File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / ChangeLog
Revision 1.1.1.6 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Sun Jun 15 16:12:53 2014 UTC (10 years, 6 months ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_10p3_0, v1_8_10p3, HEAD
sudo v 1.8.10p3

    1: 2014-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
    2: 
    3: 	* compat/getgrouplist.c, plugins/group_file/group_file.c,
    4: 	plugins/system_group/system_group.c:
    5: 	deal with NULL gr_mem here too
    6: 	[0db43ed71001]
    7: 
    8: 	* NEWS, configure, configure.ac:
    9: 	Sudo 1.8.10p3
   10: 	[3f415a180023]
   11: 
   12: 2014-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
   13: 
   14: 	* common/event.c:
   15: 	Fix non-blocking mode. We only want to exit the event loop when
   16: 	poll() or select() returns 0 and there are no active events. This
   17: 	fixes a problem on some systems where the last buffer was not being
   18: 	written when the command exited.
   19: 	[deb6b1a7b241]
   20: 
   21: 2014-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
   22: 
   23: 	* plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h:
   24: 	Make get_boottime() return bool.
   25: 	[9ff15a995d01]
   26: 
   27: 	* doc/CONTRIBUTORS, plugins/sudoers/boottime.c:
   28: 	Fix fd leak on Linux when determing boot time. This is usually
   29: 	masked by the closefrom() call in sudo. From Jamie Anderson. Bug
   30: 	#645
   31: 	[0b4c430e8b88]
   32: 
   33: 2014-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   34: 
   35: 	* doc/CONTRIBUTORS, plugins/sudoers/auth/pam.c:
   36: 	Use PAM_REINITIALIZE_CRED instead of PAM_ESTABLISH_CRED when
   37: 	changing the user. This is the correct flag to use with a program
   38: 	that changes the uid like su or sudo and fixes a role problem on
   39: 	Solaris. From Gary Winiger; Bug #642
   40: 	[ec23c3bf41bb]
   41: 
   42: 	* plugins/sudoers/defaults.c:
   43: 	pam_setcred should default to true; from Gary Winiger Bug #642
   44: 	[23e6628ec546]
   45: 
   46: 2014-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
   47: 
   48: 	* MANIFEST, plugins/sudoers/match.c,
   49: 	plugins/sudoers/regress/testsudoers/test6.out.ok,
   50: 	plugins/sudoers/regress/testsudoers/test6.sh,
   51: 	plugins/sudoers/regress/testsudoers/test7.out.ok,
   52: 	plugins/sudoers/regress/testsudoers/test7.sh:
   53: 	Fix matching of uids and gids broken in sudo 1.8.9.
   54: 	[315eff4add59]
   55: 
   56: 	* plugins/sudoers/testsudoers.c:
   57: 	Fix -P option in usage()
   58: 	[50753b6222b7]
   59: 
   60: 2014-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
   61: 
   62: 	* plugins/sudoers/check.c, plugins/sudoers/prompt.c,
   63: 	plugins/sudoers/sudoers.h:
   64: 	Fix expansion of %p in the prompt for "sudo -l" when rootpw, runaspw
   65: 	or targetpw is set. Bug #639
   66: 	[dff0208d1194]
   67: 
   68: 2014-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
   69: 
   70: 	* NEWS, configure, configure.ac:
   71: 	Sudo 1.8.10p2
   72: 	[774ebec63b41]
   73: 
   74: 	* plugins/sudoers/timestamp.c:
   75: 	Don't write an empty timestamp record when timestamp_timeout is
   76: 	zero. If we find an empty record in the timestamp file, overwrite it
   77: 	with a good one, truncating the file as needed.
   78: 	[9c226d81b660]
   79: 
   80: 2014-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
   81: 
   82: 	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
   83: 	Fix typos in description of the -x option. Bug #637
   84: 	[6ff2bfaaf99d]
   85: 
   86: 2014-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
   87: 
   88: 	* NEWS, configure, configure.ac:
   89: 	Sudo 1.8.10p1
   90: 	[33828a3385ad]
   91: 
   92: 	* plugins/sudoers/timestamp.c:
   93: 	Fix typo/thinko that prevented "Defaults !tty_tickets" from working.
   94: 	[f65cc29dbcc7]
   95: 
   96: 	* plugins/sudoers/parse.c:
   97: 	Fix "sudo -l command" output when the matching command is negated.
   98: 	Bug #636
   99: 	[b4a92803f733]
  100: 
  101: 2014-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
  102: 
  103: 	* MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c,
  104: 	common/regress/sudo_conf/test5.err.ok,
  105: 	common/regress/tailq/hltq_test.c:
  106: 	The atofoo_test and hltq_test tests now display their own test error
  107: 	rate. Display pass/fail count separately for sudo_conf and
  108: 	sudo_parseln tests. Check stderr output for the sudo_conf test.
  109: 	[5c814709ac70]
  110: 
  111: 	* src/Makefile.in:
  112: 	Don't run the check_ttyname test if cross compiling.
  113: 	[874ecc1c3db0]
  114: 
  115: 	* plugins/sudoers/Makefile.in:
  116: 	CWD no longer used.
  117: 	[13b2f3c4269b]
  118: 
  119: 	* plugins/sudoers/Makefile.in:
  120: 	Fix diff of toke and err output files in "make check"
  121: 	[485cdf3c75e7]
  122: 
  123: 2014-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
  124: 
  125: 	* src/po/de.mo, src/po/de.po:
  126: 	sync with translationproject.org
  127: 	[d246c72a2350]
  128: 
  129: 2014-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
  130: 
  131: 	* configure, configure.ac:
  132: 	Check whether ber.h is needed before ldap.h even if we are not using
  133: 	any ber functions. Needed for older versions of nss ldap.
  134: 	[c2310324dc34]
  135: 
  136: 	* plugins/sudoers/sssd.c:
  137: 	Fix compiler warning in debug code.
  138: 	[8ee4cb6cafad]
  139: 
  140: 	* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/ca.mo, src/po/ca.po:
  141: 	Catalan translation for sudo from translationproject.org.
  142: 	[d6af7d06ee36]
  143: 
  144: 2014-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
  145: 
  146: 	* NEWS:
  147: 	Document negation fix in JSON output.
  148: 	[37a85423ae49]
  149: 
  150: 2014-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
  151: 
  152: 	* plugins/sudoers/visudo_json.c:
  153: 	Fix handling of '!' operator when converting sudoers. We now add a
  154: 	"negated" boolean flag to objects that have the '!' operator.
  155: 	[071926c10280]
  156: 
  157: 2014-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
  158: 
  159: 	* MANIFEST, NEWS, plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po:
  160: 	Czech translation for sudoers from translationproject.org
  161: 	[c0aae297f7c1]
  162: 
  163: 2014-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
  164: 
  165: 	* configure, configure.ac:
  166: 	Try -libmldap before -lldap in case there is no link from
  167: 	libibmldap.so to libldap.so. Since IBM ldap is installed under /opt
  168: 	we should only be able to reach it if --with-ldap was given an
  169: 	explicit path.
  170: 
  171: 	Only check for ber_set_option() if LBER_OPT_DEBUG_LEVEL is defined.
  172: 	[89d50c29d737]
  173: 
  174: 2014-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
  175: 
  176: 	* plugins/sudoers/set_perms.c:
  177: 	Fix typo in setreuid() PERM_ROOT error message.
  178: 	[533415f53165]
  179: 
  180: 	* mkpkg:
  181: 	No longer need to disable setresuid() on debian.
  182: 	[96ba687c35f0]
  183: 
  184: 2014-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
  185: 
  186: 	* plugins/sudoers/timestamp.c:
  187: 	Fix conversion of timestamp_timeout from double to struct timeval.
  188: 	Also quiet a printf format warning on 32-bit systems.
  189: 	[59d1f3094dda]
  190: 
  191: 2014-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
  192: 
  193: 	* MANIFEST, NEWS, plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po:
  194: 	Serbian translation for sudoers from translationproject.org.
  195: 	[7134b386d658]
  196: 
  197: 2014-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
  198: 
  199: 	* doc/CONTRIBUTORS:
  200: 	Add Ingo Schwarze
  201: 	[114cdf286987]
  202: 
  203: 	* NEWS, plugins/sudoers/visudo_json.c:
  204: 	When exporting sudoers in JSON format, use the same type of Options
  205: 	object for both Defaults and Cmnd_Specs.
  206: 	[caa57043e197]
  207: 
  208: 2014-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
  209: 
  210: 	* compat/inet_pton.c:
  211: 	Silence cppcheck false positive.
  212: 	[b2781c42a80f]
  213: 
  214: 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
  215: 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po:
  216: 	sync with translationproject.org
  217: 	[baba43a6d682]
  218: 
  219: 	* NEWS, doc/UPGRADE:
  220: 	Mention init.d scripts on AIX and HP-UX Mention sudoers group
  221: 	mismatch fix
  222: 	[0259cb1f7cae]
  223: 
  224: 	* INSTALL:
  225: 	Talk about clearing files at boot time, not reboot time since it
  226: 	happens when the system comes up, not down.
  227: 	[e8e480bc34fd]
  228: 
  229: 	* plugins/sudoers/sudoers.c:
  230: 	We also need to open the sudoers file as root if there is a GID
  231: 	mismatch.
  232: 	[2fb2ba6fc4e6]
  233: 
  234: 	* sudo.pp:
  235: 	Install /etc/rc.d/init.d/sudo and /etc/rc.d/rc2.d/S90sudo for AIX
  236: 	rpm packages.
  237: 	[4aca1d318599]
  238: 
  239: 2014-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
  240: 
  241: 	* src/Makefile.in:
  242: 	Remove init.d file and link in uninstall target.
  243: 	[249a9f105cdd]
  244: 
  245: 	* configure, configure.ac, sudo.pp:
  246: 	Fix INIT_DIR for real this time.
  247: 	[5444eb1afbc5]
  248: 
  249: 	* configure, configure.ac, sudo.pp:
  250: 	Use correct init.d dir on HP-UX. Fix pp warnings from rc.d and
  251: 	init.d dirs.
  252: 	[809b54ef95f8]
  253: 
  254: 	* .hgignore, MANIFEST, configure, configure.ac, init.d/aix.sh.in,
  255: 	init.d/hpux.sh.in, src/Makefile.in, sudo.pp:
  256: 	First cut add installing an init.d file for HP-UX and AIX to remove
  257: 	old sudo timestamp files at boot time.
  258: 	[ec6d35c62d88]
  259: 
  260: 2014-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
  261: 
  262: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
  263: 	Use .Ar macro instead of "file ..." Use ".Cm -" instead of ".Li -"
  264: 	for the default login class. From Ingo Schwarze.
  265: 	[f13ea603760e]
  266: 
  267: 	* doc/sudo.conf.mdoc.in, doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in,
  268: 	doc/sudoers.ldap.mdoc.in, doc/sudoers.mdoc.in,
  269: 	doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
  270: 	Remove some extraneous markup; from Ingo Schwarze
  271: 	 * No need to explicitly end a macro with No before | because | counts
  272: 	as middle punctuation and falls out of the macro, anyway.
  273: 	 * No need to explicitly re-open in-line macros after | because |
  274: 	counts as middle punctuation and the macros resume afterwards,
  275: 	anyway.
  276: 	 * Simplify the mnemonic remarks regarding the option letters, no need
  277: 	for manual font and spacing control with No and Ns.
  278: 	 * Trim Ns No to just Ns, it already implies No.
  279: 	[cc63d66c6655]
  280: 
  281: 	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
  282: 	Move zerowidth space in :alpha: after the colon for consistency.
  283: 	[799f6656c6e8]
  284: 
  285: 	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
  286: 	doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
  287: 	doc/sudoers.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
  288: 	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
  289: 	doc/visudo.man.in:
  290: 	regen
  291: 	[14d682732b6f]
  292: 
  293: 	* doc/sudo.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
  294: 	Remove extraneous keeps in SYNOPSIS now that mandoc does implied
  295: 	keeps when converting from mdoc to man.
  296: 	[0f48fc289f29]
  297: 
  298: 	* doc/sudoers.mdoc.in:
  299: 	Properly escape the : in :alpha:
  300: 	[e41d4533a55f]
  301: 
  302: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
  303: 	Replace some uses of .Sy with .Ar, .Ev and .Pa as appropriate. From
  304: 	Jan Stary.
  305: 	[90ec488905de]
  306: 
  307: 2014-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
  308: 
  309: 	* plugins/sudoers/visudo_json.c:
  310: 	Fix indentation of Defaults entries. The initial indent should be
  311: 	outside the loop iterating over the entries.
  312: 	[dc493c888fb2]
  313: 
  314: 2014-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
  315: 
  316: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
  317: 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
  318: 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
  319: 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
  320: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
  321: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
  322: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
  323: 	sync with translationproject.org
  324: 	[fc517bc0908e]
  325: 
  326: 	* common/aix.c, common/alloc.c, common/atoid.c, common/atomode.c,
  327: 	common/fatal.c, common/gidlist.c, common/sudo_conf.c,
  328: 	common/sudo_debug.c, compat/strsignal.c, compat/strtonum.c,
  329: 	plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
  330: 	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
  331: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
  332: 	plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c,
  333: 	src/locale_stub.c, src/net_ifs.c, src/sesh.c, src/sudo.h:
  334: 	We must include gettext.h before missing.h as it includes system
  335: 	headers. Also add missing DEFAULT_TEXT_DOMAIN defines in sudoers
  336: 	audit code that does not include sudoers.h.
  337: 	[3ac4aa43ce40]
  338: 
  339: 	* common/sudo_dso.c:
  340: 	When emulating DSO_NEXT with shl_get() we need to skip the program's
  341: 	handle. This used to be documented as being index -2 but now it
  342: 	seems to be index 0. As this is not guaranteed we need to look up
  343: 	the real handle value for PROG_HANDLE and skip it when interating
  344: 	through all the DSOs. Fixes infinite recursion on HP-UX in the
  345: 	getenv() replacement.
  346: 	[ade1b3045232]
  347: 
  348: 	* src/env_hooks.c:
  349: 	Export getenv() so it is visible to shared objects we link with.
  350: 	[1ac08446a3a7]
  351: 
  352: 2014-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
  353: 
  354: 	* common/regress/atofoo/atofoo_test.c,
  355: 	common/regress/sudo_conf/conf_test.c,
  356: 	common/regress/sudo_parseln/parseln_test.c,
  357: 	common/regress/tailq/hltq_test.c,
  358: 	plugins/sudoers/regress/parser/check_fill.c:
  359: 	Add some initprogname() calls to the test programs.
  360: 	[e4320585a88b]
  361: 
  362: 2014-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
  363: 
  364: 	* plugins/sudoers/po/sudoers.pot:
  365: 	regen
  366: 	[038d066a866d]
  367: 
  368: 	* doc/UPGRADE:
  369: 	Mention that there is now a default LDAP search filter.
  370: 	[6351da3f8377]
  371: 
  372: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
  373: 	doc/sudoers.ldap.mdoc.in:
  374: 	Minor word choice change.
  375: 	[7e59ab3eb453]
  376: 
  377: 	* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
  378: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
  379: 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
  380: 	plugins/sudoers/ldap.c, plugins/sudoers/match.c:
  381: 	Add use_netgroups sudoers option. For LDAP-based sudoers, netgroup
  382: 	support requires an expensive substring match on the server. If
  383: 	netgroups are not needed, this option can be disabled to reduce the
  384: 	load on the LDAP server.
  385: 	[e6bd6c103390]
  386: 
  387: 2014-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
  388: 
  389: 	* plugins/sudoers/ldap.c:
  390: 	Update copyright year.
  391: 	[1299eed430a5]
  392: 
  393: 	* NEWS:
  394: 	Mention LDAP changes.
  395: 	[512b1e363587]
  396: 
  397: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
  398: 	doc/sudoers.ldap.mdoc.in, plugins/sudoers/ldap.c:
  399: 	Use a default LDAP search filter of (objectClass=sudoRole). When
  400: 	constructing the netgroup query, add (sudoUser=*) to the query so we
  401: 	don't fall below the 3 character OpenLDAP substring threshold.
  402: 	Otherwise the index for sudoUser will never be used for that query.
  403: 	Pointed out by Michael Stroeder.
  404: 	[54856973af41]
  405: 
  406: 	* plugins/sudoers/timestamp.c:
  407: 	Don't warn about an insecure lecture dir twice. Display warnings in
  408: 	the user's locale.
  409: 	[2c56b8b6d6f9]
  410: 
  411: 2014-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
  412: 
  413: 	* NEWS:
  414: 	Mention the fix for ^Z at the password prompt when sudo was started
  415: 	in the background.
  416: 	[352d52ad1f7d]
  417: 
  418: 	* common/term.c, src/exec_pty.c:
  419: 	In term_restore(), only restores the terminal if we are in the
  420: 	foregroup process group. Instead of calling tcgetpgrp(), which is
  421: 	racy, we set a temporary handler for SIGTTOU and check whether it
  422: 	was received after a failed call to tcsetattr().
  423: 	[94979d51daa2]
  424: 
  425: 	* MANIFEST, compat/getaddrinfo.c, compat/inet_pton.c, config.h.in,
  426: 	configure, configure.ac, doc/LICENSE, include/missing.h, mkdep.pl,
  427: 	plugins/sudoers/interfaces.c, plugins/sudoers/match_addr.c:
  428: 	Use inet_pton() instead of inet_aton() and include a version from
  429: 	BIND for those without it.
  430: 	[fe61a27c76d3]
  431: 
  432: 	* common/regress/atofoo/atofoo_test.c:
  433: 	Quiet a gcc warning.
  434: 	[f197821892ea]
  435: 
  436: 	* compat/getaddrinfo.c:
  437: 	Need to include limits.h for USHRT_MAX.
  438: 	[d1d8bd9a0e01]
  439: 
  440: 2014-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
  441: 
  442: 	* common/term.c, include/sudo_util.h:
  443: 	Use bool for function return values instead of 1 or 0.
  444: 	[99e357c0800b]
  445: 
  446: 	* configure, configure.ac:
  447: 	Warn the user if the rundir needs to be cleared in the rc files.
  448: 	Neither AIX not HP-UX clear /var/run (if it even exists).
  449: 	[6cdbf57a2f9e]
  450: 
  451: 	* NEWS:
  452: 	Update for sudo 1.8.9p5
  453: 	[efb737c32615]
  454: 
  455: 	* src/preserve_fds.c:
  456: 	When the closefrom limit is greater than any of the preserved fds,
  457: 	the pfds list will be non-empty but lastfd will be -1 triggering an
  458: 	ecalloc(0) assertion. Instead, test for lastfd being -1 and make
  459: 	sure we always update it, even if dup() fails. Also restore initial
  460: 	value of lowfd after we are done relocating. Fixes bug #633
  461: 	[a11206a31f28]
  462: 
  463: 	* common/term.c:
  464: 	Document function return values.
  465: 	[267bc85f6fbb]
  466: 
  467: 2014-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
  468: 
  469: 	* src/exec_pty.c:
  470: 	term_restore() now restarts itself so we don't need to do it
  471: 	ourselves.
  472: 	[a17e885d0b0a]
  473: 
  474: 	* common/term.c:
  475: 	syscall restarting is broken on Mac OS X when interrupted by a tty
  476: 	signal so restart tcsetattr() by hand. For details, see.
  477: 	http://openradar.appspot.com/radar?id=6402578615107584
  478: 	[3997b2a0577e]
  479: 
  480: 	* MANIFEST, common/Makefile.in, common/regress/atofoo/atofoo_test.c:
  481: 	Add regress for atobool(), atoid() and atomode()
  482: 	[e1cbdf86d6e2]
  483: 
  484: 	* plugins/sudoers/Makefile.in:
  485: 	Add back boottime.lo
  486: 	[0b7ddc31e13e]
  487: 
  488: 	* INSTALL:
  489: 	Mention that rundir and vardir may be the same and what to do if
  490: 	they are.
  491: 	[301df9a31d43]
  492: 
  493: 	* MANIFEST, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
  494: 	plugins/sudoers/boottime.c, plugins/sudoers/sudoers.h,
  495: 	plugins/sudoers/timestamp.c:
  496: 	Bring back boot time checking code and zero out time stamp files
  497: 	that predate the boot time. This should help systems w/o /var/run
  498: 	where the admin has setup rc.d to clear the timestamp directory.
  499: 	[e09389a8b1ca]
  500: 
  501: 	* configure, configure.ac:
  502: 	Check libraries for inet_pton() if not in libc.
  503: 	[9f9bd83895e8]
  504: 
  505: 2014-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
  506: 
  507: 	* configure, configure.ac:
  508: 	Fix clock_gettime() detection when it lives in librt. Some systems
  509: 	have inet_aton() in libresolv (older Solaris).
  510: 	[e5f7c8bc9a81]
  511: 
  512: 	* sudo.pp:
  513: 	Avoid duplicate directories if vardir and rundir are the same.
  514: 	[c5df5ebc191b]
  515: 
  516: 	* plugins/sudoers/po/sudoers.pot:
  517: 	regen
  518: 	[740b2cc42fea]
  519: 
  520: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
  521: 	Elaborate on time stamp error message causes.
  522: 	[2838fea2e21a]
  523: 
  524: 2014-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
  525: 
  526: 	* sudo.pp:
  527: 	Remove the time stamp dir and its contents when uninstalling. We
  528: 	currently leave the lecture status files installed until there is a
  529: 	better way to detect upgrades.
  530: 	[61532b7113ff]
  531: 
  532: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
  533: 	Update time stamp error messages and regen.
  534: 	[edf570c98cd5]
  535: 
  536: 	* plugins/sudoers/timestamp.c:
  537: 	Restore warning when sudoers is unable to update the time stamp
  538: 	file.
  539: 	[86648a771250]
  540: 
  541: 	* INSTALL, Makefile.in, configure, configure.ac, doc/sudoers.mdoc.in,
  542: 	m4/sudo.m4, plugins/sudoers/Makefile.in, sudo.pp:
  543: 	Replace --with-timedir and --with-lecture_dir with --with-rundir and
  544: 	--with-vardir which are the parent directories of the time stamp and
  545: 	lecture dirs. These directories need to be searchable by non-root so
  546: 	that the timestampowner setting can function.
  547: 	[5c38d77a2d0c]
  548: 
  549: 	* plugins/sudoers/timestamp.c:
  550: 	Fix use of timestampowner in the new time stamp world order. Parent
  551: 	directories for timestampdir and lecture_dir are now created with
  552: 	the execute bit set so that we can traverse them as non-root.
  553: 	[9ff6f07c0a5d]
  554: 
  555: 2014-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
  556: 
  557: 	* common/Makefile.in, plugins/sample/Makefile.in,
  558: 	plugins/sudoers/Makefile.in:
  559: 	Regen Makefiles.
  560: 	[59542bcdb222]
  561: 
  562: 	* common/sudo_debug.c, config.h.in, include/sudo_util.h,
  563: 	plugins/sample/sample_plugin.c:
  564: 	Move ctim_get and mtim_get to sudo_util.h
  565: 	[d565391f5491]
  566: 
  567: 	* plugins/sudoers/timestamp.c:
  568: 	sprinkle some debug printfs and add function header comments
  569: 	[1842d9b8170d]
  570: 
  571: 	* plugins/sudoers/timestamp.c:
  572: 	Properly handle the case where /var/run/sudo/ts doesn't exist.
  573: 	[895f3ad6ad60]
  574: 
  575: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
  576: 	fix typo
  577: 	[50041ebb6ce6]
  578: 
  579: 	* NEWS:
  580: 	Mention "sudo -K" change.
  581: 	[e99bd7657aae]
  582: 
  583: 	* doc/UPGRADE:
  584: 	Upgrade info for 1.8.10
  585: 	[0867718b9af5]
  586: 
  587: 2014-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
  588: 
  589: 	* plugins/sudoers/timestamp.c:
  590: 	Warn on ftruncate failure().
  591: 	[d2081876da25]
  592: 
  593: 	* plugins/sudoers/timestamp.c:
  594: 	Fix checking of lecture status.
  595: 	[e12d78234d17]
  596: 
  597: 	* mkpkg:
  598: 	Do not override timedir on Debian.
  599: 	[283fa2e69a0a]
  600: 
  601: 	* common/event.c, common/event_select.c, include/missing.h,
  602: 	plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c,
  603: 	plugins/sudoers/visudo.c, src/sudo_edit.c:
  604: 	Use sudo_timeval macros and remove compat macros from missing.h
  605: 	[1de76d8b811e]
  606: 
  607: 	* INSTALL, MANIFEST, NEWS, compat/Makefile.in, compat/clock_gettime.c,
  608: 	config.h.in, configure, configure.ac, doc/sudoers.cat,
  609: 	doc/sudoers.man.in, doc/sudoers.mdoc.in, include/missing.h,
  610: 	include/sudo_util.h, m4/sudo.m4, mkdep.pl, pathnames.h.in,
  611: 	plugins/sudoers/Makefile.in, plugins/sudoers/boottime.c,
  612: 	plugins/sudoers/check.h, plugins/sudoers/def_data.c,
  613: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
  614: 	plugins/sudoers/defaults.c, plugins/sudoers/sudoers.h,
  615: 	plugins/sudoers/timestamp.c, src/Makefile.in:
  616: 	Switch to new time stamp file format. Each user now has a single
  617: 	file which may contain multiple records when per-tty time stamps are
  618: 	in use (the default). The time stamps use a monotonic timer where
  619: 	available and are once again stored in /var/run/sudo. The lecture
  620: 	status is now stored separately from the time stamps in a different
  621: 	directory.
  622: 	[7e16eb37bacc]
  623: 
  624: 2014-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
  625: 
  626: 	* NEWS, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
  627: 	plugins/sudoers/check.c:
  628: 	When listing a user's privileges, always prompt the user for their
  629: 	own password, regardless of the value of target_pw, root_pw or
  630: 	runas_pw.
  631: 	[73a13ccc7933]
  632: 
  633: 2014-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
  634: 
  635: 	* common/atomode.c:
  636: 	Zero out errstr when there is no error; fixes bug #632
  637: 	[74950ef1a0dc]
  638: 
  639: 2014-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
  640: 
  641: 	* configure, configure.ac, plugins/sudoers/interfaces.c,
  642: 	plugins/sudoers/match_addr.c:
  643: 	Use inet_aton() instead of inet_addr() as it allows us to
  644: 	distinguish between the address (or mask 255.255.255.255) and an
  645: 	error. In the future we may consider switching to inet_pton() for
  646: 	IPv4 too.
  647: 	[b6b4e4c77e9a]
  648: 
  649: 2014-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
  650: 
  651: 	* include/missing.h:
  652: 	Fix typo, ULONG_MAX vs. ULLONG_MAX
  653: 	[5d274daa9fb1]
  654: 
  655: 	* plugins/sudoers/sudo_nss.c:
  656: 	Fix typo in the AIX case.
  657: 	[ee531c950fce]
  658: 
  659: 	* plugins/sudoers/sudo_nss.c:
  660: 	Size pointer for sudo_parseln() should be size_t not ssize_t. This
  661: 	was already correct for the nsswitch.conf case.
  662: 	[cfaf895c1db4]
  663: 
  664: 2014-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
  665: 
  666: 	* NEWS, common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
  667: 	doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/net_ifs.c:
  668: 	It is now possible to disable network interface probing in sudo.conf
  669: 	by changing the value of the probe_interfaces setting.
  670: 	[e9dc28c7db60]
  671: 
  672: 2014-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
  673: 
  674: 	* plugins/sudoers/match_addr.c:
  675: 	If inet_addr() returns INADDR_NONE, return false instead of
  676: 	iterating through the interfaces looking for a match that will never
  677: 	happen.
  678: 	[1559c301caec]
  679: 
  680: 	* configure, configure.ac, src/Makefile.in:
  681: 	Add explicit dependency on sudoers.la to sudo target when sudoers is
  682: 	compiled statically into the sudo binary.
  683: 	[d08cc66e18bd]
  684: 
  685: 2014-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
  686: 
  687: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
  688: 	plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
  689: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
  690: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestr.c:
  691: 	Do not assume localtime(), gmtime() and ctime() always return non-
  692: 	NULL.
  693: 	[a1b5b67436de]
  694: 
  695: 2014-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
  696: 
  697: 	* Makefile.in, common/Makefile.in, compat/Makefile.in,
  698: 	doc/Makefile.in, include/Makefile.in,
  699: 	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
  700: 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
  701: 	src/Makefile.in, zlib/Makefile.in:
  702: 	Update copyright years
  703: 	[37d2aaa92544]
  704: 
  705: 	* plugins/sudoers/visudo_json.c:
  706: 	Eliminate dead store found by clang checker.
  707: 	[86874d5340f1]
  708: 
  709: 	* NEWS, configure, configure.ac:
  710: 	Update for sudo 1.8.9p4
  711: 	[f79ab7c6c1c5]
  712: 
  713: 	* common/sudo_debug.c, include/sudo_debug.h, src/preserve_fds.c:
  714: 	When relocating fds, update the debug fd if it is set so we are
  715: 	guaranteed to get debugging output.
  716: 	[b1deaa472aa6]
  717: 
  718: 2014-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
  719: 
  720: 	* src/exec.c:
  721: 	If the event loop exits due to an error and we are not logging I/O,
  722: 	kill the command if still running. Fixes a bug where sudo could exit
  723: 	while the command was still running.
  724: 	[844018ff8a8c]
  725: 
  726: 	* src/preserve_fds.c:
  727: 	When relocating preserved fds, start with the highest ones first to
  728: 	avoid moving fds around more than we have to. Now uses a bitmap to
  729: 	keep track of which fds are being preserved. Fixes a bug where the
  730: 	debugging fd could be relocated to the same fd as the error
  731: 	backchannel temporarily, resulting in debugging output being printed
  732: 	to the backchannel if util@debug was enabled.
  733: 	[55e006dbeaf3]
  734: 
  735: 	* src/preserve_fds.c:
  736: 	When restoring fds traverse list from high -> low, not low -> high
  737: 	to avoid implicitly closing an fd we want to relocate.
  738: 	[6351225f47d7]
  739: 
  740: 	* src/exec.c:
  741: 	If not logging I/O we may get EOF when the command is executed and
  742: 	the other end of the backchannel is closed. Just remove the
  743: 	backchannel event in this case or we will continue to receive the
  744: 	event. Bug #631
  745: 	[a204b69d91f7]
  746: 
  747: 	* src/po/sr.mo, src/po/sr.po:
  748: 	sync with translationproject.org
  749: 	[987087ce4658]
  750: 
  751: 2014-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
  752: 
  753: 	* src/ttyname.c:
  754: 	Fix strtonum() usage when parsing /proc/self/stat on Linux. Bug #630
  755: 	[3448dffe9701]
  756: 
  757: 	* NEWS, configure, configure.ac:
  758: 	Update for sudo 1.8.9p3
  759: 	[22e5a6f69999]
  760: 
  761: 	* plugins/sudoers/logwrap.c:
  762: 	Remove dead store; found by cppcheck
  763: 	[a59833af3401]
  764: 
  765: 2014-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
  766: 
  767: 	* src/sesh.c:
  768: 	Quiet a cppcheck warning about a negative subscript.
  769: 	[ab98b72f5bdf]
  770: 
  771: 	* src/exec_common.c, src/selinux.c, src/sesh.c, src/sudo_exec.h:
  772: 	Make noexec parameter to sudo_execve() bool.
  773: 	[daa75e4c248a]
  774: 
  775: 	* plugins/sudoers/sudoreplay.c:
  776: 	Quiet a few innocuous cppcheck warnings.
  777: 	[90ffa16d27b1]
  778: 
  779: 	* plugins/sudoers/sssd.c:
  780: 	Handle in_res being NULL for sudo_debug_printf() in
  781: 	sudo_sss_filter_result().
  782: 	[8595cc05d2a8]
  783: 
  784: 	* plugins/sudoers/iolog.c:
  785: 	When writing length to timing file, use %u not %d as it is unsigned.
  786: 	[a7f2fcb6919e]
  787: 
  788: 	* plugins/sudoers/visudo_json.c:
  789: 	Close export_fp in the error path too, but do not close stdout.
  790: 	[5c918718ab45]
  791: 
  792: 	* plugins/sudoers/auth/secureware.c:
  793: 	Move right brace outside #ifdef HAVE_DISPCRYPT; found by cppcheck.
  794: 	[f2619d2eb7a8]
  795: 
  796: 2014-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
  797: 
  798: 	* plugins/group_file/plugin_test.c:
  799: 	Make this compile again
  800: 	[f0ff8df475e8]
  801: 
  802: 	* common/term.c:
  803: 	Add suppression line to quiet a bogus (inconclusive) cppcheck
  804: 	warning.
  805: 	[065207271e5d]
  806: 
  807: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
  808: 	Do not leak old istack if realloc fails; found by cppcheck. Also
  809: 	modify yyless() to avoid a harmless cppcheck warning every time it
  810: 	is used.
  811: 	[021077017a23]
  812: 
  813: 	* Makefile.in, common/Makefile.in, compat/Makefile.in,
  814: 	doc/Makefile.in, include/Makefile.in,
  815: 	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
  816: 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
  817: 	src/Makefile.in, zlib/Makefile.in:
  818: 	Add cppcheck target to run cppcheck on all source files.
  819: 	[d207c2ef49a2]
  820: 
  821: 2014-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
  822: 
  823: 	* NEWS, configure, configure.ac:
  824: 	Update for sudo 1.8.9p2
  825: 	[2e7fe6e371a4]
  826: 
  827: 	* config.h.in, configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
  828: 	m4/ltsugar.m4, m4/ltversion.m4, m4/lt~obsolete.m4:
  829: 	Update to libtool-2.4.2.418
  830: 	[d1dbed89d733]
  831: 
  832: 	* config.guess, config.sub:
  833: 	Update from http://git.savannah.gnu.org/gitweb/?p=config.git
  834: 	[2b5e32d23be5]
  835: 
  836: 2014-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
  837: 
  838: 	* NEWS:
  839: 	Sudo 1.8.9 also fixes bug #617
  840: 	[cc5c18228719]
  841: 
  842: 2014-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
  843: 
  844: 	* NEWS:
  845: 	The fix for the hang was already in the 1.8.9 tarballs.
  846: 	[f038ebcc1071]
  847: 
  848: 	* NEWS, configure, configure.ac:
  849: 	Update for sudo 1.8.9p1
  850: 	[732fca0003cf]
  851: 
  852: 	* common/atobool.c, common/event.c, plugins/sudoers/iolog.c,
  853: 	plugins/sudoers/parse.h, src/exec.c, src/preserve_fds.c:
  854: 	Update copyright year.
  855: 	[fdeb5956810e]
  856: 
  857: 	* plugins/sudoers/parse.h:
  858: 	Go back to making the bit fields in struct cmndtag explicitly
  859: 	signed. This fixes a problem on gcc 4.8 (at least) which appears to
  860: 	be treating the value as unsigned by default.
  861: 	[46b9a7bb10ac]
  862: 
  863: 	* common/atobool.c:
  864: 	Use debug_return_int() instead of bare return for debugging support.
  865: 	[c273f822de5f]
  866: 
  867: 2014-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
  868: 
  869: 	* common/event.c:
  870: 	Fix infinite loop that could be triggered by sudo_ev_loopbreak() and
  871: 	sudo_ev_loopcontinue().
  872: 	[1723561c46b0]
  873: 
  874: 	* NEWS:
  875: 	Update for 1.8.9 final.
  876: 	[d49c14d21410]
  877: 
  878: 2014-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
  879: 
  880: 	* plugins/sudoers/iolog.c:
  881: 	Handle a sequence file with no trailing newline.
  882: 	[aa29306e4f6d]
  883: 
  884: 2014-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
  885: 
  886: 	* plugins/sudoers/iolog.c:
  887: 	Truncate io log and timing files on open when recycling them. Only
  888: 	an issue when the sequence number wraps around.
  889: 	[01b2dfe15ff0]
  890: 
  891: 	* plugins/sudoers/iolog.c:
  892: 	Repair reading of the iolog sequence number that got broken when
  893: 	adding stricter strtoul() checks.
  894: 	[e0f4a11c3437]
  895: 
  896: 	* src/exec.c:
  897: 	If invoked as sudoedit we can't just exec the command directly since
  898: 	the temporary files need to be updated before sudo exits.
  899: 	[508503be1c4f]
  900: 
  901: 	* src/preserve_fds.c:
  902: 	Fix restoration of the close-on-exec flag when moving a relocated fd
  903: 	back into its original position.
  904: 	[5572f1f8b48a]
  905: 
  906: 2014-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
  907: 
  908: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
  909: 	Add "see below" to reference "Secure editing" section in "Preventing
  910: 	shell escapes".
  911: 	[b2db990a36b3]
  912: 
  913: 2014-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
  914: 
  915: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
  916: 	Add initial "Secure editing" section.
  917: 	[0d7a192e0e25]
  918: 
  919: 	* doc/LICENSE:
  920: 	Update copyright year.
  921: 	[4a639d9207a9]
  922: 
  923: 2013-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
  924: 
  925: 	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
  926: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po, src/po/eo.mo,
  927: 	src/po/eo.po, src/po/fi.mo, src/po/fi.po:
  928: 	sync with translationproject.org
  929: 	[5c15a411b10d]
  930: 
  931: 	* plugins/sudoers/policy.c:
  932: 	Make user_cwd and user_tty dynamically allocated even for the
  933: 	"unknown" case.
