
   
   2014-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
           Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
           changing the user. This is the correct flag to use with a program
           that changes the uid like su or sudo and fixes a role problem on
           Solaris. From Gary Winiger; Bug #642
           [ec23c3bf41bb]
   
           * plugins/sudoers/defaults.c:
           pam_setcred should default to true; from Gary Winiger Bug #642
           [23e6628ec546]
   
   2014-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, plugins/sudoers/match.c,
           plugins/sudoers/regress/testsudoers/test6.out.ok,
           plugins/sudoers/regress/testsudoers/test6.sh,
           plugins/sudoers/regress/testsudoers/test7.out.ok,
           plugins/sudoers/regress/testsudoers/test7.sh:
           Fix matching of uids and gids broken in sudo 1.8.9.
           [315eff4add59]
   
           * plugins/sudoers/testsudoers.c:
           Fix -P option in usage()
           [50753b6222b7]
   
   2014-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/check.c, plugins/sudoers/prompt.c,
           plugins/sudoers/sudoers.h:
           Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
           or targetpw is set. Bug #639
           [dff0208d1194]
   
   2014-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.ac:
           Sudo 1.8.10p2
           [774ebec63b41]
   
           * plugins/sudoers/timestamp.c:
           Don't write an empty timestamp record when timestamp_timeout is
           zero. If we find an empty record in the timestamp file, overwrite it
           with a good one, truncating the file as needed.
           [9c226d81b660]
   
   2014-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
           Fix typos in description of the -x option. Bug #637
           [6ff2bfaaf99d]
   
   2014-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.ac:
           Sudo 1.8.10p1
           [33828a3385ad]
   
           * plugins/sudoers/timestamp.c:
           Fix typo/thinko that prevented "Defaults !tty_tickets" from working.
           [f65cc29dbcc7]
   
           * plugins/sudoers/parse.c:
           Fix "sudo -l command" output when the matching command is negated.
           Bug #636
           [b4a92803f733]
   
   2014-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c,
           common/regress/sudo_conf/test5.err.ok,
           common/regress/tailq/hltq_test.c:
           The atofoo_test and hltq_test tests now display their own test error
           rate. Display pass/fail count separately for sudo_conf and
           sudo_parseln tests. Check stderr output for the sudo_conf test.
           [5c814709ac70]
   
           * src/Makefile.in:
           Don't run the check_ttyname test if cross compiling.
           [874ecc1c3db0]
   
           * plugins/sudoers/Makefile.in:
           CWD no longer used.
           [13b2f3c4269b]
   
           * plugins/sudoers/Makefile.in:
           Fix diff of toke and err output files in "make check"
           [485cdf3c75e7]
   
   2014-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/po/de.mo, src/po/de.po:
           sync with translationproject.org
           [d246c72a2350]
   
   2014-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Check whether ber.h is needed before ldap.h even if we are not using
           any ber functions. Needed for older versions of nss ldap.
           [c2310324dc34]
   
           * plugins/sudoers/sssd.c:
           Fix compiler warning in debug code.
           [8ee4cb6cafad]
   
           * MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po:
           Catalan translation for sudo from translationproject.org.
           [d6af7d06ee36]
   
   2014-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Document negation fix in JSON output.
           [37a85423ae49]
   
   2014-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Fix handling of '!' operator when converting sudoers. We now add a
           "negated" boolean flag to objects that have the '!' operator.
           [071926c10280]
   
   2014-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
           Czech translation for sudoers from translationproject.org
           [c0aae297f7c1]
   
   2014-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Try -libmldap before -lldap in case there is no link from
           libibmldap.so to libldap.so. Since IBM ldap is installed under /opt
           we should only be able to reach it if --with-ldap was given an
           explicit path.
   
           Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined.
           [89d50c29d737]
   
   2014-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/set_perms.c:
           Fix typo in setreuid() PERM_ROOT error message.
           [533415f53165]
   
           * mkpkg:
           No longer need to disable setresuid() on debian.
           [96ba687c35f0]
   
   2014-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/timestamp.c:
           Fix conversion of timestamp_timeout from double to struct timeval.
           Also quiet a printf format warning on 32-bit systems.
           [59d1f3094dda]
   
   2014-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po:
           Serbian translation for sudoers from translationproject.org.
           [7134b386d658]
   
   2014-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add Ingo Schwarze
           [114cdf286987]
   
           * NEWS, plugins/sudoers/visudo_json.c:
           When exporting sudoers in JSON format, use the same type of Options
           object for both Defaults and Cmnd_Specs.
           [caa57043e197]
   
   2014-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/inet_pton.c:
           Silence cppcheck false positive.
           [b2781c42a80f]
   
           * plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
           sync with translationproject.org
           [baba43a6d682]
   
           * NEWS, doc/UPGRADE:
           Mention init.d scripts on AIX and HP-UX Mention sudoers group
           mismatch fix
           [0259cb1f7cae]
   
           * INSTALL:
           Talk about clearing files at boot time, not reboot time since it
           happens when the system comes up, not down.
           [e8e480bc34fd]
   
           * plugins/sudoers/sudoers.c:
           We also need to open the sudoers file as root if there is a GID
           mismatch.
           [2fb2ba6fc4e6]
   
           * sudo.pp:
           Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX
           rpm packages.
           [4aca1d318599]
   
   2014-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/Makefile.in:
           Remove init.d file and link in uninstall target.
           [249a9f105cdd]
   
           * configure, configure.ac, sudo.pp:
           Fix INIT_DIR for real this time.
           [5444eb1afbc5]
   
           * configure, configure.ac, sudo.pp:
           Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and
           init.d dirs.
           [809b54ef95f8]
   
           * .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in,
           init.d/hpux.sh.in, src/Makefile.in, sudo.pp:
           First cut add installing an init.d file for HP-UX and AIX to remove
           old sudo timestamp files at boot time.
           [ec6d35c62d88]
   
   2014-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -"
           for the default login class. From Ingo Schwarze.
           [f13ea603760e]
   
           * doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in,
           doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in,
           doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
           Remove some extraneous markup; from Ingo Schwarze
            * No need to explicitly end a macro with No before | because | counts
           as middle punctuation and falls out of the macro, anyway.
            * No need to explicitly re-open in-line macros after | because |
           counts as middle punctuation and the macros resume afterwards,
           anyway.
            * Simplify the mnemonic remarks regarding the option letters, no need
           for manual font and spacing control with No and Ns.
            * Trim Ns No to just Ns, it already implies No.
           [cc63d66c6655]
   
           * doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Move zerowidth space in :alpha: after the colon for consistency.
           [799f6656c6e8]
   
           * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
           doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
           doc/visudo.man.in:
           regen
           [14d682732b6f]
   
           * doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
           Remove extraneous keeps in SYNOPSIS now that mandoc does implied
           keeps when converting from mdoc to man.
           [0f48fc289f29]
   
           * doc/sudoers.mdoc.in:
           Properly escape the : in :alpha:
           [e41d4533a55f]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From
           Jan Stary.
           [90ec488905de]
   
   2014-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Fix indentation of Defaults entries. The initial indent should be
           outside the loop iterating over the entries.
           [dc493c888fb2]
   
   2014-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
           sync with translationproject.org
           [fc517bc0908e]
   
           * common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c,
           common/fatal.c, common/gidlist.c, common/sudo_conf.c,
           common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c,
           plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
           src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h:
           We must include gettext.h before missing.h as it includes system
           headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
           audit code that does not include sudoers.h.
           [3ac4aa43ce40]
   
           * common/sudo_dso.c:
           When emulating DSO_NEXT with shl_get() we need to skip the program's
           handle. This used to be documented as being index -2 but now it
           seems to be index 0. As this is not guaranteed we need to look up
           the real handle value for PROG_HANDLE and skip it when interating
           through all the DSOs. Fixes infinite recursion on HP-UX in the
           getenv() replacement.
           [ade1b3045232]
   
           * src/env_hooks.c:
           Export getenv() so it is visible to shared objects we link with.
           [1ac08446a3a7]
   
   2014-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/regress/atofoo/atofoo_test.c,
           common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c,
           common/regress/tailq/hltq_test.c,
           plugins/sudoers/regress/parser/check_fill.c:
           Add some initprogname() calls to the test programs.
           [e4320585a88b]
   
   2014-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [038d066a866d]
   
           * doc/UPGRADE:
           Mention that there is now a default LDAP search filter.
           [6351da3f8377]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in:
           Minor word choice change.
           [7e59ab3eb453]
   
           * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
           plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
           plugins/sudoers/ldap.c, plugins/sudoers/match.c:
           Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup
           support requires an expensive substring match on the server. If
           netgroups are not needed, this option can be disabled to reduce the
           load on the LDAP server.
           [e6bd6c103390]
   
   2014-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           Update copyright year.
           [1299eed430a5]
   
           * NEWS:
           Mention LDAP changes.
           [512b1e363587]
   
           * doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
           doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
           Use a default LDAP search filter of (objectClass=sudoRole). When
           constructing the netgroup query, add (sudoUser=*) to the query so we
           don't fall below the 3 character OpenLDAP substring threshold.
           Otherwise the index for sudoUser will never be used for that query.
           Pointed out by Michael Stroeder.
           [54856973af41]
   
           * plugins/sudoers/timestamp.c:
           Don't warn about an insecure lecture dir twice. Display warnings in
           the user's locale.
           [2c56b8b6d6f9]
   
   2014-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Mention the fix for ^Z at the password prompt when sudo was started
           in the background.
           [352d52ad1f7d]
   
           * common/term.c, src/exec_pty.c:
           In term_restore(), only restores the terminal if we are in the
           foregroup process group. Instead of calling tcgetpgrp(), which is
           racy, we set a temporary handler for SIGTTOU and check whether it
           was received after a failed call to tcsetattr().
           [94979d51daa2]
   
           * MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in,
           configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl,
           plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c:
           Use inet_pton() instead of inet_aton() and include a version from
           BIND for those without it.
           [fe61a27c76d3]
   
           * common/regress/atofoo/atofoo_test.c:
           Quiet a gcc warning.
           [f197821892ea]
   
           * compat/getaddrinfo.c:
           Need to include limits.h for USHRT_MAX.
           [d1d8bd9a0e01]
   
   2014-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/term.c, include/sudo_util.h:
           Use bool for function return values instead of 1 or 0.
           [99e357c0800b]
   
           * configure, configure.ac:
           Warn the user if the rundir needs to be cleared in the rc files.
           Neither AIX not HP-UX clear /var/run (if it even exists).
           [6cdbf57a2f9e]
   
           * NEWS:
           Update for sudo 1.8.9p5
           [efb737c32615]
   
           * src/preserve_fds.c:
           When the closefrom limit is greater than any of the preserved fds,
           the pfds list will be non-empty but lastfd will be -1 triggering an
           ecalloc(0) assertion. Instead, test for lastfd being -1 and make
           sure we always update it, even if dup() fails. Also restore initial
           value of lowfd after we are done relocating. Fixes bug #633
           [a11206a31f28]
   
           * common/term.c:
           Document function return values.
           [267bc85f6fbb]
   
   2014-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           term_restore() now restarts itself so we don't need to do it
           ourselves.
           [a17e885d0b0a]
   
           * common/term.c:
           syscall restarting is broken on Mac OS X when interrupted by a tty
           signal so restart tcsetattr() by hand. For details, see.
           http://openradar.appspot.com/radar?id=6402578615107584
           [3997b2a0577e]
   
           * MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c:
           Add regress for atobool(), atoid() and atomode()
           [e1cbdf86d6e2]
   
           * plugins/sudoers/Makefile.in:
           Add back boottime.lo
           [0b7ddc31e13e]
   
           * INSTALL:
           Mention that rundir and vardir may be the same and what to do if
           they are.
           [301df9a31d43]
   
           * MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c:
           Bring back boot time checking code and zero out time stamp files
           that predate the boot time. This should help systems w/o /var/run
           where the admin has setup rc.d to clear the timestamp directory.
           [e09389a8b1ca]
   
           * configure, configure.ac:
           Check libraries for inet_pton() if not in libc.
           [9f9bd83895e8]
   
   2014-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Fix clock_gettime() detection when it lives in librt. Some systems
           have inet_aton() in libresolv (older Solaris).
           [e5f7c8bc9a81]
   
           * sudo.pp:
           Avoid duplicate directories if vardir and rundir are the same.
           [c5df5ebc191b]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [740b2cc42fea]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Elaborate on time stamp error message causes.
           [2838fea2e21a]
   
   2014-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * sudo.pp:
           Remove the time stamp dir and its contents when uninstalling. We
           currently leave the lecture status files installed until there is a
           better way to detect upgrades.
           [61532b7113ff]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Update time stamp error messages and regen.
           [edf570c98cd5]
   
           * plugins/sudoers/timestamp.c:
           Restore warning when sudoers is unable to update the time stamp
           file.
           [86648a771250]
   
           * INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
           m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp:
           Replace --with-timedir and --with-lecture_dir with --with-rundir and
           --with-vardir which are the parent directories of the time stamp and
           lecture dirs. These directories need to be searchable by non-root so
           that the timestampowner setting can function.
           [5c38d77a2d0c]
   
           * plugins/sudoers/timestamp.c:
           Fix use of timestampowner in the new time stamp world order. Parent
           directories for timestampdir and lecture_dir are now created with
           the execute bit set so that we can traverse them as non-root.
           [9ff6f07c0a5d]
   
   2014-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in:
           Regen Makefiles.
           [59542bcdb222]
   
           * common/sudo_debug.c, config.h.in, include/sudo_util.h,
           plugins/sample/sample_plugin.c:
           Move ctim_get and mtim_get to sudo_util.h
           [d565391f5491]
   
           * plugins/sudoers/timestamp.c:
           sprinkle some debug printfs and add function header comments
           [1842d9b8170d]
   
           * plugins/sudoers/timestamp.c:
           Properly handle the case where /var/run/sudo/ts doesn't exist.
           [895f3ad6ad60]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           fix typo
           [50041ebb6ce6]
   
           * NEWS:
           Mention "sudo -K" change.
           [e99bd7657aae]
   
           * doc/UPGRADE:
           Upgrade info for 1.8.10
           [0867718b9af5]
   
   2014-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/timestamp.c:
           Warn on ftruncate failure().
           [d2081876da25]
   
           * plugins/sudoers/timestamp.c:
           Fix checking of lecture status.
           [e12d78234d17]
   
           * mkpkg:
           Do not override timedir on Debian.
           [283fa2e69a0a]
   
           * common/event.c, common/event_select.c, include/missing.h,
           plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/visudo.c, src/sudo_edit.c:
           Use sudo_timeval macros and remove compat macros from missing.h
           [1de76d8b811e]
   
           * INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c,
           config.h.in, configure, configure.ac, doc/sudoers.cat,
           doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h,
           include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c,
           plugins/sudoers/check.h, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/timestamp.c, src/Makefile.in:
           Switch to new time stamp file format. Each user now has a single
           file which may contain multiple records when per-tty time stamps are
           in use (the default). The time stamps use a monotonic timer where
           available and are once again stored in /var/run/sudo. The lecture
           status is now stored separately from the time stamps in a different
           directory.
           [7e16eb37bacc]
   
   2014-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
           plugins/sudoers/check.c:
           When listing a user's privileges, always prompt the user for their
           own password, regardless of the value of target_pw, root_pw or
           runas_pw.
           [73a13ccc7933]
   
   2014-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/atomode.c:
           Zero out errstr when there is no error; fixes bug #632
           [74950ef1a0dc]
   
   2014-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac, plugins/sudoers/interfaces.c,
           plugins/sudoers/match_addr.c:
           Use inet_aton() instead of inet_addr() as it allows us to
           distinguish between the address (or mask 255.255.255.255) and an
           error. In the future we may consider switching to inet_pton() for
           IPv4 too.
           [b6b4e4c77e9a]
   
   2014-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/missing.h:
           Fix typo, ULONG_MAX vs. ULLONG_MAX
           [5d274daa9fb1]
   
           * plugins/sudoers/sudo_nss.c:
           Fix typo in the AIX case.
           [ee531c950fce]
   
           * plugins/sudoers/sudo_nss.c:
           Size pointer for sudo_parseln() should be size_t not ssize_t. This
           was already correct for the nsswitch.conf case.
           [cfaf895c1db4]
   
   2014-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c:
           It is now possible to disable network interface probing in sudo.conf
           by changing the value of the probe_interfaces setting.
           [e9dc28c7db60]
   
   2014-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/match_addr.c:
           If inet_addr() returns INADDR_NONE, return false instead of
           iterating through the interfaces looking for a match that will never
           happen.
           [1559c301caec]
   
           * configure, configure.ac, src/Makefile.in:
           Add explicit dependency on sudoers.la to sudo target when sudoers is
           compiled statically into the sudo binary.
           [d08cc66e18bd]
   
   2014-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
           plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c:
           Do not assume localtime(), gmtime() and ctime() always return non-
           NULL.
           [a1b5b67436de]
   
   2014-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * Makefile.in, common/Makefile.in, compat/Makefile.in,
           doc/Makefile.in, include/Makefile.in,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in, zlib/Makefile.in:
           Update copyright years
           [37d2aaa92544]
   
           * plugins/sudoers/visudo_json.c:
           Eliminate dead store found by clang checker.
           [86874d5340f1]
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p4
           [f79ab7c6c1c5]
   
           * common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
           When relocating fds, update the debug fd if it is set so we are
           guaranteed to get debugging output.
           [b1deaa472aa6]
   
   2014-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c:
           If the event loop exits due to an error and we are not logging I/O,
           kill the command if still running. Fixes a bug where sudo could exit
           while the command was still running.
           [844018ff8a8c]
   
           * src/preserve_fds.c:
           When relocating preserved fds, start with the highest ones first to
           avoid moving fds around more than we have to. Now uses a bitmap to
           keep track of which fds are being preserved. Fixes a bug where the
           debugging fd could be relocated to the same fd as the error
           backchannel temporarily, resulting in debugging output being printed
           to the backchannel if util@debug was enabled.
           [55e006dbeaf3]
   
           * src/preserve_fds.c:
           When restoring fds traverse list from high -> low, not low -> high
           to avoid implicitly closing an fd we want to relocate.
           [6351225f47d7]
   
           * src/exec.c:
           If not logging I/O we may get EOF when the command is executed and
           the other end of the backchannel is closed. Just remove the
           backchannel event in this case or we will continue to receive the
           event. Bug #631
           [a204b69d91f7]
   
           * src/po/sr.mo, src/po/sr.po:
           sync with translationproject.org
           [987087ce4658]
   
   2014-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
           [3448dffe9701]
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p3
           [22e5a6f69999]
   
           * plugins/sudoers/logwrap.c:
           Remove dead store; found by cppcheck
           [a59833af3401]
   
   2014-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sesh.c:
           Quiet a cppcheck warning about a negative subscript.
           [ab98b72f5bdf]
   
           * src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h:
           Make noexec parameter to sudo_execve() bool.
           [daa75e4c248a]
   
           * plugins/sudoers/sudoreplay.c:
           Quiet a few innocuous cppcheck warnings.
           [90ffa16d27b1]
   
           * plugins/sudoers/sssd.c:
           Handle in_res being NULL for sudo_debug_printf() in
           sudo_sss_filter_result().
           [8595cc05d2a8]
   
           * plugins/sudoers/iolog.c:
           When writing length to timing file, use %u not %d as it is unsigned.
           [a7f2fcb6919e]
   
           * plugins/sudoers/visudo_json.c:
           Close export_fp in the error path too, but do not close stdout.
           [5c918718ab45]
   
           * plugins/sudoers/auth/secureware.c:
           Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck.
           [f2619d2eb7a8]
   
   2014-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/group_file/plugin_test.c:
           Make this compile again
           [f0ff8df475e8]
   
           * common/term.c:
           Add suppression line to quiet a bogus (inconclusive) cppcheck
           warning.
           [065207271e5d]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Do not leak old istack if realloc fails; found by cppcheck. Also
           modify yyless() to avoid a harmless cppcheck warning every time it
           is used.
           [021077017a23]
   
           * Makefile.in, common/Makefile.in, compat/Makefile.in,
           doc/Makefile.in, include/Makefile.in,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in, zlib/Makefile.in:
           Add cppcheck target to run cppcheck on all source files.
           [d207c2ef49a2]
   
   2014-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p2
           [2e7fe6e371a4]
   
           * config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
           m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
           Update to libtool-2.4.2.418
           [d1dbed89d733]
   
           * config.guess, config.sub:
           Update from http://git.savannah.gnu.org/gitweb/?p=config.git
           [2b5e32d23be5]
   
   2014-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           Sudo 1.8.9 also fixes bug #617
           [cc5c18228719]
   
   2014-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS:
           The fix for the hang was already in the 1.8.9 tarballs.
           [f038ebcc1071]
   
           * NEWS, configure, configure.ac:
           Update for sudo 1.8.9p1
           [732fca0003cf]
   
           * common/atobool.c, common/event.c, plugins/sudoers/iolog.c,
           plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c:
           Update copyright year.
           [fdeb5956810e]
   
           * plugins/sudoers/parse.h:
           Go back to making the bit fields in struct cmndtag explicitly
           signed. This fixes a problem on gcc 4.8 (at least) which appears to
           be treating the value as unsigned by default.
           [46b9a7bb10ac]
   
           * common/atobool.c:
           Use debug_return_int() instead of bare return for debugging support.
           [c273f822de5f]
   
   2014-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event.c:
           Fix infinite loop that could be triggered by sudo_ev_loopbreak() and
           sudo_ev_loopcontinue().
           [1723561c46b0]
   
           * NEWS:
           Update for 1.8.9 final.
           [d49c14d21410]
   
   2014-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Handle a sequence file with no trailing newline.
           [aa29306e4f6d]
   
   2014-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/iolog.c:
           Truncate io log and timing files on open when recycling them. Only
           an issue when the sequence number wraps around.
           [01b2dfe15ff0]
   
           * plugins/sudoers/iolog.c:
           Repair reading of the iolog sequence number that got broken when
           adding stricter strtoul() checks.
           [e0f4a11c3437]
   
           * src/exec.c:
           If invoked as sudoedit we can't just exec the command directly since
           the temporary files need to be updated before sudo exits.
           [508503be1c4f]
   
           * src/preserve_fds.c:
           Fix restoration of the close-on-exec flag when moving a relocated fd
           back into its original position.
           [5572f1f8b48a]
   
   2014-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Add "see below" to reference "Secure editing" section in "Preventing
           shell escapes".
           [b2db990a36b3]
   
   2014-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Add initial "Secure editing" section.
           [0d7a192e0e25]
   
           * doc/LICENSE:
           Update copyright year.
           [4a639d9207a9]
   
   2013-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo,
           src/po/eo.po, src/po/fi.mo, src/po/fi.po:
           sync with translationproject.org
           [5c15a411b10d]
   
           * plugins/sudoers/policy.c:
           Make user_cwd and user_tty dynamically allocated even for the
           "unknown" case.
           [015454bf97f8]
   
   2013-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Use -fstack-protector-strong in preference to -fstack-protector-all
           or -fstack-protector.
           [bdd1066eefc4]
   
           * doc/HISTORY:
           Dell acquired Quest
           [3d5b7d27a313]
   
   2013-12-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo,
           src/po/ru.po, src/po/vi.mo, src/po/vi.po:
           sync with translationproject.org
           [f964671d08ce]
   
   2013-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
           plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po,
           src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po,
           src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po,
           src/po/zh_CN.mo, src/po/zh_CN.po:
           sync with translationproject.org
           [5f5becf5fb7a]
   
           * doc/sudoers.ldap.cat:
           regen
           [77745e6bc0d5]
   
           * NEWS:
           Update for recent changes.
           [365b9084268a]
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           Fix typo; we want setlocale(LC_ALL, "") since we are setting the
           locale for the first time.
           [e2b9660e9d48]
   
   2013-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c:
           Use sudoers_initlocale() in main() startup, not sudoers_setlocal()
           as the latter assumes we are already in the user's locale which may
           not be the case. For sudoreplay, we can just use setlocale()
           directly as there is no sudoers locale.
           [12235e50dea0]
   
   2013-12-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/preserve_fds.c, src/sudo.c, src/sudo.h:
           Redo preserve_fds support to remap high fds so we can get the most
           out of closefrom(). The fds are then restored after closefrom().
           [7d712ec49db7]
   
           * plugins/sudoers/Makefile.in:
           Fix install-plugin when sudoers is compiled statically.
           [36a8bf3b588d]
   
   2013-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat,
           doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
           include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in,
           src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c,
           src/sudo.h, src/sudo_exec.h:
           Add support for preventing fds from getting clobbered by
           closefrom().
           [269f45964ff0]
   
   2013-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/Makefile.in:
           regen
           [b8f458379b5b]
   
   2013-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/alloc.c:
           Need to include limits.h here too.
           [b53c6edef597]
   
   2013-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * config.h.in, configure, configure.ac, plugins/sudoers/parse.h:
           No need to use __signed.
           [05f9648d1953]
   
           * plugins/sudoers/regress/logging/check_wrap.c:
           Need limits.h here too.
           [54aac3bbf66a]
   
           * compat/closefrom.c:
           Still need limits.h here.
           [0abc6b2be208]
   
           * plugins/sudoers/po/sudoers.pot:
           regen
           [386b47ced07f]
   
           * compat/closefrom.c:
           Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX
           lacks /proc/self and it has F_CLOSEM.
           [b5735fbcfdce]
   
   2013-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Use a switch to map digest type to name instead of an array of
           strings.
           [ab17ceb4dd60]
   
           * compat/closefrom.c:
           Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X.
           [e70df3b3144b]
   
           * compat/snprintf.c:
           Remove _MAX and _MIN compat; we rely on missing.h for that. We
           already require the compiler handle long long so there's no need to
           use HAVE_LONG_LONG_INT everywhere.
           [2bda15071439]
   
           * common/ttysize.c, include/missing.h:
           Remove _MAX and _MIN defines that any system from the last 20 years
           should have. Add ULLONG_MAX in case it is missing.
           [2db0cee4aaa8]
   
           * doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
           plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
           Change visudo -x to take a file name argument, which may be '-' to
           write the exported sudoers file to stdout.
           [84cb72c3c391]
   
           * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/parse.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
           plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
           plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c:
           Move symbol extern defs into sudoers.h
           [b631a0b57fae]
   
           * plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/logging/check_wrap.c:
           Add missing sudo_util.h
           [ed0edc2e2d0c]
   
   2013-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Warn if the time stamp in the I/O log file does not fit in time_t.
           Warn if the info line is not well-formed instead of silently
           ignoring it.
           [37a050de5be5]
   
   2013-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
           Rename libcommon libsudo_util
           [df3ffd4229e5]
   
   2013-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c,
           common/atoid.c, common/atomode.c, common/fmt_string.c,
           common/gidlist.c, common/progname.c, common/setgroups.c,
           common/sudo_conf.c, common/term.c, common/ttysize.c,
           include/missing.h, include/sudo_util.h,
           plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
           plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h,
           plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h:
           Move prototypes for functions provided by libcommon that don't have
           their own header files into sudo_util.h.
           [43f423a24416]
   
   2013-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c,
           plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
           plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/logging.c, plugins/sudoers/logging.h,
           plugins/sudoers/mkdefaults:
           Now that we have proper number parsing functions we should store
           T_UINT defaults values as unsigned int, not int.
           [67d8c2244f1d]
   
           * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
           Don't use int where we really mean enum def_tuple. When this code
           was written it was assumed that we may have multiple tuple types.
           However, that hasn't happened and probably never will.
           [8491f970f343]
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Regen after string parsing changes.
           [fd6bf79c3286]
   
           * common/atoid.c, common/atomode.c, compat/strtonum.c, configure,
           configure.ac, include/missing.h, plugins/sudoers/defaults.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c:
           The OpenBSD strtonum() uses very short error strings that can't be
           translated usefully. Convert them to longer strings on error. Also
           use the longer strings for atomode() and atoid().
           [dace028594da]
   
   2013-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c,
           plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
           plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
           Add atomode() function for parsing a file mode.
           [44e29629aa5e]
   
           * common/sudo_conf.c, common/ttysize.c, compat/Makefile.in,
           compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c,
           configure, configure.ac, include/missing.h,
           plugins/sudoers/boottime.c, plugins/sudoers/defaults.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c,
           src/parse_args.c, src/sudo.c, src/ttyname.c:
           Use strtonum() instead of atoi(), strtol() or strtoul() where
           possible.
           [e4a1fc84b893]
   
           * MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in,
           configure, configure.ac, include/missing.h, mkdep.pl:
           Add strtonum.c to compat for simpler number parsing.
           [a4c69b003da0]
   
   2013-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_common.c:
           Fix a warning on Solaris, we need to use debug_return_const_ptr.
           [932aa94c0cac]
   
           * plugins/sudoers/Makefile.in:
           check_symbols needs to link with SUDO_LIBS in order to get -lpthread
           on HP-UX for libldap (which uses threads). It would be better to
           have a separate variable for the pthread library but this is no
           worse than it used to be.
           [94591b765371]
   
   2013-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           add missing comma
           [7dcbd1c6dd25]
   
           * doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
           Make -c option description more accurate.
           [3f305ae6037e]
   
   2013-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS, plugins/sudoers/sudoers.c:
           When checking whether a user may change the login class, just check
           pw_uid of the runas user, which was passed in to set_loginclass().
           [aaf736440441]
   
   2013-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Use atoid() when parsing user/group IDs and print them as unsigned
           int.
           [40c77459a36a]
   
   2013-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Correctly parse 64-bit times in I/O log files.
           [d053ee75adc3]
   
           * compat/getgrouplist.c, plugins/group_file/getgrent.c,
           plugins/sudoers/pwutil.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
           Use atoid() not atoi() when parsing uids/gids.
           [491146596626]
   
           * plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
           plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
           plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
           plugins/sudoers/sudoers.h:
           Better match debugging. Sprinkle const in match functions.
           [4cd8d793f165]
   
   2013-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
           doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
           doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
           doc/sudo_plugin.mdoc.in:
           Document that plugins can be compiled statically into the sudo
           binary.
           [434061cf909f]
   
   2013-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sssd.c:
           sudo_sss_filter_user_netgroup(): fix comment typos, break out of
           loop early if we match ALL or netgroup.
           [0691731f4b12]
   
           * plugins/sudoers/sssd.c:
           When filtering netgroups, use the passwd struct stashed in the
           handle, not user_name since we may be listing another users
           privileges.
           [f2669cf7b70c]
   
           * mkpkg:
           RHEL 6 and above builds sudo with SSSD support
           [afc3d894851e]
   
           * plugins/sudoers/sssd.c:
           Avoid passing NULL domainname to sudo_debug_printf().
           [b08abe5e6d23]
   
           * doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
           Document sssd debug subsystem.
           [250c3ab1bcf0]
   
           * doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
           Document "event" debug subsystem.
           [85d220b48edc]
   
           * plugins/sudoers/match.c:
           Use atoid() instead of atoi() when parsing uids/gids so we get
           proper range checking.
           [5c3e2f3f6cb9]
   
           * plugins/sudoers/sssd.c:
           Add user netgroup filtering for SSSD. Previously, rules for a
           netgroup were applied to all even when they did not belong to the
           specified netgroup. RedHat Bugzilla 880150.
           [784848b5462c]
   
           * plugins/sudoers/sssd.c:
           Fix several issues found by the clang static analyzer; Daniel
           Kopecek
           [520261dd7461]
   
   2013-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * README.LDAP:
           Mention how to dump sudoers info from LDAP.
           [a53c93790a30]
   
           * src/exec_common.c:
           On Solaris, disabling the proc_exec privilege appears to interfere
           with DAC file permissions. Adding DAC override permissions to the
           inheritable set works around this for commands run as root without
           giving extra permissions to other users. Bug #626
           [391ad44026c3]
   
   2013-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in,
           compat/getprogname.c, configure, configure.ac, include/missing.h,
           mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/regress/iolog_path/check_iolog_path.c,
           plugins/sudoers/regress/logging/check_wrap.c,
           plugins/sudoers/regress/parser/check_addr.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/visudo.c, src/parse_args.c,
           src/regress/ttyname/check_ttyname.c, src/sudo.c:
           Instead of setprogname(), add initprogname() which gets the program
           name for getprogname() using /proc or pstat() if possible.
           [e2d48d81456f]
   
   2013-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/ttyname.c:
           Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to
           return this in certain situations but it appears to be harmless at
           least insofar as retrieving the tty goes.
           [105bea4e1c20]
   
           * plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
           plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
           plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
           plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
           plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
           plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
           plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
           plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
           plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
           src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po,
           src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po,
           src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
           src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po,
           src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
           Sync with translationproject.org
           [3694d7ad4c9d]
   
   2013-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           Add missing newline in help message after export option.
           [1c0bff0c181e]
   
   2013-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac, plugins/sudoers/Makefile.in,
           src/Makefile.in:
           Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in
           Makefile.in so we can make it last. Fixes a linking problem on
           Ubuntu precise.
           [f8d3bddbe742]
   
   2013-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, m4/ax_func_getaddrinfo.m4:
           Do not rely on NULL being defined for getaddrinfo() test. Fixes the
           check on HP-UX 11.23.
           [a5dcf0283693]
   
   2013-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
           Regen for sudo 1.8.9b1
           [945f27a7aa1c]
   
           * src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po:
           Sync with translationproject.org
           [52abae16ccfa]
   
   2013-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c,
           compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in,
           configure, configure.ac, include/sudo_dso.h, mkdep.pl,
           plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c,
           plugins/sudoers/ldap.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c,
           plugins/sudoers/sssd.c, plugins/system_group/Makefile.in,
           plugins/system_group/system_group.c, src/Makefile.in,
           src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c,
           src/sudo.h:
           Add wrapper functions for dlopen() et al so that we can support
           statically compiling in the sudoers plugin but still allow other
           plugins to be loaded. The new --enable-static-sudoers configure
           option will cause the sudoers plugin to be compiled statically into
           the sudo binary. This does not prevent other plugins from being
           loaded as per sudo.conf.
           [9425770e9d2b]
   
   2013-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Handle non-unix groups correctly. Get rid of runasuser and
           runasgroup types and use username and usergroup instead. The fact
           that the user or group is inside a Runas_List doesn't affect its
           underlying type.
           [ea1789258c11]
   
   2013-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           Simplify Defaults list option object. The name and value strings are
           superfluous.
           [5852b0184669]
   
           * compat/dlopen.c:
           Back out unintended change.
           [85156e49e96e]
   