  934: 	[015454bf97f8]
  935: 
  936: 2013-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
  937: 
  938: 	* configure, configure.ac:
  939: 	Use -fstack-protector-strong in preference to -fstack-protector-all
  940: 	or -fstack-protector.
  941: 	[bdd1066eefc4]
  942: 
  943: 	* doc/HISTORY:
  944: 	Dell acquired Quest
  945: 	[3d5b7d27a313]
  946: 
  947: 2013-12-29  Todd C. Miller  <Todd.Miller@courtesan.com>
  948: 
  949: 	* plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/ru.mo,
  950: 	src/po/ru.po, src/po/vi.mo, src/po/vi.po:
  951: 	sync with translationproject.org
  952: 	[f964671d08ce]
  953: 
  954: 2013-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
  955: 
  956: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
  957: 	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
  958: 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
  959: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
  960: 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
  961: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
  962: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
  963: 	src/po/cs.mo, src/po/cs.po, src/po/da.mo, src/po/da.po,
  964: 	src/po/it.mo, src/po/it.po, src/po/pl.mo, src/po/pl.po,
  965: 	src/po/pt_BR.mo, src/po/pt_BR.po, src/po/uk.mo, src/po/uk.po,
  966: 	src/po/zh_CN.mo, src/po/zh_CN.po:
  967: 	sync with translationproject.org
  968: 	[5f5becf5fb7a]
  969: 
  970: 	* doc/sudoers.ldap.cat:
  971: 	regen
  972: 	[77745e6bc0d5]
  973: 
  974: 	* NEWS:
  975: 	Update for recent changes.
  976: 	[365b9084268a]
  977: 
  978: 	* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
  979: 	plugins/sudoers/visudo.c:
  980: 	Fix typo; we want setlocale(LC_ALL, "") since we are setting the
  981: 	locale for the first time.
  982: 	[e2b9660e9d48]
  983: 
  984: 2013-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
  985: 
  986: 	* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
  987: 	plugins/sudoers/visudo.c:
  988: 	Use sudoers_initlocale() in main() startup, not sudoers_setlocal()
  989: 	as the latter assumes we are already in the user's locale which may
  990: 	not be the case. For sudoreplay, we can just use setlocale()
  991: 	directly as there is no sudoers locale.
  992: 	[12235e50dea0]
  993: 
  994: 2013-12-24  Todd C. Miller  <Todd.Miller@courtesan.com>
  995: 
  996: 	* src/preserve_fds.c, src/sudo.c, src/sudo.h:
  997: 	Redo preserve_fds support to remap high fds so we can get the most
  998: 	out of closefrom(). The fds are then restored after closefrom().
  999: 	[7d712ec49db7]
 1000: 
 1001: 	* plugins/sudoers/Makefile.in:
 1002: 	Fix install-plugin when sudoers is compiled statically.
 1003: 	[36a8bf3b588d]
 1004: 
 1005: 2013-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 1006: 
 1007: 	* MANIFEST, common/sudo_debug.c, doc/sudo_plugin.cat,
 1008: 	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 1009: 	include/sudo_debug.h, include/sudo_plugin.h, src/Makefile.in,
 1010: 	src/exec.c, src/exec_pty.c, src/preserve_fds.c, src/sudo.c,
 1011: 	src/sudo.h, src/sudo_exec.h:
 1012: 	Add support for preventing fds from getting clobbered by
 1013: 	closefrom().
 1014: 	[269f45964ff0]
 1015: 
 1016: 2013-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 1017: 
 1018: 	* plugins/sudoers/Makefile.in:
 1019: 	regen
 1020: 	[b8f458379b5b]
 1021: 
 1022: 2013-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 1023: 
 1024: 	* common/alloc.c:
 1025: 	Need to include limits.h here too.
 1026: 	[b53c6edef597]
 1027: 
 1028: 2013-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 1029: 
 1030: 	* config.h.in, configure, configure.ac, plugins/sudoers/parse.h:
 1031: 	No need to use __signed.
 1032: 	[05f9648d1953]
 1033: 
 1034: 	* plugins/sudoers/regress/logging/check_wrap.c:
 1035: 	Need limits.h here too.
 1036: 	[54aac3bbf66a]
 1037: 
 1038: 	* compat/closefrom.c:
 1039: 	Still need limits.h here.
 1040: 	[0abc6b2be208]
 1041: 
 1042: 	* plugins/sudoers/po/sudoers.pot:
 1043: 	regen
 1044: 	[386b47ced07f]
 1045: 
 1046: 	* compat/closefrom.c:
 1047: 	Go back to using /proc/self/fd instead of /proc/$$/fd as only AIX
 1048: 	lacks /proc/self and it has F_CLOSEM.
 1049: 	[b5735fbcfdce]
 1050: 
 1051: 2013-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 1052: 
 1053: 	* plugins/sudoers/visudo_json.c:
 1054: 	Use a switch to map digest type to name instead of an array of
 1055: 	strings.
 1056: 	[ab17ceb4dd60]
 1057: 
 1058: 	* compat/closefrom.c:
 1059: 	Use /dev/fd in closefrom() on FreeBSD < 8.0 and Mac OS X.
 1060: 	[e70df3b3144b]
 1061: 
 1062: 	* compat/snprintf.c:
 1063: 	Remove _MAX and _MIN compat; we rely on missing.h for that. We
 1064: 	already require the compiler handle long long so there's no need to
 1065: 	use HAVE_LONG_LONG_INT everywhere.
 1066: 	[2bda15071439]
 1067: 
 1068: 	* common/ttysize.c, include/missing.h:
 1069: 	Remove _MAX and _MIN defines that any system from the last 20 years
 1070: 	should have. Add ULLONG_MAX in case it is missing.
 1071: 	[2db0cee4aaa8]
 1072: 
 1073: 	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
 1074: 	plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c:
 1075: 	Change visudo -x to take a file name argument, which may be '-' to
 1076: 	write the exported sudoers file to stdout.
 1077: 	[84cb72c3c391]
 1078: 
 1079: 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/gram.c,
 1080: 	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
 1081: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 1082: 	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
 1083: 	plugins/sudoers/toke.l, plugins/sudoers/visudo.c,
 1084: 	plugins/sudoers/visudo_json.c, src/regress/ttyname/check_ttyname.c:
 1085: 	Move symbol extern defs into sudoers.h
 1086: 	[b631a0b57fae]
 1087: 
 1088: 	* plugins/sudoers/regress/check_symbols/check_symbols.c,
 1089: 	plugins/sudoers/regress/logging/check_wrap.c:
 1090: 	Add missing sudo_util.h
 1091: 	[ed0edc2e2d0c]
 1092: 
 1093: 2013-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 1094: 
 1095: 	* plugins/sudoers/sudoreplay.c:
 1096: 	Warn if the time stamp in the I/O log file does not fit in time_t.
 1097: 	Warn if the info line is not well-formed instead of silently
 1098: 	ignoring it.
 1099: 	[37a050de5be5]
 1100: 
 1101: 2013-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 1102: 
 1103: 	* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
 1104: 	Rename libcommon libsudo_util
 1105: 	[df3ffd4229e5]
 1106: 
 1107: 2013-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 1108: 
 1109: 	* MANIFEST, common/Makefile.in, common/aix.c, common/atobool.c,
 1110: 	common/atoid.c, common/atomode.c, common/fmt_string.c,
 1111: 	common/gidlist.c, common/progname.c, common/setgroups.c,
 1112: 	common/sudo_conf.c, common/term.c, common/ttysize.c,
 1113: 	include/missing.h, include/sudo_util.h,
 1114: 	plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
 1115: 	plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.h,
 1116: 	plugins/sudoers/sudoreplay.c, plugins/system_group/Makefile.in,
 1117: 	plugins/system_group/system_group.c, src/Makefile.in, src/sudo.h:
 1118: 	Move prototypes for functions provided by libcommon that don't have
 1119: 	their own header files into sudo_util.h.
 1120: 	[43f423a24416]
 1121: 
 1122: 2013-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 1123: 
 1124: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/def_data.c,
 1125: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 1126: 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 1127: 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 1128: 	plugins/sudoers/mkdefaults:
 1129: 	Now that we have proper number parsing functions we should store
 1130: 	T_UINT defaults values as unsigned int, not int.
 1131: 	[67d8c2244f1d]
 1132: 
 1133: 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
 1134: 	Don't use int where we really mean enum def_tuple. When this code
 1135: 	was written it was assumed that we may have multiple tuple types.
 1136: 	However, that hasn't happened and probably never will.
 1137: 	[8491f970f343]
 1138: 
 1139: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 1140: 	Regen after string parsing changes.
 1141: 	[fd6bf79c3286]
 1142: 
 1143: 	* common/atoid.c, common/atomode.c, compat/strtonum.c, configure,
 1144: 	configure.ac, include/missing.h, plugins/sudoers/defaults.c,
 1145: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 1146: 	plugins/sudoers/sudoreplay.c, src/parse_args.c, src/ttyname.c:
 1147: 	The OpenBSD strtonum() uses very short error strings that can't be
 1148: 	translated usefully. Convert them to longer strings on error. Also
 1149: 	use the longer strings for atomode() and atoid().
 1150: 	[dace028594da]
 1151: 
 1152: 2013-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 1153: 
 1154: 	* MANIFEST, common/Makefile.in, common/atoid.c, common/atomode.c,
 1155: 	plugins/sudoers/defaults.c, plugins/sudoers/policy.c,
 1156: 	plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
 1157: 	Add atomode() function for parsing a file mode.
 1158: 	[44e29629aa5e]
 1159: 
 1160: 	* common/sudo_conf.c, common/ttysize.c, compat/Makefile.in,
 1161: 	compat/closefrom.c, compat/getaddrinfo.c, compat/strtonum.c,
 1162: 	configure, configure.ac, include/missing.h,
 1163: 	plugins/sudoers/boottime.c, plugins/sudoers/defaults.c,
 1164: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 1165: 	plugins/sudoers/match_addr.c, plugins/sudoers/policy.c,
 1166: 	plugins/sudoers/regress/logging/check_wrap.c,
 1167: 	plugins/sudoers/regress/parser/check_addr.c,
 1168: 	plugins/sudoers/sudoreplay.c, plugins/system_group/system_group.c,
 1169: 	src/parse_args.c, src/sudo.c, src/ttyname.c:
 1170: 	Use strtonum() instead of atoi(), strtol() or strtoul() where
 1171: 	possible.
 1172: 	[e4a1fc84b893]
 1173: 
 1174: 	* MANIFEST, compat/Makefile.in, compat/strtonum.c, config.h.in,
 1175: 	configure, configure.ac, include/missing.h, mkdep.pl:
 1176: 	Add strtonum.c to compat for simpler number parsing.
 1177: 	[a4c69b003da0]
 1178: 
 1179: 2013-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 1180: 
 1181: 	* src/exec_common.c:
 1182: 	Fix a warning on Solaris, we need to use debug_return_const_ptr.
 1183: 	[932aa94c0cac]
 1184: 
 1185: 	* plugins/sudoers/Makefile.in:
 1186: 	check_symbols needs to link with SUDO_LIBS in order to get -lpthread
 1187: 	on HP-UX for libldap (which uses threads). It would be better to
 1188: 	have a separate variable for the pthread library but this is no
 1189: 	worse than it used to be.
 1190: 	[94591b765371]
 1191: 
 1192: 2013-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 1193: 
 1194: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 1195: 	add missing comma
 1196: 	[7dcbd1c6dd25]
 1197: 
 1198: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 1199: 	Make -c option description more accurate.
 1200: 	[3f305ae6037e]
 1201: 
 1202: 2013-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 1203: 
 1204: 	* doc/CONTRIBUTORS, plugins/sudoers/sudoers.c:
 1205: 	When checking whether a user may change the login class, just check
 1206: 	pw_uid of the runas user, which was passed in to set_loginclass().
 1207: 	[aaf736440441]
 1208: 
 1209: 2013-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 1210: 
 1211: 	* plugins/sudoers/visudo_json.c:
 1212: 	Use atoid() when parsing user/group IDs and print them as unsigned
 1213: 	int.
 1214: 	[40c77459a36a]
 1215: 
 1216: 2013-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 1217: 
 1218: 	* plugins/sudoers/sudoreplay.c:
 1219: 	Correctly parse 64-bit times in I/O log files.
 1220: 	[d053ee75adc3]
 1221: 
 1222: 	* compat/getgrouplist.c, plugins/group_file/getgrent.c,
 1223: 	plugins/sudoers/pwutil.c,
 1224: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 1225: 	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
 1226: 	Use atoid() not atoi() when parsing uids/gids.
 1227: 	[491146596626]
 1228: 
 1229: 	* plugins/sudoers/match.c, plugins/sudoers/match_addr.c,
 1230: 	plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
 1231: 	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
 1232: 	plugins/sudoers/sudoers.h:
 1233: 	Better match debugging. Sprinkle const in match functions.
 1234: 	[4cd8d793f165]
 1235: 
 1236: 2013-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 1237: 
 1238: 	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
 1239: 	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
 1240: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 1241: 	doc/sudo_plugin.mdoc.in:
 1242: 	Document that plugins can be compiled statically into the sudo
 1243: 	binary.
 1244: 	[434061cf909f]
 1245: 
 1246: 2013-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 1247: 
 1248: 	* plugins/sudoers/sssd.c:
 1249: 	sudo_sss_filter_user_netgroup(): fix comment typos, break out of
 1250: 	loop early if we match ALL or netgroup.
 1251: 	[0691731f4b12]
 1252: 
 1253: 	* plugins/sudoers/sssd.c:
 1254: 	When filtering netgroups, use the passwd struct stashed in the
 1255: 	handle, not user_name since we may be listing another users
 1256: 	privileges.
 1257: 	[f2669cf7b70c]
 1258: 
 1259: 	* mkpkg:
 1260: 	RHEL 6 and above builds sudo with SSSD support
 1261: 	[afc3d894851e]
 1262: 
 1263: 	* plugins/sudoers/sssd.c:
 1264: 	Avoid passing NULL domainname to sudo_debug_printf().
 1265: 	[b08abe5e6d23]
 1266: 
 1267: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 1268: 	Document sssd debug subsystem.
 1269: 	[250c3ab1bcf0]
 1270: 
 1271: 	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
 1272: 	Document "event" debug subsystem.
 1273: 	[85d220b48edc]
 1274: 
 1275: 	* plugins/sudoers/match.c:
 1276: 	Use atoid() instead of atoi() when parsing uids/gids so we get
 1277: 	proper range checking.
 1278: 	[5c3e2f3f6cb9]
 1279: 
 1280: 	* plugins/sudoers/sssd.c:
 1281: 	Add user netgroup filtering for SSSD. Previously, rules for a
 1282: 	netgroup were applied to all even when they did not belong to the
 1283: 	specified netgroup. RedHat Bugzilla 880150.
 1284: 	[784848b5462c]
 1285: 
 1286: 	* plugins/sudoers/sssd.c:
 1287: 	Fix several issues found by the clang static analyzer; Daniel
 1288: 	Kopecek
 1289: 	[520261dd7461]
 1290: 
 1291: 2013-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 1292: 
 1293: 	* README.LDAP:
 1294: 	Mention how to dump sudoers info from LDAP.
 1295: 	[a53c93790a30]
 1296: 
 1297: 	* src/exec_common.c:
 1298: 	On Solaris, disabling the proc_exec privilege appears to interfere
 1299: 	with DAC file permissions. Adding DAC override permissions to the
 1300: 	inheritable set works around this for commands run as root without
 1301: 	giving extra permissions to other users. Bug #626
 1302: 	[391ad44026c3]
 1303: 
 1304: 2013-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 1305: 
 1306: 	* MANIFEST, common/Makefile.in, common/progname.c, compat/Makefile.in,
 1307: 	compat/getprogname.c, configure, configure.ac, include/missing.h,
 1308: 	mkdep.pl, plugins/sample/sample_plugin.c, plugins/sudoers/policy.c,
 1309: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 1310: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 1311: 	plugins/sudoers/regress/logging/check_wrap.c,
 1312: 	plugins/sudoers/regress/parser/check_addr.c,
 1313: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
 1314: 	plugins/sudoers/visudo.c, src/parse_args.c,
 1315: 	src/regress/ttyname/check_ttyname.c, src/sudo.c:
 1316: 	Instead of setprogname(), add initprogname() which gets the program
 1317: 	name for getprogname() using /proc or pstat() if possible.
 1318: 	[e2d48d81456f]
 1319: 
 1320: 2013-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 1321: 
 1322: 	* src/ttyname.c:
 1323: 	Ignore EOVERFLOW from pstat_getproc(). The HP-UX kernel appears to
 1324: 	return this in certain situations but it appears to be harmless at
 1325: 	least insofar as retrieving the tty goes.
 1326: 	[105bea4e1c20]
 1327: 
 1328: 	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 1329: 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 1330: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 1331: 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 1332: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 1333: 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 1334: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 1335: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
 1336: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 1337: 	src/po/cs.mo, src/po/cs.po, src/po/eo.mo, src/po/eo.po,
 1338: 	src/po/fi.mo, src/po/fi.po, src/po/it.mo, src/po/it.po,
 1339: 	src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
 1340: 	src/po/ru.mo, src/po/ru.po, src/po/uk.mo, src/po/uk.po,
 1341: 	src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
 1342: 	Sync with translationproject.org
 1343: 	[3694d7ad4c9d]
 1344: 
 1345: 2013-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 1346: 
 1347: 	* plugins/sudoers/visudo.c:
 1348: 	Add missing newline in help message after export option.
 1349: 	[1c0bff0c181e]
 1350: 
 1351: 2013-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 1352: 
 1353: 	* configure, configure.ac, plugins/sudoers/Makefile.in,
 1354: 	src/Makefile.in:
 1355: 	Do not add LIBDL to SUDO_LIBS or SUDOERS_LIBS in configure, do it in
 1356: 	Makefile.in so we can make it last. Fixes a linking problem on
 1357: 	Ubuntu precise.
 1358: 	[f8d3bddbe742]
 1359: 
 1360: 2013-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 1361: 
 1362: 	* configure, m4/ax_func_getaddrinfo.m4:
 1363: 	Do not rely on NULL being defined for getaddrinfo() test. Fixes the
 1364: 	check on HP-UX 11.23.
 1365: 	[a5dcf0283693]
 1366: 
 1367: 2013-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 1368: 
 1369: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 1370: 	Regen for sudo 1.8.9b1
 1371: 	[945f27a7aa1c]
 1372: 
 1373: 	* src/po/de.mo, src/po/de.po, src/po/sr.mo, src/po/sr.po:
 1374: 	Sync with translationproject.org
 1375: 	[52abae16ccfa]
 1376: 
 1377: 2013-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 1378: 
 1379: 	* INSTALL, MANIFEST, NEWS, common/Makefile.in, common/sudo_dso.c,
 1380: 	compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c, config.h.in,
 1381: 	configure, configure.ac, include/sudo_dso.h, mkdep.pl,
 1382: 	plugins/sudoers/Makefile.in, plugins/sudoers/group_plugin.c,
 1383: 	plugins/sudoers/ldap.c,
 1384: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 1385: 	plugins/sudoers/sssd.c, plugins/system_group/Makefile.in,
 1386: 	plugins/system_group/system_group.c, src/Makefile.in,
 1387: 	src/env_hooks.c, src/load_plugins.c, src/preload.c, src/sudo.c,
 1388: 	src/sudo.h:
 1389: 	Add wrapper functions for dlopen() et al so that we can support
 1390: 	statically compiling in the sudoers plugin but still allow other
 1391: 	plugins to be loaded. The new --enable-static-sudoers configure
 1392: 	option will cause the sudoers plugin to be compiled statically into
 1393: 	the sudo binary. This does not prevent other plugins from being
 1394: 	loaded as per sudo.conf.
 1395: 	[9425770e9d2b]
 1396: 
 1397: 2013-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 1398: 
 1399: 	* plugins/sudoers/visudo_json.c:
 1400: 	Handle non-unix groups correctly. Get rid of runasuser and
 1401: 	runasgroup types and use username and usergroup instead. The fact
 1402: 	that the user or group is inside a Runas_List doesn't affect its
 1403: 	underlying type.
 1404: 	[ea1789258c11]
 1405: 
 1406: 2013-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 1407: 
 1408: 	* plugins/sudoers/visudo_json.c:
 1409: 	Simplify Defaults list option object. The name and value strings are
 1410: 	superfluous.
 1411: 	[5852b0184669]
 1412: 
 1413: 	* compat/dlopen.c:
 1414: 	Back out unintended change.
 1415: 	[85156e49e96e]
 1416: 
 1417: 	* MANIFEST, aclocal.m4, configure, configure.ac,
 1418: 	m4/ax_func_getaddrinfo.m4:
 1419: 	Add dedicated test for getaddrinfo(). Tru64 UNIX contains two
 1420: 	versions of getaddrinfo and we must include netdb.h to get the
 1421: 	proper definition.
 1422: 	[9882e3e1e8e3]
 1423: 
 1424: 	* compat/dlopen.c,
 1425: 	plugins/sudoers/regress/check_symbols/check_symbols.c:
 1426: 	Define RTLD_GLOBAL for older systems without it. Bug #621
 1427: 	[ed38ac84f1da]
 1428: 
 1429: 2013-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 1430: 
 1431: 	* compat/snprintf.c, include/missing.h:
 1432: 	Rename snprintf replacement rpl_snprintf since we may now replace
 1433: 	the libc version and #define rpl_snprintf snprintf in missing.h so
 1434: 	we get our version when needed. This is consistent with how we
 1435: 	replace glob and fnmatch.
 1436: 	[309aa17d0dfe]
 1437: 
 1438: 	* common/Makefile.in, common/regress/sudo_conf/conf_test.c,
 1439: 	common/regress/sudo_parseln/parseln_test.c,
 1440: 	common/regress/tailq/hltq_test.c, src/Makefile.in:
 1441: 	libcommon tests need locale_stub.lo to link.
 1442: 	[baae40f36de5]
 1443: 
 1444: 	* MANIFEST, aclocal.m4, compat/snprintf.c, config.h.in, configure,
 1445: 	configure.ac, m4/ax_func_snprintf.m4:
 1446: 	Add check for C99 compliant (v)snprintf function.
 1447: 	[79e02551543c]
 1448: 
 1449: 	* compat/sig2str.c, configure, configure.ac:
 1450: 	Include unistd.h in sig2str.c for Tru64 as it defines SIGRTMIN and
 1451: 	SIGRTMAX in terms of sysconf(), which is prototyped in unistd.h. Bug
 1452: 	#621; from Daniel Richard G.
 1453: 	[2a59ccb8c966]
 1454: 
 1455: 	* include/gettext.h, plugins/sudoers/locale.c, src/locale_stub.c:
 1456: 	Add definition of U_ for --disable-nsl Don't define warning_gettext
 1457: 	if --disable-nsl Bug #621; from Daniel Richard G.
 1458: 	[c0054eb89c2b]
 1459: 
 1460: 2013-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 1461: 
 1462: 	* plugins/sudoers/visudo_json.c:
 1463: 	When merging Defaults entries we need to check the type of the next
 1464: 	entry and not just assume it is the same as the previous one.
 1465: 	[e97d9b9cf0d5]
 1466: 
 1467: 	* plugins/sudoers/visudo_json.c:
 1468: 	runasgroups not runasgroup in the Cmnd_Spec.
 1469: 	[92ea5dc20e4d]
 1470: 
 1471: 	* plugins/sudoers/visudo_json.c:
 1472: 	Fix some syntax errors and change how lists are handled.
 1473: 	[027b8dea44b2]
 1474: 
 1475: 	* common/sudo_debug.c, config.h.in, configure, configure.ac,
 1476: 	include/fatal.h, include/sudo_debug.h:
 1477: 	Allow sudo to compile without variadic macro support in cpp.
 1478: 	Debugging support will be limited (no file info from warnings.) From
 1479: 	Daniel Richard G.; Bug #621
 1480: 	[51b8b868cd4b]
 1481: 
 1482: 	* Makefile.in, common/aix.c, common/fatal.c, common/gidlist.c,
 1483: 	common/sudo_conf.c, include/fatal.h, include/gettext.h,
 1484: 	include/missing.h, plugins/sudoers/auth/fwtk.c,
 1485: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
 1486: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/defaults.c,
 1487: 	plugins/sudoers/env.c, plugins/sudoers/group_plugin.c,
 1488: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 1489: 	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
 1490: 	plugins/sudoers/logging.c, plugins/sudoers/match.c,
 1491: 	plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
 1492: 	plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
 1493: 	plugins/sudoers/sssd.c, plugins/sudoers/sudoers.c,
 1494: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
 1495: 	plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
 1496: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 1497: 	plugins/sudoers/visudo.c, plugins/sudoers/visudo_json.c, src/exec.c,
 1498: 	src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
 1499: 	src/locale_stub.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
 1500: 	src/sesh.c, src/signal.c, src/solaris.c, src/sudo.c,
 1501: 	src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
 1502: 	Add warning_gettext() wrapper function that changes to the user
 1503: 	locale, then calls gettext(). Add U_ macro that calls
 1504: 	warning_gettext() instead of gettext(). Rename warning2()/error2()
 1505: 	back to warning_nodebug()/error_nodebug().
 1506: 	[f3bb207db201]
 1507: 
 1508: 2013-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 1509: 
 1510: 	* common/fileops.c, compat/getaddrinfo.c, compat/mktemp.c,
 1511: 	compat/utimes.c, configure.ac, plugins/sudoers/boottime.c,
 1512: 	plugins/sudoers/check.c, plugins/sudoers/getdate.c,
 1513: 	plugins/sudoers/getdate.y, plugins/sudoers/group_plugin.c,
 1514: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 1515: 	plugins/sudoers/logging.h, plugins/sudoers/sssd.c,
 1516: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
 1517: 	plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/preload.c,
 1518: 	src/sudo.c, src/sudo_edit.c, src/ttyname.c, src/utmp.c:
 1519: 	Fix some #if vs. #ifdef and remove an extraneous semicolon. Bug
 1520: 	#624; from Daniel Richard G.
 1521: 	[b212e4694018]
 1522: 
 1523: 	* include/sudo_debug.h, plugins/sudoers/defaults.c,
 1524: 	plugins/sudoers/ldap.c, src/exec_common.c:
 1525: 	Add debug_return_const_str and debug_return_const_ptr for returning
 1526: 	a const string or pointer. Using const for the normal versions
 1527: 	produces warnings with the Tru64 compiler.
 1528: 	[45018a149cb4]
 1529: 
 1530: 	* common/event_poll.c, compat/getaddrinfo.c, config.h.in, configure,
 1531: 	configure.ac, m4/sudo.m4:
 1532: 	Fixes for building under Tru64; from Daniel Richard G. Bug #624
 1533: 	[fc4a6cbae1ba]
 1534: 
 1535: 2013-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 1536: 
 1537: 	* plugins/sudoers/logging.c:
 1538: 	log_{fatal,warning} now logs to the debug file itself.
 1539: 	log_{fatal,warning} now calls warningx2() after setting the locale
 1540: 	itself instead of using the wrapper macros. This removes the only
 1541: 	use of warningx(ngettext(...)).
 1542: 	[930129361e0a]
 1543: 
 1544: 2013-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 1545: 
 1546: 	* configure, configure.ac:
 1547: 	Add -Wpointer-arith to --enable-warnings
 1548: 	[2043ae306d1b]
 1549: 
 1550: 	* configure, configure.ac:
 1551: 	Fix more instances of #include directives where the '#' was not in
 1552: 	column 1. From Daniel Richard G. (bug #622)
 1553: 	[75f36f39dcab]
 1554: 
 1555: 	* MANIFEST, doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in,
 1556: 	plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
 1557: 	plugins/sudoers/visudo_json.c:
 1558: 	Add support to visudo to export sudoers in JSON format.
 1559: 	[1697b2b4bfd2]
 1560: 
 1561: 2013-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 1562: 
 1563: 	* plugins/sudoers/parse.h:
 1564: 	Remove unused digest field from struct cmndspec, the digest really
 1565: 	lives in struct sudo_command.
 1566: 	[e9a1e2e112d6]
 1567: 
 1568: 	* config.h.in, configure:
 1569: 	Regen with autoconf 2.69
 1570: 	[275f69f98f9e]
 1571: 
 1572: 	* MANIFEST, Makefile.in, config.h.in, configure.ac, configure.in,
 1573: 	doc/Makefile.in:
 1574: 	Rename configure.in -> configure.ac
 1575: 	[0aeafe425373]
 1576: 
 1577: 	* MANIFEST, aclocal.m4, autogen.sh, config.h.in, configure,
 1578: 	configure.in, ltmain.sh, m4/sudo.m4:
 1579: 	From Daniel Richard G. (bug #622) Add an autogen.sh script that
 1580: 	rebuilds the autoconf world. Move old aclocal.m4 contents to
 1581: 	m4/sudo.m4. New (generayed) aclocal.m4 contains the m4_include
 1582: 	directives. Some tests had #include directives where the '#' was not
 1583: 	in column 1. Updated obsolete macro usage via autoupdate.
 1584: 	[5fe8de5a56df]
 1585: 
 1586: 2013-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 1587: 
 1588: 	* src/sudo_exec.h:
 1589: 	Very old systems (pre XPG 4.2) may not support MSG_WAITALL. The
 1590: 	likelihood of receiving a partial message is quite low so this is
 1591: 	not a big deal.
 1592: 	[900a304f9548]
 1593: 
 1594: 	* configure, configure.in:
 1595: 	HP-UX may require _XOPEN_SOURCE_EXTENDED to be defined for
 1596: 	MSG_WAITALL to be visible.
 1597: 	[f08b1a00a30a]
 1598: 
 1599: 	* MANIFEST, plugins/sudoers/regress/visudo/test5.out.ok,
 1600: 	plugins/sudoers/regress/visudo/test5.sh:
 1601: 	Add regress test for bug #623
 1602: 	[8e83cfccaf14]
 1603: 
 1604: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 1605: 	Cope with a comment on the last line of the file with no newline.
 1606: 	Bug #623
 1607: 	[f826243bc4e6]
 1608: 
 1609: 	* compat/getaddrinfo.c:
 1610: 	Include arpa/inet.h for HP-UX; from Daniel Richard G.
 1611: 	[d4d7a4303bae]
 1612: 
 1613: 	* doc/Makefile.in:
 1614: 	Add missing $(mansrcdir) to visudo.mdoc and visudo.man. From Daniel
 1615: 	Richard G.
 1616: 	[f664c8d2f961]
 1617: 
 1618: 2013-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 1619: 
 1620: 	* include/fatal.h:
 1621: 	In v{warning,fatal}x?() make a new copy of ap for the debug
 1622: 	functions. It is not legal to use ap twice without reinitializing
 1623: 	it. Noticed by Daniel Richard G.
 1624: 	[6ca8bc48ecb3]
 1625: 
 1626: 	* include/fatal.h:
 1627: 	Remove errant warning_restore_locale() call.
 1628: 	[4ef7aecefcbb]
 1629: 
 1630: 	* include/missing.h, plugins/sudoers/logging.c:
 1631: 	Move va_copy compat macro to missing.h
 1632: 	[c873e4cc4c8a]
 1633: 
 1634: 	* common/Makefile.in, compat/Makefile.in, mkdep.pl,
 1635: 	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
 1636: 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
 1637: 	src/Makefile.in, zlib/Makefile.in:
 1638: 	Uniquify header dependencies so we don't end up with duplicates when
 1639: 	a header file includes other headers. The header dependencies are
 1640: 	sorted so the generated order is stable.
 1641: 	[95747db2f07a]
 1642: 
 1643: 	* compat/Makefile.in, configure, configure.in, doc/CONTRIBUTORS,
 1644: 	mkdep.pl:
 1645: 	Add getaddrinfo.lo to LTLIBOBJS for systems that need it. From
 1646: 	Daniel Richard G.
 1647: 	[e94ee99a52a9]
 1648: 
 1649: 	* plugins/sudoers/testsudoers.c:
 1650: 	Fix pasto
 1651: 	[5262735e78e0]
 1652: 
 1653: 2013-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 1654: 
 1655: 	* doc/sudoers.mdoc.in:
 1656: 	Fix typo.
 1657: 	[6b11a4eec6b6]
 1658: 
 1659: 2013-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 1660: 
 1661: 	* plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
 1662: 	regen
 1663: 	[995ca9f21862]
 1664: 
 1665: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
 1666: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/toke.c:
 1667: 	Fix warnings from -Wold-style-definition
 1668: 	[a748c5c7b423]
 1669: 
 1670: 	* configure, configure.in:
 1671: 	Add -Wold-style-definition to --enable-warnings
 1672: 	[0484de0deb59]
 1673: 
 1674: 	* common/event_poll.c:
 1675: 	Extra debugging for ready fds.
 1676: 	[91fb85cdecbb]
 1677: 
 1678: 	* common/event_select.c:
 1679: 	When deleting an event, check ev->events to determine whether to
 1680: 	remove from readfds or writefds instead of blinding removing from
 1681: 	both. Also fix highfd adjustment.
 1682: 	[7384db65ca9c]
 1683: 
 1684: 2013-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 1685: 
 1686: 	* common/event_select.c:
 1687: 	Only check an fd that is >= 0. Timeout-only events may have a
 1688: 	negative fd.
 1689: 	[fa0e5cbc3cc2]
 1690: 
 1691: 2013-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 1692: 
 1693: 	* common/event.c:
 1694: 	Don't call sudo_ev_{add,del}_impl() for timeout-only events. This
 1695: 	makes it possible to pass sudo_ev_alloc() an fd of -1 for events
 1696: 	only use SUDO_EV_TIMEOUT.
 1697: 	[6838657a1a2f]
 1698: 
 1699: 2013-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 1700: 
 1701: 	* common/alloc.c, common/event_select.c, include/sudo_event.h:
 1702: 	Make a copy of readfds/writefds before calling select() instead of
 1703: 	calculating it each time. Keep track of high fd in the base.
 1704: 	[6048b78f2e94]
 1705: 
 1706: 2013-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 1707: 
 1708: 	* doc/CONTRIBUTORS:
 1709: 	Add Stephen Gelman
 1710: 	[0028c7a91a4f]
 1711: 
 1712: 	* plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
 1713: 	Fix sign comparison warning.
 1714: 	[914cb36b9ed2]
 1715: 
 1716: 	* plugins/sudoers/sudoreplay.c:
 1717: 	Fix potential NULL dereference in non-interactive mode.
 1718: 	[9233428d3f32]
 1719: 
 1720: 2013-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 1721: 
 1722: 	* src/exec.c, src/exec_pty.c:
 1723: 	Use MSG_WAITALL when receiving struct command_status over the Unix
 1724: 	domain socket since we no longer use datagrams. This should avoid
 1725: 	the need to handle incomplete reads, though in theory it is still
 1726: 	possible.
 1727: 	[28a92888a908]
 1728: 
 1729: 	* plugins/sudoers/sudoreplay.c:
 1730: 	SIGKILL is not catchable
 1731: 	[79f82e4cb11d]
 1732: 
 1733: 	* common/event.c, include/sudo_event.h, plugins/sudoers/sudoreplay.c:
 1734: 	Add sudo_ev_get_timeleft() to get the amount of time left before an
 1735: 	event times out and use it in sudoreplay.
 1736: 	[d5b17ee30fa4]
 1737: 
 1738: 2013-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 1739: 
 1740: 	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in,
 1741: 	plugins/sudoers/sudoreplay.c:
 1742: 	If the user presses <return> or <enter> in sudoreplay, skip to the
 1743: 	next event. Useful for skipping past long pauses in the data.
 1744: 	[43343f45c94d]
 1745: 
 1746: 	* common/event.c, common/event_poll.c, common/event_select.c:
 1747: 	Fix sudo_ev_scan_impl() return value in event_poll.c. Make sure we
 1748: 	clear active flag from unprocessed events if sudo_ev_loopbreak() or
 1749: 	sudo_ev_loopcontinue() are used. Remove bogus optimization when the
 1750: 	timeout is zero or negative; it could prevent an I/O event from
 1751: 	being triggered.
 1752: 	[a13603fb3134]
 1753: 
 1754: 	* plugins/sudoers/sudoreplay.c:
 1755: 	Move session replay into its own function.
 1756: 	[e323f7729595]
 1757: 
 1758: 	* common/event.c, common/event_poll.c, common/event_select.c,
 1759: 	include/sudo_event.h:
 1760: 	Get rid of cur and pending pointers in struct sudo_event_base. We
 1761: 	now pop the first event off the active queue instead of using a
 1762: 	foreach loop with deferred removal of the event. Add
 1763: 	SUDO_EVQ_INSERTED and SUDO_EVQ_TIMEOUTS flags to indicate that the
 1764: 	event on the event queue and timeouts queue respectively. No longer
 1765: 	need to compare the timeout to {0,0} or compare the event's base
 1766: 	pointer to NULL to determine queue membership.