           * MANIFEST, aclocal.m4, configure, configure.ac,
           m4/ax_func_getaddrinfo.m4:
           Add dedicated test for getaddrinfo(). Tru64 UNIX contains two
           versions of getaddrinfo and we must include netdb.h to get the
           proper definition.
           [9882e3e1e8e3]
   
           * compat/dlopen.c,
           plugins/sudoers/regress/check_symbols/check_symbols.c:
           Define RTLD_GLOBAL for older systems without it. Bug #621
           [ed38ac84f1da]
   
   2013-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * compat/snprintf.c, include/missing.h:
           Rename snprintf replacement rpl_snprintf since we may now replace
           the libc version and #define rpl_snprintf snprintf in missing.h so
           we get our version when needed. This is consistent with how we
           replace glob and fnmatch.
           [309aa17d0dfe]
   
           * common/Makefile.in, common/regress/sudo_conf/conf_test.c,
           common/regress/sudo_parseln/parseln_test.c,
           common/regress/tailq/hltq_test.c, src/Makefile.in:
           libcommon tests need locale_stub.lo to link.
           [baae40f36de5]
   
           * MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure,
           configure.ac, m4/ax_func_snprintf.m4:
           Add check for C99 compliant (v)snprintf function.
           [79e02551543c]
   
           * compat/sig2str.c, configure, configure.ac:
           Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and
           SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug
           #621; from Daniel Richard G.
           [2a59ccb8c966]
   
           * include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c:
           Add definition of U_ for --disable-nsl Don't define warning_gettext
           if --disable-nsl Bug #621; from Daniel Richard G.
           [c0054eb89c2b]
   
   2013-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo_json.c:
           When merging Defaults entries we need to check the type of the next
           entry and not just assume it is the same as the previous one.
           [e97d9b9cf0d5]
   
           * plugins/sudoers/visudo_json.c:
           runasgroups not runasgroup in the Cmnd_Spec.
           [92ea5dc20e4d]
   
           * plugins/sudoers/visudo_json.c:
           Fix some syntax errors and change how lists are handled.
           [027b8dea44b2]
   
           * common/sudo_debug.c, config.h.in, configure, configure.ac,
           include/fatal.h, include/sudo_debug.h:
           Allow sudo to compile without variadic macro support in cpp.
           Debugging support will be limited (no file info from warnings.) From
           Daniel Richard G.; Bug #621
           [51b8b868cd4b]
   
           * Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c,
           common/sudo_conf.c, include/fatal.h, include/gettext.h,
           include/missing.h, plugins/sudoers/auth/fwtk.c,
           plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
           plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c,
           plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
           plugins/sudoers/logging.c, plugins/sudoers/match.c,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
           plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
           plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
           plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
           plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c,
           src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
           src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
           src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c,
           src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
           Add warning_gettext() wrapper function that changes to the user
           locale, then calls gettext(). Add U_ macro that calls
           warning_gettext() instead of gettext(). Rename warning2()/error2()
           back to warning_nodebug()/error_nodebug().
           [f3bb207db201]
   
   2013-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c,
           compat/utimes.c, configure.ac, plugins/sudoers/boottime.c,
           plugins/sudoers/check.c, plugins/sudoers/getdate.c,
           plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c,
           plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
           plugins/sudoers/logging.h, plugins/sudoers/sssd.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c,
           src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c:
           Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug
           #624; from Daniel Richard G.
           [b212e4694018]
   
           * include/sudo_debug.h, plugins/sudoers/defaults.c,
           plugins/sudoers/ldap.c, src/exec_common.c:
           Add debug_return_const_str and debug_return_const_ptr for returning
           a const string or pointer. Using const for the normal versions
           produces warnings with the Tru64 compiler.
           [45018a149cb4]
   
           * common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure,
           configure.ac, m4/sudo.m4:
           Fixes for building under Tru64; from Daniel Richard G. Bug #624
           [fc4a6cbae1ba]
   
   2013-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/logging.c:
           log_{fatal,warning} now logs to the debug file itself.
           log_{fatal,warning} now calls warningx2() after setting the locale
           itself instead of using the wrapper macros. This removes the only
           use of warningx(ngettext(...)).
           [930129361e0a]
   
   2013-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * configure, configure.ac:
           Add -Wpointer-arith to --enable-warnings
           [2043ae306d1b]
   
           * configure, configure.ac:
           Fix more instances of #include directives where the '#' was not in
           column 1. From Daniel Richard G. (bug #622)
           [75f36f39dcab]
   
           * MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
           plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
           plugins/sudoers/visudo_json.c:
           Add support to visudo to export sudoers in JSON format.
           [1697b2b4bfd2]
   
   2013-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/parse.h:
           Remove unused digest field from struct cmndspec, the digest really
           lives in struct sudo_command.
           [e9a1e2e112d6]
   
           * config.h.in, configure:
           Regen with autoconf 2.69
           [275f69f98f9e]
   
           * MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in,
           doc/Makefile.in:
           Rename configure.in -> configure.ac
           [0aeafe425373]
   
           * MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure,
           configure.in, ltmain.sh, m4/sudo.m4:
           From Daniel Richard G. (bug #622) Add an autogen.sh script that
           rebuilds the autoconf world. Move old aclocal.m4 contents to
           m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include
           directives. Some tests had #include directives where the '#' was not
           in column 1. Updated obsolete macro usage via autoupdate.
           [5fe8de5a56df]
   
   2013-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/sudo_exec.h:
           Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The
           likelihood of receiving a partial message is quite low so this is
           not a big deal.
           [900a304f9548]
   
           * configure, configure.in:
           HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for
           MSG_WAITALL to be visible.
           [f08b1a00a30a]
   
           * MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok,
           plugins/sudoers/regress/visudo/test5.sh:
           Add regress test for bug #623
           [8e83cfccaf14]
   
           * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
           Cope with a comment on the last line of the file with no newline.
           Bug #623
           [f826243bc4e6]
   
           * compat/getaddrinfo.c:
           Include arpa/inet.h for HP-UX; from Daniel Richard G.
           [d4d7a4303bae]
   
           * doc/Makefile.in:
           Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel
           Richard G.
           [f664c8d2f961]
   
   2013-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * include/fatal.h:
           In v{warning,fatal}x?() make a new copy of ap for the debug
           functions. It is not legal to use ap twice without reinitializing
           it. Noticed by Daniel Richard G.
           [6ca8bc48ecb3]
   
           * include/fatal.h:
           Remove errant warning_restore_locale() call.
           [4ef7aecefcbb]
   
           * include/missing.h, plugins/sudoers/logging.c:
           Move va_copy compat macro to missing.h
           [c873e4cc4c8a]
   
           * common/Makefile.in, compat/Makefile.in, mkdep.pl,
           plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
           plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
           src/Makefile.in, zlib/Makefile.in:
           Uniquify header dependencies so we don't end up with duplicates when
           a header file includes other headers. The header dependencies are
           sorted so the generated order is stable.
           [95747db2f07a]
   
           * compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS,
           mkdep.pl:
           Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From
           Daniel Richard G.
           [e94ee99a52a9]
   
           * plugins/sudoers/testsudoers.c:
           Fix pasto
           [5262735e78e0]
   
   2013-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoers.mdoc.in:
           Fix typo.
           [6b11a4eec6b6]
   
   2013-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
           regen
           [995ca9f21862]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c:
           Fix warnings from -Wold-style-definition
           [a748c5c7b423]
   
           * configure, configure.in:
           Add -Wold-style-definition to --enable-warnings
           [0484de0deb59]
   
           * common/event_poll.c:
           Extra debugging for ready fds.
           [91fb85cdecbb]
   
           * common/event_select.c:
           When deleting an event, check ev->events to determine whether to
           remove from readfds or writefds instead of blinding removing from
           both. Also fix highfd adjustment.
           [7384db65ca9c]
   
   2013-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event_select.c:
           Only check an fd that is >= 0. Timeout-only events may have a
           negative fd.
           [fa0e5cbc3cc2]
   
   2013-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/event.c:
           Don't call sudo_ev_{add,del}_impl() for timeout-only events. This
           makes it possible to pass sudo_ev_alloc() an fd of -1 for events
           only use SUDO_EV_TIMEOUT.
           [6838657a1a2f]
   
   2013-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/alloc.c, common/event_select.c, include/sudo_event.h:
           Make a copy of readfds/writefds before calling select() instead of
           calculating it each time. Keep track of high fd in the base.
           [6048b78f2e94]
   
   2013-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/CONTRIBUTORS:
           Add Stephen Gelman
           [0028c7a91a4f]
   
           * plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
           Fix sign comparison warning.
           [914cb36b9ed2]
   
           * plugins/sudoers/sudoreplay.c:
           Fix potential NULL dereference in non-interactive mode.
           [9233428d3f32]
   
   2013-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c:
           Use MSG_WAITALL when receiving struct command_status over the Unix
           domain socket since we no longer use datagrams. This should avoid
           the need to handle incomplete reads, though in theory it is still
           possible.
           [28a92888a908]
   
           * plugins/sudoers/sudoreplay.c:
           SIGKILL is not catchable
           [79f82e4cb11d]
   
           * common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c:
           Add sudo_ev_get_timeleft() to get the amount of time left before an
           event times out and use it in sudoreplay.
           [d5b17ee30fa4]
   
   2013-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
           plugins/sudoers/sudoreplay.c:
           If the user presses <return> or <enter> in sudoreplay, skip to the
           next event. Useful for skipping past long pauses in the data.
           [43343f45c94d]
   
           * common/event.c, common/event_poll.c, common/event_select.c:
           Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we
           clear active flag from unprocessed events if sudo_ev_loopbreak() or
           sudo_ev_loopcontinue() are used. Remove bogus optimization when the
           timeout is zero or negative; it could prevent an I/O event from
           being triggered.
           [a13603fb3134]
   
           * plugins/sudoers/sudoreplay.c:
           Move session replay into its own function.
           [e323f7729595]
   
           * common/event.c, common/event_poll.c, common/event_select.c,
           include/sudo_event.h:
           Get rid of cur and pending pointers in struct sudo_event_base. We
           now pop the first event off the active queue instead of using a
           foreach loop with deferred removal of the event. Add
           SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the
           event on the event queue and timeouts queue respectively. No longer
           need to compare the timeout to {0,0} or compare the event's base
           pointer to NULL to determine queue membership.
           [f2b2251fd523]
   
           * common/event_poll.c:
           rename sudo_ev_loop_impl() -> sudo_ev_scan_impl()
           [614faaff04e3]
   
           * MANIFEST, common/event.c, common/event_poll.c,
           common/event_select.c, compat/Makefile.in, compat/nanosleep.c,
           config.h.in, configure, configure.in, include/missing.h,
           include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in,
           plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c:
           Add support for libevent-style timed events. Adding a timed event is
           currently O(n). The only consumer of timed events is sudoreplay
           which only used a singled one so O(n) == O(1) for now. This also
           allows us to remove the nanosleep compat function as we now use a
           timeout event instead.
           [db41c08e92dc]
   
   2013-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec.c, src/exec_pty.c:
           Now that sudo_ev_base_free() removes all events before freeing we
           don't need to do this by hand.
           [b59d43658c5f]
   
           * common/event.c, common/event_poll.c, common/event_select.c,
           include/sudo_event.h:
           Add a list of active events in the base that the back end sets when
           it calls poll or select. This allows the front end to iterate over
           the events instead of having that code in both back ends. It will
           also simplify support for timeout events. Also make sure we can't
           touch freed memory if a callback frees its own event.
           [933b99b3f2bc]
   
           * common/event.c:
           Remove any existing events before freeing the event base.
           [2543c6620cf1]
   
   2013-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           mon_handler() should be static
           [b1a62ef65c96]
   
   2013-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           If user specified start_tls and ldaps, display a warning and ignore
           start_tls. There's no reason to make this a fatal error.
           [bf446dd1e740]
   
           * src/exec_pty.c:
           Add missing else when the connection from the monitor to the parent
           sudo process is broken (due to the parent dying). Prevents a
           spurious "unexpected reply type on backchannel" warning.
           [5c44053cef08]
   
           * src/exec_pty.c:
           When flushing output we don't care whether we are the foreground
           process or not, we still need to flush to /dev/tty. If we are in the
           background, it is OK to get SIGTTOU.
           [9716892d1fb5]
   
           * plugins/sudoers/ldap.c:
           Should not attempt start_tls on an ldaps connection.
           [9d01d461c52c]
   
   2013-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/regress/parser/check_fill.c:
           Fix sign compare warning.
           [6130fa8df758]
   
           * doc/Makefile.in:
           Eliminate warning about circular dependency from GNU make.
           [7ed5df762089]
   
           * plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
           src/ttyname.c:
           More sign compare fixes. On Solaris id_t is signed so use uid_t in
           the set_perms.c ID macro instead.
           [8166dcc50d0b]
   
           * common/fileops.c, common/lbuf.c, common/secure_path.c,
           common/sudo_debug.c, include/secure_path.h,
           plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
           plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h,
           plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
           plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/parse.h,
           plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
           plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
           plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c,
           src/ttyname.c:
           Quiet sign comparision warnings.
           [e34f45dad10c]
   
           * configure, configure.in:
           Add -Wsign-compare to --enable-warnings
           [d560e274a6ae]
   
           * plugins/sudoers/ldap.c:
           Ignore SIGPIPE when connecting to the LDAP server so we can get a
           proper error message with the IBM LDAP libs. Also return
           LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that
           return an int.
           [611a4ed9b8ee]
   
           * plugins/sudoers/regress/parser/check_base64.c,
           plugins/sudoers/regress/parser/check_digest.c:
           Quiet compiler warnings.
           [7d82dcca7126]
   
   2013-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/ldap.c:
           sudo_ldap_parse_uri() should join multiple URIs in the string list
           together but it was clearing the host entry each time through the
           loop. Fixes a bug with multiple URI entries in ldap.conf where only
           the last one was being honored.
           [83cee19b136d]
   
           * src/exec_pty.c:
           Avoid a double free introduced when plugging a memory leak in
           safe_close(). A new ev_free_by_fd() function is used to remove and
           free any events sharing the specified fd. This can be used after
           safe_close() to make sure we don't try to select() on a closed fd.
           [54f48a281147]
   
           * plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c:
           Quiet some llvm check false positives. The common idiom of using
           TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a
           TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is
           probably faster anyway).
           [bd1b8c11f416]
   
           * plugins/sudoers/auth/pam.c:
           If pam_open_session() fails don't call pam_getenvlist() with a NULL
           pam handle.
           [352e0329acba]
   
           * plugins/sudoers/defaults.c:
           Fix newly introduced use after frees found by llvm checker.
           [a81080230f1f]
   
           * common/event_select.c:
           Remove an errant list_next() call that should have been removed in
           the TAILQ conversion.
           [3bbf8d117ce4]
   
           * MANIFEST, common/Makefile.in, common/list.c,
           common/regress/tailq/hltq_test.c, include/list.h, include/queue.h,
           plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
           plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
           plugins/sudoers/gram.y, plugins/sudoers/match.c,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/regress/parser/check_fill.c,
           plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
           Add "headless" tail queues and use them in place of the semi-
           circular lists in sudoers. Once the headless tail queue is built up
           it is converted to a normal TAILQ. This removes the last consumer of
           list.c and list.h so those can now be removed.
           [5986ba762a24]
   
           * common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in,
           plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
           plugins/sudoers/env.c, plugins/sudoers/interfaces.c,
           plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
           plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c,
           plugins/sudoers/toke.c, plugins/sudoers/toke.l,
           plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c,
           src/hooks.c:
           Use SLIST and STAILQ macros instead of doing headless singly linked
           lists manually. As a bonus we now use a tail queue for ldap.c and
           sudoreplay.c.
           [c31bc2d99082]
   
           * MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c,
           common/event_select.c, common/list.c,
           common/regress/sudo_conf/conf_test.c, common/sudo_conf.c,
           doc/LICENSE, include/list.h, include/missing.h, include/queue.h,
           include/sudo_conf.h, include/sudo_event.h,
           plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
           plugins/sudoers/parse.c, plugins/sudoers/parse.h,
           plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c,
           plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
           plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
           src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c,
           src/sudo.c, src/sudo.h, src/sudo_plugin_int.h:
           Convert sudo to use BSD TAILQ macros instead of home ground tail
           queue functions. This includes a private queue.h header derived from
           FreeBSD. It is simpler to just use our own header rather than try to
           deal with macros that may or may not be present in various queue.h
           incarnations.
           [450bce095d7c]
   
   2013-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Fix AND operator broken by changes to fix OR.
           [a4d3485ee943]
   
   2013-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/sudoreplay.c:
           Fix OR operator.
           [f5c1c90ee284]
   
   2013-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Fix memory leak of I/O buffer events in safe_close().
           [08cd790cfbba]
   
   2013-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c:
           Don't allow the debug subsystem to be initialized twice. Otherwise
           we can exhuast our stack when built in static mode.
           [fadacb6a4617]
   
           * common/event_poll.c:
           Make sure we do not try to usie index -1 in base->pfds[].
           [beeb922aba3f]
   
   2013-10-14  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * NEWS, configure, configure.in:
           Bump version to 1.8.9
           [758dbb464796]
   
   2013-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * src/exec_pty.c:
           Convert the monitor process to the event subsystem.
           [c4fe8e2ba53c]
   
           * src/exec.c, src/exec_pty.c, src/sudo_exec.h:
           Convert the main sudo event loop to use the event subsystem. Read
           events for I/O buffers are added before the loop starts. Write
           events are added on demand as the buffers are filled.
           [72a603e997e0]
   
           * INSTALL, MANIFEST, common/Makefile.in, common/event.c,
           common/event_poll.c, common/event_select.c, common/list.c,
           common/sudo_debug.c, config.h.in, configure, configure.in,
           include/list.h, include/sudo_debug.h, include/sudo_event.h,
           mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in,
           src/exec_pty.c:
           Simple event subsystem that uses poll() or select(). Basically a
           simplied subset of libevent2. Currently only fd events are supported
           (since that's all we need). The poll() backend is used by default,
           except on Mac OS X where poll() is broken for devices (including
           /dev/tty and ptys).
           [8773142b4117]
   
           * src/exec.c, src/exec_pty.c:
           Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent
           semantics when the other end closes. This should make the conversion
           to poll() less problematic.
           [b6a321722a91]
   
   2013-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * common/sudo_debug.c:
           Fix removal of trailing newlines in a debug message.
           [6f5ce5ac64e0]
   
   2013-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
   
           * plugins/sudoers/visudo.c:
           When checking for unused Runas_Aliases, count those used as part of
           a Runas Group too. Fixes a false positive warning.
           [f13271a4a377]
   
 2013-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * include/missing.h:          * include/missing.h:
Line 182 Line 2225
   
         * plugins/sudoers/ldap.c:          * plugins/sudoers/ldap.c:
         Fix error display from ldap_ssl_client_init(). There are two error          Fix error display from ldap_ssl_client_init(). There are two error
        codes. The return value can be decoded via ldap_err2string() but        codes. The return value can be decoded via ldap_err2string() but the
        the ssl reason code cannot (you have to look it up in a table        ssl reason code cannot (you have to look it up in a table online).
        online). 
         [0267125ce9f0]          [0267125ce9f0]
   
 2013-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 330 Line 2372
         [3a3827f10f04]          [3a3827f10f04]
   
         * common/sudo_debug.c, include/sudo_debug.h:          * common/sudo_debug.c, include/sudo_debug.h:
        Add support to the debug subsystem for zero-length strings. This        Add support to the debug subsystem for zero-length strings. This can
        can happen for things like warning(NULL) or fatal(NULL) where we        happen for things like warning(NULL) or fatal(NULL) where we just
        just want to log the errno string.        want to log the errno string.
         [3ed739c5cc91]          [3ed739c5cc91]
   
         * include/error.h:          * include/error.h:
Line 392 Line 2434
         plugins/sudoers/logging.c, plugins/sudoers/match.c,          plugins/sudoers/logging.c, plugins/sudoers/match.c,
         plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,          plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
         plugins/sudoers/sudoers.h:          plugins/sudoers/sudoers.h:
        Add limited support for "sudo -l -h other_host". Since group        Add limited support for "sudo -l -h other_host". Since group lookups
        lookups are done on the local host, rules that use group membership        are done on the local host, rules that use group membership may be
        may be incorrect if the group database is not synchronized between        incorrect if the group database is not synchronized between hosts.
        hosts. 
         [2c8b222a5f7f]          [2c8b222a5f7f]
   
         * src/parse_args.c:          * src/parse_args.c:
Line 516 Line 2557
   
         * plugins/sudoers/atoid.c:          * plugins/sudoers/atoid.c:
         Add atoid() function to convert a string to an id_t (uid, gid or          Add atoid() function to convert a string to an id_t (uid, gid or
        pid). We have to be careful to choose() either strtol() or        pid). We have to be careful to choose() either strtol() or strtoul()
        strtoul() depending on whether the string appears to be signed or        depending on whether the string appears to be signed or unsigned.
        unsigned. Always using strtoul() is unsafe on 64-bit platforms since        Always using strtoul() is unsafe on 64-bit platforms since the uid
        the uid might be represented as a negative number and (unsigned        might be represented as a negative number and (unsigned long)-1 on a
        long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.        64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
        Fixes a problem with uids larger than 0x7fffffff on 32-bit        with uids larger than 0x7fffffff on 32-bit platforms.
        platforms. 
         [5d818e399157]          [5d818e399157]
   
         * MANIFEST, config.h.in, configure, configure.in,          * MANIFEST, config.h.in, configure, configure.in,
         plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,          plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
         plugins/sudoers/sudoers.h:          plugins/sudoers/sudoers.h:
         Add atoid() function to convert a string to an id_t (uid, gid or          Add atoid() function to convert a string to an id_t (uid, gid or
        pid). We have to be careful to choose() either strtol() or        pid). We have to be careful to choose() either strtol() or strtoul()
        strtoul() depending on whether the string appears to be signed or        depending on whether the string appears to be signed or unsigned.
        unsigned. Always using strtoul() is unsafe on 64-bit platforms since        Always using strtoul() is unsafe on 64-bit platforms since the uid
        the uid might be represented as a negative number and (unsigned        might be represented as a negative number and (unsigned long)-1 on a
        long)-1 on a 64-bit system is 0xffffffffffffffff not 0xffffffff.        64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
        Fixes a problem with uids larger than 0x7fffffff on 32-bit        with uids larger than 0x7fffffff on 32-bit platforms.
        platforms. 
         [cd92246a710f]          [cd92246a710f]
   
         * plugins/sudoers/sudoers.c:          * plugins/sudoers/sudoers.c:
Line 642 Line 2681
         * plugins/sudoers/ldap.c, src/preload.c:          * plugins/sudoers/ldap.c, src/preload.c:
         Now that the ldap code runs with the real and effective uid set to          Now that the ldap code runs with the real and effective uid set to
         0, it is not possible for the gssapi libs to find the user's krb5          0, it is not possible for the gssapi libs to find the user's krb5
        credential cache file. To work around this, we make a temporary        credential cache file. To work around this, we make a temporary copy
        copy of the user's credential cache specified by KRB5CCNAME (opened        of the user's credential cache specified by KRB5CCNAME (opened with
        with the user's effective uid) and point gssapi to it. To set the        the user's effective uid) and point gssapi to it. To set the
         credential cache file name, we dynamically look up          credential cache file name, we dynamically look up
         gss_krb5_ccache_name() and use it if available, otherwise fall back          gss_krb5_ccache_name() and use it if available, otherwise fall back
         to setting KRB5CCNAME.          to setting KRB5CCNAME.
Line 799 Line 2838
         * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:          * INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
         Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.          Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
         OpenBSD also supports PIE but enables it by default so we don't need          OpenBSD also supports PIE but enables it by default so we don't need
        to do anything. This fixes problems on systems with a version of        to do anything. This fixes problems on systems with a version of GNU
        GNU ld that accepts -pie but where the run-time linker doesn't        ld that accepts -pie but where the run-time linker doesn't actually
        actually support PIE. Also verify that a trivial PIE binary works        support PIE. Also verify that a trivial PIE binary works unless PIE
        unless PIE is explicitly enabled.        is explicitly enabled.
         [3c5f125efeb1]          [3c5f125efeb1]
   
 2013-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 835 Line 2874
         plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:          plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
         Replace sequence number-based cycle detection in visudo with a          Replace sequence number-based cycle detection in visudo with a
         "used" flag in struct alias. The caller is required to call          "used" flag in struct alias. The caller is required to call
        alias_put() when it is done with the alias. Inspired by a patch        alias_put() when it is done with the alias. Inspired by a patch from
        from Daniel Kopecek.        Daniel Kopecek.
         [0bdbac1b3b39]          [0bdbac1b3b39]
   
 2013-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 870 Line 2909
   
         * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:          * plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
         No longer store the ctime of a devpts tty. The handling of ctime on          No longer store the ctime of a devpts tty. The handling of ctime on
        devpts in Linux has been changed to conform to POSIX. As a result        devpts in Linux has been changed to conform to POSIX. As a result we
        we can no longer assume that the ctime will stay unchanged        can no longer assume that the ctime will stay unchanged throughout
        throughout the life of the session. We store the session ID in the        the life of the session. We store the session ID in the time stamp
        time stamp file so there is a much smaller chance of the time stamp        file so there is a much smaller chance of the time stamp file being
        file being reused by a new login. While here, store the uid/gid in        reused by a new login. While here, store the uid/gid in the
        the timestamp file too for good measure.        timestamp file too for good measure.
         [7028b21f7a9b]          [7028b21f7a9b]
   
         * configure, configure.in:          * configure, configure.in:
Line 1289 Line 3328
         plugins/sudoers/toke_util.c:          plugins/sudoers/toke_util.c:
         Initial implementation of checksum support in sudoers. Currently          Initial implementation of checksum support in sudoers. Currently
         supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format          supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
        validation in parser and base64 support. checksum support for        validation in parser and base64 support. checksum support for ldap
        ldap sudoers        sudoers
         [b8f196346eca]          [b8f196346eca]
   
 2013-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 1917 Line 3956
         * src/exec_pty.c:          * src/exec_pty.c:
         When running the command in a pty, defer the call to exec_setup()          When running the command in a pty, defer the call to exec_setup()
         until just before we exec the command. This is consistent with the          until just before we exec the command. This is consistent with the
        non-pty path. As a side effect, the monitor process runs as root        non-pty path. As a side effect, the monitor process runs as root and
        and not the runas user.        not the runas user.
         [e2a7f8c7ee4c]          [e2a7f8c7ee4c]
   
 2013-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 2363 Line 4402
   
         * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:          * common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
         Add group_source setting in sudo.conf to allow the admin to specify          Add group_source setting in sudo.conf to allow the admin to specify
        how a user's groups are looked up. Legal values are static (just        how a user's groups are looked up. Legal values are static (just the
        the kernel list from getgroups), dynamic (whatever the group        kernel list from getgroups), dynamic (whatever the group database
        database includes) and adaptive (only use group db if kernel group        includes) and adaptive (only use group db if kernel group list is
        list is full).        full).
         [87a5b02e22ad]          [87a5b02e22ad]
   
         * plugins/sudoers/policy.c:          * plugins/sudoers/policy.c:
Line 2434 Line 4473
   
         * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,          * MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
         configure, configure.in:          configure, configure.in:
        Use nss_search() to implement getgrouplist() where available.        Use nss_search() to implement getgrouplist() where available. Tested
        Tested on Solaris and HP-UX. We need to include a compatibility        on Solaris and HP-UX. We need to include a compatibility header for
        header for HP-UX which uses the Solaris nsswitch implementation but        HP-UX which uses the Solaris nsswitch implementation but doesn't
        doesn't ship nss_dbdefs.h.        ship nss_dbdefs.h.
         [d29dbc4dc06d]          [d29dbc4dc06d]
   
 2013-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>  2013-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 2514 Line 4553
         plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:          plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
         Add exec_background option in plugin command info and a sudoers          Add exec_background option in plugin command info and a sudoers
         option to match. When set, commands are started in the background          option to match. When set, commands are started in the background
        and automatically foregrounded as needed. There are issues with        and automatically foregrounded as needed. There are issues with some
        some ill-mannered programs (like Linux su) so this is not the        ill-mannered programs (like Linux su) so this is not the default.
        default. 
         [c0b32b0938f2]          [c0b32b0938f2]
   
         * common/Makefile.in:          * common/Makefile.in:
Line 2578 Line 4616
   
         * src/exec_pty.c:          * src/exec_pty.c:
         No need to restore default signal handler for SIGSTOP as it is not          No need to restore default signal handler for SIGSTOP as it is not
        catchable. Attempting to do so is harmless but sigaction() will        catchable. Attempting to do so is harmless but sigaction() will fail
        fail and set errno to EINVAL which makes it looks like there is an        and set errno to EINVAL which makes it looks like there is an error.
        error. 
         [be7c0b759e9a]          [be7c0b759e9a]
   
         * src/exec.c:          * src/exec.c:
Line 2816 Line 4853
         plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,          plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
         plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:          plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
         Allow sudoers programs (visudo, sudoreplay, visudo) to use          Allow sudoers programs (visudo, sudoreplay, visudo) to use
        plugin_error.c instead of the error.c from the front-end. This        plugin_error.c instead of the error.c from the front-end. This means
        means sudoers_setlocale() needs to be independent of the sudo_user        sudoers_setlocale() needs to be independent of the sudo_user struct
        struct and the defaults table. The sudoers locale is now updated        and the defaults table. The sudoers locale is now updated via a
        via a callback.        callback.
         [e356f5f8cd6a]          [e356f5f8cd6a]
   
         * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,          * plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
Line 3429 Line 5466
   
         * src/exec.c:          * src/exec.c:
         Shells typically change their process group when they start up so          Shells typically change their process group when they start up so
        that they can implement job control. Most well-behaved shells        that they can implement job control. Most well-behaved shells change
        change the pgrp back to its original value before suspending so we        the pgrp back to its original value before suspending so we must not
        must not try to restore in that case, lest we race with the child        try to restore in that case, lest we race with the child upon
        upon resume, potentially stopping sudo with SIGTTOU while the        resume, potentially stopping sudo with SIGTTOU while the command
        command continues to run. Some shells, such as pdksh, just suspend        continues to run. Some shells, such as pdksh, just suspend the shell
        the shell by sending SIGSTOP to themselves without restoring the        by sending SIGSTOP to themselves without restoring the pgrp. In this
        pgrp. In this case we need to change the pgrp back for them. Should        case we need to change the pgrp back for them. Should fix bug #568
        fix bug #568 
         [6ac6751ffd17]          [6ac6751ffd17]
   
 2012-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 3593 Line 5629
         * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,          * plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
         plugins/sudoers/visudo.c:          plugins/sudoers/visudo.c:
         Add new check_defaults() function to check (but not update) the          Add new check_defaults() function to check (but not update) the
        Defaults entries. Visudo can now use this instead of        Defaults entries. Visudo can now use this instead of update_defaults
        update_defaults to check all the defaults regardless instead of just        to check all the defaults regardless instead of just the global
        the global Defaults entries.        Defaults entries.
         [3fa879ce1b65]          [3fa879ce1b65]
   
 2012-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 3810 Line 5846
         Previously, we just checked RLIMIT_NPROC and, if it was unlimited,          Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
         restored the previous value of RLIMIT_NPROC. However, that makes it          restored the previous value of RLIMIT_NPROC. However, that makes it
         impossible to set nproc to unlimited. We now only restore the nproc          impossible to set nproc to unlimited. We now only restore the nproc
        resource limit if sysconf(_SC_CHILD_MAX) is negative. In most        resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases,
        cases, pam_limits will set RLIMIT_NPROC for us.        pam_limits will set RLIMIT_NPROC for us.
         [cb71cc8d0b08]          [cb71cc8d0b08]
   
 2012-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 3993 Line 6029
         call audit_failure() for us.          call audit_failure() for us.
   
         This subtly changes logging for commands that are denied by sudoers          This subtly changes logging for commands that are denied by sudoers
        but where the user failed to enter the correct password.        but where the user failed to enter the correct password. Previously,
        Previously, these would be logged as "N incorrect password attempts"        these would be logged as "N incorrect password attempts" but now are
        but now are logged as "command not allowed". Fixes bug #563        logged as "command not allowed". Fixes bug #563
         [cad35f0b3ad7]          [cad35f0b3ad7]
   
 2012-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 4207 Line 6243
         [b8961cd82337]          [b8961cd82337]
   
         * plugins/sudoers/regress/check_symbols/check_symbols.c:          * plugins/sudoers/regress/check_symbols/check_symbols.c:
        Add check for exported local symbols. This will cause a "make        Add check for exported local symbols. This will cause a "make check"
        check" failure on systems where we don't support symbol hiding.        failure on systems where we don't support symbol hiding.
         [8aa549389bb1]          [8aa549389bb1]
   
         * configure, configure.in:          * configure, configure.in:
Line 4290 Line 6326
         plugins/system_group/system_group.map, src/sudo_noexec.c,          plugins/system_group/system_group.map, src/sudo_noexec.c,
         src/sudo_noexec.map:          src/sudo_noexec.map:
         Use gcc's visibility attribute to specify when symbols are visible          Use gcc's visibility attribute to specify when symbols are visible
        or hidden, if available. If not available, use an ELF version        or hidden, if available. If not available, use an ELF version script
        script if it is supported. If all else fails, fall back to using        if it is supported. If all else fails, fall back to using libtool's
        libtool's -export-symbols.        -export-symbols.
         [64e889921727]          [64e889921727]
   
 2012-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 4436 Line 6472
   
         * plugins/sudoers/sudoreplay.c:          * plugins/sudoers/sudoreplay.c:
         Instead of doing extra write()s when replaying stdout, build up a          Instead of doing extra write()s when replaying stdout, build up a
        vector for writev() instead. This results in far fewer system        vector for writev() instead. This results in far fewer system calls.
        calls. 
         [303d866c025c]          [303d866c025c]
   
 2012-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 4885 Line 6920
         Rototill code to determine the tty. For Linux, we now look up the          Rototill code to determine the tty. For Linux, we now look up the
         tty device in /proc/pid/stat instead of trying to open          tty device in /proc/pid/stat instead of trying to open
         /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given          /proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
        device number to a string. On BSD, we can use devname(). On        device number to a string. On BSD, we can use devname(). On Solaris,
        Solaris, _ttyname_dev() does what we want. TODO: write /dev/        _ttyname_dev() does what we want. TODO: write /dev/ traversal code
        traversal code for the generic sudo_ttyname_dev().        for the generic sudo_ttyname_dev().
         [6b22be4d09f0]          [6b22be4d09f0]
   