 1767: 	[f2b2251fd523]
 1768: 
 1769: 	* common/event_poll.c:
 1770: 	rename sudo_ev_loop_impl() -> sudo_ev_scan_impl()
 1771: 	[614faaff04e3]
 1772: 
 1773: 	* MANIFEST, common/event.c, common/event_poll.c,
 1774: 	common/event_select.c, compat/Makefile.in, compat/nanosleep.c,
 1775: 	config.h.in, configure, configure.in, include/missing.h,
 1776: 	include/sudo_event.h, mkdep.pl, plugins/sudoers/Makefile.in,
 1777: 	plugins/sudoers/sudoreplay.c, src/exec.c, src/exec_pty.c:
 1778: 	Add support for libevent-style timed events. Adding a timed event is
 1779: 	currently O(n). The only consumer of timed events is sudoreplay
 1780: 	which only used a singled one so O(n) == O(1) for now. This also
 1781: 	allows us to remove the nanosleep compat function as we now use a
 1782: 	timeout event instead.
 1783: 	[db41c08e92dc]
 1784: 
 1785: 2013-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 1786: 
 1787: 	* src/exec.c, src/exec_pty.c:
 1788: 	Now that sudo_ev_base_free() removes all events before freeing we
 1789: 	don't need to do this by hand.
 1790: 	[b59d43658c5f]
 1791: 
 1792: 	* common/event.c, common/event_poll.c, common/event_select.c,
 1793: 	include/sudo_event.h:
 1794: 	Add a list of active events in the base that the back end sets when
 1795: 	it calls poll or select. This allows the front end to iterate over
 1796: 	the events instead of having that code in both back ends. It will
 1797: 	also simplify support for timeout events. Also make sure we can't
 1798: 	touch freed memory if a callback frees its own event.
 1799: 	[933b99b3f2bc]
 1800: 
 1801: 	* common/event.c:
 1802: 	Remove any existing events before freeing the event base.
 1803: 	[2543c6620cf1]
 1804: 
 1805: 2013-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 1806: 
 1807: 	* src/exec_pty.c:
 1808: 	mon_handler() should be static
 1809: 	[b1a62ef65c96]
 1810: 
 1811: 2013-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 1812: 
 1813: 	* plugins/sudoers/ldap.c:
 1814: 	If user specified start_tls and ldaps, display a warning and ignore
 1815: 	start_tls. There's no reason to make this a fatal error.
 1816: 	[bf446dd1e740]
 1817: 
 1818: 	* src/exec_pty.c:
 1819: 	Add missing else when the connection from the monitor to the parent
 1820: 	sudo process is broken (due to the parent dying). Prevents a
 1821: 	spurious "unexpected reply type on backchannel" warning.
 1822: 	[5c44053cef08]
 1823: 
 1824: 	* src/exec_pty.c:
 1825: 	When flushing output we don't care whether we are the foreground
 1826: 	process or not, we still need to flush to /dev/tty. If we are in the
 1827: 	background, it is OK to get SIGTTOU.
 1828: 	[9716892d1fb5]
 1829: 
 1830: 	* plugins/sudoers/ldap.c:
 1831: 	Should not attempt start_tls on an ldaps connection.
 1832: 	[9d01d461c52c]
 1833: 
 1834: 2013-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 1835: 
 1836: 	* plugins/sudoers/regress/parser/check_fill.c:
 1837: 	Fix sign compare warning.
 1838: 	[6130fa8df758]
 1839: 
 1840: 	* doc/Makefile.in:
 1841: 	Eliminate warning about circular dependency from GNU make.
 1842: 	[7ed5df762089]
 1843: 
 1844: 	* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
 1845: 	src/ttyname.c:
 1846: 	More sign compare fixes. On Solaris id_t is signed so use uid_t in
 1847: 	the set_perms.c ID macro instead.
 1848: 	[8166dcc50d0b]
 1849: 
 1850: 	* common/fileops.c, common/lbuf.c, common/secure_path.c,
 1851: 	common/sudo_debug.c, include/secure_path.h,
 1852: 	plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
 1853: 	plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.h,
 1854: 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
 1855: 	plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
 1856: 	plugins/sudoers/match_addr.c, plugins/sudoers/parse.h,
 1857: 	plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
 1858: 	plugins/sudoers/pwutil_impl.c, plugins/sudoers/set_perms.c,
 1859: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c,
 1860: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 1861: 	plugins/sudoers/toke_util.c, src/load_plugins.c, src/sudo.c,
 1862: 	src/ttyname.c:
 1863: 	Quiet sign comparision warnings.
 1864: 	[e34f45dad10c]
 1865: 
 1866: 	* configure, configure.in:
 1867: 	Add -Wsign-compare to --enable-warnings
 1868: 	[d560e274a6ae]
 1869: 
 1870: 	* plugins/sudoers/ldap.c:
 1871: 	Ignore SIGPIPE when connecting to the LDAP server so we can get a
 1872: 	proper error message with the IBM LDAP libs. Also return
 1873: 	LDAP_SUCCESS instead of 0 from most sudo_ldap_* functions that
 1874: 	return an int.
 1875: 	[611a4ed9b8ee]
 1876: 
 1877: 	* plugins/sudoers/regress/parser/check_base64.c,
 1878: 	plugins/sudoers/regress/parser/check_digest.c:
 1879: 	Quiet compiler warnings.
 1880: 	[7d82dcca7126]
 1881: 
 1882: 2013-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 1883: 
 1884: 	* plugins/sudoers/ldap.c:
 1885: 	sudo_ldap_parse_uri() should join multiple URIs in the string list
 1886: 	together but it was clearing the host entry each time through the
 1887: 	loop. Fixes a bug with multiple URI entries in ldap.conf where only
 1888: 	the last one was being honored.
 1889: 	[83cee19b136d]
 1890: 
 1891: 	* src/exec_pty.c:
 1892: 	Avoid a double free introduced when plugging a memory leak in
 1893: 	safe_close(). A new ev_free_by_fd() function is used to remove and
 1894: 	free any events sharing the specified fd. This can be used after
 1895: 	safe_close() to make sure we don't try to select() on a closed fd.
 1896: 	[54f48a281147]
 1897: 
 1898: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y, src/exec.c:
 1899: 	Quiet some llvm check false positives. The common idiom of using
 1900: 	TAILQ_FIRST, TAILQ_REMOVE and free in a loop to free each entry in a
 1901: 	TAILQ confuses llvm. Use TAILQ_FOREACH_SAFE instead (which is
 1902: 	probably faster anyway).
 1903: 	[bd1b8c11f416]
 1904: 
 1905: 	* plugins/sudoers/auth/pam.c:
 1906: 	If pam_open_session() fails don't call pam_getenvlist() with a NULL
 1907: 	pam handle.
 1908: 	[352e0329acba]
 1909: 
 1910: 	* plugins/sudoers/defaults.c:
 1911: 	Fix newly introduced use after frees found by llvm checker.
 1912: 	[a81080230f1f]
 1913: 
 1914: 	* common/event_select.c:
 1915: 	Remove an errant list_next() call that should have been removed in
 1916: 	the TAILQ conversion.
 1917: 	[3bbf8d117ce4]
 1918: 
 1919: 	* MANIFEST, common/Makefile.in, common/list.c,
 1920: 	common/regress/tailq/hltq_test.c, include/list.h, include/queue.h,
 1921: 	plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
 1922: 	plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
 1923: 	plugins/sudoers/gram.y, plugins/sudoers/match.c,
 1924: 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 1925: 	plugins/sudoers/regress/parser/check_fill.c,
 1926: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
 1927: 	Add "headless" tail queues and use them in place of the semi-
 1928: 	circular lists in sudoers. Once the headless tail queue is built up
 1929: 	it is converted to a normal TAILQ. This removes the last consumer of
 1930: 	list.c and list.h so those can now be removed.
 1931: 	[5986ba762a24]
 1932: 
 1933: 	* common/Makefile.in, common/fatal.c, plugins/sudoers/Makefile.in,
 1934: 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 1935: 	plugins/sudoers/env.c, plugins/sudoers/interfaces.c,
 1936: 	plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
 1937: 	plugins/sudoers/match_addr.c, plugins/sudoers/sudoreplay.c,
 1938: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 1939: 	plugins/sudoers/visudo.c, src/Makefile.in, src/exec_pty.c,
 1940: 	src/hooks.c:
 1941: 	Use SLIST and STAILQ macros instead of doing headless singly linked
 1942: 	lists manually. As a bonus we now use a tail queue for ldap.c and
 1943: 	sudoreplay.c.
 1944: 	[c31bc2d99082]
 1945: 
 1946: 	* MANIFEST, common/Makefile.in, common/event.c, common/event_poll.c,
 1947: 	common/event_select.c, common/list.c,
 1948: 	common/regress/sudo_conf/conf_test.c, common/sudo_conf.c,
 1949: 	doc/LICENSE, include/list.h, include/missing.h, include/queue.h,
 1950: 	include/sudo_conf.h, include/sudo_event.h,
 1951: 	plugins/sudoers/Makefile.in, plugins/sudoers/ldap.c,
 1952: 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 1953: 	plugins/sudoers/sssd.c, plugins/sudoers/sudo_nss.c,
 1954: 	plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers.c,
 1955: 	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c,
 1956: 	src/Makefile.in, src/exec.c, src/exec_pty.c, src/load_plugins.c,
 1957: 	src/sudo.c, src/sudo.h, src/sudo_plugin_int.h:
 1958: 	Convert sudo to use BSD TAILQ macros instead of home ground tail
 1959: 	queue functions. This includes a private queue.h header derived from
 1960: 	FreeBSD. It is simpler to just use our own header rather than try to
 1961: 	deal with macros that may or may not be present in various queue.h
 1962: 	incarnations.
 1963: 	[450bce095d7c]
 1964: 
 1965: 2013-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 1966: 
 1967: 	* plugins/sudoers/sudoreplay.c:
 1968: 	Fix AND operator broken by changes to fix OR.
 1969: 	[a4d3485ee943]
 1970: 
 1971: 2013-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 1972: 
 1973: 	* plugins/sudoers/sudoreplay.c:
 1974: 	Fix OR operator.
 1975: 	[f5c1c90ee284]
 1976: 
 1977: 2013-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 1978: 
 1979: 	* src/exec_pty.c:
 1980: 	Fix memory leak of I/O buffer events in safe_close().
 1981: 	[08cd790cfbba]
 1982: 
 1983: 2013-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 1984: 
 1985: 	* common/sudo_debug.c:
 1986: 	Don't allow the debug subsystem to be initialized twice. Otherwise
 1987: 	we can exhuast our stack when built in static mode.
 1988: 	[fadacb6a4617]
 1989: 
 1990: 	* common/event_poll.c:
 1991: 	Make sure we do not try to usie index -1 in base->pfds[].
 1992: 	[beeb922aba3f]
 1993: 
 1994: 2013-10-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 1995: 
 1996: 	* NEWS, configure, configure.in:
 1997: 	Bump version to 1.8.9
 1998: 	[758dbb464796]
 1999: 
 2000: 2013-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 2001: 
 2002: 	* src/exec_pty.c:
 2003: 	Convert the monitor process to the event subsystem.
 2004: 	[c4fe8e2ba53c]
 2005: 
 2006: 	* src/exec.c, src/exec_pty.c, src/sudo_exec.h:
 2007: 	Convert the main sudo event loop to use the event subsystem. Read
 2008: 	events for I/O buffers are added before the loop starts. Write
 2009: 	events are added on demand as the buffers are filled.
 2010: 	[72a603e997e0]
 2011: 
 2012: 	* INSTALL, MANIFEST, common/Makefile.in, common/event.c,
 2013: 	common/event_poll.c, common/event_select.c, common/list.c,
 2014: 	common/sudo_debug.c, config.h.in, configure, configure.in,
 2015: 	include/list.h, include/sudo_debug.h, include/sudo_event.h,
 2016: 	mkdep.pl, plugins/sudoers/Makefile.in, src/Makefile.in,
 2017: 	src/exec_pty.c:
 2018: 	Simple event subsystem that uses poll() or select(). Basically a
 2019: 	simplied subset of libevent2. Currently only fd events are supported
 2020: 	(since that's all we need). The poll() backend is used by default,
 2021: 	except on Mac OS X where poll() is broken for devices (including
 2022: 	/dev/tty and ptys).
 2023: 	[8773142b4117]
 2024: 
 2025: 	* src/exec.c, src/exec_pty.c:
 2026: 	Use SOCK_STREAM for socketpair, not SOCK_DGRAM so we get consistent
 2027: 	semantics when the other end closes. This should make the conversion
 2028: 	to poll() less problematic.
 2029: 	[b6a321722a91]
 2030: 
 2031: 2013-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 2032: 
 2033: 	* common/sudo_debug.c:
 2034: 	Fix removal of trailing newlines in a debug message.
 2035: 	[6f5ce5ac64e0]
 2036: 
 2037: 2013-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 2038: 
 2039: 	* plugins/sudoers/visudo.c:
 2040: 	When checking for unused Runas_Aliases, count those used as part of
 2041: 	a Runas Group too. Fixes a false positive warning.
 2042: 	[f13271a4a377]
 2043: 
 2044: 2013-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 2045: 
 2046: 	* include/missing.h:
 2047: 	Include stddef.h for rsize_t and errno_t on systems that support it
 2048: 	natively.
 2049: 	[bc547d47e9c6]
 2050: 
 2051: 	* MANIFEST:
 2052: 	Fix braino.
 2053: 	[67b79747312f]
 2054: 
 2055: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/de.mo,
 2056: 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/fi.mo,
 2057: 	plugins/sudoers/po/it.mo, plugins/sudoers/po/pl.mo,
 2058: 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/uk.mo,
 2059: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/zh_CN.mo:
 2060: 	Rebuild message catalog files.
 2061: 	[0a9befb0674e]
 2062: 
 2063: 	* src/po/da.mo, src/po/eo.mo, src/po/fi.mo, src/po/it.mo,
 2064: 	src/po/pl.mo, src/po/pt_BR.mo, src/po/ru.mo, src/po/uk.mo,
 2065: 	src/po/vi.mo, src/po/zh_CN.mo:
 2066: 	Rebuild message catalog files.
 2067: 	[25191089ddf2]
 2068: 
 2069: 	* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/cs.mo, src/po/cs.po:
 2070: 	Czech translation for sudo from translationproject.org.
 2071: 	[8bc0ed069ddb]
 2072: 
 2073: 2013-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 2074: 
 2075: 	* plugins/sudoers/po/da.po, plugins/sudoers/po/de.po,
 2076: 	plugins/sudoers/po/eo.po, plugins/sudoers/po/fi.po,
 2077: 	plugins/sudoers/po/it.po, plugins/sudoers/po/pl.po,
 2078: 	plugins/sudoers/po/pt_BR.po, plugins/sudoers/po/uk.po,
 2079: 	plugins/sudoers/po/vi.po, plugins/sudoers/po/zh_CN.po, src/po/da.po,
 2080: 	src/po/eo.po, src/po/fi.po, src/po/it.po, src/po/pl.po,
 2081: 	src/po/pt_BR.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
 2082: 	src/po/zh_CN.po:
 2083: 	Sync with translationproject.org
 2084: 	[c16f9bb4579e]
 2085: 
 2086: 	* NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 2087: 	Change "next" back to 2. In the context of "next Friday" we really
 2088: 	do want the friday of the upcoming (not current) week.
 2089: 	Unfortunately, this means that things like "next week" and "next
 2090: 	year" will match one more than we really want. Fixing this will
 2091: 	require some fairly major changes to the grammar.
 2092: 	[7f863c930121]
 2093: 
 2094: 	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
 2095: 	Mention that relative times don't always do what you might expect.
 2096: 	[710a9b0dd36f]
 2097: 
 2098: 2013-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 2099: 
 2100: 	* doc/CONTRIBUTORS:
 2101: 	Add diacritical for Zdenek Behan.
 2102: 	[78d333f88e6c]
 2103: 
 2104: 2013-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 2105: 
 2106: 	* src/regress/ttyname/check_ttyname.c:
 2107: 	Do not fail if ttyname() cannot determine the tty but sudo can.
 2108: 	Should fix problems with running "make check" under pbuilder.
 2109: 	[e6fc06a6c5cf]
 2110: 
 2111: 	* plugins/sudoers/Makefile.in:
 2112: 	Remove extraneous $$CWD; from Bdale Garbee
 2113: 	[4d040ddd7446]
 2114: 
 2115: 2013-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 2116: 
 2117: 	* NEWS, plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 2118: 	Make "this" and "next" qualifiers work a bit better. There is still
 2119: 	room for improvement as "this week" will use the current time
 2120: 	instead of the beginning of the week. That's a separate issue
 2121: 	though.
 2122: 	[e844c02f754a]
 2123: 
 2124: 2013-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 2125: 
 2126: 	* common/regress/sudo_conf/conf_test.c,
 2127: 	common/regress/sudo_parseln/parseln_test.c:
 2128: 	Mark main() public to silence a warning on HP-UX.
 2129: 	[ac0b869b9842]
 2130: 
 2131: 2013-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 2132: 
 2133: 	* plugins/sudoers/po/sudoers.pot, plugins/sudoers/timestamp.c:
 2134: 	Be specific that we are talking about the Unix epoch; bug #615
 2135: 	[25887775371b]
 2136: 
 2137: 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/po/sudoers.pot,
 2138: 	src/po/sudo.pot, src/selinux.c:
 2139: 	Do not use "setup" as a verb; bug #614
 2140: 	[17c4750aac5f]
 2141: 
 2142: 	* plugins/sudoers/iolog.c:
 2143: 	Fix logic goof when checking open() status.
 2144: 	[76ece1445d71]
 2145: 
 2146: 	* plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po, src/po/nl.mo,
 2147: 	src/po/nl.po, src/po/ru.mo, src/po/ru.po:
 2148: 	Sync with translationproject.org
 2149: 	[21351498000f]
 2150: 
 2151: 	* NEWS, plugins/sudoers/sudoreplay.c:
 2152: 	Work around a bug in sudo 1.8.7 timing files where the indexes are
 2153: 	off by two.
 2154: 	[4aa0cd58af58]
 2155: 
 2156: 	* MANIFEST, plugins/sudoers/iolog.c, plugins/sudoers/iolog.h,
 2157: 	plugins/sudoers/sudoreplay.c:
 2158: 	Repair writing of the I/O log file indices broken in sudo 1.8.7.
 2159: 	[6a5f867884f5]
 2160: 
 2161: 2013-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 2162: 
 2163: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 2164: 	Try to improve the PAGERS noexec example a bit.
 2165: 	[226f11118daa]
 2166: 
 2167: 2013-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 2168: 
 2169: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 2170: 	doc/sudoers.ldap.mdoc.in:
 2171: 	Document comment character in ldap.conf Clarify what is and is not
 2172: 	supported in TLS_KEYPW Mention that gsk8capicmd can be used to
 2173: 	create a stash file
 2174: 	[fb8f06ab4458]
 2175: 
 2176: 2013-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 2177: 
 2178: 	* NEWS:
 2179: 	New bugs fixed for 1.8.8.
 2180: 	[c158df7cd9d2]
 2181: 
 2182: 	* plugins/sudoers/visudo.c:
 2183: 	Fix setting of quiet flag when -q / --quiet is specified. Do not
 2184: 	print "sudoers: parsed OK" in quiet mode.
 2185: 	[df55acd57ce6]
 2186: 
 2187: 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 2188: 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/fi.mo,
 2189: 	src/po/fi.po, src/po/it.mo, src/po/it.po:
 2190: 	Updated translations from translationproject.org
 2191: 	[e9e8abd23a28]
 2192: 
 2193: 	* plugins/sudoers/check.c:
 2194: 	Don't allow root to change its SELinux role without a password. Bug
 2195: 	#611
 2196: 	[f8b599acb29d]
 2197: 
 2198: 2013-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 2199: 
 2200: 	* NEWS:
 2201: 	Mention new Mac OS X symbol interposition.
 2202: 	[98293b7c4e0f]
 2203: 
 2204: 	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
 2205: 	src/po/eo.po, src/po/fr.mo, src/po/fr.po:
 2206: 	Updated translations from translationproject.org
 2207: 	[865be7454354]
 2208: 
 2209: 	* config.h.in, configure, configure.in, src/sudo_noexec.c:
 2210: 	Add configure checks for the exec functions we will dummy out. This
 2211: 	is only really needed on Mac OS X when symbol interposition is being
 2212: 	performed but won't hurt elsewhere.
 2213: 	[49c20cf6bab0]
 2214: 
 2215: 2013-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 2216: 
 2217: 	* config.h.in, configure, configure.in, src/Makefile.in,
 2218: 	src/sudo_noexec.c:
 2219: 	Fix installation of sudo_noexec on Mac OS X. Use library symbol
 2220: 	interposition on Mac OS X 10.4 and higher so we don't need to set
 2221: 	DYLD_FORCE_FLAT_NAMESPACE=1.
 2222: 	[a82999dff8e6]
 2223: 
 2224: 2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 2225: 
 2226: 	* plugins/sudoers/ldap.c:
 2227: 	Fix error display from ldap_ssl_client_init(). There are two error
 2228: 	codes. The return value can be decoded via ldap_err2string() but the
 2229: 	ssl reason code cannot (you have to look it up in a table online).
 2230: 	[0267125ce9f0]
 2231: 
 2232: 2013-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 2233: 
 2234: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 2235: 	doc/sudoers.ldap.mdoc.in:
 2236: 	Fix typo in tls_key example for Tivoli
 2237: 	[36599f424ac4]
 2238: 
 2239: 	* src/parse_args.c:
 2240: 	Don't escape '$' when running "sudo -i command". Bug #564
 2241: 	[17542d52f714]
 2242: 
 2243: 	* plugins/sudoers/iolog_path.c:
 2244: 	Fix typo in comment.
 2245: 	[d0510ed5eaba]
 2246: 
 2247: 	* plugins/sudoers/auth/pam.c:
 2248: 	Fix comment.
 2249: 	[4e89e0bfd6af]
 2250: 
 2251: 	* plugins/sudoers/timestr.c, plugins/sudoers/visudo.c:
 2252: 	Quiet some gcc -Wformat=2 false positives
 2253: 	[28a2014b9822]
 2254: 
 2255: 2013-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 2256: 
 2257: 	* plugins/sudoers/auth/pam.c:
 2258: 	Remove now-obsolete arg to env_merge()
 2259: 	[ba015cf5d935]
 2260: 
 2261: 	* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 2262: 	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
 2263: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 2264: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
 2265: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 2266: 	src/po/pl.mo, src/po/pl.po, src/po/pt_BR.mo, src/po/pt_BR.po,
 2267: 	src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
 2268: 	src/po/zh_CN.mo, src/po/zh_CN.po:
 2269: 	Updated translations from translationproject.org
 2270: 	[72b6aeaba505]
 2271: 
 2272: 	* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/fr.mo, src/po/fr.po:
 2273: 	French translation for sudo from translationproject.org.
 2274: 	[a72321771860]
 2275: 
 2276: 	* plugins/sudoers/logging.h:
 2277: 	Add __printflike to audit_failure.
 2278: 	[1686b3699d41]
 2279: 
 2280: 	* include/missing.h:
 2281: 	Use __nonnull__ attribute in __printflike.
 2282: 	[d123613a1fb6]
 2283: 
 2284: 2013-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 2285: 
 2286: 	* plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
 2287: 	When merging the PAM environment, allow environment variables set in
 2288: 	PAM to override ones set by sudo as long as they do not match the
 2289: 	env_keep or env_check lists.
 2290: 	[f3c64967fed7]
 2291: 
 2292: 	* plugins/sudoers/auth/pam.c:
 2293: 	Call pam_getenvlist() after we've opened the session to get the
 2294: 	session-specific environment variables.
 2295: 	[b413fb9e1c77]
 2296: 
 2297: 2013-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 2298: 
 2299: 	* NEWS:
 2300: 	option not flag
 2301: 	[08c31af7b818]
 2302: 
 2303: 	* compat/getopt_long.c, config.h.in, configure, configure.in:
 2304: 	Don't redefine opterr, optind, optopt, optarg in getopt_long.c. Add
 2305: 	a check for optreset which is a BSD extension and provide a
 2306: 	definition in getopt_long.c if it is not present.
 2307: 	[3393e8d83400]
 2308: 
 2309: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 2310: 	regen
 2311: 	[f38f65830118]
 2312: 
 2313: 	* plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c:
 2314: 	Use lower case for the long option arguments to match the manual.
 2315: 	This is inconsistent with GNU but it is better to match the sudo
 2316: 	documentation.
 2317: 	[8fac2d64f5d2]
 2318: 
 2319: 	* NEWS:
 2320: 	Sudo 1.8.8
 2321: 	[105c73752474]
 2322: 
 2323: 	* src/parse_args.c:
 2324: 	Use lower card for the long option arguments to match the manual.
 2325: 	This is inconsistent with GNU but it is better to match the sudo
 2326: 	documentation.
 2327: 	[af243dd39850]
 2328: 
 2329: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 2330: 	doc/sudo_plugin.mdoc.in:
 2331: 	Describe how remote command execution can be implemented.
 2332: 	[3eba7f93b7f6]
 2333: 
 2334: 	* doc/sudoers.ldap.cat:
 2335: 	Bump version.
 2336: 	[0ee7f02f3627]
 2337: 
 2338: 2013-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 2339: 
 2340: 	* src/sudo.c:
 2341: 	Make it a fatal error if the plugin returns invalid or out of range
 2342: 	command info.
 2343: 	[8a7e56c7584a]
 2344: 
 2345: 	* plugins/sudoers/policy.c:
 2346: 	Use strtol() instead of atoi() and perform error checking of
 2347: 	parameters passed from the sudo front-end.
 2348: 	[05e05be3c6c4]
 2349: 
 2350: 	* plugins/sudoers/auth/pam.c:
 2351: 	It is not possible for auth to be NULL here.
 2352: 	[771500e776e9]
 2353: 
 2354: 	* plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
 2355: 	Initialize user_runhost and user_srunhost to user_host and
 2356: 	user_shost in visudo and testsudoers.
 2357: 	[c47cca74e1fc]
 2358: 
 2359: 	* MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
 2360: 	common/error.c, common/fatal.c, common/gidlist.c, common/lbuf.c,
 2361: 	common/list.c, common/sudo_conf.c, common/sudo_debug.c,
 2362: 	compat/Makefile.in, compat/getopt_long.c, include/error.h,
 2363: 	include/fatal.h, plugins/sudoers/Makefile.in,
 2364: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/hexchar.c,
 2365: 	plugins/sudoers/linux_audit.c, plugins/sudoers/locale.c,
 2366: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 2367: 	plugins/sudoers/regress/logging/check_wrap.c,
 2368: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
 2369: 	src/Makefile.in, src/locale_stub.c, src/net_ifs.c,
 2370: 	src/regress/ttyname/check_ttyname.c, src/sesh.c, src/sudo.h:
 2371: 	Rename error.h -> fatal.h now that there is no error() function.
 2372: 	[3a3827f10f04]
 2373: 
 2374: 	* common/sudo_debug.c, include/sudo_debug.h:
 2375: 	Add support to the debug subsystem for zero-length strings. This can
 2376: 	happen for things like warning(NULL) or fatal(NULL) where we just
 2377: 	want to log the errno string.
 2378: 	[3ed739c5cc91]
 2379: 
 2380: 	* include/error.h:
 2381: 	Add __printflike for vfatal, vfatalx, vwarning and vwarningx.
 2382: 	[57e65ed595d2]
 2383: 
 2384: 	* plugins/sudoers/audit.c:
 2385: 	Need to include gettext.h for BSM audit.
 2386: 	[a87fda2d0123]
 2387: 
 2388: 	* common/alloc.c, plugins/sudoers/env.c, src/exec_common.c,
 2389: 	src/parse_args.c, src/sudo.c:
 2390: 	Change some fatalx(NULL) that should be fatal(NULL).
 2391: 	[8b1efda9f578]
 2392: 
 2393: 	* include/error.h, include/missing.h:
 2394: 	Use __printf0like for warning() and fatal() since the fmt string may
 2395: 	be NULL.
 2396: 	[858a890f00ad]
 2397: 
 2398: 	* compat/pw_dup.c:
 2399: 	Quiet a gcc "used uninitialized in this function" false positive.
 2400: 	[98f47f89ce60]
 2401: 
 2402: 	* mkpkg:
 2403: 	Enable bsm audit on Mac OS X and Solaris >= 11.
 2404: 	[8607488f986c]
 2405: 
 2406: 	* plugins/sudoers/bsm_audit.c:
 2407: 	Fix compilation on Solaris 11.
 2408: 	[01aa46298ed7]
 2409: 
 2410: 	* plugins/sudoers/bsm_audit.c:
 2411: 	Add missing missing.h
 2412: 	[080de69a55a1]
 2413: 
 2414: 	* plugins/sudoers/sudoers.c:
 2415: 	Move the -C (user_closefrom) check until after set_cmnd() so that
 2416: 	closefrom_override can be used in a command-specific Defaults line.
 2417: 	Fixes bug #610 from Mengtao Sun.
 2418: 	[413565c6ff6b]
 2419: 
 2420: 2013-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 2421: 
 2422: 	* src/exec.c:
 2423: 	If not using a pty and the child process gets SIGTTOU or SIGTTIN and
 2424: 	sudo is the foreground process, make the child the foreground
 2425: 	process and continue it.
 2426: 	[5ff433443bc4]
 2427: 
 2428: 	* src/sudo.c:
 2429: 	If sudo is not setuid and was not invoked with a full path, look in
 2430: 	the user's PATH for the sudo binary to give a better error message.
 2431: 	[a740129a38f0]
 2432: 
 2433: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
 2434: 	plugins/sudoers/logging.c, plugins/sudoers/match.c,
 2435: 	plugins/sudoers/policy.c, plugins/sudoers/sudo_nss.c,
 2436: 	plugins/sudoers/sudoers.h:
 2437: 	Add limited support for "sudo -l -h other_host". Since group lookups
 2438: 	are done on the local host, rules that use group membership may be
 2439: 	incorrect if the group database is not synchronized between hosts.
 2440: 	[2c8b222a5f7f]
 2441: 
 2442: 	* src/parse_args.c:
 2443: 	Fix parsing of "-h host" when used in conjunction with the -l flag.
 2444: 	[62f3d726d52b]
 2445: 
 2446: 	* configure, configure.in, doc/fixman.sh, doc/fixmdoc.sh,
 2447: 	doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
 2448: 	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
 2449: 	doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
 2450: 	plugins/sudoers/visudo.c, src/parse_args.c, src/sudo.c,
 2451: 	src/sudo_usage.h.in:
 2452: 	Simplify usage messages a bit and make --help output more closely
 2453: 	resemble GNU usage wrt long options. Sync usage and man page
 2454: 	SYNOPSYS sections and improve long options in the manual pages. Now
 2455: 	that we have long options we don't need to give the mnemonic for the
 2456: 	single-character options in the description.
 2457: 	[17b7e386955a]
 2458: 
 2459: 2013-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 2460: 
 2461: 	* plugins/sudoers/logging.c:
 2462: 	Fix setting of mailer argv[0] to basename of mailerpath. No need to
 2463: 	strdup() mailerpath as it is not modified.
 2464: 	[8843cdd958ee]
 2465: 
 2466: 	* plugins/sudoers/logging.c:
 2467: 	Make sure the mailer exists and is a regular file before trying to
 2468: 	exec it.
 2469: 	[b73d6214014f]
 2470: 
 2471: 	* plugins/sudoers/timestamp.c:
 2472: 	If tty_tickets are enabled but there is no tty, use a ticket file
 2473: 	based on the parent pid.
 2474: 	[75408bd61ced]
 2475: 
 2476: 	* common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
 2477: 	doc/sudo.conf.mdoc.in, include/sudo_conf.h, src/parse_args.c:
 2478: 	Allow default plugin dir to be configured in sudo.conf.
 2479: 	[478883594cc5]
 2480: 
 2481: 	* doc/CONTRIBUTORS:
 2482: 	UTF8 for Ruusamae, Elan; from Tae Wong
 2483: 	[02e0c95b4fa6]
 2484: 
 2485: 2013-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 2486: 
 2487: 	* MANIFEST, common/regress/sudo_conf/test5.in,
 2488: 	common/regress/sudo_conf/test5.out.ok,
 2489: 	common/regress/sudo_conf/test6.in,
 2490: 	common/regress/sudo_conf/test6.out.ok, common/sudo_conf.c,
 2491: 	doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
 2492: 	plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c, src/sudo.c:
 2493: 	Don't allow max_groups to be set to zero, it just complicates things
 2494: 	needlessly. Fixes an assertion in visudo when there is a group-
 2495: 	based Defaults entry.
 2496: 	[d62a8ea32db9]
 2497: 
 2498: 2013-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 2499: 
 2500: 	* MANIFEST, common/Makefile.in, common/gidlist.c,
 2501: 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h, src/sudo.c,
 2502: 	src/sudo.h:
 2503: 	Refactor code to parse list of gids into its own function that is
 2504: 	shared by the sudo front-end and the sudoers module. Make uid/gid
 2505: 	parse error be fatal, not just a warning.
 2506: 	[da3b2b06605c]
 2507: 
 2508: 	* common/atoid.c:
 2509: 	Add function comment block.
 2510: 	[09a324de716f]
 2511: 
 2512: 	* common/atoid.c:
 2513: 	Default text domain is now sudo, not sudoers.
 2514: 	[1acb1da6f304]
 2515: 
 2516: 	* common/Makefile.in:
 2517: 	Update dependency for atoid.lo
 2518: 	[5e367cd44288]
 2519: 
 2520: 	* common/atoid.c, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
 2521: 	plugins/sudoers/sudoers.h, plugins/sudoers/tsgetgrpw.c, src/sudo.c,
 2522: 	src/sudo.h:
 2523: 	Add endpointer and separator args to atoid()
 2524: 	[2077e4ed8578]
 2525: 
 2526: 2013-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 2527: 
 2528: 	* compat/getgrouplist.c:
 2529: 	Use private version of atoid() to avoid a dependency on libcommon.a
 2530: 	(since that already depends on libreplace.a).
 2531: 	[7c12d63b0560]
 2532: 
 2533: 	* doc/CONTRIBUTORS:
 2534: 	More UTF8 in names; from Tae Wong
 2535: 	[512b263f51c8]
 2536: 
 2537: 	* compat/getgrouplist.c, plugins/sudoers/iolog.c,
 2538: 	plugins/sudoers/tsgetgrpw.c, src/sudo.c, src/sudo.h:
 2539: 	Use atoid() in more places.
 2540: 	[06f4ae57c707]
 2541: 
 2542: 	* MANIFEST, common/Makefile.in, common/atoid.c,
 2543: 	plugins/sudoers/Makefile.in, plugins/sudoers/atoid.c:
 2544: 	Move atoid() to common so it can be used in src and compat too.
 2545: 	[095d730701e4]
 2546: 
 2547: 	* compat/closefrom.c:
 2548: 	Avoid a crash on Mac OS X 10.8 (at least) when we close
 2549: 	libdispatch's fds out from under it before executing the command.
 2550: 	Switch to just setting the close on exec flag instead.
 2551: 	[349ebf4987df]
 2552: 
 2553: 	* doc/CONTRIBUTORS:
 2554: 	Convert to last, first for easier sorting and use UTF8 (including a
 2555: 	BOM).
 2556: 	[8c30d221bd75]
 2557: 
 2558: 	* plugins/sudoers/atoid.c:
 2559: 	Add atoid() function to convert a string to an id_t (uid, gid or
 2560: 	pid). We have to be careful to choose() either strtol() or strtoul()
 2561: 	depending on whether the string appears to be signed or unsigned.
 2562: 	Always using strtoul() is unsafe on 64-bit platforms since the uid
 2563: 	might be represented as a negative number and (unsigned long)-1 on a
 2564: 	64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
 2565: 	with uids larger than 0x7fffffff on 32-bit platforms.
 2566: 	[5d818e399157]
 2567: 
 2568: 	* MANIFEST, config.h.in, configure, configure.in,
 2569: 	plugins/sudoers/Makefile.in, plugins/sudoers/policy.c,
 2570: 	plugins/sudoers/sudoers.h:
 2571: 	Add atoid() function to convert a string to an id_t (uid, gid or
 2572: 	pid). We have to be careful to choose() either strtol() or strtoul()
 2573: 	depending on whether the string appears to be signed or unsigned.
 2574: 	Always using strtoul() is unsafe on 64-bit platforms since the uid
 2575: 	might be represented as a negative number and (unsigned long)-1 on a
 2576: 	64-bit system is 0xffffffffffffffff not 0xffffffff. Fixes a problem
 2577: 	with uids larger than 0x7fffffff on 32-bit platforms.
 2578: 	[cd92246a710f]
 2579: 
 2580: 	* plugins/sudoers/sudoers.c:
 2581: 	Avoid "perm stack underflow" error when logging the unknown uid
 2582: 	error.
 2583: 	[871514c713b7]
 2584: 
 2585: 	* plugins/sudoers/set_perms.c:
 2586: 	In rewind_perms() there is nothing to do if perm_stack_depth == 0.
 2587: 	[98de335f47f0]
 2588: 
 2589: 2013-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 2590: 
 2591: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 2592: 	plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
 2593: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in:
 2594: 	Add pam_setcred sudoers option to allow the user to control whether
 2595: 	pam_setcred() is called on the user's behalf.