 2012-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5498 Line 7533
   
         * src/hooks.c, src/sudo.c, src/sudo.h:          * src/hooks.c, src/sudo.c, src/sudo.h:
         Disable environment hooks after we get user_env back to make sure a          Disable environment hooks after we get user_env back to make sure a
        plugin can't to modify user_env after we "own" it. This is kind of        plugin can't to modify user_env after we "own" it. This is kind of a
        a hack but we don't want the init_session plugin function to modify        hack but we don't want the init_session plugin function to modify
         user_env.          user_env.
         [8e6d119452a5]          [8e6d119452a5]
   
Line 5523 Line 7558
         plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,          plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
         src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,          src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
         src/sudo_plugin_int.h:          src/sudo_plugin_int.h:
        Initial cut at a hooks implementation. The plugin can register        Initial cut at a hooks implementation. The plugin can register hooks
        hooks for getenv, putenv, setenv and unsetenv. This makes it        for getenv, putenv, setenv and unsetenv. This makes it possible for
        possible for the plugin to trap changes to the environment made by        the plugin to trap changes to the environment made by authentication
        authentication methods such as PAM or BSD auth so that such changes        methods such as PAM or BSD auth so that such changes are reflected
        are reflected in the environment passed back to sudo for execve().        in the environment passed back to sudo for execve().
         [61cffa06f863]          [61cffa06f863]
   
 2012-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5590 Line 7625
         [b2d6ee1e547a]          [b2d6ee1e547a]
   
         * config.h.in, configure, configure.in, src/ttyname.c:          * config.h.in, configure, configure.in, src/ttyname.c:
        Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some        Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
        versions of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.        of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
         [159f6a50456a]          [159f6a50456a]
   
 2012-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5650 Line 7685
         Relax the user/group/mode checks on sudoers files. As long as the          Relax the user/group/mode checks on sudoers files. As long as the
         file is owned by the right user, not world-writable and not writable          file is owned by the right user, not world-writable and not writable
         by a group other than the one specified at configure time (gid 0 by          by a group other than the one specified at configure time (gid 0 by
        default), the file is considered OK. Note that visudo will still        default), the file is considered OK. Note that visudo will still set
        set the mode to the value specified at configure time.        the mode to the value specified at configure time.
         [241174babfcc]          [241174babfcc]
   
 2012-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5728 Line 7763
   
         * plugins/sudoers/Makefile.in, src/Makefile.in:          * plugins/sudoers/Makefile.in, src/Makefile.in:
         Got back to using "install-sh -M" for files installed as non-          Got back to using "install-sh -M" for files installed as non-
        readable by owner. This fixes "make install" as non-root for        readable by owner. This fixes "make install" as non-root for package
        package building.        building.
         [967804ee77d6]          [967804ee77d6]
   
 2012-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2012-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 5947 Line 7982
         * plugins/sudoers/sudoers.c:          * plugins/sudoers/sudoers.c:
         For "sudo -g" prepend the specified group ID to the beginning of the          For "sudo -g" prepend the specified group ID to the beginning of the
         groups list. This matches BSD convention where the effective gid is          groups list. This matches BSD convention where the effective gid is
        the first entry in the group list. This is required on newer        the first entry in the group list. This is required on newer FreeBSD
        FreeBSD where the effective gid is not tracked separately and thus        where the effective gid is not tracked separately and thus
         setgroups() changes the egid if this convention is not followed.          setgroups() changes the egid if this convention is not followed.
         Fixes bug #532          Fixes bug #532
         [782d6909108b]          [782d6909108b]
Line 6278 Line 8313
   
         * plugins/sudoers/Makefile.in:          * plugins/sudoers/Makefile.in:
         If srcdir is "." just use the basename of the yacc/lex file when          If srcdir is "." just use the basename of the yacc/lex file when
        generating the C version. This matches the generated files        generating the C version. This matches the generated files currently
        currently in the repo.        in the repo.
         [0b11c3df87a8]          [0b11c3df87a8]
   
         * doc/Makefile.in, plugins/sudoers/Makefile.in:          * doc/Makefile.in, plugins/sudoers/Makefile.in:
Line 6300 Line 8335
   
         * src/exec_pty.c:          * src/exec_pty.c:
         Catch common signals in the monitor process so they get passed to          Catch common signals in the monitor process so they get passed to
        the command. Fixes a problem when the entire login session is        the command. Fixes a problem when the entire login session is killed
        killed when ssh is disconnected or the terminal window is closed.        when ssh is disconnected or the terminal window is closed.
         Previously, the monitor would exit and plugin's close method would          Previously, the monitor would exit and plugin's close method would
         not be called.          not be called.
         [0e4658263138]          [0e4658263138]
Line 6368 Line 8403
   
         * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:          * plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
         Fetch the login class for the user we authenticate specifically when          Fetch the login class for the user we authenticate specifically when
        using BSD authentication. That user may have a different login        using BSD authentication. That user may have a different login class
        class than what we will use to run the command. When setting the        than what we will use to run the command. When setting the login
        login class for the command, use the target user's struct passwd,        class for the command, use the target user's struct passwd, not the
        not the invoking user's. Fixes bug 526        invoking user's. Fixes bug 526
         [21bf0af892f7]          [21bf0af892f7]
   
         * compat/Makefile.in, configure, configure.in, doc/Makefile.in,          * compat/Makefile.in, configure, configure.in, doc/Makefile.in,
Line 6417 Line 8452
   
         * aclocal.m4, config.h.in, configure, configure.in:          * aclocal.m4, config.h.in, configure, configure.in:
         No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default          No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
        includes have unistd.h in them. Add check for socklen_t for        includes have unistd.h in them. Add check for socklen_t for upcoming
        upcoming getaddrinfo compat.        getaddrinfo compat.
         [d705465bef69]          [d705465bef69]
   
         * common/fileops.c, compat/nanosleep.c, config.h.in, configure,          * common/fileops.c, compat/nanosleep.c, config.h.in, configure,
Line 6873 Line 8908
         * plugins/sudoers/pwutil.c:          * plugins/sudoers/pwutil.c:
         Instead of trying to grow the buffer in make_grlist_item(), simply          Instead of trying to grow the buffer in make_grlist_item(), simply
         increase the total length, free the old buffer and allocate a new          increase the total length, free the old buffer and allocate a new
        one. This is less error prone and saves us from having to adjust        one. This is less error prone and saves us from having to adjust all
        all the pointers in the buffer. This code path is only taken when        the pointers in the buffer. This code path is only taken when there
        there are groups longer than the length of the user field in struct        are groups longer than the length of the user field in struct utmp
        utmp or utmpx, which should be quite rare.        or utmpx, which should be quite rare.
         [5587dc8cffaf]          [5587dc8cffaf]
   
         * src/po/it.mo:          * src/po/it.mo:
Line 6956 Line 8991
   
         * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,          * plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
         plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:          plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
        Fix a PAM_USER mismatch in session open/close. We update PAM_USER        Fix a PAM_USER mismatch in session open/close. We update PAM_USER to
        to the target user immediately before setting resource limits, which        the target user immediately before setting resource limits, which is
        is after the monitor process has forked (so it has the old value).        after the monitor process has forked (so it has the old value).
         Also, if the user did not authenticate, there is no pamh in the          Also, if the user did not authenticate, there is no pamh in the
         monitor so we need to init pam here too. This means we end up          monitor so we need to init pam here too. This means we end up
         calling pam_start() twice, which should be fixed, but at least the          calling pam_start() twice, which should be fixed, but at least the
Line 7083 Line 9118
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Remove --with-CC option; it doesn't work correctly now that we use          Remove --with-CC option; it doesn't work correctly now that we use
        libtool. Users can get the same effect by setting the CC        libtool. Users can get the same effect by setting the CC environment
        environment variable when running configure.        variable when running configure.
         [ec22bd1a55e0]          [ec22bd1a55e0]
   
 2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7336 Line 9371
   
         * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:          * plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
         Go back to escaping the command args for "sudo -i" and "sudo -s"          Go back to escaping the command args for "sudo -i" and "sudo -s"
        before calling the plugin. Otherwise, spaces in the command args        before calling the plugin. Otherwise, spaces in the command args are
        are not treated properly. The sudoers plugin will unescape non-        not treated properly. The sudoers plugin will unescape non- spaces
        spaces to make matching easier.        to make matching easier.
         [dfa2c4636f33]          [dfa2c4636f33]
   
 2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7491 Line 9526
         plugins/sudoers/regress/logging/check_wrap.in,          plugins/sudoers/regress/logging/check_wrap.in,
         plugins/sudoers/regress/logging/check_wrap.out.ok:          plugins/sudoers/regress/logging/check_wrap.out.ok:
         Split out log file word wrap code into its own file and add unit          Split out log file word wrap code into its own file and add unit
        tests. Fixes an off-by one in the word wrap when the log line        tests. Fixes an off-by one in the word wrap when the log line length
        length matches loglinelen.        matches loglinelen.
         [52ed277f6690]          [52ed277f6690]
   
 2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7507 Line 9542
         [b994f7b0d8b4]          [b994f7b0d8b4]
   
         * configure, configure.in:          * configure, configure.in:
        Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX        Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
        5.3 and above.        and above.
         [c2a6f9b472f3]          [c2a6f9b472f3]
   
 2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 7804 Line 9839
   
         * Makefile.in, compat/Makefile.in, mkdep.pl,          * Makefile.in, compat/Makefile.in, mkdep.pl,
         plugins/sudoers/Makefile.in:          plugins/sudoers/Makefile.in:
        Add dependency for siglist.lo in compat. This is a generated file        Add dependency for siglist.lo in compat. This is a generated file so
        so "make depend" needs to depend on it.        "make depend" needs to depend on it.
         [28d0932f8b50]          [28d0932f8b50]
   
         * compat/Makefile.in:          * compat/Makefile.in:
Line 8248 Line 10283
   
         * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:          * src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
         Load plugins after parsing arguments and potentially printing the          Load plugins after parsing arguments and potentially printing the
        version. That way, an error loading or initializing a plugin        version. That way, an error loading or initializing a plugin doesn't
        doesn't break "sudo -h" or "sudo -V".        break "sudo -h" or "sudo -V".
         [1b76f2b096a2]          [1b76f2b096a2]
   
         * Makefile.in:          * Makefile.in:
Line 8330 Line 10365
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:          plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
         The --with-libpath option now adds to SUDOERS_LDFLAGS as well as          The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
         LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and          LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
        set it to -Wc,-static-libgcc if not using GNU ld so we don't        set it to -Wc,-static-libgcc if not using GNU ld so we don't have a
        have a dependency on the shared libgcc in sudoers.so.        dependency on the shared libgcc in sudoers.so.
         [66ad8bc5e32d]          [66ad8bc5e32d]
   
         * doc/sudoers.pod:          * doc/sudoers.pod:
Line 8621 Line 10656
         * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,          * plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
         plugins/sudoers/toke.l:          plugins/sudoers/toke.l:
         Make lex tracing settable at run-time in testsudoers via the -t          Make lex tracing settable at run-time in testsudoers via the -t
        flag. Trace output goes to stderr. Will be used by regress tests        flag. Trace output goes to stderr. Will be used by regress tests to
        to check lexer.        check lexer.
         [93bd53c413c8]          [93bd53c413c8]
   
         * plugins/sudoers/toke.c, plugins/sudoers/toke.l:          * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
Line 8655 Line 10690
   
         * src/exec_pty.c:          * src/exec_pty.c:
         Save the controlling tty process group before suspending in pty          Save the controlling tty process group before suspending in pty
        mode. Previously, we assumed that the child pgrp == child pid        mode. Previously, we assumed that the child pgrp == child pid (which
        (which is usually, but not always, the case).        is usually, but not always, the case).
         [10b2883b7875]          [10b2883b7875]
   
         * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:          * doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
        Add support for sudoers_search_filter setting in ldap.conf. This        Add support for sudoers_search_filter setting in ldap.conf. This can
        can be used to restrict the set of records returned by the LDAP        be used to restrict the set of records returned by the LDAP query.
        query. 
         [b0f1b721d102]          [b0f1b721d102]
   
 2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 8894 Line 10928
   
         * configure, configure.in, plugins/sample/Makefile.in,          * configure, configure.in, plugins/sample/Makefile.in,
         plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:          plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
        Install plugins manually instead of using libtool. This works        Install plugins manually instead of using libtool. This works around
        around a problem on AIX where libtool will install a .a file        a problem on AIX where libtool will install a .a file containing the
        containing the .so file instead of the .so file itself.        .so file instead of the .so file itself.
         [796971cfbddb]          [796971cfbddb]
   
         * Makefile.in:          * Makefile.in:
Line 8955 Line 10989
   
         * plugins/sudoers/sudoers.c:          * plugins/sudoers/sudoers.c:
         Fix return value of "sudo -l command" when command is not allowed,          Fix return value of "sudo -l command" when command is not allowed,
        broken in [c7097ea22111]. The default return value is now TRUE and        broken in [c7097ea22111]. The default return value is now TRUE and a
        a bad: label is used when permission is denied. Also fixed missing        bad: label is used when permission is denied. Also fixed missing
         permissions restoration on certain errors. On error()/errorx(), the          permissions restoration on certain errors. On error()/errorx(), the
         password and group files are now closed before returning.          password and group files are now closed before returning.
         [4f2d0e869ae5]          [4f2d0e869ae5]
Line 9446 Line 11480
   
         * plugins/sudoers/ldap.c:          * plugins/sudoers/ldap.c:
         Stash pointer to user group vector in LDAP handle and only reuse the          Stash pointer to user group vector in LDAP handle and only reuse the
        query if it has not changed. We always allocate a new buffer when        query if it has not changed. We always allocate a new buffer when we
        we reset the group vector so a simple pointer check is sufficient.        reset the group vector so a simple pointer check is sufficient.
         [88861d4eba69]          [88861d4eba69]
   
         * plugins/sudoers/sudo_nss.c:          * plugins/sudoers/sudo_nss.c:
Line 9767 Line 11801
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:          plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
         Allow sudoers to specify the iolog file in addition to the iolog          Allow sudoers to specify the iolog file in addition to the iolog
         dir. Add escape sequence support to iolog file and dir: sequence          dir. Add escape sequence support to iolog file and dir: sequence
        number, user, group, runas_user, runas_group, hostname and        number, user, group, runas_user, runas_group, hostname and command
        command in addition to any escape sequence recognized by        in addition to any escape sequence recognized by strftime(3).
        strftime(3). 
         [75cd32ee0435]          [75cd32ee0435]
   
         * plugins/sudoers/iolog.c:          * plugins/sudoers/iolog.c:
Line 9786 Line 11819
         [d29784fd2a66]          [d29784fd2a66]
   
         * common/term.c:          * common/term.c:
        Clear OPOST from c_oflag like we used to. Fixes screen-based        Clear OPOST from c_oflag like we used to. Fixes screen-based editors
        editors such as vi.        such as vi.
         [506ad5ae9b4e]          [506ad5ae9b4e]
   
         * doc/sudoers.pod:          * doc/sudoers.pod:
Line 10523 Line 12556
         * plugins/sudoers/match.c:          * plugins/sudoers/match.c:
         When matching the runas user and runas group (-u and -g command line          When matching the runas user and runas group (-u and -g command line
         options), keep track of runas group and runas user matches          options), keep track of runas group and runas user matches
        separately. Only return a positive match if we have a match for        separately. Only return a positive match if we have a match for both
        both runas user and runas group (if specified).        runas user and runas group (if specified).
         [815219e04cc8]          [815219e04cc8]
   
 2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 10749 Line 12782
         * plugins/sudoers/check.c, plugins/sudoers/ldap.c,          * plugins/sudoers/check.c, plugins/sudoers/ldap.c,
         plugins/sudoers/match.c, plugins/sudoers/pwutil.c,          plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
         plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:          plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
        Reference count cached passwd and group structs. The cache holds        Reference count cached passwd and group structs. The cache holds one
        one reference itself and another is added by sudo_getgr{gid,nam} and        reference itself and another is added by sudo_getgr{gid,nam} and
         sudo_getpw{uid,nam}. The final ref on the runas and user passwd and          sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
         group structs are persistent for now.          group structs are persistent for now.
         [e544685523c3]          [e544685523c3]
Line 10883 Line 12916
   
         * plugins/sudoers/sudoreplay.c:          * plugins/sudoers/sudoreplay.c:
         Add setlocale() so the command line arguments that use floating          Add setlocale() so the command line arguments that use floating
        point work in different locales. Since sudo now logs the timing        point work in different locales. Since sudo now logs the timing data
        data in the C locale we must Parse the seconds in the timing file        in the C locale we must Parse the seconds in the timing file
         manually instead of using strtod(). Furthermore, sudo 1.7.3 logged          manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
         the number of seconds with the user's locale so if the decimal point          the number of seconds with the user's locale so if the decimal point
         is not '.' try using the locale-specific version.          is not '.' try using the locale-specific version.
Line 11063 Line 13096
   
         * common/aix.c:          * common/aix.c:
         setauthdb() only sets the "old" registry if it was set by a previous          setauthdb() only sets the "old" registry if it was set by a previous
        call to setauthdb(). To restore the original value, passing NULL        call to setauthdb(). To restore the original value, passing NULL (or
        (or an empty string) to setauthdb() is sufficient.        an empty string) to setauthdb() is sufficient.
         [470da190a254]          [470da190a254]
   