 2596: 	[4260a8e43073]
 2597: 
 2598: 	* configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
 2599: 	doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
 2600: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 2601: 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
 2602: 	Add pam_service and pam_login_service sudoers settings to control
 2603: 	the service name passed to pam_start.
 2604: 	[5ea0e3588f3a]
 2605: 
 2606: 	* mkpkg:
 2607: 	Newer Xcode places the SDKs under Xcode.app
 2608: 	[4b54379d5c45]
 2609: 
 2610: 2013-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 2611: 
 2612: 	* MANIFEST, common/Makefile.in, common/zero_bytes.c,
 2613: 	compat/Makefile.in, compat/memset_s.c, config.h.in, configure,
 2614: 	configure.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 2615: 	doc/sudo_plugin.mdoc.in, include/missing.h, include/sudo_plugin.h,
 2616: 	mkdep.pl, plugins/sudoers/Makefile.in,
 2617: 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
 2618: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
 2619: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
 2620: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
 2621: 	plugins/sudoers/logging.c, plugins/sudoers/sha2.c,
 2622: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 2623: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
 2624: 	src/Makefile.in, src/conversation.c, src/sudo.h, src/sudo_edit.c,
 2625: 	src/tgetpass.c:
 2626: 	Implement memset_s() and use it instead of zero_bytes(). A new
 2627: 	constant, SUDO_CONV_REPL_MAX, is defined by the plugin API as the
 2628: 	max conversation reply length. This constant can be used as a max
 2629: 	value for memset_s() when clearing passwords filled in by the
 2630: 	conversation function.
 2631: 	[264ec146028e]
 2632: 
 2633: 2013-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 2634: 
 2635: 	* plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
 2636: 	plugins/system_group/Makefile.in:
 2637: 	Do not try to install plugins when shared modules are disabled
 2638: 	(sudoers already had the check).
 2639: 	[3d582c042042]
 2640: 
 2641: 	* plugins/sudoers/Makefile.in:
 2642: 	Update dependencies to take into account compat/getopt.h and
 2643: 	compat/dlfcn.h.
 2644: 	[301fb31cd121]
 2645: 
 2646: 	* src/Makefile.in:
 2647: 	Update dependencies now that sudo_usage.h is always included from
 2648: 	the build dir.
 2649: 	[c1ff70ec9515]
 2650: 
 2651: 2013-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 2652: 
 2653: 	* plugins/sudoers/ldap.c:
 2654: 	Add some warnings and debugging to sasl ccname handling.
 2655: 	[467f415861f0]
 2656: 
 2657: 	* plugins/sudoers/ldap.c:
 2658: 	Fix write loop invariant in sudo_krb5_copy_cc_file()
 2659: 	[6948cf6e9b9f]
 2660: 
 2661: 2013-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 2662: 
 2663: 	* plugins/sudoers/ldap.c:
 2664: 	Strip off leading FILE: or WRFILE: prefix before trying to copy the
 2665: 	user's credential cache.
 2666: 	[56c16feab62f]
 2667: 
 2668: 2013-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 2669: 
 2670: 	* src/sudo.c:
 2671: 	Instead of setting RLIMIT_NPROC to unlimited when sudo initializes,
 2672: 	just save RLIMIT_NPROC in exec_setup() before the final setuid() and
 2673: 	restore it immediately after. We don't need to modify RLIMIT_NPROC
 2674: 	for simple euid changes, just for changing the real (and saved) uids
 2675: 	before we exec. This also means we no longer need to worry about
 2676: 	_SC_CHILD_MAX returning -1. Bug #565
 2677: 	[1372f1909039]
 2678: 
 2679: 2013-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 2680: 
 2681: 	* plugins/sudoers/ldap.c, src/preload.c:
 2682: 	Now that the ldap code runs with the real and effective uid set to
 2683: 	0, it is not possible for the gssapi libs to find the user's krb5
 2684: 	credential cache file. To work around this, we make a temporary copy
 2685: 	of the user's credential cache specified by KRB5CCNAME (opened with
 2686: 	the user's effective uid) and point gssapi to it. To set the
 2687: 	credential cache file name, we dynamically look up
 2688: 	gss_krb5_ccache_name() and use it if available, otherwise fall back
 2689: 	to setting KRB5CCNAME.
 2690: 	[8b86c134541a]
 2691: 
 2692: 2013-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 2693: 
 2694: 	* doc/sudo.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
 2695: 	doc/sudoreplay.mdoc.in, doc/visudo.cat, doc/visudo.man.in,
 2696: 	doc/visudo.mdoc.in, plugins/sudoers/sudoreplay.c,
 2697: 	plugins/sudoers/visudo.c:
 2698: 	Long option support for visudo and sudoreplay.
 2699: 	[91427968be71]
 2700: 
 2701: 2013-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 2702: 
 2703: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, src/Makefile.in,
 2704: 	src/parse_args.c, src/sudo.c, src/sudo_usage.h.in:
 2705: 	Add support for long options and fix inclusion of sudo_usage.h with
 2706: 	modern gcc broken in 8597:1fcb7ba13018.
 2707: 	[d13134819944]
 2708: 
 2709: 	* src/Makefile.in:
 2710: 	Add rule to rebuild sudo_usage.h when the .in file changes.
 2711: 	[59a32899e251]
 2712: 
 2713: 	* compat/Makefile.in, mkdep.pl, src/Makefile.in:
 2714: 	Add make rules for building getopt_long.c
 2715: 	[5f57593b3a8b]
 2716: 
 2717: 	* src/parse_args.c:
 2718: 	Make "-h hostname" work. Optional args in GNU getopt() only work
 2719: 	when there is no space between the option flag and the argument.
 2720: 	[b8258659cabb]
 2721: 
 2722: 2013-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 2723: 
 2724: 	* MANIFEST, compat/getopt.h, compat/getopt_long.c, config.h.in,
 2725: 	configure, configure.in, doc/LICENSE, src/parse_args.c:
 2726: 	Use getopt_long() so we can make the -h flag take an optional
 2727: 	argument. Includes a version for those without it.
 2728: 	[d1dd66c8a86b]
 2729: 
 2730: 2013-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 2731: 
 2732: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 2733: 	Document that the -h option can be used specify a host name for
 2734: 	future plugins.
 2735: 	[8470c74cf326]
 2736: 
 2737: 	* include/sudo_plugin.h, src/parse_args.c, src/sudo_usage.h.in:
 2738: 	Overload -h option to specify an optional hostname for remote
 2739: 	access. This is future-proofing; no policy plugins currently support
 2740: 	this.
 2741: 	[0e01d8c3c623]
 2742: 
 2743: 	* configure, configure.in:
 2744: 	Bump version to 1.8.8
 2745: 	[a1155bfaa28f]
 2746: 
 2747: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 2748: 	doc/sudo_plugin.mdoc.in:
 2749: 	Document the remote_host setting (-h host)
 2750: 	[c737db906f5d]
 2751: 
 2752: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 2753: 	fix "the the"
 2754: 	[0025464a3942]
 2755: 
 2756: 	* src/parse_args.c, src/sudo.c, src/sudo.h:
 2757: 	Do not error out if arg to -U option cannot be resolved, that is for
 2758: 	the plugin to decide. There is no need for runas_user and
 2759: 	runas_group to be global, make them local to parse_args() instead.
 2760: 	[fb02a62a72ba]
 2761: 
 2762: 	* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/pt_BR.mo,
 2763: 	plugins/sudoers/po/pt_BR.po, src/po/es.mo, src/po/es.po,
 2764: 	src/po/pt_BR.mo, src/po/pt_BR.po:
 2765: 	Sync with translationproject.org
 2766: 	[e8f4772d918a]
 2767: 
 2768: 2013-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 2769: 
 2770: 	* doc/TROUBLESHOOTING:
 2771: 	Remove old bits about sudo setuid problems that should have been
 2772: 	cleaned up in changeset 7917:fa4894896d8a. Also update the mode of
 2773: 	sudo to 04755 to match current packaging.
 2774: 	[1e3904cdc2de]
 2775: 
 2776: 	* plugins/sudoers/auth/pam.c:
 2777: 	Go back to ignoring the return value of pam_setcred() since with
 2778: 	stacked PAM auth modules a failure from one module may override
 2779: 	PAM_SUCCESS from another. If the first module in the stack fails,
 2780: 	the others may be run (and succeed) but an error will be returned.
 2781: 	This can cause a spurious warning on systems with non-local users
 2782: 	(e.g. pam_ldap or pam_sss) where pam_unix is consulted first.
 2783: 	[b6022e26135a]
 2784: 
 2785: 	* src/net_ifs.c:
 2786: 	Remove unused variable.
 2787: 	[93dde7d82fde]
 2788: 
 2789: 	* NEWS:
 2790: 	Fix typo
 2791: 	[5ef79671c2c7]
 2792: 
 2793: 2013-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 2794: 
 2795: 	* plugins/sudoers/sssd.c:
 2796: 	Fix pasto; sudo_sss_extract_digest() not sudo_ldap_extract_digest().
 2797: 	From Dan Harnett.
 2798: 	[4a0af6f12765]
 2799: 
 2800: 2013-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 2801: 
 2802: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 2803: 	Fix formatting typo; from Eric S. Raymond
 2804: 	[058b533ba460]
 2805: 
 2806: 2013-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 2807: 
 2808: 	* mkpkg:
 2809: 	Use -gxcoff on aix so dbx can be used to debug sudo.
 2810: 	[4950e019ed2d]
 2811: 
 2812: 2013-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 2813: 
 2814: 	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
 2815: 	Fix typo; bug 605
 2816: 	[41f7b46a6e51]
 2817: 
 2818: 2013-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 2819: 
 2820: 	* src/po/da.mo, src/po/eo.mo, src/po/es.mo, src/po/it.mo,
 2821: 	src/po/tr.mo:
 2822: 	Regen .mo files that were out of date.
 2823: 	[9e25a254f9db]
 2824: 
 2825: 2013-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 2826: 
 2827: 	* NEWS, configure, configure.in:
 2828: 	On Solaris 11 and higher, tag binaries for ASLR if supported by the
 2829: 	linker.
 2830: 	[a2a6cafa3e60]
 2831: 
 2832: 	* mkpkg:
 2833: 	No longer need to disable PIE on Solaris.
 2834: 	[cf90019ae67e]
 2835: 
 2836: 2013-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 2837: 
 2838: 	* INSTALL, NEWS, configure, configure.in, doc/TROUBLESHOOTING:
 2839: 	Restrict default creation of PIE binaries (-fPIE and -pie) to Linux.
 2840: 	OpenBSD also supports PIE but enables it by default so we don't need
 2841: 	to do anything. This fixes problems on systems with a version of GNU
 2842: 	ld that accepts -pie but where the run-time linker doesn't actually
 2843: 	support PIE. Also verify that a trivial PIE binary works unless PIE
 2844: 	is explicitly enabled.
 2845: 	[3c5f125efeb1]
 2846: 
 2847: 2013-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 2848: 
 2849: 	* aclocal.m4, configure, configure.in:
 2850: 	Attempt to detect PIE failure on Solaris 10 with GNU as and GNU ld
 2851: 	where we can end up crashing due to malloc() failures. Sems OK when
 2852: 	Using Sun as and ld.
 2853: 	[b8ba412102ab]
 2854: 
 2855: 	* NEWS:
 2856: 	Update with final changes.
 2857: 	[78ff6d2ed47a]
 2858: 
 2859: 2013-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 2860: 
 2861: 	* configure, configure.in:
 2862: 	Add -fPIE to PIE_LDFLAGS as per gcc manual.
 2863: 	[fe900cbb0780]
 2864: 
 2865: 2013-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 2866: 
 2867: 	* common/Makefile.in, compat/Makefile.in:
 2868: 	Add missing $(PIE_LDFLAGS) $(SSP_LDFLAGS) for test programs
 2869: 	[f84bc7482b78]
 2870: 
 2871: 	* MANIFEST, plugins/sudoers/alias.c, plugins/sudoers/match.c,
 2872: 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 2873: 	plugins/sudoers/regress/visudo/test4.out.ok,
 2874: 	plugins/sudoers/regress/visudo/test4.sh, plugins/sudoers/visudo.c:
 2875: 	Replace sequence number-based cycle detection in visudo with a
 2876: 	"used" flag in struct alias. The caller is required to call
 2877: 	alias_put() when it is done with the alias. Inspired by a patch from
 2878: 	Daniel Kopecek.
 2879: 	[0bdbac1b3b39]
 2880: 
 2881: 2013-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 2882: 
 2883: 	* plugins/sudoers/iolog.c:
 2884: 	Eliminate a few relocations related to sudoers_io.
 2885: 	[18e9e2cc3367]
 2886: 
 2887: 	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po:
 2888: 	Sync with translationproject.org
 2889: 	[f38cc128a2ad]
 2890: 
 2891: 2013-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 2892: 
 2893: 	* src/ttyname.c:
 2894: 	Clarify a comment.
 2895: 	[7a045ee06e95]
 2896: 
 2897: 2013-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 2898: 
 2899: 	* src/ttyname.c:
 2900: 	Handle d_type == DT_UNKNOWN when resolving the device to a name and
 2901: 	sprinkle some more debugging.
 2902: 	[8774133747d9]
 2903: 
 2904: 2013-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 2905: 
 2906: 	* doc/TROUBLESHOOTING:
 2907: 	Add message about disabling PIE if sudo gets SIGSEGV.
 2908: 	[c786af2a6751]
 2909: 
 2910: 	* plugins/sudoers/check.h, plugins/sudoers/timestamp.c:
 2911: 	No longer store the ctime of a devpts tty. The handling of ctime on
 2912: 	devpts in Linux has been changed to conform to POSIX. As a result we
 2913: 	can no longer assume that the ctime will stay unchanged throughout
 2914: 	the life of the session. We store the session ID in the time stamp
 2915: 	file so there is a much smaller chance of the time stamp file being
 2916: 	reused by a new login. While here, store the uid/gid in the
 2917: 	timestamp file too for good measure.
 2918: 	[7028b21f7a9b]
 2919: 
 2920: 	* configure, configure.in:
 2921: 	PIE is broken on FreeBSD/arm
 2922: 	[f232c60d6229]
 2923: 
 2924: 	* mkpkg:
 2925: 	Add explicit sendmail path for Linux since we may not have sendmail
 2926: 	installed in the build chroot.
 2927: 	[1ba2f84f4ff0]
 2928: 
 2929: 2013-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 2930: 
 2931: 	* common/sudo_debug.c, plugins/sudoers/iolog.c,
 2932: 	plugins/sudoers/set_perms.c, src/sudo.c, src/tgetpass.c:
 2933: 	Quiet a few -Wunused-result compiler warnings.
 2934: 	[ef12afb61423]
 2935: 
 2936: 2013-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 2937: 
 2938: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 2939: 	Mention what SHA-2 formats are supported.
 2940: 	[bf298d0fdf8a]
 2941: 
 2942: 	* doc/CONTRIBUTORS:
 2943: 	List code and translations separately.
 2944: 	[826547bc1295]
 2945: 
 2946: 2013-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 2947: 
 2948: 	* MANIFEST, plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
 2949: 	plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
 2950: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po:
 2951: 	Sync with translationproject.org
 2952: 	[9499a6f438b8]
 2953: 
 2954: 	* plugins/sudoers/po/sudoers.pot:
 2955: 	regen
 2956: 	[cce449e284a6]
 2957: 
 2958: 	* Makefile.in:
 2959: 	Fix c-format for fatal/fatalx
 2960: 	[4ad81d3faaeb]
 2961: 
 2962: 2013-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 2963: 
 2964: 	* Makefile.in, plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
 2965: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 2966: 	plugins/sudoers/visudo.c, src/exec_pty.c, src/sudo.h:
 2967: 	Change some error/errorx -> fatal/fatalx in comments and xgettext
 2968: 	flags.
 2969: 	[9d9b64fa2ec9]
 2970: 
 2971: 	* NEWS:
 2972: 	There is now a Turkish translation of sudoers.
 2973: 	[701c5af6aa76]
 2974: 
 2975: 	* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
 2976: 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 2977: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 2978: 	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
 2979: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 2980: 	plugins/sudoers/po/tr.mo, plugins/sudoers/po/tr.po,
 2981: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 2982: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
 2983: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
 2984: 	Updated translations from translationproject.org including new
 2985: 	Turkish translation.
 2986: 	[9cedbb50d90f]
 2987: 
 2988: 2013-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 2989: 
 2990: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 2991: 	Document that sudoers will re-use existing I/O log paths unless they
 2992: 	are mktemp-style with trailing X's.
 2993: 	[4f43bd13d9e7]
 2994: 
 2995: 	* NEWS, doc/sudoers.cat, doc/sudoers.ldap.cat,
 2996: 	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
 2997: 	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/ldap.c,
 2998: 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h:
 2999: 	Allow ldap_conf and ldap_secret to be specified as plugin arguments
 3000: 	in sudo.conf
 3001: 	[37c6c425b565]
 3002: 
 3003: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 3004: 	doc/sudoers.ldap.mdoc.in:
 3005: 	sudoers_debug is now deprecated in favor of the sudo debugging
 3006: 	framework.
 3007: 	[1195be1ec254]
 3008: 
 3009: 	* plugins/sudoers/ldap.c:
 3010: 	Replace DPRINTF with DPRINTF1 and DPRINTF2 macros that use
 3011: 	SUDO_DEBUG_DIAG and SUDO_DEBUG_INFO respectively for logging to the
 3012: 	debug file with the ldap subsystem. The sudoers_debug setting in
 3013: 	ldap.conf is still honored for now but will be removed in a future
 3014: 	release.
 3015: 	[cfa42b4b913e]
 3016: 
 3017: 2013-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 3018: 
 3019: 	* plugins/sudoers/sudoers2ldif:
 3020: 	Add support for converting sudoers files with SHA-2 command digests.
 3021: 	[dc0d03485946]
 3022: 
 3023: 	* doc/fixman.sh, doc/fixmdoc.sh, mkdep.pl, mkpkg,
 3024: 	plugins/sudoers/sudoers2ldif:
 3025: 	Add copyright notice to scripts
 3026: 	[5e8bd4e6083f]
 3027: 
 3028: 	* MANIFEST, plugins/sudoers/regress/sudoers/test14.in,
 3029: 	plugins/sudoers/regress/sudoers/test14.out.ok,
 3030: 	plugins/sudoers/regress/sudoers/test14.toke.ok:
 3031: 	Add regress for SHA-2 digests.
 3032: 	[0b258c2a2a95]
 3033: 
 3034: 	* compat/getgrouplist.c:
 3035: 	Solaris maps negative gids to GID_NOBODY.
 3036: 	[57050e5c750f]
 3037: 
 3038: 	* plugins/sudoers/visudo.c:
 3039: 	Clear up an llvm checker warning which appears to be a false
 3040: 	positive and fix an old XXX while I'm at it.
 3041: 	[9ee13133e596]
 3042: 
 3043: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
 3044: 	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
 3045: 	Correct last change date
 3046: 	[3bc1fa5b0f76]
 3047: 
 3048: 	* plugins/sudoers/po/sudoers.pot, plugins/sudoers/sudoreplay.c:
 3049: 	No need to translate this error message.
 3050: 	[4d9941970a26]
 3051: 
 3052: 	* doc/UPGRADE:
 3053: 	Mention .sl vs. .so extension handling on HP-UX Mention group
 3054: 	membership changes Fix typos
 3055: 	[40ac0efbdb2b]
 3056: 
 3057: 	* aclocal.m4, common/aix.c, common/alloc.c, common/atobool.c,
 3058: 	common/error.c, common/fmt_string.c, common/lbuf.c, common/list.c,
 3059: 	common/setgroups.c, common/term.c, common/ttysize.c,
 3060: 	compat/Makefile.in, compat/dlopen.c, compat/endian.h,
 3061: 	compat/getline.c, compat/getprogname.c, compat/isblank.c,
 3062: 	compat/memrchr.c, compat/mksiglist.c, compat/mktemp.c,
 3063: 	compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
 3064: 	compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
 3065: 	compat/strsignal.c, compat/utimes.c, doc/Makefile.in,
 3066: 	include/Makefile.in, include/alloc.h, include/fileops.h,
 3067: 	include/gettext.h, include/lbuf.h, include/missing.h,
 3068: 	include/sudo_plugin.h, pathnames.h.in,
 3069: 	plugins/group_file/Makefile.in, plugins/sample/Makefile.in,
 3070: 	plugins/sample/sample_plugin.c, plugins/sudoers/Makefile.in,
 3071: 	plugins/sudoers/alias.c, plugins/sudoers/audit.c,
 3072: 	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
 3073: 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
 3074: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
 3075: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
 3076: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
 3077: 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
 3078: 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/bsm_audit.c,
 3079: 	plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
 3080: 	plugins/sudoers/defaults.h, plugins/sudoers/env.c,
 3081: 	plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
 3082: 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
 3083: 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
 3084: 	plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
 3085: 	plugins/sudoers/iolog_path.c, plugins/sudoers/linux_audit.c,
 3086: 	plugins/sudoers/linux_audit.h, plugins/sudoers/locale.c,
 3087: 	plugins/sudoers/logging.h, plugins/sudoers/match.c,
 3088: 	plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
 3089: 	plugins/sudoers/parse.h, plugins/sudoers/prompt.c,
 3090: 	plugins/sudoers/pwutil.h, plugins/sudoers/redblack.c,
 3091: 	plugins/sudoers/redblack.h,
 3092: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 3093: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 3094: 	plugins/sudoers/regress/logging/check_wrap.c,
 3095: 	plugins/sudoers/regress/parser/check_addr.c,
 3096: 	plugins/sudoers/regress/parser/check_fill.c,
 3097: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
 3098: 	plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers_version.h,
 3099: 	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
 3100: 	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
 3101: 	plugins/sudoers/toke_util.c, plugins/sudoers/tsgetgrpw.c,
 3102: 	plugins/sudoers/visudo.c, plugins/system_group/Makefile.in,
 3103: 	plugins/system_group/system_group.c, src/Makefile.in,
 3104: 	src/conversation.c, src/exec.c, src/exec_common.c, src/get_pty.c,
 3105: 	src/net_ifs.c, src/parse_args.c, src/preload.c, src/selinux.c,
 3106: 	src/sesh.c, src/signal.c, src/sudo_edit.c, src/sudo_exec.h,
 3107: 	src/sudo_noexec.c, src/sudo_plugin_int.h, src/tgetpass.c,
 3108: 	src/utmp.c:
 3109: 	Update copyright years.
 3110: 	[5c6d72661bad]
 3111: 
 3112: 	* plugins/sudoers/mon_systrace.h:
 3113: 	Systrace support was removed long ago.
 3114: 	[10a038a2da77]
 3115: 
 3116: 2013-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 3117: 
 3118: 	* MANIFEST, plugins/sudoers/regress/sudoers/test10.toke.out.ok,
 3119: 	plugins/sudoers/regress/sudoers/test9.toke.out.ok:
 3120: 	Remove some files that were mistakenly added.
 3121: 	[833502da26de]
 3122: 
 3123: 	* common/sudo_debug.c, config.h.in, configure, configure.in,
 3124: 	plugins/sudoers/boottime.c, plugins/sudoers/iolog.c,
 3125: 	plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
 3126: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/timestamp.c:
 3127: 	Use time(&now) instead of now = time(NULL) when storing the current
 3128: 	time in a time_t (better compiler error checking). Better parsing
 3129: 	and printing of 64-bit time_t on 32-bit platforms.
 3130: 	[c227dc72c04e]
 3131: 
 3132: 2013-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 3133: 
 3134: 	* src/ttyname.c:
 3135: 	Don't check the tty of the parent process. Now that we get the
 3136: 	controlling tty device number from the kernel there is no need. If
 3137: 	the process has really disassociated from the tty then reporting
 3138: 	"unknown" is appropriate.
 3139: 	[62fb66e565db]
 3140: 
 3141: 2013-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 3142: 
 3143: 	* common/error.c:
 3144: 	Use EXIT_FAILURE instead of 1 as the fatal() exit value.
 3145: 	[ed94c2c5e88a]
 3146: 
 3147: 	* src/sesh.c:
 3148: 	Change remaining errorx -> fatalx
 3149: 	[3f6d70e19303]
 3150: 
 3151: 2013-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 3152: 
 3153: 	* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
 3154: 	plugins/sudoers/sudoers.h:
 3155: 	Replace sudo_fakepwnamid() with sudo_mkpwent() and don't return an
 3156: 	error if the entry already exists in the cache.
 3157: 	[94d45970400a]
 3158: 
 3159: 	* plugins/sudoers/bsm_audit.c, plugins/sudoers/po/sudoers.pot:
 3160: 	Change "foo: failed" to just "foo" since we print the string form of
 3161: 	errno. Gets rids of some useless translations.
 3162: 	[476f37349dbc]
 3163: 
 3164: 2013-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 3165: 
 3166: 	* plugins/sudoers/match.c:
 3167: 	Fix pasto in debug_decl
 3168: 	[08650186a239]
 3169: 
 3170: 	* plugins/sudoers/Makefile.in:
 3171: 	regen
 3172: 	[acf4c34fba2c]
 3173: 
 3174: 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
 3175: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
 3176: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/logging.c,
 3177: 	plugins/sudoers/logging.h, plugins/sudoers/parse.c,
 3178: 	plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
 3179: 	Rename log_error() -> log_warning() for consistency with
 3180: 	warning()/fatal()
 3181: 	[474ed5a0e335]
 3182: 
 3183: 	* plugins/sudoers/auth/API:
 3184: 	The NO_EXIT flag was removed a while ago.
 3185: 	[e0a4be270226]
 3186: 
 3187: 	* common/aix.c, common/alloc.c, common/error.c, include/error.h,
 3188: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
 3189: 	plugins/sudoers/find_path.c, plugins/sudoers/hexchar.c,
 3190: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 3191: 	plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
 3192: 	plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
 3193: 	plugins/sudoers/pwutil.c,
 3194: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 3195: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 3196: 	plugins/sudoers/regress/logging/check_wrap.c,
 3197: 	plugins/sudoers/regress/parser/check_addr.c,
 3198: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 3199: 	plugins/sudoers/testsudoers.c, plugins/sudoers/timestamp.c,
 3200: 	plugins/sudoers/visudo.c, src/exec.c, src/exec_common.c,
 3201: 	src/exec_pty.c, src/net_ifs.c, src/parse_args.c, src/selinux.c,
 3202: 	src/signal.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c,
 3203: 	src/utmp.c:
 3204: 	Rename error/errorx -> fatal/fatalx and remove the exit value as it
 3205: 	was always 1.
 3206: 	[ea66f58c4da5]
 3207: 
 3208: 	* NEWS:
 3209: 	digests are supported in sudoers ldap too
 3210: 	[77d6c25f7653]
 3211: 
 3212: 	* plugins/sudoers/regress/check_symbols/check_symbols.c:
 3213: 	Print test failures to stdout like the final count so the outputis
 3214: 	not displayed out of order.
 3215: 	[f541b78ecb93]
 3216: 
 3217: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
 3218: 	plugins/sudoers/po/eo.po, plugins/sudoers/po/hr.mo,
 3219: 	plugins/sudoers/po/hr.po, plugins/sudoers/po/it.po, src/po/da.mo,
 3220: 	src/po/da.po, src/po/eo.po, src/po/hr.mo, src/po/hr.po,
 3221: 	src/po/it.po, src/po/tr.po:
 3222: 	Sync with translationproject.org
 3223: 	[cbd70678b99f]
 3224: 
 3225: 	* Makefile.in:
 3226: 	Check for any uncommitted changes in dist target and add force-dist
 3227: 	target that omit check-dist.
 3228: 	[78dc3f41e37e]
 3229: 
 3230: 2013-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 3231: 
 3232: 	* src/regress/ttyname/check_ttyname.c:
 3233: 	Fix logic bug when checking tty via ttyname().
 3234: 	[279aee076194]
 3235: 
 3236: 	* compat/endian.h:
 3237: 	Fix check for _BIG_ENDIAN and _LITTLE_ENDIAN (Solaris) and
 3238: 	__BIG_ENDIAN__ and __LITTLE_ENDIAN__ (HP-UX)
 3239: 	[fe35e0b04502]
 3240: 
 3241: 	* plugins/sudoers/po/sudoers.pot:
 3242: 	regen
 3243: 	[0ddebccd3045]
 3244: 
 3245: 	* NEWS, doc/sample.sudoers, doc/sudoers.cat, doc/sudoers.ldap.cat,
 3246: 	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
 3247: 	doc/sudoers.man.in, doc/sudoers.mdoc.in:
 3248: 	Document digest support.
 3249: 	[d794c7b9a7bc]
 3250: 
 3251: 	* MANIFEST, plugins/sudoers/Makefile.in,
 3252: 	plugins/sudoers/regress/parser/check_base64.c:
 3253: 	Simple bas64 decode unit test.
 3254: 	[344b0df0fe50]
 3255: 
 3256: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/base64.c,
 3257: 	plugins/sudoers/match.c, plugins/sudoers/parse.h:
 3258: 	Move base64_decode into its own source file.
 3259: 	[30497e7f88bc]
 3260: 
 3261: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 3262: 	Only check year against 2038 if time_t is 32-bit.
 3263: 	[9c1f2e3fc3ba]
 3264: 
 3265: 2013-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 3266: 
 3267: 	* plugins/sudoers/ldap.c, plugins/sudoers/parse.h,
 3268: 	plugins/sudoers/sssd.c:
 3269: 	Add digest support for sudoers in ldap and sss.
 3270: 	[314937b5e59e]
 3271: 
 3272: 	* INSTALL, configure, configure.in:
 3273: 	Error out in configure if the compiler doesn't support "long long".
 3274: 	[d3645c1d50d1]
 3275: 
 3276: 	* plugins/sudoers/match.c, plugins/sudoers/toke.c,
 3277: 	plugins/sudoers/toke.l:
 3278: 	Include stdint.h or inttypes.h before sha2.h
 3279: 	[20ad1c20313d]
 3280: 
 3281: 	* common/lbuf.c:
 3282: 	Simplify lbuf append functions by moving the realloc code into
 3283: 	lbuf_expand(). We now expand as needed each time bytes need to be
 3284: 	written to the lbuf. Also handle a NULL pointer being passed in for
 3285: 	paranoia's sake.
 3286: 	[6283ee562ef4]
 3287: 
 3288: 	* plugins/sudoers/iolog.c:
 3289: 	Zero out struct iolog_details early to avoid a potential (though
 3290: 	unlikely) dereference of stack garbage if we hit a fatal error
 3291: 	before iolog_deserialize_info() is called.
 3292: 	[2eeca8be05fb]
 3293: 
 3294: 2013-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 3295: 
 3296: 	* sudo.pp:
 3297: 	Update copyright year.
 3298: 	[b843c6a43238]
 3299: 
 3300: 	* plugins/sudoers/sudoers_version.h:
 3301: 	Bump SUDOERS_GRAMMAR_VERSION for new digest support.
 3302: 	[188556fb8156]
 3303: 
 3304: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 3305: 	plugins/sudoers/gram.y, plugins/sudoers/match.c,
 3306: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 3307: 	Sanity check digest in parser so visudo can catch errors. Add base64
 3308: 	support
 3309: 	[b8586d5cc7ed]
 3310: 
 3311: 	* MANIFEST, compat/endian.h, config.h.in, configure, configure.in,
 3312: 	plugins/sudoers/Makefile.in, plugins/sudoers/sha2.c:
 3313: 	For big endian architectures just use memcpy() instead of BE macros
 3314: 	in a loop.
 3315: 	[c71a0f4a8a8e]
 3316: 
 3317: 2013-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 3318: 
 3319: 	* MANIFEST, config.h.in, configure, configure.in,
 3320: 	plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
 3321: 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 3322: 	plugins/sudoers/hexchar.c, plugins/sudoers/ldap.c,
 3323: 	plugins/sudoers/match.c, plugins/sudoers/parse.h,
 3324: 	plugins/sudoers/regress/parser/check_digest.c,
 3325: 	plugins/sudoers/regress/parser/check_digest.out.ok,
 3326: 	plugins/sudoers/sha2.h, plugins/sudoers/sssd.c,
 3327: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 3328: 	plugins/sudoers/toke_util.c:
 3329: 	Initial implementation of checksum support in sudoers. Currently
 3330: 	supports SHA-224, SHA-256, SHA-384, SHA-512. TODO: checksum format
 3331: 	validation in parser and base64 support. checksum support for ldap
 3332: 	sudoers
 3333: 	[b8f196346eca]
 3334: 
 3335: 2013-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 3336: 
 3337: 	* doc/CONTRIBUTORS, plugins/sudoers/sha2.c, plugins/sudoers/sha2.h:
 3338: 	SHA-224, SHA-256, SHA-384 and SHA-512. Derived from the public
 3339: 	domain SHA-1 and SHA-2 implementations by Steve Reid and Wei Dai
 3340: 	respectively.
 3341: 	[7511d07c0a83]
 3342: 
 3343: 2013-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 3344: 
 3345: 	* NEWS:
 3346: 	Add sudo 1.8.6p8
 3347: 	[0666fd0321ae]
 3348: 
 3349: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/po/sudoers.pot:
 3350: 	Add missing "not" in error message when mixing standalone and non-
 3351: 	standalone authentication methods.
 3352: 	[7eba4439db73]
 3353: 
 3354: 	* plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
 3355: 	Check for crypt() returning NULL. Traditionally, crypt() never
 3356: 	returned NULL but newer versions of eglibc have a crypt() that does.
 3357: 	Bug #598
 3358: 	[887b9df243df]
 3359: 
 3360: 	* plugins/sudoers/auth/pam.c:
 3361: 	Better PAM error messages
 3362: 	[fd7eda53cdd7]
 3363: 
 3364: 	* plugins/sudoers/auth/kerb5.c:
 3365: 	Better error messages
 3366: 	[98142874a2f4]
 3367: 
 3368: 	* plugins/sudoers/bsm_audit.c:
 3369: 	Use same error message for getauid() failure.
 3370: 	[07f0d88cb1df]
 3371: 
 3372: 	* plugins/sudoers/sssd.c:
 3373: 	Start warning with a lower case letter for consistency and to match
 3374: 	existing translated strings.
 3375: 	[b719ac52c9e3]
 3376: 
 3377: 2013-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 3378: 
 3379: 	* mkpkg:
 3380: 	Disable PIE on Solaris where it is not really supported.
 3381: 	[c36c84cdcc7a]
 3382: 
 3383: 	* src/ttyname.c:
 3384: 	AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
 3385: 	before we try to match it against st_rdev.
 3386: 	[5dab449fb962]
 3387: 
 3388: 	* src/ttyname.c:
 3389: 	Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
 3390: 	a problem finding the tty name when it is not in /dev/pts.
 3391: 	[6c205d087fa0]
 3392: 
 3393: 	* compat/snprintf.c:
 3394: 	Support %lld and %llu
 3395: 	[feabfa06c954]
 3396: 
 3397: 	* .hgignore, MANIFEST, src/Makefile.in,
 3398: 	src/regress/ttyname/check_ttyname.c:
 3399: 	Add ttyname test.
 3400: 	[e987038f8c07]
 3401: 
 3402: 2013-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 3403: 
 3404: 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 3405: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 3406: 	plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
 3407: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 3408: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
 3409: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 3410: 	src/po/de.mo, src/po/de.po, src/po/fi.mo, src/po/fi.po,
 3411: 	src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
 3412: 	src/po/sl.mo, src/po/sl.po, src/po/uk.mo, src/po/uk.po,
 3413: 	src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
 3414: 	Sync with translationproject.org
 3415: 	[4d7b73b22079]
 3416: 
 3417: 	* plugins/sudoers/timestamp.c:
 3418: 	Log timestampfile to debug file.
 3419: 	[e997281146c0]
 3420: 
 3421: 	* plugins/sudoers/auth/pam.c, plugins/sudoers/po/sudoers.pot:
 3422: 	Don't add the "Password: " string we look up in the PAM text domain
 3423: 	to the sudoers.pot file.
 3424: 	[771b52244abf]
 3425: 
 3426: 2013-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 3427: 
 3428: 	* plugins/sudoers/po/sudoers.pot:
 3429: 	Synce with regcomp() error message change.
 3430: 	[fc6d3dfb8eb8]
 3431: 
 3432: 	* plugins/sudoers/sudoreplay.c:
 3433: 	Be consistent with error message when regcomp() fails.
 3434: 	[de6c69ba04e4]
 3435: 
 3436: 2013-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 3437: 
 3438: 	* plugins/sudoers/regress/testsudoers/test5.out.ok,
 3439: 	plugins/sudoers/regress/testsudoers/test5.sh:
 3440: 	Use group -1 instead of 1 as the invalid group since the running
 3441: 	user might have group 1 as their default group.
 3442: 	[71404a9fa75d]
 3443: 
 3444: 	* plugins/sudoers/Makefile.in:
 3445: 	PWD may be a shell builtin, use CWD instead.
 3446: 	[c443105c5091]
 3447: 
 3448: 2013-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 3449: 
 3450: 	* plugins/sudoers/check.c:
 3451: 	Split up check_user().
 3452: 	[ce7cc0767589]
 3453: 
 3454: 2013-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 3455: 
 3456: 	* config.h.in, configure.in:
 3457: 	Cosmetic fixes in the comments.
 3458: 	[640abee43c14]
 3459: 
 3460: 2013-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 3461: 
 3462: 	* configure, configure.in:
 3463: 	Use AC_LINK_IFELSE instead of AC_TRY_LINK Fix printing of status
 3464: 	message for visibility checks when the test fails.
 3465: 	[99665477ee55]
 3466: 
 3467: 	* config.h.in:
 3468: 	regen
 3469: 	[00c22606719a]
 3470: 
 3471: 	* configure, configure.in:
 3472: 	We no longer use mbr_check_membership() and setrlimit64() is AIX-
 3473: 	specific.
 3474: 	[43caf685a1f1]
 3475: 
 3476: 	* Makefile.in:
 3477: 	The first (all) target must be by itself or some makes will choose
 3478: 	the run the entire target list.
 3479: 	[16cf3def49f5]
 3480: 
 3481: 	* configure, configure.in:
 3482: 	Do exec_prefix expansion when enable_shared even if noexec is not
 3483: 	enabled.
 3484: 	[7ed28cb32d8d]
 3485: 
 3486: 	* compat/getgrouplist.c:
 3487: 	Use free() not efree() since we don't include alloc.h here
 3488: 	[1a008737be24]
 3489: 
 3490: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 3491: 	regen
 3492: 	[b939f941346f]
 3493: 
 3494: 	* plugins/sudoers/regress/testsudoers/test2.sh,
 3495: 	plugins/sudoers/regress/testsudoers/test3.sh,
 3496: 	plugins/sudoers/regress/testsudoers/test5.sh:
 3497: 	Pass in expected gid to testsudoers in addition to the uid that
 3498: 	matches the test sudoers files.
 3499: 	[6a1710e8cac1]
 3500: 
 3501: 2013-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 3502: 
 3503: 	* include/missing.h:
 3504: 	Tru64 5.x does declare innetgr() and getdomainname().
 3505: 	[c75598e69c7e]
 3506: 
 3507: 	* plugins/sudoers/match.c:
 3508: 	Fix compilation when getdomainame() is not present.
 3509: 	[e831b017a962]
 3510: 
 3511: 	* config.h.in, configure.in, include/missing.h:
 3512: 	Move SET/CLR/ISSET from config.h.in to missing.h
 3513: 	[3a3dd29fd7f0]
 3514: 
 3515: 	* configure, configure.in:
 3516: 	Fix getgrouplist() check.
 3517: 	[12a2adf60e98]
 3518: 
 3519: 	* MANIFEST:
 3520: 	No more timestamp.h
 3521: 	[5677e26afc0f]
 3522: 
 3523: 	* plugins/sudoers/check.c:
 3524: 	Neded sys/time.h for struct timeval in struct sudo_tty_info.
 3525: 	[aceaadd8c400]
 3526: 
 3527: 	* plugins/sudoers/Makefile.in:
 3528: 	regen depends
 3529: 	[21675a8b67e5]
 3530: 
 3531: 	* NEWS:
 3532: 	Mention libibmldap on HP-UX
 3533: 	[75b4e4b22950]
 3534: 
 3535: 	* NEWS, plugins/sudoers/match.c:
 3536: 	Instead of checking the domain name explicitly for "(none)", just
 3537: 	check for illegal characters.
 3538: 	[ce35dda811db]
 3539: 
 3540: 	* plugins/sudoers/visudo.c:
 3541: 	Only warn once when we are unable to open the sudoers file.
 3542: 	[9e27e3aa5b10]
 3543: 
 3544: 	* plugins/sudoers/sudoers.c:
 3545: 	Fall back to opening /dev/tty to determine whether there is a tty if
 3546: 	the system doesn't have kernel support for determing the tty.
 3547: 	[2775bcf9a9b5]
 3548: 
 3549: 	* compat/getprogname.c:
 3550: 	Update guard to take __progname into account
 3551: 	[60eae3f20232]
 3552: 
 3553: 	* compat/snprintf.c:
 3554: 	Some older systems have inttypes.h but not stdint.h
 3555: 	[ed1ef160015f]
 3556: 
 3557: 	* compat/closefrom.c, compat/dlopen.c, compat/fnmatch.c,
 3558: 	compat/getaddrinfo.c, compat/getcwd.c, compat/getgrouplist.c,
 3559: 	compat/getline.c, compat/getprogname.c, compat/glob.c,
 3560: 	compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
 3561: 	compat/nanosleep.c, compat/pw_dup.c, compat/sig2str.c,
 3562: 	compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
 3563: 	compat/strsignal.c, compat/utimes.c:
 3564: 	Add guards in compat source files. Not really needed since we only
 3565: 	include them in the Makefile if they are needed but should not hurt
 3566: 	either.
 3567: 	[8cbd3b4595b9]
 3568: 
 3569: 2013-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 3570: 
 3571: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 3572: 	Don't include gram.h in gram.y, its contents are already included.
 3573: 	Move sudoerserror to the end of gram.y so COMMENT is declared when
 3574: 	we need to use it.
 3575: 	[7d72ebdd7222]
 3576: 
 3577: 2013-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 3578: 
 3579: 	* config.h.in, configure.in:
 3580: 	Remove some pre-ANSI cruft.
 3581: 	[6a95704b2116]
 3582: 
 3583: 	* plugins/sudoers/match.c:
 3584: 	Rename NAME_MATCH -> SUDOERS_NAME_MATCH and avoid pulling in glob.h
 3585: 	when it is set.
 3586: 	[da40c550ffed]
 3587: 
 3588: 	* NEWS, plugins/sudoers/iolog_path.c:
 3589: 	We still want to recognize %{seq} for the SUDOERS_NO_SEQ case but
 3590: 	just leave it as-is.
 3591: 	[9a22de140d28]
 3592: 
 3593: 2013-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 3594: 
 3595: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 3596: 	Add missing semicolon in rule.
 3597: 	[817d3f1b2a21]
 3598: 
 3599: 	* plugins/sudoers/sudoers.c:
 3600: 	Now that we can determine the terminal even when file descriptors
 3601: 	are redirected we can check user_ttypath rather than opening
 3602: 	/dev/tty when enforcing requiretty.
 3603: 	[56a28bc09041]
 3604: 
 3605: 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 3606: 	plugins/sudoers/sudoers.h:
 3607: 	Stash umask in struct sudo_user so we don't need to look it up
 3608: 	later.
 3609: 	[9f85749199dc]
 3610: 
 3611: 	* plugins/sudoers/sudoers.c:
 3612: 	Minor cosmetic change
 3613: 	[c373e106ed49]
 3614: 
 3615: 	* plugins/sudoers/regress/parser/check_addr.c:
 3616: 	No longer need to declare interfaces
 3617: 	[d7ff7e579557]
 3618: 
 3619: 	* plugins/sudoers/logging.c:
 3620: 	Fix compilation in SUDOERS_NO_SEQ case
 3621: 	[9a6db9247534]
 3622: 
 3623: 	* plugins/sudoers/regress/parser/check_addr.c:
 3624: 	No longer need to define sudo_printf
 3625: 	[578ad13c3546]
 3626: 
 3627: 	* plugins/sudoers/check.c, plugins/sudoers/check.h,
 3628: 	plugins/sudoers/timestamp.c:
 3629: 	Pass auth_pw to the timestamp functions.
 3630: 	[f603649177d6]
 3631: 
 3632: 	* plugins/sudoers/iolog_path.c:
 3633: 	Fix SUDOERS_NO_SEQ
 3634: 	[17881f9bcd68]
 3635: 
 3636: 	* plugins/sudoers/locale.c:
 3637: 	Don't need all of sudoers.h in here
 3638: 	[c518150c6483]
 3639: 
 3640: 	* plugins/sudoers/sudoers.c:
 3641: 	Don't need to include sudoers_version.h here.
 3642: 	[8abb31102119]
 3643: 
 3644: 2013-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 3645: 
 3646: 	* plugins/sudoers/check.c:
 3647: 	DEFAULT_LECTURE is no longer used.
 3648: 	[f565c00a68c1]
 3649: 
 3650: 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
 3651: 	Move sudo_conv into policy.c
 3652: 	[f699aee7136b]
 3653: 
 3654: 	* plugins/sudoers/pwutil.c:
 3655: 	cosmetic fixes
 3656: 	[930e60389ca8]
 3657: 
 3658: 	* plugins/sudoers/match.c:
 3659: 	RHEL (and perhaps other Linux distros) use the string "(none)"
 3660: 	instead of an empty string when there is no actual NIS-style domain
 3661: 	name. Bug #596
 3662: 	[11aec11489ac]
 3663: 
 3664: 	* plugins/sudoers/match.c:
 3665: 	Fix return values when NAME_MATCH is defined.
 3666: 	[ce030be9ccef]
 3667: 
 3668: 2013-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 3669: 
 3670: 	* plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h:
 3671: 	Update copyright year.
 3672: 	[7e4b8d49addd]
 3673: 
 3674: 	* plugins/sudoers/pwutil.c, plugins/sudoers/pwutil.h,
 3675: 	plugins/sudoers/pwutil_impl.c, plugins/sudoers/sudoers.h:
 3676: 	Add sudo_set_grlist(), currently unused by the back end.
 3677: 	[b37ac1d0e8fc]
 3678: 
 3679: 	* plugins/sudoers/pwutil.c:
 3680: 	Remove unused macros, fix a debug_decl
 3681: 	[6136fb4a0d3b]
 3682: 
 3683: 	* include/missing.h:
 3684: 	Tru64 Unix doesn't prototype innetgr() or getdomainname().
 3685: 	[585ac1874dfe]
 3686: 
 3687: 	* include/missing.h:
 3688: 	Whitespace fixes
 3689: 	[0bb28cd91d97]
 3690: 
 3691: 	* common/error.c:
 3692: 	Don't need to include setjmp.h here, error.h already includes it.
 3693: 	[fd05ab00e186]
 3694: 
 3695: 2013-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 3696: 
 3697: 	* compat/Makefile.in, plugins/sudoers/Makefile.in:
 3698: 	regen depends
 3699: 	[57991f5e16b4]
 3700: 
 3701: 	* plugins/sudoers/check.h:
 3702: 	Rename guard define.
 3703: 	[ccf4dba241d6]
 3704: 
 3705: 	* plugins/sudoers/check.c, plugins/sudoers/check.h,
 3706: 	plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
 3707: 	Move contents of timestamp.h into check.h.
 3708: 	[c139757a9283]
 3709: 
 3710: 	* plugins/sudoers/sudoers.h:
 3711: 	expand_prompt() is now in prompt.c sudo_printf extern is now in
 3712: 	error.h
 3713: 	[219bd74ca62b]
 3714: 
 3715: 	* plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.h,
 3716: 	plugins/sudoers/ins_2001.h, plugins/sudoers/ins_classic.h,
 3717: 	plugins/sudoers/ins_csops.h, plugins/sudoers/ins_goons.h,
 3718: 	plugins/sudoers/insults.h, plugins/sudoers/interfaces.h,
 3719: 	plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
 3720: 	plugins/sudoers/parse.h, plugins/sudoers/pwutil.h,
 3721: 	plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
 3722: 	plugins/sudoers/sudoers.h, plugins/sudoers/timestamp.h,
 3723: 	plugins/sudoers/toke.h:
 3724: 	Change multiple inclusion guards to be _SUDOERS_FOO_H
 3725: 	[faace6d55e78]
 3726: 
 3727: 2013-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 3728: 
 3729: 	* MANIFEST, plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
 3730: 	src/po/nl.mo, src/po/nl.po, src/po/tr.mo, src/po/tr.po:
 3731: 	New Dutch translation for sudo and sudoers New Turkish translation
 3732: 	for sudo From translationproject.org
 3733: 	[bc918b7b23a4]
 3734: 
 3735: 2013-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 3736: 
 3737: 	* config.h.in, configure, configure.in:
 3738: 	Fix a typo in a comment and make sure we don't mistakenly include
 3739: 	_PATH_SUDO_ASKPASS and _PATH_SUDO_SESH in config.h.in
 3740: 	[694d12ac70ec]
 3741: 
 3742: 2013-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 3743: 
 3744: 	* plugins/sudoers/Makefile.in:
 3745: 	Don't build check_symbols if we are linking sudoers in statically.
 3746: 	[f6602723bab7]
 3747: 
 3748: 	* configure, configure.in:
 3749: 	Use $host_os not $host when we only care about the os name and
 3750: 	version.
 3751: 	[05e4f4fcba06]
 3752: 
 3753: 	* aclocal.m4, configure, configure.in:
 3754: 	Suppress duplicate -L and -I flags.
 3755: 	[228f2f581aed]
 3756: 
 3757: 	* common/Makefile.in, compat/regress/fnmatch/fnm_test.c:
 3758: 	Fix regress tests on non-OpenBSD platforms.
 3759: 	[9d91bc859c50]
 3760: 
 3761: 	* configure, configure.in:
 3762: 	If we find sasl/sasl.h there's no need to check for sasl.h too
 3763: 	[889efaa86012]
 3764: 
 3765: 	* aclocal.m4, configure, configure.in:
 3766: 	Add -R flags at the very end after configure link tests are done
 3767: 	since we can only count on libtool to accept -R, the compiler front
 3768: 	end may not. Also unify the libldap and libibmldap tests using
 3769: 	AC_SEARCH_LIBS and check for -lCsup on HP-UX which is needed by
 3770: 	libibmldap (but is not an explicit dependency).
 3771: 	[ab1451894351]
 3772: 
 3773: 2013-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 3774: 
 3775: 	* configure, configure.in:
 3776: 	Back out changes that broke detection of skey, opie and ldap
 3777: 	libraries.
 3778: 	[ffa82b8f8641]
 3779: 
 3780: 	* plugins/sudoers/regress/testsudoers/test1.sh,
 3781: 	plugins/sudoers/regress/testsudoers/test2.sh,
 3782: 	plugins/sudoers/regress/testsudoers/test3.sh,
 3783: 	plugins/sudoers/regress/testsudoers/test4.sh,
 3784: 	plugins/sudoers/regress/testsudoers/test5.sh,
 3785: 	plugins/sudoers/regress/visudo/test1.sh,
 3786: 	plugins/sudoers/regress/visudo/test2.sh,
 3787: 	plugins/sudoers/regress/visudo/test3.sh:
 3788: 	Add explicit "exit 0" to prevent the check target from ending
 3789: 	prematurely.
 3790: 	[cca411b492bd]
 3791: 
 3792: 	* plugins/sudoers/Makefile.in:
 3793: 	Fix exit values in check target so we don't have to ignore errors.
 3794: 	[cbc429c409e9]
 3795: 
 3796: 	* plugins/sudoers/Makefile.in:
 3797: 	Fail a test if there is unexpected stderr output.
 3798: 	[4fc24d536bec]
 3799: 
 3800: 	* MANIFEST:
 3801: 	Fix path to sudo.conf manuals; remove non-existant test2.err.ok
 3802: 	[6b8bcd60dd85]
 3803: 
 3804: 	* src/load_plugins.c:
 3805: 	Fix compilation in dynamic mode.
 3806: 	[679856fa0774]
 3807: 
 3808: 	* configure, configure.in:
 3809: 	On HP-UX, libibmldap has a hidden dependency on libCsup
 3810: 	[22994709d77c]
 3811: 
 3812: 	* compat/dlopen.c:
 3813: 	Pass BIND_VERBOSE to shl_load()
 3814: 	[0060b9cfa9ab]
 3815: 
 3816: 	* configure, configure.in:
 3817: 	Only create static helper libs when --disable-shared is specified.
 3818: 	[1fcdb1a437e0]
 3819: 
 3820: 	* src/load_plugins.c:
 3821: 	Ubreak static build.
 3822: 	[4ac9f96be285]
 3823: 
 3824: 	* INSTALL, aclocal.m4, configure, configure.in:
 3825: 	Replace --with-rpath and --with-blibpath with --disable-rpath. Now
 3826: 	that we use libtool for linking we can just use the -R flag and have
 3827: 	libtool translate it to the proper linker flag.
 3828: 	[09798fad6888]
 3829: 
 3830: 2013-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 3831: 
 3832: 	* src/exec_pty.c:
 3833: 	Bump I/O buffer size 32K
 3834: 	[4ef793225309]
 3835: 
 3836: 2013-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 3837: 
 3838: 	* configure, configure.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
 3839: 	doc/sudo.conf.mdoc.in:
 3840: 	Document sesh Path setting.
 3841: 	[34b0b903b4f8]
 3842: 
 3843: 	* src/exec.c, src/exec_common.c:
 3844: 	Move exec_cmnd to exec.c to fix a compilation issue with sesh.c
 3845: 	[06aa1956f38d]
 3846: 
 3847: 	* common/sudo_conf.c, configure, configure.in, include/sudo_conf.h,
 3848: 	src/selinux.c:
 3849: 	Make sesh path configurable in sudo.conf
 3850: 	[91d331f273b7]
 3851: 
 3852: 	* configure, configure.in:
 3853: 	Use -fno-pie and -nopie if supported when --disable-pie is
 3854: 	specified.
 3855: 	[777138c04dcc]
 3856: 
 3857: 2013-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 3858: 
 3859: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 3860: 	Document direct execution of the command if the policy plugin has no
 3861: 	close function.
 3862: 	[6a14145c6e80]
 3863: 
 3864: 2013-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 3865: 
 3866: 	* plugins/sudoers/auth/pam.c:
 3867: 	Only delete creds if we actually established them. Print an error if
 3868: 	pam_setcred() fails and we actually authenticated.
 3869: 	[1e015314903b]
 3870: 
 3871: 	* common/Makefile.in, plugins/group_file/Makefile.in:
 3872: 	regen
 3873: 	[dd8cee2a5e1b]
 3874: 
 3875: 	* common/alloc.c, include/alloc.h:
 3876: 	Convert efree() to a macro that just casts to void * and does
 3877: 	free(). If the system free() can't handle free(NULL) this may crash
 3878: 	but C89 was a long time ago.
 3879: 	[efd0ff9270fb]
 3880: 
 3881: 	* configure, configure.in:
 3882: 	Define _REENTRANT for HP-UX when we add -lpthread to SUDO_LIBS.
 3883: 	Fixes a problem with errno sometimes not being set on error on HP-
 3884: 	UX.
 3885: 	[54b419d58320]
 3886: 
 3887: 	* common/sudo_debug.c:
 3888: 	Fix debug logging from the plugin when there is no error number.
 3889: 	This was broken in the big debugging reorg for 1.8.7.
 3890: 	[2ea7e145e928]
 3891: 
 3892: 2013-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 3893: 
 3894: 	* configure, configure.in, plugins/group_file/Makefile.in,
 3895: 	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
 3896: 	plugins/system_group/Makefile.in, src/load_plugins.c:
 3897: 	Always install plugins with a .so extension regardless of what
 3898: 	extension the system uses for shared libraries. That way the
 3899: 	group_plugin sudoers setting can be shared between heterogenous
 3900: 	systems.
 3901: 	[a7e6ecff6fdf]
 3902: 
 3903: 	* plugins/sudoers/match.c:
 3904: 	Mac OS X has netgroup functions in netdb.h.
 3905: 	[243881a974aa]
 3906: 
 3907: 	* plugins/sudoers/parse.h:
 3908: 	Tags in struct cmndtag can be set to IMPLIED as well.
 3909: 	[cb6926988cc8]
 3910: 
 3911: 	* plugins/sudoers/parse.c:
 3912: 	Quiet a compiler warning.
 3913: 	[14e608c2001d]
 3914: 
 3915: 	* plugins/sudoers/testsudoers.c:
 3916: 	Quiet an llvm checker warning.
 3917: 	[2eeb9f3d08f3]
 3918: 
 3919: 	* plugins/sudoers/parse.c:
 3920: 	Quiet gcc -Wuninitialized false positive
 3921: 	[643ad987503d]
 3922: 
 3923: 2013-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 3924: 
 3925: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 3926: 	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
 3927: 	doc/sudoers.mdoc.in:
 3928: 	Document group_file and system_group plugins.
 3929: 	[b56511e79230]
 3930: 
 3931: 	* NEWS:
 3932: 	Sudo 1.8.7
 3933: 	[e95183b8fa27]
 3934: 
 3935: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 3936: 	Try to clarify that sudoedit in sudoers should not include a leading
 3937: 	pathname.
 3938: 	[7b2beac92a9c]
 3939: 
 3940: 	* plugins/sudoers/pwutil_impl.c:
 3941: 	Make sure groupname_len is at least 32 just to be on the safe side.
 3942: 	It is better to allocate a little extra and not need it than to have
 3943: 	to reallocate and start over.
 3944: 	[6d3e1ba47de9]
 3945: 
 3946: 	* include/alloc.h, include/missing.h:
 3947: 	Add __malloc_like macro to apply __malloc__ attribute to emalloc,
 3948: 	ecalloc and estrdup. It cannot be applied to realloc since that may
 3949: 	return the same pointer.
 3950: 	[8d70cb81d1f1]
 3951: 
 3952: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 3953: 	Fix potential double free in an error path.
 3954: 	[657573feb6a4]
 3955: 
 3956: 	* src/exec_pty.c:
 3957: 	When running the command in a pty, defer the call to exec_setup()
 3958: 	until just before we exec the command. This is consistent with the
 3959: 	non-pty path. As a side effect, the monitor process runs as root and
 3960: 	not the runas user.
 3961: 	[e2a7f8c7ee4c]
 3962: 
 3963: 2013-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 3964: 
 3965: 	* compat/closefrom.c:
 3966: 	Update copyright year.
 3967: 	[9b652af4dfc0]
 3968: 
 3969: 2013-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 3970: 
 3971: 	* compat/closefrom.c:
 3972: 	Use pst_highestfd from pstat_getproc() on HP-UX.
 3973: 	[09f3fea46a3d]
 3974: 
 3975: 2013-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 3976: 
 3977: 	* Makefile.in, common/Makefile.in, doc/Makefile.in,
 3978: 	plugins/sudoers/Makefile.in:
 3979: 	Clean up generated test files and other minor housekeeping.
 3980: 	[f5f4fdd908e1]
 3981: 
 3982: 	* plugins/sudoers/iolog.c:
 3983: 	Add back gettimeofday() call inadvertantly removed in e1abb9810a83
 3984: 	[675cce8401ae]
 3985: 
 3986: 	* config.h.in, configure, configure.in, src/ttyname.c:
 3987: 	Use pstat() on HP-UX to determine the tty device.
 3988: 	[2884af22a9df]
 3989: 
 3990: 	* plugins/sudoers/auth/pam.c:
 3991: 	Fix PAM compilation: def_pam_session, not just pam_session.
 3992: 	[5417d7acc6ea]
 3993: 
 3994: 	* doc/fixmdoc.sh:
 3995: 	Don't remove the -S option description when trimming out selinux.
 3996: 	Bug #592
 3997: 	[8a94f2cfa0a0]
 3998: 
 3999: 2013-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 4000: 
 4001: 	* NEWS:
 4002: 	Update for Sudo 1.8.6p7
 4003: 	[0858a73e9c40]
 4004: 
 4005: 2013-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 4006: 
 4007: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 4008: 	Document when sudo may exec the command directly instead of forking.
 4009: 	[da41951edc28]
 4010: 
 4011: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4012: 	doc/sudo_plugin.mdoc.in:
 4013: 	Document that close and version be NULL for plugin API >= 1.3 and
 4014: 	that sudo may execute the command directly if there is no close, or
 4015: 	pty or timeout needed.
 4016: 	[e5f929ddeaf8]
 4017: 
 4018: 	* plugins/sudoers/auth/sudo_auth.c:
 4019: 	Fix debug_decl for sudo_auth_begin_session and
 4020: 	sudo_auth_end_session.
 4021: 	[58243392c0df]
 4022: 
 4023: 	* configure, configure.in, doc/sudoers.cat, doc/sudoers.man.in,
 4024: 	doc/sudoers.mdoc.in, plugins/sudoers/auth/pam.c,
 4025: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 4026: 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c:
 4027: 	Add pam_session sudoers option.
 4028: 	[d994465db9f1]
 4029: 
 4030: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/policy.c,
 4031: 	plugins/sudoers/sudoers.h:
 4032: 	Dummy out close function if there is no end_session for the auth
 4033: 	method and the front-end can handle a NULL close function. Avoids
 4034: 	the extra sudo process when we don't actually need it.
 4035: 	[74886d5b0fb6]
 4036: 
 4037: 2013-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 4038: 
 4039: 	* Makefile.in, aclocal.m4:
 4040: 	Add m4/ to paths m4_include parameters so we don't need to use
 4041: 	autoconf's -I flag.
 4042: 	[4fd86e7a84f3]
 4043: 
 4044: 	* src/exec.c, src/exec_common.c, src/exec_pty.c, src/sudo_exec.h,
 4045: 	src/sudo_plugin_int.h:
 4046: 	If the policy plugin does not provide a close function, there is no
 4047: 	command timeout and no pty is required, skip the event loop and just
 4048: 	exec the command directly.
 4049: 	[ad532f107170]
 4050: 
 4051: 	* src/sudo.c:
 4052: 	Do not crash if the plugin close and version functions are not
 4053: 	defined. If there is no policy close function, simply print a
 4054: 	warning that the command was not found.
 4055: 	[c789a9dd54e8]
 4056: 
 4057: 2013-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 4058: 
 4059: 	* plugins/sudoers/parse.c:
 4060: 	Fix typos in selinux/solaris privs specific code.
 4061: 	[9af3999361b4]
 4062: 
 4063: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4064: 	doc/sudo_plugin.mdoc.in, src/parse_args.c:
 4065: 	Pass the default plugin directory to the plugin via the settings
 4066: 	list. Could be used by a stacking plugin.
 4067: 	[688e771fc145]
 4068: 
 4069: 	* plugins/sudoers/timestamp.c:
 4070: 	Completely ignore time stamp file if it is set to the epoch,
 4071: 	regardless of what gettimeofday() returns.
 4072: 	[df58842af660]
 4073: 
 4074: 	* doc/CONTRIBUTORS:
 4075: 	Add Nikolai Kondrashov
 4076: 	[df59791438f9]
 4077: 
 4078: 	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
 4079: 	Use userpw_matches() for username matching so #uid works for
 4080: 	sudoRunAsUser.
 4081: 	[a124062334df]
 4082: 
 4083: 	* plugins/sudoers/sssd.c:
 4084: 	Avoid calling realloc3() with a zero size parameter when all
 4085: 	retrieved sssd rules fail. Otherwise we'll get a run-time error due
 4086: 	to malloc(0) checking.
 4087: 	[84dfcb73ebd7]
 4088: 
 4089: 	* plugins/sudoers/sssd.c:
 4090: 	Do not send error mail if a user is not found in SSSD. Local users
 4091: 	can run sudo too. From Nikolai Kondrashov
 4092: 	[3d2ae99ee468]
 4093: 
 4094: 2013-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 4095: 
 4096: 	* MANIFEST, common/regress/sudo_conf/test4.in,
 4097: 	common/regress/sudo_conf/test4.out.ok:
 4098: 	Test setting disable_coredump to illegal value.
 4099: 	[3c71c6c49027]
 4100: 
 4101: 	* common/sudo_conf.c:
 4102: 	Fix atobool() usage.
 4103: 	[d40c9f4d06b0]
 4104: 
 4105: 	* common/regress/sudo_conf/conf_test.c:
 4106: 	Remove unused variable.
 4107: 	[328b524b365b]
 4108: 
 4109: 	* plugins/sudoers/sudoers.c:
 4110: 	Make "sudo -l non_existent_command" warn that non_existent_command
 4111: 	doesn't exist, not the "list" pseudo-command.
 4112: 	[9dc0388fc4f3]
 4113: 
 4114: 	* plugins/sudoers/parse.c:
 4115: 	Make sudoers file long list output better match the format used by
 4116: 	ldap sudoers. Tags are now converted to options and there is a
 4117: 	single command per line.
 4118: 	[6e6dc3f20d84]
 4119: 
 4120: 	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
 4121: 	doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4122: 	Use the correct the sudoers policy symbol names and undo an editor
 4123: 	goof committed when adding max_groups to sudo.conf.
 4124: 	[2a6f7ddf5cc3]
 4125: 
 4126: 	* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
 4127: 	For "sudo -l" start a new line if the runas list changes to make the
 4128: 	output easier to read.
 4129: 	[7dc3d724c924]
 4130: 
 4131: 2013-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 4132: 
 4133: 	* plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c:
 4134: 	For "sudo -l" and "sudo -ll" only print the runas info for
 4135: 	subsequent commands in a list if the runas info has changed. If we
 4136: 	have new runas info, print out the tags again so as to be less
 4137: 	confusing to the user. For "sudo -ll" set the line continuation
 4138: 	indent to 8.
 4139: 	[b5ec02fe7fc1]
 4140: 
 4141: 2013-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 4142: 
 4143: 	* MANIFEST, Makefile.in, configure, configure.in, doc/sudoers.cat,
 4144: 	doc/sudoers.man.in, doc/sudoers.mdoc.in,
 4145: 	plugins/group_file/Makefile.in, plugins/group_file/getgrent.c,
 4146: 	plugins/group_file/group_file.c, plugins/group_file/group_file.exp,
 4147: 	plugins/group_file/plugin_test.c, plugins/sample_group/Makefile.in,
 4148: 	plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
 4149: 	plugins/sample_group/sample_group.c,
 4150: 	plugins/sample_group/sample_group.exp:
 4151: 	Rename sample_group plugin to group_file. Install group_file and
 4152: 	system_group plugins by default.
 4153: 	[951b3e446fae]
 4154: 
 4155: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 4156: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 4157: 	plugins/sudoers/def_data.in, plugins/sudoers/iolog.c,
 4158: 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 4159: 	plugins/sudoers/sudoers.h:
 4160: 	Add maxseq sudoers option to limit the max number of I/O log files.
 4161: 	[e1abb9810a83]
 4162: 
 4163: 2013-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 4164: 
 4165: 	* plugins/sudoers/iolog.c:
 4166: 	Log lines and columns in the iolog file.
 4167: 	[03adb6230e05]
 4168: 
 4169: 2013-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 4170: 
 4171: 	* MANIFEST, common/Makefile.in, common/regress/sudo_conf/conf_test.c,
 4172: 	common/regress/sudo_conf/test1.in,
 4173: 	common/regress/sudo_conf/test1.out.ok,
 4174: 	common/regress/sudo_conf/test2.in,
 4175: 	common/regress/sudo_conf/test2.out.ok,
 4176: 	common/regress/sudo_conf/test3.in,
 4177: 	common/regress/sudo_conf/test3.out.ok, common/sudo_conf.c,
 4178: 	include/sudo_conf.h, plugins/sudoers/sudoreplay.c,
 4179: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sesh.c,
 4180: 	src/sudo.c:
 4181: 	Add simple regress tests for sudo.conf parsing.
 4182: 	[3c36b61bf61c]
 4183: 
 4184: 	* src/sudo.c:
 4185: 	Always display the I/O plugin version as long as its open functions
 4186: 	doesn't return an error. Previously it was only displayed if the
 4187: 	plugin open returned 1.
 4188: 	[4b0277db3f8c]
 4189: 
 4190: 	* plugins/sudoers/pwutil_impl.c:
 4191: 	Use sysconf(_SC_LOGIN_NAME_MAX) to find max username length instead
 4192: 	of poking around in struct utmpx.
 4193: 	[2c0cc5c42958]
 4194: 
 4195: 	* plugins/sudoers/pwutil_impl.c, src/parse_args.c, src/sudo.c:
 4196: 	#include "sudo_usage.h" not <sudo_usage.h> so we get the one in the
 4197: 	build directory and not the src dir when using a separate build
 4198: 	directory.
 4199: 	[1fcb7ba13018]
 4200: 
 4201: 2013-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 4202: 
 4203: 	* common/fileops.c:
 4204: 	If a line was longer that 0x80000000 the bit hack to round to the
 4205: 	next power of two would roll over to zero.
 4206: 	[f4f729cf6f0f]
 4207: 
 4208: 	* plugins/sudoers/policy.c, plugins/sudoers/pwutil_impl.c,
 4209: 	plugins/sudoers/sudoers.h, src/sudo.c:
 4210: 	Use max_groups in front-end and plugin.
 4211: 	[bf1e74166831]
 4212: 
 4213: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4214: 	doc/sudo_plugin.mdoc.in, src/parse_args.c:
 4215: 	Pass max_groups to plugin in settings list.
 4216: 	[d7d76e8651f4]
 4217: 
 4218: 	* common/sudo_conf.c, doc/sudo.conf.cat, doc/sudo.conf.man.in,
 4219: 	doc/sudo.conf.mdoc.in, include/sudo_conf.h:
 4220: 	Add max_groups setting to sudo.conf (currently unused) and remove
 4221: 	unused return value from setters.
 4222: 	[f6494f71e1f0]
 4223: 
 4224: 2013-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 4225: 
 4226: 	* INSTALL:
 4227: 	Reorganize configure options
 4228: 	[23475de8039f]
 4229: 
 4230: 2013-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 4231: 
 4232: 	* NEWS:
 4233: 	Add Sudo 1.8.6p7
 4234: 	[5192fc511cbe]
 4235: 
 4236: 2013-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 4237: 
 4238: 	* INSTALL.configure:
 4239: 	Sync with autoconf 2.68
 4240: 	[985e5c8efa4e]
 4241: 
 4242: 	* INSTALL, README:
 4243: 	Remove obsolete OS notes and move build requirements to INSTALL.
 4244: 	[bf0dd53ca164]
 4245: 
 4246: 2013-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 4247: 
 4248: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4249: 	doc/sudo_plugin.mdoc.in:
 4250: 	Sort elements of the settings, user_info and command_info lists.
 4251: 	[663062ada5b7]
 4252: 
 4253: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 4254: 	Remove trailing white space
 4255: 	[027916a6c8e7]
 4256: 
 4257: 	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
 4258: 	plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
 4259: 	Store the session ID in the tty ticket file too. A tty may only be
 4260: 	in one session at a time so if the session ID doesn't match we
 4261: 	ignore the ticket.
 4262: 	[4eb2cb8df48b]
 4263: 
 4264: 2013-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 4265: 
 4266: 	* plugins/sudoers/sudoers.c, src/sudo.c:
 4267: 	Move tzset() call from sudoers plugin to sudo front end.
 4268: 	[3c058dad8772]
 4269: 
 4270: 	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
 4271: 	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 4272: 	doc/sudoers.ldap.mdoc.in:
 4273: 	Mention line continuation
 4274: 	[399873f8c805]
 4275: 
 4276: 	* MANIFEST, common/Makefile.in, common/fileops.c,
 4277: 	common/regress/sudo_parseln/parseln_test.c,
 4278: 	common/regress/sudo_parseln/test1.in,
 4279: 	common/regress/sudo_parseln/test1.out.ok,
 4280: 	common/regress/sudo_parseln/test2.in,
 4281: 	common/regress/sudo_parseln/test2.out.ok,
 4282: 	common/regress/sudo_parseln/test3.in,
 4283: 	common/regress/sudo_parseln/test3.out.ok,
 4284: 	common/regress/sudo_parseln/test4.in,
 4285: 	common/regress/sudo_parseln/test4.out.ok,
 4286: 	common/regress/sudo_parseln/test5.in,
 4287: 	common/regress/sudo_parseln/test5.out.ok,
 4288: 	common/regress/sudo_parseln/test6.in,
 4289: 	common/regress/sudo_parseln/test6.out.ok, common/sudo_conf.c,
 4290: 	include/fileops.h, plugins/sudoers/env.c, plugins/sudoers/ldap.c,
 4291: 	plugins/sudoers/sudo_nss.c:
 4292: 	Add line continuation support to sudo_parseln() and make it use
 4293: 	getline() instead of fgets() internally.
 4294: 	[d02bf3973fc5]
 4295: 
 4296: 2013-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 4297: 
 4298: 	* plugins/sample/sample_plugin.c:
 4299: 	Fix memory leak in error path; found by llvm checker
 4300: 	[d090c26a5b00]
 4301: 
 4302: 	* plugins/sudoers/sudoreplay.c:
 4303: 	Remove useless store detected by llvm checker.
 4304: 	[12a4db91651a]
 4305: 
 4306: 	* configure, configure.in, doc/UPGRADE, mkpkg, src/Makefile.in,
 4307: 	src/load_plugins.c, sudo.pp:
 4308: 	Sudo now stores its libexec files in a "sudo" subdirectory instead
 4309: 	of in libexec itself. For backwards compatibility, if the plugin is
 4310: 	not found in the default plugin directory, sudo will check the
 4311: 	parent directory default directory ends in "/sudo".
 4312: 	[5de67de76489]
 4313: 
 4314: 	* plugins/sample/sample_plugin.c, plugins/sample_group/sample_group.c,
 4315: 	plugins/system_group/system_group.c:
 4316: 	Add missing __dso_public to plugin structs so they are exported.
 4317: 	[dde703577621]
 4318: 
 4319: 	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
 4320: 	Mention that sudoers has its own plugins too.