 2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 11174 Line 13207
         Use tab indents to reduce the chance of problem with <<- Fix the          Use tab indents to reduce the chance of problem with <<- Fix the
         debian %set section, pp does not set pp_deb_distro Uncomment %sudo          debian %set section, pp does not set pp_deb_distro Uncomment %sudo
         line in sudoers for debian Uncomment some env_keep lines for RHEL,          line in sudoers for debian Uncomment some env_keep lines for RHEL,
        SLES and debian to more closely match the vendor sudoers files.        SLES and debian to more closely match the vendor sudoers files. Add
        Add /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on        /etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
         debian for ldap flavor          debian for ldap flavor
         [c5b49feb1a0c]          [c5b49feb1a0c]
   
Line 11813 Line 13846
   
         * plugins/sudoers/toke.c, plugins/sudoers/toke.l:          * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         A comment character may not be part of a command line argument          A comment character may not be part of a command line argument
        unless it is quoted with a backslash. Fixes parsing of:        unless it is quoted with a backslash. Fixes parsing of: testuser
        testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441        ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
         [ea2e990f85ed]          [ea2e990f85ed]
   
         * doc/sudoers.pod:          * doc/sudoers.pod:
Line 11935 Line 13968
         include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,          include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
         src/conversation.c, src/sudo.h, src/tgetpass.c:          src/conversation.c, src/sudo.h, src/tgetpass.c:
         Add SUDO_CONV_PROMPT_MASK define which corresponds to the          Add SUDO_CONV_PROMPT_MASK define which corresponds to the
        "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is        "pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set.
        set. 
         [e0550590cabe]          [e0550590cabe]
   
         * src/exec_pty.c:          * src/exec_pty.c:
Line 11988 Line 14020
   
         * plugins/sudoers/toke.c, plugins/sudoers/toke.l:          * plugins/sudoers/toke.c, plugins/sudoers/toke.l:
         If a file in a #includedir has improper permissions or owner just          If a file in a #includedir has improper permissions or owner just
        skip it. This prevents packages that incorrectly install a file        skip it. This prevents packages that incorrectly install a file into
        into /etc/sudoers.d from breaking sudo so easily. Syntax errors in        /etc/sudoers.d from breaking sudo so easily. Syntax errors in
         #includedir files still result in a parse error (for now).          #includedir files still result in a parse error (for now).
         [ade99a4549a4]          [ade99a4549a4]
   
Line 12487 Line 14519
         [31b69a6ecda7]          [31b69a6ecda7]
   
         * src/script.c, src/sudo.h:          * src/script.c, src/sudo.h:
        Cosmetic changes: add comments, remove orphaned prototype and        Cosmetic changes: add comments, remove orphaned prototype and make a
        make a global static.        global static.
         [f7851af0143e]          [f7851af0143e]
   
 2010-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 12562 Line 14594
         * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,          * plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
         src/sudo_edit.c:          src/sudo_edit.c:
         If plugin sets "sudoedit=true" in the command info, enable sudoedit          If plugin sets "sudoedit=true" in the command info, enable sudoedit
        mode even if not invoked as sudoedit. This allows a plugin to        mode even if not invoked as sudoedit. This allows a plugin to enable
        enable sudoedit when the user runs an editor.        sudoedit when the user runs an editor.
         [96d67b99e42e]          [96d67b99e42e]
   
 2010-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 12615 Line 14647
         [4cbf5196d993]          [4cbf5196d993]
   
         * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:          * plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
        Change how we handle the sudoedit argv. We now require that there        Change how we handle the sudoedit argv. We now require that there be
        be a "--" in argv to separate the editor and any command line        a "--" in argv to separate the editor and any command line arguments
        arguments from the files to be edited.        from the files to be edited.
         [20623d549a3c]          [20623d549a3c]
   
         * include/sudo_plugin.h, plugins/sample/sample_plugin.c,          * include/sudo_plugin.h, plugins/sample/sample_plugin.c,
Line 12709 Line 14741
         [dd5464257c69]          [dd5464257c69]
   
         * src/script.c:          * src/script.c:
        Fix SIGPIPE handling. Now that we use may use pipes for        Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout
        stdin/stdout we need to pass any SIGPIPE we receive to the running        we need to pass any SIGPIPE we receive to the running command.
        command. 
         [3f6b1991f4fd]          [3f6b1991f4fd]
   
         * src/script.c:          * src/script.c:
Line 12924 Line 14955
         * src/script.c:          * src/script.c:
         Defer call to alarm() until after we fork the child. Pass correct          Defer call to alarm() until after we fork the child. Pass correct
         pid to terminate_child() If the command exits due to signal, set          pid to terminate_child() If the command exits due to signal, set
        alive to false like we do when it exits normally. Add missing        alive to false like we do when it exits normally. Add missing check
        check for errpipe[0] != -1 before using it in FD_ISSET        for errpipe[0] != -1 before using it in FD_ISSET
         [22f0a1549391]          [22f0a1549391]
   
 2010-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 13790 Line 15821
         [04a233b6c491]          [04a233b6c491]
   
         * include/compat.h:          * include/compat.h:
        Add definition of WCOREDUMP for systems without it. This is known        Add definition of WCOREDUMP for systems without it. This is known to
        to work on AIX and SunOS 4, but may be incorrect on other systems        work on AIX and SunOS 4, but may be incorrect on other systems that
        that lack WCOREDUMP.        lack WCOREDUMP.
         [c85b3ce6b77d]          [c85b3ce6b77d]
   
 2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>  2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 14399 Line 16430
   
         * match.c:          * match.c:
         cmnd_matches() already deals with negation so _cmndlist_matches()          cmnd_matches() already deals with negation so _cmndlist_matches()
        does not need to do so itself. Fixes a bug with negated entries in        does not need to do so itself. Fixes a bug with negated entries in a
        a Cmnd_List.        Cmnd_List.
         [71c845f6ce73]          [71c845f6ce73]
   
 2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>  2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 14444 Line 16475
         allows the parent to distinguish between signals it has been sent          allows the parent to distinguish between signals it has been sent
         directly and signals the command has received. It also means the          directly and signals the command has received. It also means the
         parent can once again print the signal notifications to the tty so          parent can once again print the signal notifications to the tty so
        all writes to the pty master occur in the parent. The command is        all writes to the pty master occur in the parent. The command is now
        now always started in background mode with tty signals handled by        always started in background mode with tty signals handled by the
        the parent.        parent.
         [c6790b82986d]          [c6790b82986d]
   
 2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>  2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 14706 Line 16737
         [85f590a03275]          [85f590a03275]
   
         * script.c:          * script.c:
        Don't set stdout to blocking mode when flushing remaining output.        Don't set stdout to blocking mode when flushing remaining output. It
        It can cause us to hang when trying to exit. Need to investigate        can cause us to hang when trying to exit. Need to investigate why.
        why. 
         [6f803a3e33ca]          [6f803a3e33ca]
   
         * script.c:          * script.c:
Line 15233 Line 17263
         configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,          configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
         gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,          gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
         tgetpass.c:          tgetpass.c:
        First cut at session logging for sudo. Still need to write        First cut at session logging for sudo. Still need to write get_pty()
        get_pty() for Unix 98 and old-style BSD ptys. Also needs        for Unix 98 and old-style BSD ptys. Also needs documentation and
        documentation and general cleanup.        general cleanup.
         [77e3f5e25738]          [77e3f5e25738]
   
 2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 15751 Line 17781
         [2bcbbb45d389]          [2bcbbb45d389]
   
         * auth/pam.c:          * auth/pam.c:
        Make sure def_prompt is always defined. This is a workaround for        Make sure def_prompt is always defined. This is a workaround for pam
        pam configs that prompt for a password in the session but don't have        configs that prompt for a password in the session but don't have an
        an auth line. A better fix is to expand the sudo prompt earlier and        auth line. A better fix is to expand the sudo prompt earlier and set
        set def_prompt to that when initializing.        def_prompt to that when initializing.
         [ee073c04aec3]          [ee073c04aec3]
   
         * sudo.pod:          * sudo.pod:
Line 16905 Line 18935
   
         * INSTALL, configure, configure.in:          * INSTALL, configure, configure.in:
         Disable use of gss_krb5_ccache_name() by default and add          Disable use of gss_krb5_ccache_name() by default and add
        --enable-gss-krb5-ccache-name configure option to enable it. It        --enable-gss-krb5-ccache-name configure option to enable it. It seems
        seems that gss_krb5_ccache_name() doesn't work properly with some        that gss_krb5_ccache_name() doesn't work properly with some
         combinations of Heimdal and OpenLDAP.          combinations of Heimdal and OpenLDAP.
         [f61ebd3b19bd]          [f61ebd3b19bd]
   
Line 16976 Line 19006
   
         * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:          * Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
         Remove the =cut on the first line (above the copyright notice) to          Remove the =cut on the first line (above the copyright notice) to
        quiet pod2man. Also remove the hackery in the FILES section and        quiet pod2man. Also remove the hackery in the FILES section and just
        just deal with the fact that there will a newline between each        deal with the fact that there will a newline between each pathname.
        pathname. 
         [2ac1ab191835]          [2ac1ab191835]
   
 2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 17042 Line 19071
         * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,          * sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
         sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,          sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
         testsudoers.c, toke.c, toke.l:          testsudoers.c, toke.c, toke.l:
        Add support for SELinux RBAC. Sudoers entries may specify a role        Add support for SELinux RBAC. Sudoers entries may specify a role and
        and type. There are also role and type defaults that may be used.        type. There are also role and type defaults that may be used. To
        To make sure a transition occurs, when using RBAC commands are        make sure a transition occurs, when using RBAC commands are executed
        executed via the new sesh binary. Based on initial changes from Dan        via the new sesh binary. Based on initial changes from Dan Walsh.
        Walsh. 
         [1d4abfe2c004]          [1d4abfe2c004]
   
         * sesh.c:          * sesh.c:
        Add support for SELinux RBAC. Sudoers entries may specify a role        Add support for SELinux RBAC. Sudoers entries may specify a role and
        and type. There are also role and type defaults that may be used.        type. There are also role and type defaults that may be used. To
        To make sure a transition occurs, when using RBAC commands are        make sure a transition occurs, when using RBAC commands are executed
        executed via the new sesh binary. Based on initial changes from Dan        via the new sesh binary. Based on initial changes from Dan Walsh.
        Walsh. 
         [1e3b395ce049]          [1e3b395ce049]
   
         * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,          * Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
         def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,          def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
         pathnames.h.in, selinux.c:          pathnames.h.in, selinux.c:
        Add support for SELinux RBAC. Sudoers entries may specify a role        Add support for SELinux RBAC. Sudoers entries may specify a role and
        and type. There are also role and type defaults that may be used.        type. There are also role and type defaults that may be used. To
        To make sure a transition occurs, when using RBAC commands are        make sure a transition occurs, when using RBAC commands are executed
        executed via the new sesh binary. Based on initial changes from Dan        via the new sesh binary. Based on initial changes from Dan Walsh.
        Walsh. 
         [6b421948286e]          [6b421948286e]
   
 2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>  2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 17095 Line 19121
         * sudo.c:          * sudo.c:
         Unlimit nproc on Linux systems where calling the setuid() family of          Unlimit nproc on Linux systems where calling the setuid() family of
         syscalls causes the nroc resource limit to be checked. The limits          syscalls causes the nroc resource limit to be checked. The limits
        will be reset by pam_limits.so when PAM is used. In the non-PAM        will be reset by pam_limits.so when PAM is used. In the non-PAM case
        case the nproc limit will remain unlimited but there doesn't seem to        the nproc limit will remain unlimited but there doesn't seem to be a
        be a way around that other than having sudo parse        way around that other than having sudo parse
         /etc/security/limits.conf directly.          /etc/security/limits.conf directly.
         [df024b415a8d]          [df024b415a8d]
   
Line 17193 Line 19219
   
         * pwutil.c:          * pwutil.c:
         When copying gr_mem we must guarantee that the storage space for          When copying gr_mem we must guarantee that the storage space for
        gr_mem is properly aligned. The simplest way to do this is to        gr_mem is properly aligned. The simplest way to do this is to simply
        simply store gr_mem directly after struct group. This is not a        store gr_mem directly after struct group. This is not a problem for
        problem for gr_passwd or gr_name as they are simple strings.        gr_passwd or gr_name as they are simple strings.
         [af58fc76f1ed]          [af58fc76f1ed]
   
         * ldap.c:          * ldap.c:
Line 17543 Line 19569
 2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * env.c, pathnames.h.in, sudo.c, sudo.h:          * env.c, pathnames.h.in, sudo.c, sudo.h:
        Add support for reading and /etc/environment file. Still needs to        Add support for reading and /etc/environment file. Still needs to be
        be documented and should probably only applies to OSes that have it        documented and should probably only applies to OSes that have it
         (AIX and Linux, maybe others).          (AIX and Linux, maybe others).
         [15d3edae27e4]          [15d3edae27e4]
   
Line 17776 Line 19802
         [e486024574a1]          [e486024574a1]
   
         * ldap.c:          * ldap.c:
        Make sudo ALL imply setenv. Note that unlike with file-based        Make sudo ALL imply setenv. Note that unlike with file-based sudoers
        sudoers this does affect all the commands in the sudoRole.        this does affect all the commands in the sudoRole.
         [bc12f54321d1]          [bc12f54321d1]
   
         * gram.c, gram.y, parse.c, parse.h:          * gram.c, gram.y, parse.c, parse.h:
Line 17878 Line 19904
   
         * tgetpass.c:          * tgetpass.c:
         Avoid printing the prompt if we are already backgrounded. E.g. if          Avoid printing the prompt if we are already backgrounded. E.g. if
        the user runs "sudo foo &" from the shell. In this case, the call        the user runs "sudo foo &" from the shell. In this case, the call to
        to tcsetattr() will cause SIGTTOU to be delivered.        tcsetattr() will cause SIGTTOU to be delivered.
         [db2139a8d8b8]          [db2139a8d8b8]
   
 2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 18090 Line 20116
   
         * match.c, parse.c, testsudoers.c:          * match.c, parse.c, testsudoers.c:
         Use LH_FOREACH_REV when checking permission and short-circuit on the          Use LH_FOREACH_REV when checking permission and short-circuit on the
        first non-UNSPEC hit we get for the command. This means that        first non-UNSPEC hit we get for the command. This means that instead
        instead of cycling through the all the parsed sudoers entries we        of cycling through the all the parsed sudoers entries we start at
        start at the end and work backwards and quit after the first        the end and work backwards and quit after the first positive or
        positive or negative match.        negative match.
         [881474532f3e]          [881474532f3e]
   
         * gram.c:          * gram.c:
Line 18124 Line 20150
         * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,          * alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
         testsudoers.c, visudo.c:          testsudoers.c, visudo.c:
         Use a list head struct when storing the semi-circular lists and          Use a list head struct when storing the semi-circular lists and
        convert to tail queues in the process. This will allow us to        convert to tail queues in the process. This will allow us to reverse
        reverse foreach loops more easily and it makes it clearer which        foreach loops more easily and it makes it clearer which functions
        functions expect a list as opposed to a single member.        expect a list as opposed to a single member.
   
         Add macros for manipulating lists. Some of these should become          Add macros for manipulating lists. Some of these should become
         functions.          functions.
Line 18250 Line 20276
   
         * toke.l:          * toke.l:
         Require that the first character after a comment not be a digit or a          Require that the first character after a comment not be a digit or a
        dash. This allows us to remove the GOTRUNAS state and treat        dash. This allows us to remove the GOTRUNAS state and treat uid/gids
        uid/gids similar to other words. It also means that we can now        similar to other words. It also means that we can now specify uids
        specify uids in User_Lists and a User_Spec may now contain a uid.        in User_Lists and a User_Spec may now contain a uid.
         [461fe01f8392]          [461fe01f8392]
   
         * gram.y, toke.l:          * gram.y, toke.l:
Line 19067 Line 21093
   
         * auth/kerb5.c:          * auth/kerb5.c:
         If we cannot get a valid service key using the default keytab it is          If we cannot get a valid service key using the default keytab it is
        a fatal error. Fixes a bug where sudo could be tricked into        a fatal error. Fixes a bug where sudo could be tricked into allowing
        allowing access when it should not by a fake KDC. From Thor Lancelot        access when it should not by a fake KDC. From Thor Lancelot Simon.
        Simon. 
         [a3ae6a47cb23]          [a3ae6a47cb23]
   
 2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 19151 Line 21176
   
         * env.c:          * env.c:
         Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and          Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
        LDR_PRELOAD64. The 64-bit version is not currently supported.        LDR_PRELOAD64. The 64-bit version is not currently supported. Remove
        Remove zero_env() prototype as it no longer exists.        zero_env() prototype as it no longer exists.
         [b4fe65027fb6]          [b4fe65027fb6]
   
 2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>  2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 19537 Line 21562
         [1dfc2e8c9f2b]          [1dfc2e8c9f2b]
   
         * ldap.c:          * ldap.c:
        Reorganize LDAP code to better match normal sudoers parsing.        Reorganize LDAP code to better match normal sudoers parsing. Instead
        Instead of storing strings for later printing in -l mode we do        of storing strings for later printing in -l mode we do another query
        another query since the authenticating user and the user being        since the authenticating user and the user being listed may not be
        listed may not be the same (the new -U flag). Also add support for        the same (the new -U flag). Also add support for "sudo -l command".
        "sudo -l command". 
   