 4321: 	[0a6c6203b512]
 4322: 
 4323: 2013-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 4324: 
 4325: 	* doc/visudo.cat, doc/visudo.man.in, doc/visudo.mdoc.in:
 4326: 	Correct last change date.
 4327: 	[45894291d792]
 4328: 
 4329: 	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
 4330: 	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
 4331: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4332: 	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
 4333: 	doc/sudoers.mdoc.in:
 4334: 	Remove duplicated sudo.conf info in the sudo, sudoers and
 4335: 	sudo_plugin manuals and cross-reference the new sudo.conf manual.
 4336: 	[b808ba29cf3a]
 4337: 
 4338: 	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in:
 4339: 	Fix typos
 4340: 	[0e70964150c6]
 4341: 
 4342: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 4343: 	doc/sudoers.ldap.mdoc.in:
 4344: 	Fix some typos.
 4345: 	[94ae045cfbc6]
 4346: 
 4347: 	* MANIFEST, doc/Makefile.in, doc/sudo.conf.cat, doc/sudo.conf.man.in,
 4348: 	doc/sudo.conf.mdoc.in:
 4349: 	Add standalone sudo.conf manual page.
 4350: 	[d64d949b700c]
 4351: 
 4352: 	* doc/sample.sudo.conf:
 4353: 	add group_source example
 4354: 	[118c1ba1c014]
 4355: 
 4356: 	* configure, configure.in, doc/sample.sudo.conf, doc/sudo.man.in,
 4357: 	doc/sudo.mdoc.in, doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
 4358: 	doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4359: 	Use PLUGINDIR in the manuals and fix a typo in the sample sudo.conf.
 4360: 	[f5bd6006dc1c]
 4361: 
 4362: 	* plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po, src/po/it.mo,
 4363: 	src/po/it.po:
 4364: 	Sync with translationproject.org
 4365: 	[a6f2b9aac371]
 4366: 
 4367: 2013-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 4368: 
 4369: 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 4370: 	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, src/po/fi.mo,
 4371: 	src/po/fi.po, src/po/gl.mo, src/po/gl.po, src/po/vi.mo,
 4372: 	src/po/vi.po:
 4373: 	Sync with translationproject.org
 4374: 	[ba546666969d]
 4375: 
 4376: 2013-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 4377: 
 4378: 	* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.mo,
 4379: 	plugins/sudoers/po/eo.po, src/po/da.po, src/po/eo.mo, src/po/eo.po,
 4380: 	src/po/es.po, src/po/gl.po:
 4381: 	Sync with translationproject.org
 4382: 	[cdc454e34c03]
 4383: 
 4384: 2013-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 4385: 
 4386: 	* NEWS:
 4387: 	Clarify ttyname changes.
 4388: 	[cbf2f80fe582]
 4389: 
 4390: 	* NEWS:
 4391: 	Add 1.8.6p6
 4392: 	[3aa591e98b3b]
 4393: 
 4394: 	* src/ttyname.c:
 4395: 	Remove ttyname() fall back code on systems where we can query the
 4396: 	kernel for the tty device via /proc or sysctl(). If there is no
 4397: 	controlling tty, it is better to just treat the tty as unknown
 4398: 	rather than to blindly use what is hooked up to std{in,out,err}.
 4399: 	[b2bd3005d2e4]
 4400: 
 4401: 2013-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 4402: 
 4403: 	* common/sudo_conf.c, include/sudo_conf.h, src/sudo.c:
 4404: 	Add group_source setting in sudo.conf to allow the admin to specify
 4405: 	how a user's groups are looked up. Legal values are static (just the
 4406: 	kernel list from getgroups), dynamic (whatever the group database
 4407: 	includes) and adaptive (only use group db if kernel group list is
 4408: 	full).
 4409: 	[87a5b02e22ad]
 4410: 
 4411: 	* plugins/sudoers/policy.c:
 4412: 	Pass back exec_background to front end if it is enabled in sudoers.
 4413: 	[8230e1cd0bbd]
 4414: 
 4415: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 4416: 	Mention that exec_background is for 1.8.7 and higher only.
 4417: 	[fdf0d5a3e182]
 4418: 
 4419: 2013-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 4420: 
 4421: 	* MANIFEST:
 4422: 	Add missing test files.
 4423: 	[1165389aa5e6]
 4424: 
 4425: 	* plugins/sudoers/regress/visudo/test3.err.ok,
 4426: 	plugins/sudoers/regress/visudo/test3.out.ok,
 4427: 	plugins/sudoers/regress/visudo/test3.sh:
 4428: 	Add regress test for bug 361
 4429: 	[54c7fb61b82d]
 4430: 
 4431: 	* plugins/sudoers/iolog.c:
 4432: 	Add __dso_public to extern declaration of declaration to match
 4433: 	actual definition.
 4434: 	[4695ded501e6]
 4435: 
 4436: 	* NEWS:
 4437: 	Add 1.8.6p5
 4438: 	[b07b28c5c4d7]
 4439: 
 4440: 2013-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 4441: 
 4442: 	* MANIFEST, plugins/sudoers/regress/visudo/test2.err.ok,
 4443: 	plugins/sudoers/regress/visudo/test2.out.ok,
 4444: 	plugins/sudoers/regress/visudo/test2.sh:
 4445: 	Add test for visudo cycle check core dump; test case from Daniel
 4446: 	Kopecek
 4447: 	[41074541147a]
 4448: 
 4449: 	* plugins/sudoers/visudo.c:
 4450: 	Fix potential stack overflow due to infinite recursion in alias
 4451: 	cycle detection. From Daniel Kopecek.
 4452: 	[d7e018a87434]
 4453: 
 4454: 	* common/sudo_conf.c, include/sudo_conf.h, src/load_plugins.c:
 4455: 	Ignore duplicate entries in sudo.conf and report the line number
 4456: 	when there is an error. Warn, don't abort if there is more than one
 4457: 	policy plugin.
 4458: 	[dfcb5a698f0a]
 4459: 
 4460: 	* plugins/sudoers/tsgetgrpw.c:
 4461: 	Use strtoul() not atoi().
 4462: 	[58a52cf9b6b8]
 4463: 
 4464: 2013-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 4465: 
 4466: 	* compat/Makefile.in:
 4467: 	regen depends for to add compat/nss_dbdefs.h for getgrouplist.lo
 4468: 	[9b44e9d26d16]
 4469: 
 4470: 	* compat/nss_dbdefs.h:
 4471: 	Fix typo that breaks the build on HP-UX.
 4472: 	[b9ab6ba23485]
 4473: 
 4474: 	* MANIFEST, compat/getgrouplist.c, compat/nss_dbdefs.h, config.h.in,
 4475: 	configure, configure.in:
 4476: 	Use nss_search() to implement getgrouplist() where available. Tested
 4477: 	on Solaris and HP-UX. We need to include a compatibility header for
 4478: 	HP-UX which uses the Solaris nsswitch implementation but doesn't
 4479: 	ship nss_dbdefs.h.
 4480: 	[d29dbc4dc06d]
 4481: 
 4482: 2013-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 4483: 
 4484: 	* src/exec.c, src/exec_pty.c, src/signal.c, src/sudo.h:
 4485: 	Remove extra flag to sudo_sigaction(). We want to trap the signal
 4486: 	regardless of whether or not it is ignored by the underlying command
 4487: 	since there's no way to know what signal handlers the command will
 4488: 	install. Now we just use sudo_sigaction() to set a flag in
 4489: 	saved_signals[] to indicate whether a signal needs to be restored
 4490: 	before exec.
 4491: 	[c042d52c7192]
 4492: 
 4493: 2013-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 4494: 
 4495: 	* compat/getgrouplist.c, config.h.in, configure, configure.in:
 4496: 	Use _getgroupsbymember() on Solaris to get the groups list. Fixes
 4497: 	performance problems with the getgroupslist() compat on Solaris
 4498: 	systems with network-based group databases.
 4499: 	[287d3ae2ce8d]
 4500: 
 4501: 2013-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 4502: 
 4503: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4504: 	doc/sudo_plugin.mdoc.in:
 4505: 	Document signal handler behavior in plugin API 1.3
 4506: 	[20dc9d1c105f]
 4507: 
 4508: 	* MANIFEST, include/sudo_plugin.h, src/Makefile.in, src/exec.c,
 4509: 	src/exec_pty.c, src/signal.c, src/sudo.c, src/sudo.h:
 4510: 	Move signal code into its own source file and add sudo_sigaction()
 4511: 	wrapper that has an extra flag to check the saved_signals list to
 4512: 	only install the handler if the signal is not already ignored. Bump
 4513: 	plugin API version for the new front-end signal behavior.
 4514: 	[5d2f27a1b404]
 4515: 
 4516: 	* plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c, src/sudo.h,
 4517: 	src/sudo_exec.h:
 4518: 	Catch SIGINT, SIGQUIT and SIGTSTP in the front end before we execute
 4519: 	the command. If we get SIGINT or SIGQUIT, call the plugin close()
 4520: 	functions as if the command was interrupted. If we get SIGTSTP,
 4521: 	uninstall the handler and deliver SIGTSTP to ourselves.
 4522: 	[332baf3a81b7]
 4523: 
 4524: 	* src/exec.c, src/exec_pty.c:
 4525: 	Rename handle_signals() to dispatch_signals(). Block other signals
 4526: 	in handler() so we don't have to worry about the write() being
 4527: 	interrupted.
 4528: 	[666e95c9a0f1]
 4529: 
 4530: 2013-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 4531: 
 4532: 	* src/tgetpass.c:
 4533: 	Rename signal handler to avoid name clash with one in exec.c
 4534: 	[8913101a29b6]
 4535: 
 4536: 2013-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 4537: 
 4538: 	* src/sudo.c:
 4539: 	Add missing call to save_signals().
 4540: 	[47d075d7326b]
 4541: 
 4542: 2013-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 4543: 
 4544: 	* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 4545: 	Fill in the comment block at the top of the .pot files and preserve
 4546: 	it when regenerating them.
 4547: 	[6449497b76db]
 4548: 
 4549: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4550: 	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.man.in,
 4551: 	doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
 4552: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 4553: 	plugins/sudoers/sudoers.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
 4554: 	Add exec_background option in plugin command info and a sudoers
 4555: 	option to match. When set, commands are started in the background
 4556: 	and automatically foregrounded as needed. There are issues with some
 4557: 	ill-mannered programs (like Linux su) so this is not the default.
 4558: 	[c0b32b0938f2]
 4559: 
 4560: 	* common/Makefile.in:
 4561: 	regen
 4562: 	[2b2b220e7aea]
 4563: 
 4564: 	* src/Makefile.in:
 4565: 	Add SESH_OBJS variable for sesh object files.
 4566: 	[d3e04ae8fd1f]
 4567: 
 4568: 	* configure.in, doc/LICENSE, plugins/sudoers/redblack.c:
 4569: 	Update copyright year.
 4570: 	[61a0f0cedb13]
 4571: 
 4572: 	* src/exec_pty.c:
 4573: 	Always resume the command in the foreground if sudo itself is the
 4574: 	foreground process. This helps work around poorly behaved programs
 4575: 	that catch SIGTTOU/SIGTTIN but suspend themselves with SIGSTOP. At
 4576: 	worst, sudo will go into the background but upon resume the command
 4577: 	will be runnable. Otherwise, we can get into a situation where the
 4578: 	command will immediately suspend itself.
 4579: 	[c368ac3eb2e4]
 4580: 
 4581: 	* configure, configure.in:
 4582: 	Use -fstack-protector-all in preference to -fstack-protector where
 4583: 	supported.
 4584: 	[f930c95ceb51]
 4585: 
 4586: 2013-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 4587: 
 4588: 	* configure, configure.in:
 4589: 	Only test for -fstack-protector and -fvisibility=hidden on GNU
 4590: 	compatible compilers.
 4591: 	[796f4696d863]
 4592: 
 4593: 2013-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 4594: 
 4595: 	* NEWS:
 4596: 	Add Sudo 1.8.6p4
 4597: 	[8a928de8e717]
 4598: 
 4599: 	* common/Makefile.in, compat/Makefile.in, configure, configure.in,
 4600: 	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
 4601: 	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
 4602: 	src/Makefile.in:
 4603: 	Break out stack smashing protector options into SSP_CFLAGS and
 4604: 	SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
 4605: 	[01be114fc9fb]
 4606: 
 4607: 2013-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 4608: 
 4609: 	* doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
 4610: 	In rbrepair(), make sure we never try to change the color of the
 4611: 	sentinel node, which is the first entry, not the root. From Michael
 4612: 	King
 4613: 	[3fc4dc4004ec]
 4614: 
 4615: 2012-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 4616: 
 4617: 	* src/exec_pty.c:
 4618: 	No need to restore default signal handler for SIGSTOP as it is not
 4619: 	catchable. Attempting to do so is harmless but sigaction() will fail
 4620: 	and set errno to EINVAL which makes it looks like there is an error.
 4621: 	[be7c0b759e9a]
 4622: 
 4623: 	* src/exec.c:
 4624: 	Print SIGCONT_FG and SIGCONT_BG properly in debug output.
 4625: 	[93e59e301c8f]
 4626: 
 4627: 2012-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 4628: 
 4629: 	* configure, configure.in:
 4630: 	Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
 4631: 	[9ed48f696595]
 4632: 
 4633: 2012-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 4634: 
 4635: 	* include/missing.h:
 4636: 	Add howmany() macro since some systems have this in sys/param.h
 4637: 	which we no longer include.
 4638: 	[2c5efaa16c45]
 4639: 
 4640: 2012-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 4641: 
 4642: 	* plugins/sudoers/regress/sudoers/test11.toke.out.ok:
 4643: 	Remove errant file.
 4644: 	[a91699beffc6]
 4645: 
 4646: 2012-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 4647: 
 4648: 	* plugins/sudoers/regress/check_symbols/check_symbols.c,
 4649: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 4650: 	plugins/sudoers/regress/logging/check_wrap.c,
 4651: 	plugins/sudoers/regress/parser/check_addr.c,
 4652: 	plugins/sudoers/regress/parser/check_fill.c:
 4653: 	Remove obsolete sudoers_cleanup() stubs.
 4654: 	[89153025a2ae]
 4655: 
 4656: 	* common/alloc.c, common/atobool.c, common/fileops.c,
 4657: 	common/fmt_string.c, common/lbuf.c, common/secure_path.c,
 4658: 	common/sudo_conf.c, common/sudo_debug.c, common/term.c,
 4659: 	compat/closefrom.c, compat/getcwd.c, compat/glob.c,
 4660: 	compat/snprintf.c, include/missing.h,
 4661: 	plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
 4662: 	plugins/sample_group/plugin_test.c,
 4663: 	plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
 4664: 	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
 4665: 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
 4666: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
 4667: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
 4668: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
 4669: 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
 4670: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
 4671: 	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
 4672: 	plugins/sudoers/env.c, plugins/sudoers/find_path.c,
 4673: 	plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
 4674: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 4675: 	plugins/sudoers/group_plugin.c, plugins/sudoers/interfaces.c,
 4676: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
 4677: 	plugins/sudoers/logging.c, plugins/sudoers/match.c,
 4678: 	plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
 4679: 	plugins/sudoers/policy.c, plugins/sudoers/prompt.c,
 4680: 	plugins/sudoers/pwutil.c, plugins/sudoers/pwutil_impl.c,
 4681: 	plugins/sudoers/redblack.c,
 4682: 	plugins/sudoers/regress/parser/check_addr.c,
 4683: 	plugins/sudoers/set_perms.c, plugins/sudoers/sssd.c,
 4684: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
 4685: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
 4686: 	plugins/sudoers/timestamp.c, plugins/sudoers/toke.c,
 4687: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 4688: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
 4689: 	plugins/system_group/system_group.c, src/conversation.c, src/exec.c,
 4690: 	src/exec_common.c, src/exec_pty.c, src/get_pty.c,
 4691: 	src/load_plugins.c, src/net_ifs.c, src/parse_args.c, src/sudo.c,
 4692: 	src/sudo_edit.c, src/tgetpass.c, src/ttyname.c, src/utmp.c:
 4693: 	Don't include <sys/param.h>. We only needed it for MAXPATHLEN,
 4694: 	MAXHOSTNAMELEN and the MIN/MAX macros. We now use PATH_MAX and
 4695: 	HOST_NAME_MAX throughout without falling back on MAXPATHLEN or
 4696: 	MAXHOSTNAMELEN and define our own MIN/MAX macros as needed.
 4697: 	[f4807d46f504]
 4698: 
 4699: 	* include/missing.h, plugins/sudoers/match.c,
 4700: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
 4701: 	Use MAX_HOST_NAME+1 (limits.h) instead of MAXHOSTNAMELEN
 4702: 	(sys/param.h or netdb.h).
 4703: 	[2544f5e306dd]
 4704: 
 4705: 2012-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 4706: 
 4707: 	* plugins/sudoers/logging.c:
 4708: 	Move debug_decl() in log_failure() to be after the variable
 4709: 	declarations for C89.
 4710: 	[f48d2035ab44]
 4711: 
 4712: 2012-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 4713: 
 4714: 	* common/error.c, include/error.h, plugins/sudoers/iolog.c,
 4715: 	plugins/sudoers/logging.c, plugins/sudoers/policy.c,
 4716: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 4717: 	Cannot wrap sigsetjmp() or we end up returning to the wrong place.
 4718: 	Use a macro instead.
 4719: 	[749ee6acdad8]
 4720: 
 4721: 2012-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 4722: 
 4723: 	* plugins/sudoers/policy.c:
 4724: 	Fix return in sudoers_policy_open that should be debug_return.
 4725: 	[a78b795b6846]
 4726: 
 4727: 2012-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 4728: 
 4729: 	* src/ttyname.c:
 4730: 	Define sudo_ttyname_dev() for the HAVE_STRUCT_PSINFO_PR_TTYDEV case
 4731: 	too.
 4732: 	[acfa891c229e]
 4733: 
 4734: 	* src/solaris.c:
 4735: 	Quiet a gcc warning and add comment about needing to keep the handle
 4736: 	open.
 4737: 	[f954f228960f]
 4738: 
 4739: 2012-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 4740: 
 4741: 	* INSTALL:
 4742: 	mention --disable-shared
 4743: 	[6954d39e2d0f]
 4744: 
 4745: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4746: 	doc/sudo_plugin.mdoc.in:
 4747: 	Add missing command_info argument in I/O plugin open() prototype.
 4748: 	Bug #579
 4749: 	[72beb07aba0e]
 4750: 
 4751: 2012-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 4752: 
 4753: 	* plugins/sudoers/gram.c:
 4754: 	Regen for proper line numbers.
 4755: 	[6cf6e132e764]
 4756: 
 4757: 	* configure, configure.in:
 4758: 	Add locale_stub.o to SUDO_OBJS, not locale_stub.lo.
 4759: 	[d604dc8ca38a]
 4760: 
 4761: 	* common/sudo_printf.c:
 4762: 	Include missing.h for __printflike.
 4763: 	[a33640600faf]
 4764: 
 4765: 	* plugins/sudoers/iolog.c:
 4766: 	Saner loop invariant in io_mkdirs (cosmetic only).
 4767: 	[dc30274afe38]
 4768: 
 4769: 	* MANIFEST, common/Makefile.in, common/error.c, common/sudo_printf.c,
 4770: 	configure, configure.in, include/error.h, mkdep.pl,
 4771: 	plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
 4772: 	plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
 4773: 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 4774: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
 4775: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 4776: 	src/Makefile.in, src/error.c, src/exec_pty.c, src/locale_stub.c,
 4777: 	src/sesh.c:
 4778: 	Move warn/error into common and make static builds work.
 4779: 	[4d3f374f4e4c]
 4780: 
 4781: 	* MANIFEST, common/Makefile.in, common/sudo_debug.c,
 4782: 	common/sudo_printf.c, include/error.h, plugins/sudoers/Makefile.in,
 4783: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 4784: 	plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
 4785: 	plugins/sudoers/policy.c,
 4786: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 4787: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 4788: 	plugins/sudoers/regress/logging/check_wrap.c,
 4789: 	plugins/sudoers/regress/parser/check_addr.c,
 4790: 	plugins/sudoers/regress/parser/check_fill.c,
 4791: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 4792: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 4793: 	src/Makefile.in, src/conversation.c, src/sesh.c:
 4794: 	Move _sudo_printf from src/conversation.c to common/sudo_printf.c.
 4795: 	Add sudo_printf function pointer that is initialized to
 4796: 	_sudo_printf() instead of requiring a sudo_conv function pointer
 4797: 	everywhere. The plugin will reset sudo_printf to point to the
 4798: 	version passed in via the plugin open function. Now plugin_error.c
 4799: 	can just call sudo_printf in all cases. The sudoers binaries no
 4800: 	longer need their own version of sudo_printf.
 4801: 	[9b09d3f63790]
 4802: 
 4803: 	* plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
 4804: 	plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
 4805: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 4806: 	Add plugin_setjmp() wrapper for siglongjmp(error_jmp, 1) so we don't
 4807: 	need error_jmp to be extern. Also add plugin_clearjmp() that clears
 4808: 	a flag so error()/errorx() knows when to call exit() vs. longjmp().
 4809: 	[5a4617148e70]
 4810: 
 4811: 	* plugins/sudoers/set_perms.c:
 4812: 	Let warning() call gettext() for us.
 4813: 	[ab8d502ba4ac]
 4814: 
 4815: 	* include/error.h, plugins/sudoers/plugin_error.c, src/error.c:
 4816: 	Do locale swapping in the warning()/error() macros themselves
 4817: 	instead of in the underlying functions.
 4818: 	[4cd205540e17]
 4819: 
 4820: 	* common/alloc.c, common/list.c, include/error.h,
 4821: 	plugins/sudoers/env.c, plugins/sudoers/plugin_error.c,
 4822: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 4823: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
 4824: 	src/hooks.c:
 4825: 	Rename warning2()/error2() -> warning_nodebug()/error_nodebug().
 4826: 	[48346393634d]
 4827: 
 4828: 	* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
 4829: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
 4830: 	plugins/sudoers/defaults.c, plugins/sudoers/group_plugin.c,
 4831: 	plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
 4832: 	plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
 4833: 	plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
 4834: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 4835: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 4836: 	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c, src/error.c,
 4837: 	src/exec.c, src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
 4838: 	src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
 4839: 	src/solaris.c, src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
 4840: 	Call gettext() on parameters for warning()/warningx() instead of
 4841: 	having warning() do it for us.
 4842: 	[c71088bc9d3e]
 4843: 
 4844: 	* Makefile.in, plugins/sudoers/alias.c, plugins/sudoers/gram.c,
 4845: 	plugins/sudoers/gram.y, plugins/sudoers/toke.c,
 4846: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c:
 4847: 	Call gettext() in sudoerserror() in the user's locale and pass the
 4848: 	untranslated string to it.
 4849: 	[cdbfc231b848]
 4850: 
 4851: 	* plugins/sudoers/Makefile.in, plugins/sudoers/locale.c,
 4852: 	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c,
 4853: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
 4854: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
 4855: 	Allow sudoers programs (visudo, sudoreplay, visudo) to use
 4856: 	plugin_error.c instead of the error.c from the front-end. This means
 4857: 	sudoers_setlocale() needs to be independent of the sudo_user struct
 4858: 	and the defaults table. The sudoers locale is now updated via a
 4859: 	callback.
 4860: 	[e356f5f8cd6a]
 4861: 
 4862: 	* plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
 4863: 	plugins/sudoers/plugin_error.c, plugins/sudoers/policy.c,
 4864: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 4865: 	Include setjmp.h in sudoers.h Move error_jmp into plugin_error.c
 4866: 	Rename sudoers_plugin_cleanup sudoers_cleanup Make sudoers
 4867: 	warning/error functions work when sudo_conv is NULL
 4868: 	[7365ee24a779]
 4869: 
 4870: 	* src/error.c:
 4871: 	No need to change locale in front-end warning()/error().
 4872: 	[23dc1df7f93b]
 4873: 
 4874: 	* plugins/sudoers/tsgetgrpw.c:
 4875: 	Ignore bad lines in passwd/group file instead if stopping processing
 4876: 	when we hit one.
 4877: 	[79b790559075]
 4878: 
 4879: 	* plugins/sudoers/regress/testsudoers/test2.sh,
 4880: 	plugins/sudoers/regress/testsudoers/test3.sh,
 4881: 	plugins/sudoers/regress/testsudoers/test5.sh:
 4882: 	Bash doesn't let you set UID to use MYUID instead.
 4883: 	[5be56335f059]
 4884: 
 4885: 	* plugins/sudoers/visudo.c:
 4886: 	Avoid NULL deref for unknown Defaults in strict mode.
 4887: 	[545c21c1e7d6]
 4888: 
 4889: 	* common/sudo_conf.c, common/sudo_debug.c:
 4890: 	See DEFAULT_TEXT_DOMAIN
 4891: 	[3d723e1d27db]
 4892: 
 4893: 2012-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 4894: 
 4895: 	* .hgignore:
 4896: 	Add signame.c and mksigname.
 4897: 	[d59bbf423f00]
 4898: 
 4899: 	* plugins/sudoers/Makefile.in:
 4900: 	Fold preinstall into install-plugin and pass the path to the plugin
 4901: 	binary to the preinstall command.
 4902: 	[2c2205af8bb7]
 4903: 
 4904: 	* pp:
 4905: 	sync with upstream
 4906: 	[a4b7336b3256]
 4907: 
 4908: 	* src/sudo.h:
 4909: 	repair spacing
 4910: 	[f5c1255ce514]
 4911: 
 4912: 2012-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 4913: 
 4914: 	* common/sudo_debug.c:
 4915: 	Set group on sudo_debug when creating it to gid 0 so systems without
 4916: 	BSD group semantics don't get the invoking user's group.
 4917: 	[7dda01196554]
 4918: 
 4919: 	* plugins/sudoers/iolog.c:
 4920: 	Rename mkdir_parents() io_mkdirs() and add a flag to specify whether
 4921: 	path is a temporary, in which case the final component is created
 4922: 	via mkdtemp() instead of mkdir().
 4923: 	[79c0c4e7ed58]
 4924: 
 4925: 	* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h:
 4926: 	For PERM_ROOT set egid to 0 so log files are not created with the
 4927: 	gid of the user.
 4928: 	[5b964ea43474]
 4929: 
 4930: 	* plugins/sudoers/logging.c:
 4931: 	Add calls to set_perms(PERM_ROOT) becore logging to a file. We
 4932: 	should already be root but since we cache the current permission
 4933: 	status it is basically free. That way, if more of sudoers runs as
 4934: 	non-root in the future logging will still work correctly.
 4935: 	[c591d4973f41]
 4936: 
 4937: 	* common/sudo_conf.c, config.h.in, configure, configure.in,
 4938: 	include/gettext.h, plugins/sudoers/locale.c,
 4939: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 4940: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 4941: 	src/error.c, src/exec.c, src/sesh.c, src/sudo.c:
 4942: 	#unifdef HAVE_SETLOCALE, it is C89 so no need to check for it.
 4943: 	[41f6bb4926f4]
 4944: 
 4945: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
 4946: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 4947: 	doc/sudo_plugin.mdoc.in:
 4948: 	Mention that sudo.conf is parsed in the C locale.
 4949: 	[f711c416e30c]
 4950: 
 4951: 	* common/sudo_conf.c:
 4952: 	Parse sudo.conf in the "C" locale.
 4953: 	[776658f651ea]
 4954: 
 4955: 	* plugins/sudoers/locale.c, plugins/sudoers/logging.h,
 4956: 	plugins/sudoers/sudoers.h:
 4957: 	Fix compilation on systems w/o setlocale()
 4958: 	[6940d1c1c1ce]
 4959: 
 4960: 	* doc/TROUBLESHOOTING:
 4961: 	Sudo now includes a workaround for the Solaris 11 locale issue.
 4962: 	[ab93787a552c]
 4963: 
 4964: 2012-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 4965: 
 4966: 	* include/gettext.h, plugins/sudoers/iolog_path.c,
 4967: 	plugins/sudoers/locale.c,
 4968: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 4969: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 4970: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 4971: 	src/error.c, src/exec.c, src/sesh.c, src/sudo.c, src/sudo.h:
 4972: 	Always include locale.h from gettext.h so we no longer need to
 4973: 	include locale.h from the .c files.
 4974: 	[93d39182ccfa]
 4975: 
 4976: 	* MANIFEST, config.h.in, configure, configure.in, mkdep.pl,
 4977: 	plugins/sudoers/Makefile.in, src/Makefile.in, src/openbsd.c,
 4978: 	src/solaris.c, src/sudo.c, src/sudo.h:
 4979: 	Add os-specific initialization functions for solaris (workaround
 4980: 	setuid locale problem in Solaris 11) and openbsd (set malloc_options
 4981: 	if SUDO_DEVEL). Also move set_project() to solaris.c.
 4982: 	[1d6581afbaf4]
 4983: 
 4984: 2012-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 4985: 
 4986: 	* plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
 4987: 	plugins/sudoers/iolog.c, plugins/sudoers/policy.c,
 4988: 	plugins/sudoers/sudoers.c, plugins/sudoers/timestamp.c:
 4989: 	Avoid strerror() when possible and just rely on warning/error to
 4990: 	handle errno in the proper locale.
 4991: 	[bf612caae97c]
 4992: 
 4993: 	* plugins/sudoers/logging.c:
 4994: 	Set sudoers locale in log_allowed()
 4995: 	[2dd0ac704cae]
 4996: 
 4997: 	* plugins/sudoers/check.c:
 4998: 	Make the sudo lecture translatable.
 4999: 	[3cdfc183d72d]
 5000: 
 5001: 	* Makefile.in:
 5002: 	Add the values of badpass_message, passprompt and mailsub to
 5003: 	sudoers.pot so they can be translated.
 5004: 	[51cbe8adcb94]
 5005: 
 5006: 	* plugins/sudoers/logging.c:
 5007: 	Expand the FMT_FIRST anf FMT_CONTD macros inline so they get picked
 5008: 	up by xgettext.
 5009: 	[c5b74115caf0]
 5010: 
 5011: 2012-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 5012: 
 5013: 	* plugins/sudoers/check.c, plugins/sudoers/prompt.c,
 5014: 	plugins/sudoers/sudoers.h:
 5015: 	Make expand_prompt() args const and free the prompt when we are done
 5016: 	with it.
 5017: 	[995ef8519fe6]
 5018: 
 5019: 	* plugins/sudoers/policy.c:
 5020: 	Fix cut and pasto
 5021: 	[e002921c1d15]
 5022: 
 5023: 	* plugins/sudoers/defaults.c, plugins/sudoers/logging.c:
 5024: 	Expand def_mailsub in the sudoers locale, not the user's.
 5025: 	[a4775f2fb385]
 5026: 
 5027: 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
 5028: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
 5029: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
 5030: 	plugins/sudoers/env.c, plugins/sudoers/iolog.c,
 5031: 	plugins/sudoers/locale.c, plugins/sudoers/logging.c,
 5032: 	plugins/sudoers/logging.h, plugins/sudoers/parse.c,
 5033: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
 5034: 	plugins/sudoers/timestamp.c:
 5035: 	Call gettext inside log_error et al instead of having the caller do
 5036: 	it. This way we can display any messages to the user in their own
 5037: 	locale but log in the sudoers local.
 5038: 	[286e0444f785]
 5039: 
 5040: 	* common/sudo_conf.c, plugins/sudoers/auth/fwtk.c,
 5041: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/securid5.c,
 5042: 	plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
 5043: 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
 5044: 	plugins/sudoers/ldap.c, plugins/sudoers/linux_audit.c,
 5045: 	plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
 5046: 	plugins/sudoers/policy.c, plugins/sudoers/sssd.c,
 5047: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 5048: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 5049: 	plugins/sudoers/visudo.c, src/error.c, src/exec.c,
 5050: 	src/exec_common.c, src/exec_pty.c, src/load_plugins.c,
 5051: 	src/net_ifs.c, src/parse_args.c, src/selinux.c, src/sesh.c,
 5052: 	src/sudo.c, src/sudo_edit.c, src/tgetpass.c:
 5053: 	Display warning/error messages in the user's locale.
 5054: 	[00a04165c0cf]
 5055: 
 5056: 	* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c,
 5057: 	plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
 5058: 	audit_failure() now calls gettext itself using the sudoers locale.
 5059: 	[d77f1d78799a]
 5060: 
 5061: 	* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
 5062: 	plugins/sudoers/sudoers.c:
 5063: 	Convert setlocale() to sudoers_setlocale() in the sudoers module.
 5064: 	This only converts existing uses, there are more places where we
 5065: 	need to sprinkle sudoers_setlocale() calls.
 5066: 	[8ee0cbf0d0a9]
 5067: 
 5068: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
 5069: 	plugins/sudoers/locale.c, plugins/sudoers/logging.h,
 5070: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 5071: 	Add simple locale switching to make it easy to switch from the
 5072: 	user's locale to the sudoers locale without making excessive
 5073: 	setlocale() calls when we don't need to.
 5074: 	[5c61582fdeee]
 5075: 
 5076: 	* common/sudo_debug.c, include/error.h, include/sudo_debug.h,
 5077: 	plugins/sudoers/plugin_error.c, src/error.c:
 5078: 	Add variants of warn/error and sudo_debug_printf that take a va_list
 5079: 	instead of a variable number of args.
 5080: 	[00392bdc063c]
 5081: 
 5082: 	* INSTALL, doc/TROUBLESHOOTING:
 5083: 	Document Solaris 11 locale issues and workarounds.
 5084: 	[05f7d34af3ae]
 5085: 
 5086: 	* Makefile.in, configure, configure.in:
 5087: 	Solaris gettext() looks in lang.UTF-8, not just lang for UTF-8
 5088: 	locales. Make links from localdir/lang -> localdir/lang.UTF-8
 5089: 	[5ca9326480e2]
 5090: 
 5091: 2012-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 5092: 
 5093: 	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
 5094: 	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
 5095: 	Do not inform the user that the command was not permitted by the
 5096: 	policy if they do not successfully authenticate. This is a
 5097: 	regression introduced in sudo 1.8.6.
 5098: 	[c1279df08bfb]
 5099: 
 5100: 	* plugins/sudoers/Makefile.in:
 5101: 	Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
 5102: 	the rpath in HP-UX SOM shared libraries for the LDAP libs.
 5103: 	[b07185657b42]
 5104: 
 5105: 	* src/parse_args.c:
 5106: 	The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
 5107: 	[22c73cbe3ff9]
 5108: 
 5109: 2012-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 5110: 
 5111: 	* INSTALL, configure, configure.in:
 5112: 	Allow the user to specify and alternate libtool
 5113: 	[c9d6fc9521fd]
 5114: 
 5115: 2012-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 5116: 
 5117: 	* doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
 5118: 	Allow sudo to be build with sss support without also including ldap
 5119: 	support. From Stephane Graber.
 5120: 	[b992a80ebea1]
 5121: 
 5122: 2012-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 5123: 
 5124: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/iolog_path.c,
 5125: 	plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
 5126: 	plugins/sudoers/policy.c, plugins/sudoers/sudoers.c,
 5127: 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
 5128: 	plugins/sudoers/visudo.c:
 5129: 	Refactor policy plugin interface code from sudoers.c into policy.c
 5130: 	[393e62910b8a]
 5131: 
 5132: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
 5133: 	Refactor command_info setting into its own function.
 5134: 	[a952b948324c]
 5135: 
 5136: 	* plugins/sudoers/interfaces.c, plugins/sudoers/interfaces.h,
 5137: 	plugins/sudoers/match_addr.c, plugins/sudoers/sudoers.c,
 5138: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
 5139: 	Make interfaces pointer private to interfaces.c and add
 5140: 	get_interfaces() accessor.
 5141: 	[b69b9334ed3c]
 5142: 
 5143: 2012-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 5144: 
 5145: 	* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
 5146: 	plugins/sudoers/sudoers.h:
 5147: 	Make user_cwd const since it is either a string literal or passed in
 5148: 	from the front-end.
 5149: 	[90751b81e8bc]
 5150: 
 5151: 	* configure, configure.in:
 5152: 	sudo 1.8.7
 5153: 	[bf727adb8af0]
 5154: 
 5155: 	* plugins/sudoers/sudoers.c:
 5156: 	Avoid nested strtok() calls.
 5157: 	[9d9f22ab52a9]
 5158: 
 5159: 2012-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 5160: 
 5161: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
 5162: 	plugins/sudoers/prompt.c, plugins/sudoers/sudoers.h:
 5163: 	Move expand_prompt() into its own source file for easier unit
 5164: 	testing.
 5165: 	[b419b48a436f]
 5166: 
 5167: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
 5168: 	plugins/sudoers/check.h, plugins/sudoers/sudoers.h,
 5169: 	plugins/sudoers/timestamp.c, plugins/sudoers/timestamp.h:
 5170: 	Make check.c independent of the underlying timestamp implementation.
 5171: 	[895071bd6065]
 5172: 
 5173: 	* plugins/sudoers/iolog_path.c:
 5174: 	Add SUDOERS_NO_SEQ define to allow ${seq} to be disabled.
 5175: 	[8ac38f02dd6d]
 5176: 
 5177: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5178: 	Use a list for the possible values of Tag_Spec with a minimal indent
 5179: 	to improve readability. In the pod version, these were =head3. Also
 5180: 	use .St -p1003.1 instead of just POSIX when talking about glob() and
 5181: 	fnmatch().
 5182: 	[361a6f7a5c44]
 5183: 
 5184: 2012-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 5185: 
 5186: 	* src/ttyname.c:
 5187: 	sudo_ttyname_dev() is unused if there is no /proc or sysctl().
 5188: 	[6598dbf81e16]
 5189: 
 5190: 	* compat/mksiglist.c, compat/mksigname.c,
 5191: 	compat/regress/fnmatch/fnm_test.c, compat/regress/glob/globtest.c,
 5192: 	plugins/sample_group/plugin_test.c,
 5193: 	plugins/sudoers/regress/check_symbols/check_symbols.c,
 5194: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 5195: 	plugins/sudoers/regress/logging/check_wrap.c,
 5196: 	plugins/sudoers/regress/parser/check_addr.c,
 5197: 	plugins/sudoers/regress/parser/check_fill.c,
 5198: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
 5199: 	plugins/sudoers/visudo.c, src/sesh.c, src/sudo.c:
 5200: 	Explicitly mark main() as public in executables to avoid an HP-UX ld
 5201: 	warning.
 5202: 	[72a40ce218be]
 5203: 
 5204: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
 5205: 	Remove grep from SEE ALSO section.
 5206: 	[c7cafee1621f]
 5207: 
 5208: 	* common/alloc.c:
 5209: 	If vasprintf() fails, just use the errno it sets instead of assuming
 5210: 	ENOMEM.
 5211: 	[1be5bfdc0cab]
 5212: 
 5213: 2012-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 5214: 
 5215: 	* doc/TROUBLESHOOTING:
 5216: 	Mention HP-UX pam.conf settings.
 5217: 	[8b8e745b49fd]
 5218: 
 5219: 2012-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 5220: 
 5221: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/check.c,
 5222: 	plugins/sudoers/defaults.c, plugins/sudoers/timestamp.c,
 5223: 	plugins/sudoers/timestamp.h:
 5224: 	Split off timestamp functions into their own source file.
 5225: 	[d5833332511d]
 5226: 
 5227: 2012-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 5228: 
 5229: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5230: 	Mention how !foo is not the same as ALL,!foo
 5231: 	[51f8e470757d]
 5232: 
 5233: 2012-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 5234: 
 5235: 	* src/exec_pty.c:
 5236: 	Start commands in the background when I/O logging is enabled. We
 5237: 	can't do this on Mac OS X due to a kernel bug in tc[gs]etattr(2)
 5238: 	which returns EINTR on signal instead of restarting automatically.
 5239: 	[83b1d59146f7]
 5240: 
 5241: 	* src/exec_pty.c:
 5242: 	Handle SIGCONT_FG and SIGCONT_BG when converting signal number to
 5243: 	string in deliver_signal().
 5244: 	[2cefea7a976e]
 5245: 
 5246: 2012-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 5247: 
 5248: 	* src/exec_pty.c:
 5249: 	Fix running commands that need the terminal in the background when
 5250: 	I/O logging is enabled. E.g. "sudo vi &". When the command is
 5251: 	foregrounded, it will now resume properly.
 5252: 	[0bc13a253429]
 5253: 
 5254: 	* plugins/sudoers/match.c:
 5255: 	Add rudimentary support for name-based matching as a compile-time
 5256: 	option. This unsafe when used in conjunction with the '!' operator.
 5257: 	[f93bc8e6db15]
 5258: 
 5259: 2012-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 5260: 
 5261: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/pwutil.c,
 5262: 	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c:
 5263: 	Split out implementation-specific back end code out of pwutil.c into
 5264: 	pwutil_impl.c. This will allow the main pwutil code to be used for
 5265: 	lookup methods other than getpw* and getgr*.
 5266: 	[999c2dde60e4]
 5267: 
 5268: 2012-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 5269: 
 5270: 	* NEWS, configure, configure.in:
 5271: 	sudo 1.8.6p3
 5272: 	[97fef3d9ed65]
 5273: 
 5274: 2012-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 5275: 
 5276: 	* doc/fixman.sh:
 5277: 	Don't use embedded newline when matching, use \n. This got expanded
 5278: 	at some point. Bug #573
 5279: 	[6652f834b8f5]
 5280: 
 5281: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 5282: 	Rename yyerror() to sudoerserror() to match yacc prefix changes. Not
 5283: 	really needed due to the #defines that yacc makes but it is less
 5284: 	confusing this way as the lexer calls sudoerserror().
 5285: 	[a0577be6527d]
 5286: 
 5287: 	* common/alloc.c, plugins/sample_group/plugin_test.c,
 5288: 	plugins/sudoers/env.c, plugins/sudoers/toke.c,
 5289: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 5290: 	src/exec_common.c, src/parse_args.c, src/sudo.c:
 5291: 	No need to translate "unable to allocate memory" when we can just
 5292: 	use the system translation via strerror().
 5293: 	[377499e5827c]
 5294: 
 5295: 	* plugins/sudoers/sudoreplay.c:
 5296: 	Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
 5297: 	all file systems support d_type. Bug #572
 5298: 	[8b861c62945f]
 5299: 
 5300: 	* plugins/sudoers/sudoreplay.c:
 5301: 	Avoid calling fclose(NULL) in the error path when we cannot open an
 5302: 	I/O log file.
 5303: 	[9401d5c4bb05]
 5304: 
 5305: 2012-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 5306: 
 5307: 	* NEWS, configure, configure.in:
 5308: 	Sudo 1.8.6p2
 5309: 	[6e32496280f2]
 5310: 
 5311: 	* src/exec.c:
 5312: 	When setting the signal handler for SIGTSTP to the default value in
 5313: 	non-I/O log mode, store the old handler value for when we restore it
 5314: 	after resume.
 5315: 	[242628694e42]
 5316: 
 5317: 	* plugins/sudoers/env.c:
 5318: 	Replace the guts of sudo_setenv_nodebug() with our old setenv.c
 5319: 	which supports non-standard BSD and glibc semantics. sudo_setenv()
 5320: 	now simply calls sudo_setenv2().
 5321: 	[57ffb6c9efaa]
 5322: 
 5323: 2012-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 5324: 
 5325: 	* doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 5326: 	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5327: 	Document non-Unix group support in LDAP sudoers.
 5328: 	[33c89f3aeee6]
 5329: 
 5330: 	* plugins/sudoers/ldap.c:
 5331: 	Enable non-Unix group support for LDAP sudoers. We now check for
 5332: 	non-Unix groups and netgroups with the same query in the second
 5333: 	pass. Bug #571
 5334: 	[eb98fdff54d9]
 5335: 
 5336: 2012-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 5337: 
 5338: 	* plugins/sudoers/Makefile.in, plugins/sudoers/gram.c,
 5339: 	plugins/sudoers/gram.h, plugins/sudoers/parse.c,
 5340: 	plugins/sudoers/regress/parser/check_fill.c,
 5341: 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
 5342: 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
 5343: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 5344: 	plugins/sudoers/visudo.c:
 5345: 	Set yacc prefix to "sudoers" to avoid conflicts other yacc parsers.
 5346: 	[cb6c0d93215e]
 5347: 
 5348: 2012-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 5349: 
 5350: 	* NEWS:
 5351: 	Mention support for SUCCESS=return in /etc/nsswitch.conf
 5352: 	[ef1f35aa0863]
 5353: 
 5354: 	* NEWS, configure, configure.in:
 5355: 	sudo 1.8.6p1
 5356: 	[73a5e1f004b3]
 5357: 
 5358: 2012-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 5359: 
 5360: 	* plugins/sudoers/env.c:
 5361: 	Avoid setting LOGNAME, USER and USERNAME variables twice when
 5362: 	set_logname is enabled.
 5363: 	[0de4f5fbd1d4]
 5364: 
 5365: 	* plugins/sudoers/env.c:
 5366: 	Fix duplicate detection in sudo_putenv(), do not prune out the
 5367: 	variable we just set when overwriting an existing instance. Fixes
 5368: 	bug #570
 5369: 	[854ee714c831]
 5370: 
 5371: 	* plugins/sudoers/env.c:
 5372: 	Add some debuggging
 5373: 	[a25cd3305823]
 5374: 
 5375: 2012-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 5376: 
 5377: 	* plugins/sudoers/sudo_nss.c:
 5378: 	Disable word wrap in list mode when stdout is a pipe to make "sudo
 5379: 	-l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
 5380: 	[65ade04511fd]
 5381: 
 5382: 	* common/lbuf.c:
 5383: 	Print a trailing newline in lbuf_print() when there is not enough
 5384: 	space to do word wrapping and the lbuf does not end with a newline.
 5385: 	[c0200e19cd09]
 5386: 
 5387: 	* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
 5388: 	Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
 5389: 	Kopecek
 5390: 	[5c480316e3ce]
 5391: 
 5392: 	* MANIFEST:
 5393: 	Add sssd.c
 5394: 	[9cadd014ef97]
 5395: 
 5396: 2012-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 5397: 
 5398: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
 5399: 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
 5400: 	plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
 5401: 	src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
 5402: 	regen .po files
 5403: 	[62423d4d143d]
 5404: 
 5405: 	* MANIFEST, plugins/sudoers/po/vi.mo:
 5406: 	Add Vietnamese sudoers translation from translationproject.org
 5407: 	[33666a605525]
 5408: 
 5409: 	* NEWS:
 5410: 	mention PIE
 5411: 	[05032e5304c6]
 5412: 
 5413: 	* MANIFEST, plugins/sudoers/po/vi.po:
 5414: 	Add Vietnamese sudoers translation from translationproject.org
 5415: 	[015c2204bae2]
 5416: 
 5417: 2012-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 5418: 
 5419: 	* Makefile.in, compat/Makefile.in, mkdep.pl:
 5420: 	Add missing signame dependency
 5421: 	[e493bfb01929]
 5422: 
 5423: 	* src/exec.c, src/ttyname.c:
 5424: 	Silence compiler warnings.
 5425: 	[1c5374b66d9b]
 5426: 
 5427: 	* MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
 5428: 	config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
 5429: 	src/exec.c, src/exec_pty.c:
 5430: 	Replace strsigname() with sig2str(), emulating it as needed.
 5431: 	[1e348cca1fa6]
 5432: 
 5433: 	* config.h.in, configure, configure.in, src/utmp.c:
 5434: 	Use fseeko() for legacy utmp handling if available.
 5435: 	[b4bbd8d2c0e9]
 5436: 
 5437: 2012-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 5438: 
 5439: 	* compat/strsigname.c, config.h.in, configure, configure.in:
 5440: 	Detect sys_sigabbrev[] and use it in place of sys_signame[] if
 5441: 	present. For some reason glibc does not declare sys_sigabbrev so we
 5442: 	must add an extern definition of our own.
 5443: 	[b38f3fbd7078]
 5444: 
 5445: 	* compat/strsignal.c, compat/strsigname.c:
 5446: 	Handle NULL entries in sys_siglist and sys_signame.
 5447: 	[a388959d9654]
 5448: 
 5449: 	* compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
 5450: 	compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
 5451: 	Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
 5452: 	[711e41aba59a]
 5453: 
 5454: 2012-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 5455: 
 5456: 	* NEWS:
 5457: 	sync
 5458: 	[5a2522488754]
 5459: 
 5460: 	* src/exec.c:
 5461: 	Pass on SIGTSTP to the command if it was sent by a user process (not
 5462: 	the kernel or the terminal) when we are not I/O logging and set the
 5463: 	default SIGTSTP handler when we re-send the signal to ourself,
 5464: 	restoring our handler after we resume.
 5465: 	[4259c47e31c0]
 5466: 
 5467: 	* src/exec.c:
 5468: 	Shells typically change their process group when they start up so
 5469: 	that they can implement job control. Most well-behaved shells change
 5470: 	the pgrp back to its original value before suspending so we must not
 5471: 	try to restore in that case, lest we race with the child upon
 5472: 	resume, potentially stopping sudo with SIGTTOU while the command
 5473: 	continues to run. Some shells, such as pdksh, just suspend the shell
 5474: 	by sending SIGSTOP to themselves without restoring the pgrp. In this
 5475: 	case we need to change the pgrp back for them. Should fix bug #568
 5476: 	[6ac6751ffd17]
 5477: 
 5478: 2012-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 5479: 
 5480: 	* MANIFEST, compat/Makefile.in, compat/mksigname.c,
 5481: 	compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
 5482: 	config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
 5483: 	src/exec.c, src/exec_pty.c:
 5484: 	Use strsigname() to print signal names in the debug output. If the
 5485: 	system has no strsigname(), use our own.
 5486: 	[0735f18906b9]
 5487: 
 5488: 2012-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 5489: 
 5490: 	* plugins/sudoers/regress/testsudoers/test5.inc,
 5491: 	plugins/sudoers/regress/testsudoers/test5.sh:
 5492: 	Remove generated file and change path for temporary include file.
 5493: 	[4e9fa830c6b5]
 5494: 
 5495: 	* plugins/sudoers/Makefile.in:
 5496: 	When running regress tests, list pass/fail rate for each dir
 5497: 	(testsudoers and visudo) instead of the total. Also prevent the
 5498: 	result files from clobbering each other by keeping them in the
 5499: 	relevant directories.
 5500: 	[6aac53baff7d]
 5501: 
 5502: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 5503: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 5504: 	Don't print an error message in yyerror() if open_sudoers() fails,
 5505: 	we've already printed an error message. Also restore the check for
 5506: 	sudoers_warnings in yyerror().
 5507: 	[aa6036df5fb2]
 5508: 
 5509: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 5510: 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
 5511: 	plugins/sudoers/toke.l:
 5512: 	Avoid printing the >>> parse error <<< message for testsudoers when
 5513: 	the -t flag is specified.
 5514: 	[76f3433c8992]
 5515: 
 5516: 2012-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 5517: 
 5518: 	* plugins/sudoers/parse.c:
 5519: 	Fix NULL deref when an entry has no Runas_Entry
 5520: 	[4b14983ff6e7]
 5521: 
 5522: 	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 5523: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 5524: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 5525: 	src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
 5526: 	src/po/zh_CN.mo, src/po/zh_CN.po:
 5527: 	sync with translationproject.org
 5528: 	[440e9c9b37de]
 5529: 
 5530: 	* NEWS:
 5531: 	sync
 5532: 	[3142ba2dce60]
 5533: 
 5534: 	* plugins/sudoers/check.c:
 5535: 	Correct the check_user() comment header.
 5536: 	[73da30308fff]
 5537: 
 5538: 	* plugins/sudoers/auth/sudo_auth.c:
 5539: 	Change a log_fatal() into log_error() when no auth methods are
 5540: 	configured. The caller already checks the return value.
 5541: 	[05f5c39793a7]
 5542: 
 5543: 	* plugins/sudoers/logging.c:
 5544: 	Add missing debug_return
 5545: 	[3a76bb7c2fe7]
 5546: 
 5547: 2012-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 5548: 
 5549: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
 5550: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 5551: 	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
 5552: 	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
 5553: 	doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5554: 	Make the capitalization consistent for .Ss and .Sx
 5555: 	[5c5735ee4b2f]
 5556: 
 5557: 	* doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
 5558: 	doc/sudo.man.in, doc/sudo.mdoc.in:
 5559: 	Add COMMAND EXECUTION section that describes how sudo runs the
 5560: 	command, the extra sudo processes and signal handling.
 5561: 	[dff2d88e984e]
 5562: 
 5563: 2012-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 5564: 
 5565: 	* Makefile.in:
 5566: 	Happy Easter
 5567: 	[4b9d697c6b83]
 5568: 
 5569: 2012-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 5570: 
 5571: 	* compat/Makefile.in:
 5572: 	Don't echo the awk command when building siglist.in
 5573: 	[21daa72921e6]
 5574: 
 5575: 	* doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
 5576: 	doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5577: 	Cosmetic changes.
 5578: 	[19259528e9ad]
 5579: 
 5580: 	* doc/Makefile.in:
 5581: 	The HISTORY, LICENSE and CONTRIBUTORS files are not longer
 5582: 	generated.
 5583: 	[ea6ac9e981e6]
 5584: 
 5585: 	* MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
 5586: 	plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
 5587: 	plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
 5588: 	plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
 5589: 	src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
 5590: 	src/po/uk.po, src/po/vi.po:
 5591: 	Sync with translationproject.org and add Italian sudoers
 5592: 	translation.
 5593: 	[9276740aea59]
 5594: 
 5595: 2012-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 5596: 
 5597: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5598: 	Expand description of fqdn to talk about systems where the hosts
 5599: 	file is searched before DNS.
 5600: 	[4ee812ca6116]
 5601: 
 5602: 2012-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 5603: 
 5604: 	* doc/Makefile.in:
 5605: 	For cat pages there is nothing to make unless DEVEL is set.
 5606: 	[fab4a5b68708]
 5607: 
 5608: 	* configure, configure.in, doc/Makefile.in:
 5609: 	Always use mandoc to format cat pages and remove now-extraneous
 5610: 	nroff configure tests.
 5611: 	[5747f4ed5762]
 5612: 
 5613: 	* pp:
 5614: 	sync polypkg from git
 5615: 	[89ddf6ea3e3f]
 5616: 
 5617: 	* plugins/sudoers/sudoers.c:
 5618: 	Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
 5619: 	is not always the same as "fully qualified".
 5620: 	[7c1d9c098386]
 5621: 
 5622: 2012-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 5623: 
 5624: 	* doc/sudoers.mdoc.in:
 5625: 	Fix some typos. Describe error messages not related to policy
 5626: 	permissions.
 5627: 	[f5ebf9030d85]
 5628: 
 5629: 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 5630: 	plugins/sudoers/visudo.c:
 5631: 	Add new check_defaults() function to check (but not update) the
 5632: 	Defaults entries. Visudo can now use this instead of update_defaults
 5633: 	to check all the defaults regardless instead of just the global
 5634: 	Defaults entries.
 5635: 	[3fa879ce1b65]
 5636: 
 5637: 2012-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 5638: 
 5639: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5640: 	Document sudoers log format.
 5641: 	[08998a7061ab]
 5642: 
 5643: 	* NEWS:
 5644: 	Update for sudo 1.8.5p3
 5645: 	[6e102a5d4e8d]
 5646: 
 5647: 	* src/load_plugins.c:
 5648: 	Add missing check for I/O plugin API version when checking for the
 5649: 	presence of I/O plugin hooks.
 5650: 	[ef05c7eeaf81]
 5651: 
 5652: 	* src/hooks.c:
 5653: 	Can't call debug code in the process_hooks_xxx functions() since
 5654: 	ctime() may look up the timezone via the TZ environment variable.
 5655: 	[2179fb26bd8e]
 5656: 
 5657: 2012-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 5658: 
 5659: 	* src/exec_common.c, src/sesh.c, src/utmp.c:
 5660: 	Include signal.h before sudo_exec.h since it uses sigset_t * in the
 5661: 	fork_pty prototype.
 5662: 	[94fc0d859600]
 5663: 
 5664: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
 5665: 	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
 5666: 	doc/visudo.man.in, doc/visudo.mdoc.in:
 5667: 	Remove OPTIONS section; options now go inside DESCRIPTION
 5668: 	[a619fc58a746]
 5669: 
 5670: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 5671: 	regen
 5672: 	[44719d80bc06]
 5673: 
 5674: 	* MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
 5675: 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 5676: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 5677: 	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
 5678: 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 5679: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 5680: 	plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
 5681: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 5682: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 5683: 	src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
 5684: 	src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
 5685: 	Sync with translationproject.org and add new Slovenian translation.
 5686: 	[34b4b966bbac]
 5687: 
 5688: 	* common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
 5689: 	plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
 5690: 	plugins/sudoers/testsudoers.c:
 5691: 	Reduce the number of "internal error, foo overflow" messages that
 5692: 	need to be translated.
 5693: 	[93ffa2b3d53f]
 5694: 
 5695: 	* NEWS:
 5696: 	Mention HP-UX reboot fix.
 5697: 	[1e39b5aa32ac]
 5698: 
 5699: 	* INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
 5700: 	doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
 5701: 	plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
 5702: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
 5703: 	Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
 5704: 	data source. From Daniel Kopecek and Pavel Brezina.
 5705: 	[3f85e95d6928]
 5706: 
 5707: 2012-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 5708: 
 5709: 	* common/sudo_conf.c, src/load_plugins.c:
 5710: 	If sudo.conf contains an I/O plugin but no policy plugin, use
 5711: 	sudoers for the policy plugin. If a policy plugin is specified
 5712: 	without an I/O plugin, only the policy plugin will be loaded.
 5713: 	[ea192df2439d]
 5714: 
 5715: 	* doc/Makefile.in, doc/sudoers.man.in:
 5716: 	Do not modify the .Os section when building the .man.in file from
 5717: 	.mdoc.in.
 5718: 	[a9f9628e147f]
 5719: 
 5720: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5721: 	Add a note about wildcards matching multiple words and include an
 5722: 	example. Also mention that for sudoedit, a wildcard in command line
 5723: 	args does not match a slash.
 5724: 	[fcb9fbac14e0]
 5725: 
 5726: 2012-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 5727: 
 5728: 	* src/exec_pty.c, src/sudo_exec.h:
 5729: 	Fix a comment, update a variable name in a prototype; all cosmetic.
 5730: 	[e89f10cbd6e1]
 5731: 
 5732: 	* plugins/sudoers/iolog.c:
 5733: 	Cast 2nd argument of lseek() to off_t if it is a constant for
 5734: 	systems with 64-bit off_t but without a proper lseek() prototype.
 5735: 	[d8779da135d0]
 5736: 
 5737: 	* compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
 5738: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 5739: 	plugins/sudoers/visudo.c:
 5740: 	Fix some warnings from clang checker-267
 5741: 	[1e44ef7860b5]
 5742: 
 5743: 	* plugins/sample/sample_plugin.c:
 5744: 	Fix memory leak found by clang checker-267
 5745: 	[f8a43617fdfb]
 5746: 
 5747: 2012-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 5748: 
 5749: 	* src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
 5750: 	If we receive a signal from the command we executed, do not forward
 5751: 	it back to the command. This fixes a problem with BSD-derived
 5752: 	versions of the reboot command which send SIGTERM to all other
 5753: 	processes, including the sudo process. Sudo would then deliver
 5754: 	SIGTERM to reboot which would die before calling the reboot() system
 5755: 	call, effectively leaving the system in single user mode.
 5756: 	[4ffab9ab9e98]
 5757: 
 5758: 2012-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 5759: 
 5760: 	* doc/fixman.sh, doc/fixmdoc.sh:
 5761: 	Remove section about Solaris 10 on other systems. Add missing
 5762: 	sudoers.man.in bit to fixman.sh.
 5763: 	[176559199ba7]
 5764: 
 5765: 2012-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 5766: 
 5767: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
 5768: 	Expand section on Solaris privileges.
 5769: 	[3a1bfa2f1743]
 5770: 
 5771: 	* NEWS:
 5772: 	Expand a bit on the Solaris priv set changes.
 5773: 	[bffb78b4a520]
 5774: 
 5775: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 5776: 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 5777: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
 5778: 	The second argument to init_parser() is now bool.
 5779: 	[fb727a4fb651]
 5780: 
 5781: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 5782: 	Fix printing of parse error message to stderr.
 5783: 	[dea6b420b84f]
 5784: 
 5785: 	* plugins/sudoers/check.c, plugins/sudoers/defaults.c,
 5786: 	plugins/sudoers/match.c, plugins/sudoers/parse.c,
 5787: 	plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
 5788: 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
 5789: 	If a command matches using an empty Runas_List (i.e. Runas_List is
 5790: 	present but empty) and the -u option was not specified, set runas_pw
 5791: 	to user_pw instead of using runas_default. This is intended to be
 5792: 	used in conjunction with the Solaris Privilege Set support for rules
 5793: 	that grant privileges without changing the user.
 5794: 	[e84a081f3c11]
 5795: 
 5796: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
 5797: 	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
 5798: 	plugins/sudoers/gram.y, plugins/sudoers/match.c,
 5799: 	plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
 5800: 	Add support for parsing an empty Runas_List, which only allows the
 5801: 	command to be run as the invoking user. This can be used in
 5802: 	conjunction with the Solaris Privilege Set support to grant
 5803: 	privileges without changing the user.
 5804: 	[dc34373792fc]
 5805: 
 5806: 2012-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 5807: 
 5808: 	* doc/fixman.sh:
 5809: 	Fix HP-UX, just use ".TH name section" like the vendor manuals.
 5810: 	[559738237c92]
 5811: 
 5812: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 5813: 	Fix compilation on Solaris
 5814: 	[2d310302207c]
 5815: 
 5816: 	* .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
 5817: 	doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
 5818: 	doc/sudoers.mdoc.sh:
 5819: 	Generate a sed script file when munging *.mdoc or *.man instead of
 5820: 	passing sed expressions on the command line. Older seds do not
 5821: 	support \n in a replacement so generate and run a sed script
 5822: 	instead.
 5823: 	[0bcce3f1ca18]
 5824: 
 5825: 	* doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
 5826: 	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
 5827: 	doc/visudo.man.in:
 5828: 	Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
 5829: 	[fe0f10b63776]
 5830: 
 5831: 2012-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 5832: 
 5833: 	* src/exec.c:
 5834: 	When checking whether a signal is user-generated, compare si_code
 5835: 	against SI_USER instead of <= 0 since on HP-UX, terminal-related
 5836: 	signals get a code of 0.
 5837: 	[4e9021243343]
 5838: 
 5839: 	* src/sudo.c:
 5840: 	SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
 5841: 	interchangably. This causes problems when setting RLIMIT_NPROC to
 5842: 	RLIM_INFINITY due to a bug in bash where bash tries to honor the
 5843: 	value of _SC_CHILD_MAX but treats a value of -1 as an error, and
 5844: 	uses a default value of 32 instead.
 5845: 
 5846: 	Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
 5847: 	restored the previous value of RLIMIT_NPROC. However, that makes it
 5848: 	impossible to set nproc to unlimited. We now only restore the nproc
 5849: 	resource limit if sysconf(_SC_CHILD_MAX) is negative. In most cases,
 5850: 	pam_limits will set RLIMIT_NPROC for us.
 5851: 	[cb71cc8d0b08]
 5852: 
 5853: 2012-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 5854: 
 5855: 	* plugins/sudoers/ldap.c:
 5856: 	Active Directory apparently requires that tenths of a second be
 5857: 	present in a date so append .0 to the "now" value in the time
 5858: 	filter. Also remove space for the global AND from TIMEFILTER_LENGTH
 5859: 	since it was not being used consistently. Buffers of
 5860: 	TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
 5861: 	[d28619ff6e45]
 5862: 
 5863: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 5864: 	Fix SELinux build
 5865: 	[cc0d1f4e851b]
 5866: 
 5867: 2012-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 5868: 
 5869: 	* MANIFEST:
 5870: 	Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
 5871: 	were not being kept in sync.
 5872: 	[fc3ad1847cb1]
 5873: 
 5874: 	* doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
 5875: 	doc/license.pod:
 5876: 	Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
 5877: 	were not being kept in sync.
 5878: 	[950363dffe3a]
 5879: 
 5880: 2012-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 5881: 
 5882: 	* plugins/sudoers/logging.c:
 5883: 	Fix printing of the permission denied message to standard error when
 5884: 	a user is not allowed to run a command. This got broken by the
 5885: 	recent logging changes.
 5886: 	[b7af63da3ca1]
 5887: 
 5888: 	* plugins/sudoers/sudoers_version.h:
 5889: 	Bump grammar version for Solaris privs.
 5890: 	[2a2baf024477]
 5891: 
 5892: 	* doc/schema.ActiveDirectory:
 5893: 	Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
 5894: 	were added. From David Hicks.
 5895: 	[3fc432a8edb4]
 5896: 
 5897: 2012-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 5898: 
 5899: 	* plugins/sudoers/Makefile.in:
 5900: 	Remove lex.yy.c when building toke.c
 5901: 	[72bb9e62b289]
 5902: 
 5903: 	* doc/Makefile.in:
 5904: 	Fix building docs in a build dir.
 5905: 	[7a6f435af022]
 5906: 
 5907: 	* doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
 5908: 	doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
 5909: 	doc/sudoreplay.pod, doc/visudo.pod:
 5910: 	Remove pod versions of the manual; we now use mdoc.
 5911: 	[5c967d2dd5db]
 5912: 
 5913: 	* MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
 5914: 	doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
 5915: 	Add post-processing scripts to strip out login class, BSD auth,
 5916: 	SELinux and privilege set bits when they are not supported.
 5917: 	[d0d51f72f597]
 5918: 
 5919: 	* NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
 5920: 	doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
 5921: 	doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
 5922: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
 5923: 	plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
 5924: 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
 5925: 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
 5926: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 5927: 	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
 5928: 	plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
 5929: 	Merge in Solaris privilege support by Darren Moffat and John
 5930: 	Zolnowsky
 5931: 	[3aa0a64f2f5c]
 5932: 
 5933: 2012-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 5934: 
 5935: 	* doc/contributors.pod:
 5936: 	Sync with CONTRIBUTORS file
 5937: 	[9a0852306ad9]
 5938: 
 5939: 	* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
 5940: 	doc/sudoers.man.in, doc/sudoreplay.man.in:
 5941: 	Regen .man.in files with my private mandoc.
 5942: 	[dc3c9fc449eb]
 5943: 
 5944: 	* doc/Makefile.in:
 5945: 	add MANDOC variable
 5946: 	[35527e66afc5]
 5947: 
 5948: 2012-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 5949: 
 5950: 	* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
 5951: 	doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
 5952: 	Regen .man.in files with hacked mandoc to avoid issues with historic
 5953: 	nroff.
 5954: 	[d45cfa7d665f]
 5955: 
 5956: 2012-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 5957: 
 5958: 	* doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
 5959: 	Fix groff warnings.
 5960: 	[111d522ca807]
 5961: 
 5962: 	* doc/Makefile.in:
 5963: 	Fix dependencies for .man.in files.
 5964: 	[aefeffe1af2b]
 5965: 
 5966: 	* .hgignore:
 5967: 	Add doc/*.mdoc to ignore file
 5968: 	[1e4de6ef2ad8]
 5969: 
 5970: 	* INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
 5971: 	doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
 5972: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
 5973: 	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
 5974: 	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
 5975: 	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
 5976: 	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
 5977: 	doc/visudo.man.in, doc/visudo.mdoc.in:
 5978: 	Build .man.in and .cat files from .mdoc.in files. Add new --with-man
 5979: 	and --with-mdoc configure options.
 5980: 	[c963fd7e8f80]
 5981: 
 5982: 2012-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 5983: 
 5984: 	* doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
 5985: 	doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
 5986: 	Sudo manuals formatted in mdoc, to replace the pod versions.
 5987: 	[e6dca4030451]
 5988: 
 5989: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
 5990: 	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
 5991: 	doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
 5992: 	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
 5993: 	doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
 5994: 	More minor costmetic fixes.
 5995: 	[a7287a68385a]
 5996: 
 5997: 2012-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 5998: 
 5999: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
 6000: 	Minor cosmetic fixes.
 6001: 	[9c48bdaf3946]
 6002: 
 6003: 2012-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 6004: 
 6005: 	* plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
 6006: 	Use "a password is required" instead of "password required" when the
 6007: 	-n flag is used and we need to read a password.
 6008: 	[a3c30fc41648]
 6009: 
 6010: 2012-07-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 6011: 
 6012: 	* NEWS:
 6013: 	Mention logging changes.
 6014: 	[8238fd6e02e8]
 6015: 
 6016: 	* plugins/sudoers/po/sudoers.pot:
 6017: 	regen
 6018: 	[e2cf634ba63b]
 6019: 
 6020: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
 6021: 	Document that other mail_* flags have precedence over mail_badpass.
 6022: 	[9f4cc9188f40]
 6023: 
 6024: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
 6025: 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
 6026: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 6027: 	Move log_denial() calls and logic to log_failure(). Move
 6028: 	authentication failure logging to log_auth_failure(). Both of these
 6029: 	call audit_failure() for us.
 6030: 
 6031: 	This subtly changes logging for commands that are denied by sudoers
 6032: 	but where the user failed to enter the correct password. Previously,
 6033: 	these would be logged as "N incorrect password attempts" but now are
 6034: 	logged as "command not allowed". Fixes bug #563
 6035: 	[cad35f0b3ad7]
 6036: 
 6037: 2012-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 6038: 
 6039: 	* common/aix.c:
 6040: 	Do not set a resource limit to zero when we are unable to fetch a
 6041: 	value from /etc/security/limits.
 6042: 	[62bfb0a7895e]
 6043: 
 6044: 2012-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 6045: 
 6046: 	* sudo.pp:
 6047: 	Add "Provides: sudo" to debian sudo-ldap package
 6048: 	[beb8afa0beb2]
 6049: 
 6050: 2012-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 6051: 
 6052: 	* configure, configure.in, zlib/Makefile.in:
 6053: 	Define NO_VIZ for zlib when gcc doesn't support symbol visibility
 6054: 	attributes.
 6055: 	[9fdcbf526386]
 6056: 
 6057: 	* configure, configure.in:
 6058: 	Use the autoconf cache when checking for symbol export control
 6059: 	support.
 6060: 	[03c2cce8711f]
 6061: 
 6062: 	* INSTALL, common/Makefile.in, compat/Makefile.in, configure,
 6063: 	configure.in, mkpkg, plugins/sample/Makefile.in,
 6064: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
 6065: 	plugins/system_group/Makefile.in, src/Makefile.in:
 6066: 	Add configure check for building PIE executables instead of doing it
 6067: 	in mkpkg.
 6068: 	[02b5b78ef258]
 6069: 
 6070: 	* sudo.pp:
 6071: 	MacOS pp backend doesn't like modes longer than 4 characters.
 6072: 	[01b49022bf01]
 6073: 
 6074: 2012-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 6075: 
 6076: 	* configure, configure.in:
 6077: 	Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
 6078: 	-fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
 6079: 	will strip -fstack-protector from the linker flags and we always
 6080: 	link with libtool.
 6081: 	[0a0a0250ac2b]
 6082: 
 6083: 2012-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 6084: 
 6085: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
 6086: 	doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
 6087: 	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
 6088: 	doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
 6089: 	Regen for sudo 1.8.6
 6090: 	[1657ee28b496]
 6091: 
 6092: 	* NEWS, doc/sudoers.ldap.pod:
 6093: 	Document improved Tivoli Directory Server support.
 6094: 	[fb411edf4687]
 6095: 
 6096: 	* config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
 6097: 	Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
 6098: 	option to specify Tivoli key db password. Allow TLS ciphers to be
 6099: 	configured for Tivoli.
 6100: 	[737e17c91e60]
 6101: 
 6102: 2012-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 6103: 
 6104: 	* plugins/sudoers/ldap.c:
 6105: 	Tivoli Directory Server 6.3 libs always return a (bogus) error when
 6106: 	setting LDAP_OPT_CONNECT_TIMEOUT.
 6107: 	[504406637c38]
 6108: 
 6109: 	* NEWS:
 6110: 	Update
 6111: 	[687a755604e8]
 6112: 
 6113: 	* plugins/sudoers/ldap.c:
 6114: 	Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
 6115: 	same as LDAP_OPT_CONNECT_TIMEOUT (OpenSSH). Don't make failure to a
 6116: 	set an ldap option fatal.
 6117: 	[17cf93ae3304]
 6118: 
 6119: 2012-06-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 6120: 
 6121: 	* plugins/sudoers/sudoers.c:
 6122: 	Zero pointers in sudo_user struct after freeing, just in case.
 6123: 	[8eff1f80b943]
 6124: 
 6125: 	* plugins/sudoers/sudoers.c:
 6126: 	Free user_gids in close function if it has not already been freed.
 6127: 	[cbce28877f37]
 6128: 
 6129: 	* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
 6130: 	plugins/sudoers/sudoers.h:
 6131: 	Defer group ID to name resolution until we actually need it.
 6132: 	[463e75b81e89]
 6133: 
 6134: 	* src/sudo.c:
 6135: 	It is safe to read in sudo.conf before calling user_info().
 6136: 	[3290b6434e3c]
 6137: 
 6138: 	* plugins/sudoers/env.c, plugins/sudoers/ldap.c:
 6139: 	Use MAX_UID_T_LEN + 1 for uid/gid buffers, not MAX_UID_T_LEN to
 6140: 	prevent potential truncation. Bug #562.
 6141: 	[29d9fc4e0c4e]
 6142: 
 6143: 2012-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 6144: 
 6145: 	* sudo.pp:
 6146: 	If installing with installp, error out if there is already an
 6147: 	instance of the rpm package installed.
 6148: 	[ec24c6faba22]
 6149: 
 6150: 	* mkpkg:
 6151: 	Add --disable-nls for AIX
 6152: 	[192ac2f7d65e]
 6153: 
 6154: 2012-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 6155: 
 6156: 	* sudo.pp:
 6157: 	Debian sudo-ldap packages should now depend on libldap-2.4-2, not
 6158: 	libldap2.
 6159: 	[cbcec71e6b58]
 6160: 
 6161: 2012-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 6162: 
 6163: 	* sudo.pp:
 6164: 	Add Homepage and Bugs to debian control file.