         There is still a fair bit if duplicated code that can probably be          There is still a fair bit if duplicated code that can probably be
         refactored.          refactored.
Line 20126 Line 22150
   
         * match.c, testsudoers.c, visudo.c:          * match.c, testsudoers.c, visudo.c:
         Only check group vector in usergr_matches() if we are matching the          Only check group vector in usergr_matches() if we are matching the
        invoking or list user. Always check the group members, even if        invoking or list user. Always check the group members, even if there
        there was a group vector.        was a group vector.
         [d0c7ceb2a041]          [d0c7ceb2a041]
   
 2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 20202 Line 22226
         [d69959681c87]          [d69959681c87]
   
         * getspwuid.c:          * getspwuid.c:
        Check rbinsert() return value. In the case of faked up entries        Check rbinsert() return value. In the case of faked up entries there
        there is usually a negative response cached that we need to        is usually a negative response cached that we need to overwrite.
        overwrite. 
   
         In pwfree() don't try to zero out a NULL pw_passwd pointer.          In pwfree() don't try to zero out a NULL pw_passwd pointer.
         [00b32d1a48c1]          [00b32d1a48c1]
Line 20296 Line 22319
         [e56fe33db916]          [e56fe33db916]
   
         * ldap.c, parse.c, sudo.c, sudo.h:          * ldap.c, parse.c, sudo.c, sudo.h:
        Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.        Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead,
        Instead, we just set the approriate defaults variable.        we just set the approriate defaults variable.
         [756eeecc1d86]          [756eeecc1d86]
   
         * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:          * sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
Line 20313 Line 22336
         * defaults.c, match.c, parse.c, parse.h, testsudoers.c:          * defaults.c, match.c, parse.c, parse.h, testsudoers.c:
         Change an occurence of user_matches() -> runas_matches() missed          Change an occurence of user_matches() -> runas_matches() missed
         previously runas_matches(), host_matches() and cmnd_matches() only          previously runas_matches(), host_matches() and cmnd_matches() only
        really need to pass in a list of members. user_matches() still        really need to pass in a list of members. user_matches() still needs
        needs to pass in a passwd struct because of "sudo -l"        to pass in a passwd struct because of "sudo -l"
         [833b22fc6fa0]          [833b22fc6fa0]
   
         * parse.c:          * parse.c:
Line 20622 Line 22645
         [ad462ede3094]          [ad462ede3094]
   
         * testsudoers.c:          * testsudoers.c:
        Rewrite for the new parser. Now supports a -d flag (dump) and adds        Rewrite for the new parser. Now supports a -d flag (dump) and adds a
        a -h flag (host). It now defaults to the local hostname unless        -h flag (host). It now defaults to the local hostname unless
         otherwise specified.          otherwise specified.
         [1b69685cc601]          [1b69685cc601]
   
Line 20805 Line 22828
 2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * mon_systrace.c:          * mon_systrace.c:
        Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably        Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means
        means we are out of space in the stack gap...        we are out of space in the stack gap...
         [5b02b702021e]          [5b02b702021e]
   
         * CHANGES:          * CHANGES:
Line 20952 Line 22975
         [ba481d9ed1aa]          [ba481d9ed1aa]
   
         * visudo.c:          * visudo.c:
        Overhaul visudo for editing multiple files: o visudo has been        Overhaul visudo for editing multiple files: o visudo has been broken
        broken out into functions (more work needed here) o each file is        out into functions (more work needed here) o each file is now edited
        now edited before sudoers is re-parsed o if a #include line is        before sudoers is re-parsed o if a #include line is added that file
        added that file will be edited too        will be edited too
   
         TODO: o cleanup temp files when exiting via err() or errx() o          TODO: o cleanup temp files when exiting via err() or errx() o
         continue breaking things out into separate functions          continue breaking things out into separate functions
Line 21011 Line 23034
   
         * parse.c, parse.h, parse.lex, parse.yacc:          * parse.c, parse.h, parse.lex, parse.yacc:
         More scaffolding for dealing with multiple sudoers files: o          More scaffolding for dealing with multiple sudoers files: o
        init_parser() now takes a path used to populate the sudoers global        init_parser() now takes a path used to populate the sudoers global o
        o the sudoers global is used to print the correct file in yyerror()        the sudoers global is used to print the correct file in yyerror() o
        o when switching to a new sudoers file, perserve old file name and        when switching to a new sudoers file, perserve old file name and
         line number          line number
         [d9be4970b8bd]          [d9be4970b8bd]
   
Line 21097 Line 23120
   
         * getspwuid.c:          * getspwuid.c:
         Add flag to sudo_pwdup that indicates whether or not to lookup the          Add flag to sudo_pwdup that indicates whether or not to lookup the
        shadow password. Will be used to a struct passwd that has the        shadow password. Will be used to a struct passwd that has the shadow
        shadow password already filled in.        password already filled in.
         [e19d43dd7238]          [e19d43dd7238]
   
         * mon_systrace.c:          * mon_systrace.c:
Line 21148 Line 23171
         [1703fd2fdef6]          [1703fd2fdef6]
   
         * mon_systrace.c:          * mon_systrace.c:
        systrace(4) support for sudo. On systems with the systrace(4)        systrace(4) support for sudo. On systems with the systrace(4) kernel
        kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can        facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
        intercept exec calls and check the exec args against the sudoers        calls and check the exec args against the sudoers file. In other
        file. In other words, sudo can now control subcommands and shell        words, sudo can now control subcommands and shell escapes.
        escapes. 
         [928c9217c386]          [928c9217c386]
   
         * sudo.c, sudo.h:          * sudo.c, sudo.h:
Line 22061 Line 24083
 2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * INSTALL, README.LDAP, config.h.in, configure.in:          * INSTALL, README.LDAP, config.h.in, configure.in:
        o --with-ldap now takes an optional dir as a parameter o added        o --with-ldap now takes an optional dir as a parameter o added check
        check for ldap_initialize() and start_tls_s()        for ldap_initialize() and start_tls_s()
         [2b846c7974c6]          [2b846c7974c6]
   
         * README.LDAP:          * README.LDAP:
Line 22128 Line 24150
         * parse.c:          * parse.c:
         In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was          In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
         explicitly denied and the command matched. This fixes a long-          explicitly denied and the command matched. This fixes a long-
        standing bug and makes: foo machine = (ALL) /usr/bin/blah        standing bug and makes: foo machine = (ALL) /usr/bin/blah foo
        foo machine = (!bar) /usr/bin/blah        machine = (!bar) /usr/bin/blah
   
         equivalent to: foo machine = (ALL, !bar) /usr/bin/blah          equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
         [2f5ee244985a]          [2f5ee244985a]
Line 22228 Line 24250
         [6058c4cefcec]          [6058c4cefcec]
   
         * set_perms.c, sudo.c, tgetpass.c, visudo.c:          * set_perms.c, sudo.c, tgetpass.c, visudo.c:
        Preliminary changes to support nsr-tandem-nsk. Based on patches        Preliminary changes to support nsr-tandem-nsk. Based on patches from
        from Tom Bates.        Tom Bates.
         [2e5f81834383]          [2e5f81834383]
   
         * logging.c:          * logging.c:
        Preliminary changes to support nsr-tandem-nsk. Based on patches        Preliminary changes to support nsr-tandem-nsk. Based on patches from
        from Tom Bates.        Tom Bates.
         [934bbe6872b6]          [934bbe6872b6]
   
         * check.c, compat.h:          * check.c, compat.h:
        Preliminary changes to support nsr-tandem-nsk. Based on patches        Preliminary changes to support nsr-tandem-nsk. Based on patches from
        from Tom Bates.        Tom Bates.
         [390b698b5924]          [390b698b5924]
   
 2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 22587 Line 24609
         [773165eb6057]          [773165eb6057]
   
         * visudo.c:          * visudo.c:
        Use WIFEXITED and WEXITSTATUS macros. If there are systems out        Use WIFEXITED and WEXITSTATUS macros. If there are systems out there
        there that want to run sudo that still don't support these we can        that want to run sudo that still don't support these we can try to
        try to deal with that later.        deal with that later.
         [6af68e4aff60]          [6af68e4aff60]
   
         * lex.yy.c:          * lex.yy.c:
Line 22623 Line 24645
         * sudo.h:          * sudo.h:
         Add a new flag, -e, that makes it possible to give users the ability          Add a new flag, -e, that makes it possible to give users the ability
         to edit files with the editor of their choice as the invoking user,          to edit files with the editor of their choice as the invoking user,
        not the runas user. Temporary files are used for the actual edit        not the runas user. Temporary files are used for the actual edit and
        and the temp file is copied over the original after the editor is        the temp file is copied over the original after the editor is done.
        done. 
         [c4051414c1f4]          [c4051414c1f4]
   
         * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:          * Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
         Add a new flag, -e, that makes it possible to give users the ability          Add a new flag, -e, that makes it possible to give users the ability
         to edit files with the editor of their choice as the invoking user,          to edit files with the editor of their choice as the invoking user,
        not the runas user. Temporary files are used for the actual edit        not the runas user. Temporary files are used for the actual edit and
        and the temp file is copied over the original after the editor is        the temp file is copied over the original after the editor is done.
        done. 
         [37ac05c8ac3c]          [37ac05c8ac3c]
   
         * env.c, sudo.c:          * env.c, sudo.c:
         If real uid == 0 and the SUDO_USER environment variables is set, use          If real uid == 0 and the SUDO_USER environment variables is set, use
         that to determine the invoking user's true identity. That way the          that to determine the invoking user's true identity. That way the
         proper info gets logged by someone who has done "sudo su" but still          proper info gets logged by someone who has done "sudo su" but still
        uses sudo to as root. We can't do this for non-root users since        uses sudo to as root. We can't do this for non-root users since that
        that would open up a security hole, though perhaps it would be        would open up a security hole, though perhaps it would be acceptable
        acceptable to use getlogin(2) on OSes where this a system call (and        to use getlogin(2) on OSes where this a system call (and doesn't
        doesn't just look in the utmp file).        just look in the utmp file).
         [c2f9198708a1]          [c2f9198708a1]
   
         * pathnames.h.in:          * pathnames.h.in:
Line 22692 Line 24712
 2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.c:          * sudo.c:
        Change euid to runas user before calling find_path().        Change euid to runas user before calling find_path(). Unfortunately,
        Unfortunately, though runas_user can be modified in sudoers we        though runas_user can be modified in sudoers we haven't parsed
        haven't parsed sudoers yet.        sudoers yet.
         [f469fdf2e313]          [f469fdf2e313]
   
         * sudoers.man.in, sudoers.pod:          * sudoers.man.in, sudoers.pod:
Line 22703 Line 24723
         [f7bed6e909bf]          [f7bed6e909bf]
   
         * sudo.c:          * sudo.c:
        Fix a bug when set_runaspw() is used as a callback. We don't want        Fix a bug when set_runaspw() is used as a callback. We don't want to
        to reset the contents of runas_pw if the user specified a user via        reset the contents of runas_pw if the user specified a user via the
        the -u flag.        -u flag.
   
         Avoid unnecessary passwd lookups in set_authpw(). In most cases we          Avoid unnecessary passwd lookups in set_authpw(). In most cases we
         already have the info in runas_pw.          already have the info in runas_pw.
Line 22730 Line 24750
         [42aa37050053]          [42aa37050053]
   
         * sudo.c:          * sudo.c:
        Add set_runaspw() function to fill in runas_pw. This will be used        Add set_runaspw() function to fill in runas_pw. This will be used as
        as a callback to update runas_pw when the runas user changes.        a callback to update runas_pw when the runas user changes.
         [e570aa0088d0]          [e570aa0088d0]
   
         * env.c, sudo.c:          * env.c, sudo.c:
Line 22947 Line 24967
         Add support for preloading a shared object containing a dummy          Add support for preloading a shared object containing a dummy
         execve() function that just sets error and returns -1. This adds a          execve() function that just sets error and returns -1. This adds a
         "noexec_file" option to load the filename as well as a "noexec" flag          "noexec_file" option to load the filename as well as a "noexec" flag
        to enable it unconditionally. There is also a NOEXEC tag that can        to enable it unconditionally. There is also a NOEXEC tag that can be
        be attached to specific commands and an EXEC tag to disable it.        attached to specific commands and an EXEC tag to disable it.
         [c8b6712feb91]          [c8b6712feb91]
   
         * mkdefaults:          * mkdefaults:
Line 23085 Line 25105
   
         * auth/pam.c:          * auth/pam.c:
         Fix a core dump on Solaris by preserving the pam_handle_t we used          Fix a core dump on Solaris by preserving the pam_handle_t we used
        during authentication for pam_prep_user(). If we didn't        during authentication for pam_prep_user(). If we didn't authenticate
        authenticate (ie: ticket still valid), we call pam_init() from        (ie: ticket still valid), we call pam_init() from pam_prep_user().
        pam_prep_user(). This is something of a hack; it may be better to        This is something of a hack; it may be better to change the auth API
        change the auth API and add an auth_final() function that acts like        and add an auth_final() function that acts like pam_prep_user().
        pam_prep_user(). 
         [f787de49b175]          [f787de49b175]
   
 2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>  2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 23289 Line 25308
         [aba0126f0059]          [aba0126f0059]
   
         * auth/kerb5.c:          * auth/kerb5.c:
        Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is        Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no
        no longer defined by MIT kerb5 (though it used to be and indeed        longer defined by MIT kerb5 (though it used to be and indeed remains
        remains so in Heimdal).        so in Heimdal).
         [e5a6c64d7cd5]          [e5a6c64d7cd5]
   
 2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>  2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 23834 Line 25853
         [587f8a2df857]          [587f8a2df857]
   
         * parse.lex:          * parse.lex:
        Better fix for sudoers files w/o a newline before EOF. It looks        Better fix for sudoers files w/o a newline before EOF. It looks like
        like the issue is that yyrestart() does not reset the start        the issue is that yyrestart() does not reset the start condition to
        condition to INITIAL which is an issue since we parse sudoers        INITIAL which is an issue since we parse sudoers multiple times.
        multiple times. 
         [920f8326968a]          [920f8326968a]
   
 2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>  2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 23851 Line 25869
   
         * visudo.c:          * visudo.c:
         o The parser needs sudoers to end with a newline but some editors          o The parser needs sudoers to end with a newline but some editors
        (emacs) may not add one. Check for a missing newline at EOF and        (emacs) may not add one. Check for a missing newline at EOF and add
        add one if needed. o Set quiet flag during initial sudoers parse (to        one if needed. o Set quiet flag during initial sudoers parse (to get
        get options) o Move yyrestart() call and always use freopen() to        options) o Move yyrestart() call and always use freopen() to open
        open yyin after initial sudoers parse.        yyin after initial sudoers parse.
         [12d12f9b07aa]          [12d12f9b07aa]
   
 2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 24071 Line 26089
   
         * env.c:          * env.c:
         Don't try to pre-compute the size of the new envp, just allocate          Don't try to pre-compute the size of the new envp, just allocate
        space up front and realloc as needed. Changes to the new env        space up front and realloc as needed. Changes to the new env pointer
        pointer must all be made through insert_env() which now keeps track        must all be made through insert_env() which now keeps track of
        of spaced used and allocates as needed.        spaced used and allocates as needed.
         [39bc934a9f2c]          [39bc934a9f2c]
   
 2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>  2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 24103 Line 26121
   
         * check.c:          * check.c:
         The the loop used to expand %h and %u, the lastchar variable was not          The the loop used to expand %h and %u, the lastchar variable was not
        being initialized. This means that if the last char in the prompt        being initialized. This means that if the last char in the prompt is
        is '%' and the first char is 'h' or 'u' a extra copy of the host or        '%' and the first char is 'h' or 'u' a extra copy of the host or
         user name would be copied, for which space had not been allocated.          user name would be copied, for which space had not been allocated.
         [b2e27197857d]          [b2e27197857d]
   
Line 24524 Line 26542
 2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>  2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * Makefile.in:          * Makefile.in:
        o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and        o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g
        -g to facilitate non-root installs        to facilitate non-root installs
         [619216038f56]          [619216038f56]
   
         * install-sh:          * install-sh:
Line 24568 Line 26586
         * auth/pam.c:          * auth/pam.c:
         o Add pam_prep_user function to call pam_setcred() for the target          o Add pam_prep_user function to call pam_setcred() for the target
         user; on Linux this often sets resource limits. o When calling          user; on Linux this often sets resource limits. o When calling
        pam_end(), try to convert the auth->result to a PAM_FOO value.        pam_end(), try to convert the auth->result to a PAM_FOO value. This
        This is a hack--we really need to stash the last PAM_FOO value        is a hack--we really need to stash the last PAM_FOO value received
        received and use that instead.        and use that instead.
         [6ad6f340dd2a]          [6ad6f340dd2a]
   
         * set_perms.c, sudo.h:          * set_perms.c, sudo.h:
Line 24776 Line 26794
         [6fa41c89ab20]          [6fa41c89ab20]
   
         * sudo.c:          * sudo.c:
        XXX - should call find_path() as runas user, not root. Can't do        XXX - should call find_path() as runas user, not root. Can't do that
        that until the parser changes though.        until the parser changes though.
         [f0b4f85651bd]          [f0b4f85651bd]
   
         * sudo.c:          * sudo.c:
Line 25034 Line 27052
   
         * parse.lex:          * parse.lex:
         o Use exclusive start conditions to remove some ambiguity in the          o Use exclusive start conditions to remove some ambiguity in the
        lexer. Also reorder some things for clarity. o Add support for        lexer. Also reorder some things for clarity. o Add support for "+="
        "+=" and "-=" list operators. o Use the new DEFVAR token to denote        and "-=" list operators. o Use the new DEFVAR token to denote a
        a Defaults variable name.        Defaults variable name.
         [3a2cf8323e26]          [3a2cf8323e26]
   
         * sudo.h:          * sudo.h:
Line 25044 Line 27062
         [b74916469dab]          [b74916469dab]
   
         * env.c:          * env.c:
        o Convert environment handling to use lists instead of strings.        o Convert environment handling to use lists instead of strings. This
        This greatly simplifies routines that need to do "foreach" type        greatly simplifies routines that need to do "foreach" type
        operations. o Add new init_envtables() function to set env_check        operations. o Add new init_envtables() function to set env_check and
        and env_delete defaults based on initial_badenv_table and        env_delete defaults based on initial_badenv_table and
         initial_checkenv_table (formerly sudo_badenv_table).          initial_checkenv_table (formerly sudo_badenv_table).
         [0a8b404658b6]          [0a8b404658b6]
   
         * defaults.c, defaults.h:          * defaults.c, defaults.h:
         o Add a new LIST type and functions to manipulate it. o This is for          o Add a new LIST type and functions to manipulate it. o This is for
        use with environment handling variables. o Call new        use with environment handling variables. o Call new init_envtables()
        init_envtables() routine inside init_defaults() to initialize the        routine inside init_defaults() to initialize the environment lists.
        environment lists. 
         [ae73e64f0902]          [ae73e64f0902]
   
         * def_data.c, def_data.h, def_data.in:          * def_data.c, def_data.h, def_data.in:
Line 25375 Line 27392
   
         * check.c:          * check.c:
         Use stashed user_gid when checking against exempt gid since sudo          Use stashed user_gid when checking against exempt gid since sudo
        sets its gid to a a value that makes sudoers readable. Previously        sets its gid to a a value that makes sudoers readable. Previously if
        if you used gid 0 as the exempt group everyone would be exempt. From        you used gid 0 as the exempt group everyone would be exempt. From
         Paul Kranenburg <pk@cs.few.eur.nl>          Paul Kranenburg <pk@cs.few.eur.nl>
         [0b140cc3a817]          [0b140cc3a817]
   
Line 25421 Line 27438
 2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>  2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * visudo.c:          * visudo.c:
        Block all signals in Exit() to avoid a signal race. There is still        Block all signals in Exit() to avoid a signal race. There is still a
        a tiny window but I'm not going to worry about it.        tiny window but I'm not going to worry about it.
         [6661805c0458]          [6661805c0458]
   
 2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>  2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 25862 Line 27879
 2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>  2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.c:          * sudo.c:
        Fix -H flag. runas_homedir is only valid after        Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS,
        set_perms(PERM_RUNAS, mode)        mode)
         [ce9b1c6f68a6]          [ce9b1c6f68a6]
   
 2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>  2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 25913 Line 27930
         sensible error if it does not exist.          sensible error if it does not exist.
   
         The path to the editor for visudo is now a colon-separated list of          The path to the editor for visudo is now a colon-separated list of
        allowable editors. If the user has $EDITOR set and it matches one        allowable editors. If the user has $EDITOR set and it matches one of
        of the allowed editors that editor will be used. If not, the first        the allowed editors that editor will be used. If not, the first
         editor in the list that actually exists is used.          editor in the list that actually exists is used.
         [cc86eb9f5440]          [cc86eb9f5440]
   
Line 26372 Line 28389
         [055fa61a7c61]          [055fa61a7c61]
   
         * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:          * INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
        Add 'shell_noargs' runtime option back in. We have to defer        Add 'shell_noargs' runtime option back in. We have to defer checking
        checking until after the sudoers file has been parsed but since        until after the sudoers file has been parsed but since there are now
        there are now other options that operate that way this one can too.        other options that operate that way this one can too. Based on a
        Based on a patch from bguillory@email.com.        patch from bguillory@email.com.
         [231db7a007a6]          [231db7a007a6]
   
         * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:          * defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
Line 26500 Line 28517
         * CHANGES, parse.yacc, sudo.tab.c:          * CHANGES, parse.yacc, sudo.tab.c:
         fix parsing of runas lists: o oprunasuser and runaslist now return a          fix parsing of runas lists: o oprunasuser and runaslist now return a
         value o in a runasspec, if a runaslist does not return TRUE, set          value o in a runasspec, if a runaslist does not return TRUE, set
        runas_matches to FALSE. Normally, a runaslist only returns FALSE        runas_matches to FALSE. Normally, a runaslist only returns FALSE for
        for explicitly denied users. o since runaslist does not modify the        explicitly denied users. o since runaslist does not modify the stack
        stack there is no need for a push/pop in runasalias.        there is no need for a push/pop in runasalias.
         [82b305b34a8c]          [82b305b34a8c]
   
         * check.c, sudo.c:          * check.c, sudo.c:
Line 26527 Line 28544
         o Kill shell_noargs option, it cannot work since the command needs          o Kill shell_noargs option, it cannot work since the command needs
         to be set before sudoers is parsed. o Fix the "set_home" sudoers          to be set before sudoers is parsed. o Fix the "set_home" sudoers
         option (only worked at compile time). o Fix "fqdn" sudoers option.          option (only worked at compile time). o Fix "fqdn" sudoers option.
        We now set host/shost via set_fqdn which gets called when the        We now set host/shost via set_fqdn which gets called when the "fqdn"
        "fqdn" option is set in sudoers. o Move the openlog() to        option is set in sudoers. o Move the openlog() to store_syslogfac()
        store_syslogfac() so this gets overridden correctly from the        so this gets overridden correctly from the sudoers file.
        sudoers file. 
         [3dca861f0f5d]          [3dca861f0f5d]
   
         * auth/securid.c:          * auth/securid.c:
Line 26661 Line 28677
   
         * lex.yy.c, parse.lex:          * lex.yy.c, parse.lex:
         Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c          Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
        since it might not get called in yywrap if we get a parse error        since it might not get called in yywrap if we get a parse error (and
        (and we only reread the file on error anyway).        we only reread the file on error anyway).
         [37f4b449e28e]          [37f4b449e28e]
   
         * lex.yy.c, parse.lex:          * lex.yy.c, parse.lex:
Line 26745 Line 28761
         [e3ed0c1f312b]          [e3ed0c1f312b]
   
         * logging.h:          * logging.h:
        Fix compilation problem when --with-logging=file was specified.        Fix compilation problem when --with-logging=file was specified. This
        This means that syslog is now required to build sudo but that should        means that syslog is now required to build sudo but that should not
        not be a problem. If it is it can be fixed trivially with a        be a problem. If it is it can be fixed trivially with a configure
        configure check for syslog() or syslog.h.        check for syslog() or syslog.h.
         [839a4b069190]          [839a4b069190]
   
         * tgetpass.c:          * tgetpass.c:
Line 26770 Line 28786
 1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * defaults.c:          * defaults.c:
        Error out if syslog parameters are given without a value. For        Error out if syslog parameters are given without a value. For Ultrix
        Ultrix or 4.2BSD "syslog" is allowed without a value since there are        or 4.2BSD "syslog" is allowed without a value since there are no
        no facilities in the 4.2BSD syslog.        facilities in the 4.2BSD syslog.
         [69e7a686f5f0]          [69e7a686f5f0]
   
 1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 26878 Line 28894
         getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:          getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
         o Change defaults stuff to put the value right in the struct. o          o Change defaults stuff to put the value right in the struct. o
         Implement mailer_flags o Store syslog stuff both in int and string          Implement mailer_flags o Store syslog stuff both in int and string
        form. Setting the string form magically updates the int version.        form. Setting the string form magically updates the int version. o
        o Add boolean attribute to strings where it makes sense to say !foo        Add boolean attribute to strings where it makes sense to say !foo
         [4698953f9a36]          [4698953f9a36]
   
         * tgetpass.c:          * tgetpass.c:
Line 27189 Line 29205
   
         * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:          * parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
         In "sudo -l" mode, the type of the stored (expanded) alias was not          In "sudo -l" mode, the type of the stored (expanded) alias was not
        stored with the contents. This could lead to incorrect output if        stored with the contents. This could lead to incorrect output if the
        the sudoers file had different alias types with the same name.        sudoers file had different alias types with the same name. Normal
        Normal parsing (ie: not in '-l' mode) is unaffected.        parsing (ie: not in '-l' mode) is unaffected.
         [823fe2bc4b79]          [823fe2bc4b79]
   
 1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 27373 Line 29389
         * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,          * INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
         configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,          configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
         visudo.c:          visudo.c:
        o Add a "pedentic" flag to the parser. This makes sudo warn in        o Add a "pedentic" flag to the parser. This makes sudo warn in cases
        cases where an alias may be used before it is defined. Only turned        where an alias may be used before it is defined. Only turned on for
        on for visudo and testsudoers. o Add --disable-authentication option        visudo and testsudoers. o Add --disable-authentication option that
        that makes sudo not require authentication by default. The PASSWD        makes sudo not require authentication by default. The PASSWD tag can
        tag can be used to require authentication for an entry. We no        be used to require authentication for an entry. We no longer
        longer overload --without-passwd.        overload --without-passwd.
         [f307e09adf98]          [f307e09adf98]
   
         * lex.yy.c, parse.lex:          * lex.yy.c, parse.lex:
Line 27444 Line 29460
         version.c, visudo.c:          version.c, visudo.c:
         o Move lock_file() and touch() into fileops.c so visudo can use them          o Move lock_file() and touch() into fileops.c so visudo can use them
         o Visudo now locks the sudoers temp file instead of bailing when the          o Visudo now locks the sudoers temp file instead of bailing when the
        temp file already exists. This fixes the problem of stale temp        temp file already exists. This fixes the problem of stale temp files
        files but it does *require* that you not try to put the temp file in        but it does *require* that you not try to put the temp file in a
        a world-writable directory. This shoud not be an issue as the temp        world-writable directory. This shoud not be an issue as the temp
         file should live in the same dir as sudoers. o Visudo now only          file should live in the same dir as sudoers. o Visudo now only
         installs the temp file as sudoers if it changed.          installs the temp file as sudoers if it changed.
         [2517cd06c070]          [2517cd06c070]
Line 27535 Line 29551
         o Add '!' correctly when expanding Aliases. o Add shortcut macros          o Add '!' correctly when expanding Aliases. o Add shortcut macros
         for append() to make things more readable. o The separator in          for append() to make things more readable. o The separator in
         append() is now a string instead of a char. o In append(), only          append() is now a string instead of a char. o In append(), only
        prepend the separator if the last char is not a '!'. This is a        prepend the separator if the last char is not a '!'. This is a hack
        hack but it greatly simplifies '!' handling. o In -l mode, Runas        but it greatly simplifies '!' handling. o In -l mode, Runas lists
        lists and NOPASSWD/PASSWD tags are now inherited across entries in        and NOPASSWD/PASSWD tags are now inherited across entries in a list
        a list (matches current behavior). o Fix formatting in -l mode such        (matches current behavior). o Fix formatting in -l mode such that
        that items in a list are separated by a space. Greatlt improves        items in a list are separated by a space. Greatlt improves
         readability. o Space for name field in struct aliasinfo is now          readability. o Space for name field in struct aliasinfo is now
         allocated dyanically instead of using a (big) buffer. o In          allocated dyanically instead of using a (big) buffer. o In
         add_alias(), only search the list once (lsearch instead of lfind +          add_alias(), only search the list once (lsearch instead of lfind +
Line 27560 Line 29576
         set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since          set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
         it gets fill()'d in parse.lex--fixes a small memory leak. In the          it gets fill()'d in parse.lex--fixes a small memory leak. In the
         long run it may be better to just fix parse.lex and make ALL back          long run it may be better to just fix parse.lex and make ALL back
        into a token. However, having it be a string is useful since it        into a token. However, having it be a string is useful since it can
        can be easily passed back to the parent rule if we so desire.        be easily passed back to the parent rule if we so desire.
         [b3c64b443018]          [b3c64b443018]
   
         * parse.lex:          * parse.lex:
Line 27823 Line 29839
         [db48202df1bb]          [db48202df1bb]
   
         * Makefile.in:          * Makefile.in:
        BSD-style copyright. Update to reflect reality wrt new files and        BSD-style copyright. Update to reflect reality wrt new files and new
        new auth modules.        auth modules.
         [61a2ca7940fb]          [61a2ca7940fb]
   
         * INSTALL:          * INSTALL:
Line 27862 Line 29878
         user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible          user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
         to mix tty and non-tty based ticket schemes but this may change in          to mix tty and non-tty based ticket schemes but this may change in
         the future (it requires sudo to use a directory instead of a file in          the future (it requires sudo to use a directory instead of a file in
        the non-tty case). Also, ``sudo -k'' now sets the ticket back to        the non-tty case). Also, ``sudo -k'' now sets the ticket back to the
        the epoch and ``sudo -K'' really deletes the file. That way you        epoch and ``sudo -K'' really deletes the file. That way you don't
        don't get the lecture again just because you killed your ticket in        get the lecture again just because you killed your ticket in
         .logout. BSD-style copyright now.          .logout. BSD-style copyright now.
         [ec3460f85be8]          [ec3460f85be8]
   
Line 28117 Line 30133
         parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:          parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
         o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It          o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
         turns out the old DES crypt does the right thing with passwords          turns out the old DES crypt does the right thing with passwords
        longert than 8 characters. o Fix common typo (necesary ->        longert than 8 characters. o Fix common typo (necesary -> necessary)
        necessary) o Update TODO list        o Update TODO list
         [ad75007a6f13]          [ad75007a6f13]
   
 1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 28429 Line 30445
 1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * CHANGES, lex.yy.c, parse.lex:          * CHANGES, lex.yy.c, parse.lex:
        Fix a bug wrt quoting characters in command args. Stop processing        Fix a bug wrt quoting characters in command args. Stop processing an
        an arg when you hit a backslash so the quoted-character detection        arg when you hit a backslash so the quoted-character detection can
        can catch it.        catch it.
         [2281438d7f41]          [2281438d7f41]
   
 1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>  1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 28518 Line 30534
   
         * check.c, sudo.h:          * check.c, sudo.h:
         If the user enters an empty password and really has no password,          If the user enters an empty password and really has no password,
        accept the empty password they entered. Perviously, they could        accept the empty password they entered. Perviously, they could enter
        enter anything        anything
         *but* an empty password. Also, add GETPASS macro that calls either          *but* an empty password. Also, add GETPASS macro that calls either
         tgetpass() or getpass() depending on how sudo was configured.          tgetpass() or getpass() depending on how sudo was configured.
         Problem noted by jdg@maths.qmw.ac.uk          Problem noted by jdg@maths.qmw.ac.uk
Line 31558 Line 33574
   
         * sudo.h:          * sudo.h:
         added support for NO_PASSWD and runas from garp@opustel.com replaced          added support for NO_PASSWD and runas from garp@opustel.com replaced
        SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support        SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
        fro SUDOERS_MODE        SUDOERS_MODE
         [cea6f26679b7]          [cea6f26679b7]
   
         * sudo.c:          * sudo.c:
Line 34204 Line 36220
         [044023063eca]          [044023063eca]
   
         * aclocal.m4:          * aclocal.m4:
        OS was being set to unknown before non-uname based host checks.        OS was being set to unknown before non-uname based host checks. This
        This caused no checks to happen since $OS was not zero-length.        caused no checks to happen since $OS was not zero-length.
         [335a7267479d]          [335a7267479d]
   
         * sudo.c:          * sudo.c:
Line 34674 Line 36690
         [1194d01fa5c5]          [1194d01fa5c5]
   
         * visudo.c:          * visudo.c:
        whatnow_help was prototyped to be static be was not declared as        whatnow_help was prototyped to be static be was not declared as such
        such 
         [0f85489dd426]          [0f85489dd426]
   
         * configure.in:          * configure.in:
Line 36815 Line 38830
         [34331c7dee90]          [34331c7dee90]
   
         * logging.c:          * logging.c:
        split long log lines. FOr syslog, split into multiple entries, for        split long log lines. FOr syslog, split into multiple entries, for a
        a log file, indent the extra for readability        log file, indent the extra for readability
         [72c9e4cdba6e]          [72c9e4cdba6e]
   
 1994-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>  1994-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
Line 36838 Line 38853
 1994-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>  1994-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
   
         * sudo.c:          * sudo.c:
        added rmenv() to remove stuff from environ. can now uses execvp()        added rmenv() to remove stuff from environ. can now uses execvp() OR
        OR execve() becuase of this.        execve() becuase of this.
         [e7fc2535bd67]          [e7fc2535bd67]
   
         * logging.c:          * logging.c:
Line 37137 Line 39152
         [5c4bf716de21]          [5c4bf716de21]
   
         * check.c, find_path.c, parse.c, sudo.c:          * check.c, find_path.c, parse.c, sudo.c:
        added patches from John_Rouillard directory spec        added patches from John_Rouillard directory spec uses EDITOR
        uses EDITOR 
         [f62a435f8c41]          [f62a435f8c41]
   
 1993-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>  1993-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>

Removed from v.1.1.1.5  
changed lines
  Added in v.1.1.1.6


FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>