 6165: 	[0f19d7d14e66]
 6166: 
 6167: 2012-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 6168: 
 6169: 	* mkpkg:
 6170: 	fix typo when setting aix_freeware
 6171: 	[2fd6feb50195]
 6172: 
 6173: 	* common/Makefile.in, compat/Makefile.in, configure, configure.in,
 6174: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
 6175: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
 6176: 	plugins/system_group/Makefile.in, src/Makefile.in, zlib/Makefile.in:
 6177: 	Don't run regress tests or sudoers sanity check (using the newly-
 6178: 	built visudo) when cross compiling. Bug #560
 6179: 	[0c4e3f68b2f5]
 6180: 
 6181: 	* MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
 6182: 	plugins/sample/sample_plugin.exp, plugins/sample/sample_plugin.map,
 6183: 	plugins/sample/sample_plugin.sym, plugins/sample_group/Makefile.in,
 6184: 	plugins/sample_group/sample_group.exp,
 6185: 	plugins/sample_group/sample_group.map,
 6186: 	plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
 6187: 	plugins/sudoers/sudoers.exp, plugins/sudoers/sudoers.map,
 6188: 	plugins/sudoers/sudoers.sym, plugins/system_group/Makefile.in,
 6189: 	plugins/system_group/system_group.exp,
 6190: 	plugins/system_group/system_group.map,
 6191: 	plugins/system_group/system_group.sym:
 6192: 	Rename foo.sym -> foo.exp Remove foo.map from the repo and generate
 6193: 	it on demand Use a loader option file for HP-UX ld to explicitly
 6194: 	export symbols
 6195: 	[2402ff5302ab]
 6196: 
 6197: 	* src/Makefile.in:
 6198: 	Remove extraneous backslash
 6199: 	[8ca054de138c]
 6200: 
 6201: 	* plugins/sudoers/regress/check_symbols/check_symbols.c:
 6202: 	Don't check for errorx as an exported symbols as it is now a macro.
 6203: 	Check for user_in_group() instead.
 6204: 	[7b02c8ecd3ea]
 6205: 
 6206: 2012-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 6207: 
 6208: 	* configure, configure.in:
 6209: 	Adjust ld map file support to use an anonymous scope to match the
 6210: 	updated .map files.
 6211: 	[49be44282d9e]
 6212: 
 6213: 2012-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 6214: 
 6215: 	* config.h.in, configure, configure.in, include/gettext.h:
 6216: 	Older versions of Solaris lack ngettext()
 6217: 	[028af10dfa5f]
 6218: 
 6219: 	* configure, configure.in:
 6220: 	Move the check for -static-libgcc until after AC_LANG_WERROR has
 6221: 	been called and use AX_CHECK_COMPILE_FLAG().
 6222: 	[a7b09120e7ff]
 6223: 
 6224: 	* include/gettext.h:
 6225: 	Sudo defines HAVE_SETLOCALE not HAVE_LOCALE_H
 6226: 	[3aa2780d4a4e]
 6227: 
 6228: 	* include/error.h, include/sudo_debug.h:
 6229: 	Fix gcc 2.x variant macro support.
 6230: 	[8e71c2370997]
 6231: 
 6232: 	* plugins/sudoers/logging.c, plugins/sudoers/sudoreplay.c:
 6233: 	Fix compilation on gcc 2.95 and other compilers that only allow
 6234: 	variable declarations at the beginning of a block.
 6235: 	[9d80c802bb46]
 6236: 
 6237: 	* configure, configure.in, plugins/sudoers/Makefile.in:
 6238: 	Link check_symbols with SUDO_LIBS to make sure we link with the
 6239: 	requisite libraries to successfully dlopen sudoers.so. This is
 6240: 	needed on HP-UX where a program dlopen()ing a shared object that
 6241: 	uses pthreads must also be linked with pthreads (and HP-UX LDAP uses
 6242: 	pthreads).
 6243: 	[b8961cd82337]
 6244: 
 6245: 	* plugins/sudoers/regress/check_symbols/check_symbols.c:
 6246: 	Add check for exported local symbols. This will cause a "make check"
 6247: 	failure on systems where we don't support symbol hiding.
 6248: 	[8aa549389bb1]
 6249: 
 6250: 	* configure, configure.in:
 6251: 	Additional ${foo} -> $(foo) Makefile tweaks.
 6252: 	[046bbde18f52]
 6253: 
 6254: 	* plugins/sample/sample_plugin.map,
 6255: 	plugins/sample_group/sample_group.map, plugins/sudoers/sudoers.map,
 6256: 	plugins/system_group/system_group.map:
 6257: 	No need to provide a name for the scope in the map file since we
 6258: 	don't use the it for versioning.
 6259: 	[5ed4b997560d]
 6260: 
 6261: 2012-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 6262: 
 6263: 	* MANIFEST, plugins/sudoers/Makefile.in,
 6264: 	plugins/sudoers/regress/check_symbols/check_symbols.c:
 6265: 	Add regress test for symbol visibility.
 6266: 	[9adddd4e0518]
 6267: 
 6268: 2012-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 6269: 
 6270: 	* NEWS, configure, configure.in:
 6271: 	sudo 1.8.6
 6272: 	[57008a7afb77]
 6273: 
 6274: 	* configure, configure.in, include/missing.h:
 6275: 	Add support for controlling symbol visibility using the HP and
 6276: 	Solaris C compilers.
 6277: 	[46d5b468979e]
 6278: 
 6279: 	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
 6280: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 6281: 	plugins/sudoers/sudoers.h:
 6282: 	Use the expanded io log dir when updating the sequence number.
 6283: 	Includes a workaround for older versions of sudo where the sequence
 6284: 	number was stored in the unexpanded io log dir.
 6285: 	[210797dab9a8]
 6286: 
 6287: 2012-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 6288: 
 6289: 	* src/parse_args.c:
 6290: 	Simplify "sudo -s" argv rewriting.
 6291: 	[7be143dae7c5]
 6292: 
 6293: 	* MANIFEST, configure, configure.in, plugins/sample/Makefile.in,
 6294: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
 6295: 	plugins/system_group/Makefile.in, src/Makefile.in,
 6296: 	src/sudo_noexec.map:
 6297: 	Don't use a map file for sudo_noexec.so since Solaris ld doesn't
 6298: 	allow '*' in the global section. The libtool export flag is now
 6299: 	added to LT_LDFLAGS instead of commenting/uncommenting lines.
 6300: 	[38fc37a66b04]
 6301: 
 6302: 2012-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 6303: 
 6304: 	* config.h.in, configure, configure.in, include/missing.h:
 6305: 	The visibility attribute was actually added in gcc 3.3.x, not 4.0.
 6306: 	Just assume that if -fvisibility=hidden works that the attribute is
 6307: 	usable.
 6308: 	[d3904d6faf14]
 6309: 
 6310: 	* plugins/sudoers/check.c, plugins/sudoers/iolog.c,
 6311: 	plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
 6312: 	plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
 6313: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
 6314: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers.map,
 6315: 	plugins/sudoers/sudoers.sym, plugins/sudoers/testsudoers.c,
 6316: 	plugins/system_group/system_group.c:
 6317: 	Export group cache from sudoers.so for system_group.so to use.
 6318: 	[16695d207fc5]
 6319: 
 6320: 	* MANIFEST, configure, configure.in, include/missing.h,
 6321: 	plugins/sample/Makefile.in, plugins/sample/sample_plugin.map,
 6322: 	plugins/sample_group/Makefile.in,
 6323: 	plugins/sample_group/sample_group.map, plugins/sudoers/Makefile.in,
 6324: 	plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
 6325: 	plugins/sudoers/sudoers.map, plugins/system_group/Makefile.in,
 6326: 	plugins/system_group/system_group.map, src/sudo_noexec.c,
 6327: 	src/sudo_noexec.map:
 6328: 	Use gcc's visibility attribute to specify when symbols are visible
 6329: 	or hidden, if available. If not available, use an ELF version script
 6330: 	if it is supported. If all else fails, fall back to using libtool's
 6331: 	-export-symbols.
 6332: 	[64e889921727]
 6333: 
 6334: 2012-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 6335: 
 6336: 	* sudo.pp:
 6337: 	Add mode for installed locale files but leave the directories with
 6338: 	default mode and owner.
 6339: 	[142237dbb31f]
 6340: 
 6341: 2012-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 6342: 
 6343: 	* mkpkg, sudo.pp:
 6344: 	Install AIX packages under /opt/freeware with links in /usr/bin and
 6345: 	/usr/sbin. This matches the layout of the sudo package from AIX
 6346: 	freeware.
 6347: 	[0b79d47bbe01]
 6348: 
 6349: 	* Makefile.in, configure, configure.in, plugins/sample/Makefile.in,
 6350: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
 6351: 	plugins/system_group/Makefile.in, src/Makefile.in, sudo.pp:
 6352: 	Install shared objects with mode 0644 except on HP-UX which needs
 6353: 	the executable bit set.
 6354: 	[ae416af0ba6c]
 6355: 
 6356: 	* Makefile.in, doc/Makefile.in, include/Makefile.in,
 6357: 	plugins/sudoers/Makefile.in, src/Makefile.in:
 6358: 	Make installed file modes consistent with the file modes in the sudo
 6359: 	package.
 6360: 	[307386373289]
 6361: 
 6362: 2012-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 6363: 
 6364: 	* doc/sudoers.pod:
 6365: 	Add "%:" prefix when talking about QAS non-Unix group support.
 6366: 	[7cb25f6861f8]
 6367: 
 6368: 	* pp, sudo.pp:
 6369: 	Fix packaging of symbolic links on HP-UX when the link source
 6370: 	already exists in the filesystem.
 6371: 	[c9bb48031596]
 6372: 
 6373: 	* mkpkg:
 6374: 	Only specify prefix if we are overriding the default value. Fixes
 6375: 	the man dir (/usr/local/man vs. /usr/local/share/man).
 6376: 	[65351b6c1697]
 6377: 
 6378: 	* sudo.pp:
 6379: 	Fix setting of sudoedit_man variable.
 6380: 	[9beed9ae5bba]
 6381: 
 6382: 	* doc/Makefile.in:
 6383: 	Echo the command when linking the sudoedit manual.
 6384: 	[6c83b5657b55]
 6385: 
 6386: 2012-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 6387: 
 6388: 	* mkpkg, sudo.pp:
 6389: 	Build .deb packages with selinux support.
 6390: 	[3fd9cb1b4526]
 6391: 
 6392: 2012-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 6393: 
 6394: 	* sudo.pp:
 6395: 	Don't list paths for unstripped binaries in the lintial overrides.
 6396: 	[4c8e16f1773b]
 6397: 
 6398: 	* pp:
 6399: 	Add support for Installed-Size header in control file, required by
 6400: 	newer debian versions.
 6401: 	[e97d76234bee]
 6402: 
 6403: 	* pp:
 6404: 	Fix extended description in .deb files.
 6405: 	[d35e27ace146]
 6406: 
 6407: 	* sudo.pp:
 6408: 	Add Depends, Replaces and Conflicts headers for .deb packages.
 6409: 	[76eb6c4b3278]
 6410: 
 6411: 2012-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 6412: 
 6413: 	* plugins/sudoers/sudo_nss.c:
 6414: 	If there are no privs to print, write the message to the lbuf
 6415: 	instead of printing it directly.
 6416: 	[ecd56226abb7]
 6417: 
 6418: 2012-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 6419: 
 6420: 	* sudo.pp:
 6421: 	Set -e in %pos and %preun for debian to quiet a lintian warning.
 6422: 	[8bb908514df9]
 6423: 
 6424: 	* doc/Makefile.in, src/Makefile.in, sudo.pp:
 6425: 	Install sudoedit and the sudoedit manual as symbolic links, not hard
 6426: 	links and package them as such.
 6427: 	[f317ff3cf3e7]
 6428: 
 6429: 	* sudo.pp:
 6430: 	Make sudo binary permissions 755 instead of 111 Add lintian
 6431: 	overrides file for .deb files.
 6432: 	[991cd7d7f0e1]
 6433: 
 6434: 	* configure, configure.in, doc/Makefile.in, mkpkg:
 6435: 	Replace out of date MAN_POSTINSTALL with MANCOMPRESS and
 6436: 	MANCOMPRESSEXT which can be used to compress the installed manual
 6437: 	pages. Compress the man pages for .deb files to appease lintian.
 6438: 	[4e34083b41d2]
 6439: 
 6440: 	* sudo.pp:
 6441: 	Debian fixes:
 6442: 	 * fix modes to be more in line with what Debian expects
 6443: 	 * add section
 6444: 	 * install LICENSE as copyright and ChangeLog as changelog
 6445: 	 * create stub changelog.debian
 6446: 	[7f6c5647f588]
 6447: 
 6448: 	* pp:
 6449: 	Fix find command to properly skip files in the DEBIAN dir when
 6450: 	building md5sums.
 6451: 	[8918bde941fa]
 6452: 
 6453: 	* pp, sudo.pp:
 6454: 	Use a debian-compliant package maintainer field.
 6455: 	[fc51a94170eb]
 6456: 
 6457: 2012-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 6458: 
 6459: 	* plugins/sudoers/sudoreplay.c:
 6460: 	No need to loop over atomic_writev(), it guarantees to write all
 6461: 	data or return an error.
 6462: 
 6463: 	Fix handling of stdout/stderr that contains "\r\n" and handle a
 6464: 	"\r\n" pair that spans a buffer.
 6465: 	[8aaf02d90c45]
 6466: 
 6467: 2012-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 6468: 
 6469: 	* NEWS:
 6470: 	Update for sudo 1.8.5p2
 6471: 	[d369d4d40a19]
 6472: 
 6473: 	* plugins/sudoers/sudoreplay.c:
 6474: 	Instead of doing extra write()s when replaying stdout, build up a
 6475: 	vector for writev() instead. This results in far fewer system calls.
 6476: 	[303d866c025c]
 6477: 
 6478: 2012-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 6479: 
 6480: 	* src/env_hooks.c, src/sudo.h, src/tgetpass.c:
 6481: 	Provide unhooked version of getenv() and use it when looking up
 6482: 	DISPLAY and SUDO_ASKPASS in the environment.
 6483: 	[04dbdccf4a14]
 6484: 
 6485: 2012-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 6486: 
 6487: 	* plugins/sudoers/sudoreplay.c:
 6488: 	When replaying a log of stdout or stderr, do newline to carriage
 6489: 	return + linefeed conversion. We cannot have termios do this for us
 6490: 	since we've disabled output postprocessing (POST) when setting raw
 6491: 	mode.
 6492: 	[61352a7d996f]
 6493: 
 6494: 2012-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 6495: 
 6496: 	* configure, configure.in:
 6497: 	When checking for -fstack-protector, treat warnings as fatal errors.
 6498: 	[4124cd12d511]
 6499: 
 6500: 2012-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 6501: 
 6502: 	* configure, configure.in:
 6503: 	Fix test for -z relro
 6504: 	[548bdb6f5c4a]
 6505: 
 6506: 	* MANIFEST:
 6507: 	Add m4/ax_check_compile_flag.m4 and m4/ax_check_link_flag.m4
 6508: 	[ed063264a2a1]
 6509: 
 6510: 	* INSTALL, aclocal.m4, configure, configure.in,
 6511: 	m4/ax_check_compile_flag.m4, m4/ax_check_link_flag.m4:
 6512: 	Build with -fstack-protector and link with -zrelo where supported.
 6513: 	Added --disable-hardening option to disable hardening options.
 6514: 	[0b6c1a1ceb03]
 6515: 
 6516: 2012-05-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 6517: 
 6518: 	* plugins/sudoers/Makefile.in,
 6519: 	plugins/sudoers/regress/testsudoers/test1.sh,
 6520: 	plugins/sudoers/regress/testsudoers/test2.sh,
 6521: 	plugins/sudoers/regress/testsudoers/test3.sh,
 6522: 	plugins/sudoers/regress/testsudoers/test4.out.ok,
 6523: 	plugins/sudoers/regress/testsudoers/test4.sh,
 6524: 	plugins/sudoers/regress/testsudoers/test5.inc,
 6525: 	plugins/sudoers/regress/testsudoers/test5.out.ok,
 6526: 	plugins/sudoers/regress/testsudoers/test5.sh,
 6527: 	plugins/sudoers/testsudoers.c:
 6528: 	Add tests for sudoers mode, owner and group checks.
 6529: 	[a7607443aba0]
 6530: 
 6531: 	* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
 6532: 	If sudoers_mode is group-readable but the actual sudoers file is
 6533: 	not, open the file as uid 0, not uid 1. This fixes a problem when
 6534: 	sudoers has a more restrictive mode than what sudo expects to find.
 6535: 	In older versions, sudo would silently chmod the file to add the
 6536: 	group-readable bit.
 6537: 	[c056b6003e6f]
 6538: 
 6539: 	* INSTALL, common/secure_path.c, config.h.in, configure, configure.in:
 6540: 	No longer throw an error if sudoers is a symbolic link. Deprecated
 6541: 	the --with-stow option as that is now (effectively) the default.
 6542: 	[8ce783e54886]
 6543: 
 6544: 2012-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 6545: 
 6546: 	* plugins/sudoers/Makefile.in,
 6547: 	plugins/sudoers/regress/testsudoers/test2.inc,
 6548: 	plugins/sudoers/regress/testsudoers/test2.out.ok,
 6549: 	plugins/sudoers/regress/testsudoers/test2.sh,
 6550: 	plugins/sudoers/regress/testsudoers/test3.d/root,
 6551: 	plugins/sudoers/regress/testsudoers/test3.out.ok,
 6552: 	plugins/sudoers/regress/testsudoers/test3.sh:
 6553: 	Add basic tests for #include and #includedir
 6554: 	[b303e4218951]
 6555: 
 6556: 	* plugins/sudoers/testsudoers.c:
 6557: 	Add -U sudoers_uid option to testsudoers.
 6558: 	[3f8ed13501ba]
 6559: 
 6560: 2012-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 6561: 
 6562: 	* NEWS, configure, configure.in:
 6563: 	Update for 1.8.5p1
 6564: 	[c33c49bf5b4b]
 6565: 
 6566: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 6567: 	Fix #includedir; from Mike Frysinger
 6568: 	[d4833d4e39a0]
 6569: 
 6570: 	* plugins/sudoers/check.c:
 6571: 	Don't prompt for a password if the user is in the exempt group, is
 6572: 	root, or is running the command as themselves even if the -k option
 6573: 	was specified. This makes "sudo -k command" consistent with the
 6574: 	behavior one would get if the user ran "sudo -k" immediately before
 6575: 	running the command.
 6576: 	[632b3961df00]
 6577: 
 6578: 2012-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 6579: 
 6580: 	* INSTALL:
 6581: 	Fix capitalization
 6582: 	[7258aa977caf]
 6583: 
 6584: 	* mkpkg:
 6585: 	Build PIE executable on Mac OS X 10.5 and above.
 6586: 	[2a5c7ef92182]
 6587: 
 6588: 2012-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 6589: 
 6590: 	* NEWS:
 6591: 	Update for sudo 1.8.4p5
 6592: 	[21164f508b68]
 6593: 
 6594: 	* plugins/sudoers/match_addr.c:
 6595: 	Add missing break between AF_INET and AF_INET6 in
 6596: 	addr_matches_if_netmask()
 6597: 	[672a4793931a]
 6598: 
 6599: 	* plugins/sudoers/mon_systrace.c:
 6600: 	Move systrace monitor code to the attic
 6601: 	[d6faf4754e9c]
 6602: 
 6603: 2012-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 6604: 
 6605: 	* src/exec.c:
 6606: 	The pointer to the siginfo_t struct in a signal handler may be NULL.
 6607: 	[41a4ee934b53]
 6608: 
 6609: 2012-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 6610: 
 6611: 	* plugins/sudoers/pwutil.c:
 6612: 	Fix an alignment problem on NetBSD systems with a 64-bit time_t and
 6613: 	strict alignment. Based on a patch from Martin Husemann.
 6614: 	[1e5ba3c18f17]
 6615: 
 6616: 	* include/missing.h:
 6617: 	Add offsetof macro for those without it.
 6618: 	[e44cb51d2587]
 6619: 
 6620: 	* MANIFEST:
 6621: 	add system_group plugin
 6622: 	[6169793b510c]
 6623: 
 6624: 2012-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 6625: 
 6626: 	* compat/dlopen.c:
 6627: 	Implement RTLD_NEXT and fix RTLD_DEFAULT for HP-UX.
 6628: 	[85bd03bc5d94]
 6629: 
 6630: 2012-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 6631: 
 6632: 	* NEWS:
 6633: 	Mention system_group plugin
 6634: 	[05393dd4bdb8]
 6635: 
 6636: 	* Makefile.in, plugins/sudoers/Makefile.in,
 6637: 	plugins/system_group/Makefile.in:
 6638: 	update depends
 6639: 	[6feb0b824fc4]
 6640: 
 6641: 	* plugins/system_group/system_group.c:
 6642: 	Only call gr_delref() when use sudo's password caching functions.
 6643: 	[1103442e21fa]
 6644: 
 6645: 	* plugins/sample_group/Makefile.in, plugins/system_group/Makefile.in:
 6646: 	Add missing dependency on libreplace.la
 6647: 	[05bfd9d4657f]
 6648: 
 6649: 	* compat/dlopen.c:
 6650: 	Emulate RTLD_DEFAULT and RTLD_SELF w/ shl_findsym() using NULL and
 6651: 	PROG_HANDLE.
 6652: 	[2382d0693acc]
 6653: 
 6654: 	* Makefile.in, configure, configure.in,
 6655: 	plugins/system_group/Makefile.in,
 6656: 	plugins/system_group/system_group.c,
 6657: 	plugins/system_group/system_group.sym:
 6658: 	Add group plugin that does lookups by name using the system group
 6659: 	database.
 6660: 	[2ddbb604112f]
 6661: 
 6662: 	* plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po, src/po/pl.mo,
 6663: 	src/po/pl.po:
 6664: 	sync with translationproject.org
 6665: 	[4ef05df4226d]
 6666: 
 6667: 2012-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 6668: 
 6669: 	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 6670: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 6671: 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 6672: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 6673: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 6674: 	src/po/de.mo, src/po/de.po, src/po/eo.mo, src/po/eo.po,
 6675: 	src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
 6676: 	src/po/ru.mo, src/po/ru.po, src/po/sr.mo, src/po/sr.po,
 6677: 	src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
 6678: 	src/po/zh_CN.mo, src/po/zh_CN.po:
 6679: 	sync with translationproject.org
 6680: 	[115c3f828fc5]
 6681: 
 6682: 2012-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 6683: 
 6684: 	* sudo.pp:
 6685: 	Add mode for docdir and use '-' (default) for localedir mode. Fixes
 6686: 	a problem on Linux when building in a directory with the setgid bit
 6687: 	set.
 6688: 	[582279c8bcb1]
 6689: 
 6690: 2012-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 6691: 
 6692: 	* pp:
 6693: 	Match CentOS 6.0
 6694: 	[1e99ef210f98]
 6695: 
 6696: 2012-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 6697: 
 6698: 	* NEWS:
 6699: 	Update with recent changes
 6700: 	[c5fc220ba696]
 6701: 
 6702: 	* pp:
 6703: 	Fix version check on AIX
 6704: 	[d272e39112f4]
 6705: 
 6706: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 6707: 	regen
 6708: 	[72b23509465a]
 6709: 
 6710: 	* plugins/sudoers/ldap.c:
 6711: 	Need to call ldapssl_clientauth_init() for start_tls on Mozilla LDAP
 6712: 	SDK.
 6713: 	[87b685e70b9a]
 6714: 
 6715: 	* plugins/sudoers/ldap.c:
 6716: 	Fix printing of invalid uri
 6717: 	[645aa53acdde]
 6718: 
 6719: 	* plugins/sudoers/auth/pam.c:
 6720: 	Pass PAM_SILENT when deleting creds to remove an annoying warning
 6721: 	message on Solaris.
 6722: 	[1dd0301ef293]
 6723: 
 6724: 2012-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 6725: 
 6726: 	* src/utmp.c:
 6727: 	Fix the setutxent and endutxent compatibility defines (this time
 6728: 	correctly) when only setutent and endutent are available.
 6729: 	[d136d2867db9]
 6730: 
 6731: 	* plugins/sudoers/ldap.c:
 6732: 	sudo_ldap_set_options_global() should not take an LDAP handle as an
 6733: 	argument since the options affect the global settings.
 6734: 	[1dc39b9d20f2]
 6735: 
 6736: 	* mkpkg:
 6737: 	Debian sudo has not been built with --with-exempt=sudo since 1.6.8.
 6738: 	[c7716291a856]
 6739: 
 6740: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
 6741: 	plugins/sudoers/auth/pam.c, src/exec.c, src/exec_pty.c, src/sudo.c,
 6742: 	src/sudo.h:
 6743: 	Call the policy's init_session() function before we fork the child.
 6744: 	That way, the session is created and destroyed in the same process,
 6745: 	which is needed by some modules, such as pam_mount.
 6746: 	[ece552ba002e]
 6747: 
 6748: 	* doc/TROUBLESHOOTING:
 6749: 	Add entry for SSL LDAP errors on Mozilla SDKs when the cert dir is
 6750: 	not specified.
 6751: 	[bd293e100b28]
 6752: 
 6753: 	* plugins/sudoers/auth/pam.c:
 6754: 	Delete creds after closing the PAM session.
 6755: 	[5158d726d6a5]
 6756: 
 6757: 	* plugins/sudoers/ldap.c:
 6758: 	Provide a more useful error message if using a Mozilla-style LDAP
 6759: 	SDK and you forgot to specify TLS_CERT in ldap.conf.
 6760: 	[7cb78feb899c]
 6761: 
 6762: 	* src/exec_pty.c:
 6763: 	Add missing initialization of a sigaction structure when I/O
 6764: 	logging. Fixes a potential problem when suspending the command.
 6765: 	[f4480f2ba816]
 6766: 
 6767: 	* plugins/sudoers/ldap.c:
 6768: 	Split global and per-connection LDAP options into separate arrays.
 6769: 	Set global LDAP options before calling ldap_initialize() or
 6770: 	ldap_init(). After we have an LDAP handle, set the per-connection
 6771: 	options. Fixes a problem with OpenLDAP using the nss crypto backend;
 6772: 	bug #342
 6773: 	[265c9d2dc12b]
 6774: 
 6775: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
 6776: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 6777: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 6778: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 6779: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 6780: 	src/po/de.mo, src/po/de.po, src/po/hr.mo, src/po/hr.po,
 6781: 	src/po/vi.mo, src/po/vi.po, src/po/zh_CN.mo, src/po/zh_CN.po:
 6782: 	sync with translationproject.org
 6783: 	[6d7fe44be21e]
 6784: 
 6785: 2012-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 6786: 
 6787: 	* src/sudo.c, src/sudo.h:
 6788: 	Move struct passwd pointer into struct command details.
 6789: 	[d6fb1eff2065]
 6790: 
 6791: 2012-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 6792: 
 6793: 	* pp:
 6794: 	Sync with upstream for Mac OS X (and other) fixes.
 6795: 	[c2f4998d01b0]
 6796: 
 6797: 	* mkpkg:
 6798: 	Only built Mac intel universal binary on an intel machine.
 6799: 	[0009e0b7e5a8]
 6800: 
 6801: 	* src/Makefile.in:
 6802: 	Do not pass libtool the -static-libtool-libs option when building
 6803: 	sudo and sesh. Otherwise, libtool may prefer a static version of an
 6804: 	installed library over a dynamic one when linking.
 6805: 	[6fbac9adc885]
 6806: 
 6807: 2012-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 6808: 
 6809: 	* MANIFEST, NEWS, doc/CONTRIBUTORS, plugins/sudoers/po/hr.mo,
 6810: 	plugins/sudoers/po/hr.po, src/po/de.mo, src/po/de.po:
 6811: 	Add German translation for sudo Add Croatian translation for sudoers
 6812: 	[fa4da1a6530c]
 6813: 
 6814: 	* plugins/sudoers/iolog.c:
 6815: 	typo fix in comment
 6816: 	[abd721d1288e]
 6817: 
 6818: 2012-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 6819: 
 6820: 	* NEWS:
 6821: 	Update with recent changes
 6822: 	[6fa11e8448b9]
 6823: 
 6824: 	* Makefile.in, plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 6825: 	Sort xgettext output by file name.
 6826: 	[f650841810f0]
 6827: 
 6828: 	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
 6829: 	Clarify what "sudoreplay -l" displays and mention that it is sorted.
 6830: 	[84031c117bd6]
 6831: 
 6832: 	* config.h.in, configure, configure.in, src/ttyname.c:
 6833: 	Use AC_HEADER_MAJOR to determine where major/minor are defined.
 6834: 	[3c949650a223]
 6835: 
 6836: 	* config.h.in, configure, configure.in, src/ttyname.c:
 6837: 	Include sys/mkdev.h if present instead of sys/sysmacros.h for
 6838: 	minor(). This is needed on Solaris (at least) where the makedev
 6839: 	macros in sysmacros.h are obsolete and library functions should be
 6840: 	used instead.
 6841: 	[343928acf81e]
 6842: 
 6843: 	* mkpkg:
 6844: 	When building on Mac OS X, only set SDK_FLAGS if specified osversion
 6845: 	doesn't match host.
 6846: 	[d84c6efac872]
 6847: 
 6848: 2012-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 6849: 
 6850: 	* src/ttyname.c:
 6851: 	Add back buf and tty variables for _ttyname() case that were
 6852: 	inadvertantly removed.
 6853: 	[a4a820b22a44]
 6854: 
 6855: 2012-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 6856: 
 6857: 	* plugins/sudoers/po/sudoers.pot:
 6858: 	regen
 6859: 	[5446b12c1250]
 6860: 
 6861: 	* configure, configure.in:
 6862: 	Remove b8 from version number.
 6863: 	[5adc4dcec061]
 6864: 
 6865: 	* src/ttyname.c:
 6866: 	remove some XXX
 6867: 	[187579a5f593]
 6868: 
 6869: 	* src/ttyname.c:
 6870: 	When looking for a device match, do a breadth-first search instead
 6871: 	of depth-first. We already special case /dev/pts/ so chances are
 6872: 	good that if it is not a pseudo-tty it is in the base of /dev/. Also
 6873: 	avoid a stat(2) when possible if struct dirent has d_type.
 6874: 	[0183f8a1b278]
 6875: 
 6876: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
 6877: 	src/sudo.c, src/sudo.h:
 6878: 	Pass pid, ppid, sid, pgid and tcpgid to plugin in user_info list.
 6879: 	[f0574d878491]
 6880: 
 6881: 	* src/po/eo.mo, src/po/es.mo, src/po/es.po, src/po/fi.mo,
 6882: 	src/po/ja.mo, src/po/pl.mo, src/po/ru.mo, src/po/uk.mo,
 6883: 	src/po/vi.mo:
 6884: 	sync with translationproject.org
 6885: 	[4527ea78fbd5]
 6886: 
 6887: 	* MANIFEST, NEWS, doc/CONTRIBUTORS, src/po/gl.mo, src/po/gl.po,
 6888: 	src/po/hr.mo, src/po/hr.po:
 6889: 	New Croatian and Galician translations from translationproject.org
 6890: 	[ad4bd924b4de]
 6891: 
 6892: 	* src/ttyname.c:
 6893: 	Add depth-first traversal of /dev/ for the /proc case when not
 6894: 	/dev/pts/N
 6895: 	[499bd3456774]
 6896: 
 6897: 	* config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c:
 6898: 	If struct dirent has d_type, use it to avoid an extra stat().
 6899: 	[741dabbe4bcd]
 6900: 
 6901: 	* plugins/sudoers/sudoreplay.c:
 6902: 	Sort output of "sudoreplay -l"
 6903: 	[c0615795bd4b]
 6904: 
 6905: 2012-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 6906: 
 6907: 	* plugins/sudoers/sudoreplay.c:
 6908: 	Fix duplicate free introduced in last rev
 6909: 	[efdaabe69d75]
 6910: 
 6911: 2012-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 6912: 
 6913: 	* plugins/sudoers/auth/pam.c:
 6914: 	Instead of treating ^C from tgetpass() specially, always return
 6915: 	AUTH_INTR if tgetpass() returned NULL. Treat PAM_AUTHINFO_UNAVAIL
 6916: 	like PAM_AUTH_ERR which Mac OS X returns this when there is no tty.
 6917: 	[a3b17298d4d0]
 6918: 
 6919: 	* config.h.in, configure, configure.in, src/ttyname.c:
 6920: 	Rototill code to determine the tty. For Linux, we now look up the
 6921: 	tty device in /proc/pid/stat instead of trying to open
 6922: 	/proc/pid/fd/[0-2]. The sudo_ttyname_dev() function maps the given
 6923: 	device number to a string. On BSD, we can use devname(). On Solaris,
 6924: 	_ttyname_dev() does what we want. TODO: write /dev/ traversal code
 6925: 	for the generic sudo_ttyname_dev().
 6926: 	[6b22be4d09f0]
 6927: 
 6928: 2012-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 6929: 
 6930: 	* src/ttyname.c:
 6931: 	Define PRNODEV for those w/o it.
 6932: 	[f17290e64559]
 6933: 
 6934: 	* config.h.in, configure, configure.in, src/ttyname.c:
 6935: 	Check for SVR4-style struct psinfo.pr_ttydev and use that to
 6936: 	determine the tty if std{in,out,err} are not ttys.
 6937: 	[76ad33a91f4b]
 6938: 
 6939: 	* src/ttyname.c:
 6940: 	Better support for SVR4-style /proc entries where we can't use
 6941: 	ttyname() on the /proc/pid/fd/[0-2] entries. We can, however,
 6942: 	attempt to map the device number back to the correct pseudo-tty
 6943: 	slave device.
 6944: 	[4f9f48cc79eb]
 6945: 
 6946: 	* src/ttyname.c:
 6947: 	When trying to determine the tty name, check parent's stderr in
 6948: 	addition to its stdin and stdout.
 6949: 	[604644056c7d]
 6950: 
 6951: 	* src/exec_pty.c:
 6952: 	Treat a tty read failure like EOF as it usually means the pty has
 6953: 	gone away. Handle write() on the tty returning EIO.
 6954: 	[16957f4a706f]
 6955: 
 6956: 	* src/exec.c, src/exec_pty.c:
 6957: 	Linux select() may return ENOMEM if there is a kernel resource
 6958: 	shortage. Older Solaris select() may return EIO instead of EBADF
 6959: 	when the tty goes away. If we get an unhandled select() failure,
 6960: 	kill the child and exit cleanly.
 6961: 	[d93940a311ab]
 6962: 
 6963: 	* src/ttyname.c:
 6964: 	Open /proc/pid/fd/[0-2] in non-blocking mode just in case we might
 6965: 	block in open.
 6966: 	[a9f809d09d52]
 6967: 
 6968: 2012-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 6969: 
 6970: 	* plugins/sudoers/set_perms.c:
 6971: 	Fix restoration of AIX permissions.
 6972: 	[30c717115988]
 6973: 
 6974: 	* src/parse_args.c:
 6975: 	Allow the -k flag to be used along with the -i and -s flags.
 6976: 	[0653b17c97f1]
 6977: 
 6978: 	* plugins/sudoers/sudoreplay.c:
 6979: 	Plug memory leak in parse_logfile() in the error path.
 6980: 	[9cce86fa833b]
 6981: 
 6982: 	* plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 6983: 	src/po/da.mo, src/po/da.po, src/po/eo.po, src/po/es.po,
 6984: 	src/po/fi.po, src/po/it.mo, src/po/it.po, src/po/ja.po,
 6985: 	src/po/pl.po, src/po/ru.po, src/po/uk.po, src/po/vi.po,
 6986: 	src/po/zh_CN.mo, src/po/zh_CN.po:
 6987: 	sync with translationproject.org
 6988: 	[14af43d0b170]
 6989: 
 6990: 2012-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 6991: 
 6992: 	* compat/regress/glob/globtest.c, config.h.in, configure,
 6993: 	configure.in, plugins/sudoers/match.c:
 6994: 	Do not use GLOB_BRACE or GLOB_TILDE flags to glob()--we want the
 6995: 	glob() and fnmatch() results to be consistent.
 6996: 	[4226750d73c2]
 6997: 
 6998: 2012-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 6999: 
 7000: 	* MANIFEST, common/Makefile.in, common/ttysize.c, src/Makefile.in,
 7001: 	src/ttysize.c:
 7002: 	Move ttysize.c to common so sudoreplay can use it.
 7003: 	[b4a0aa514cd4]
 7004: 
 7005: 	* plugins/sudoers/sudoreplay.c:
 7006: 	If I/O log file includes rows + cols, warn if the user's tty is not
 7007: 	big enough.
 7008: 	[b980ef89efff]
 7009: 
 7010: 	* plugins/sudoers/sudoreplay.c:
 7011: 	Fix printing of TSID in "sudoreplay -l"
 7012: 	[4221e3e108b4]
 7013: 
 7014: 	* common/sudo_debug.c, include/sudo_debug.h,
 7015: 	plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/exec.c,
 7016: 	src/exec_pty.c:
 7017: 	Log the process id in the debug file output. Since we don't want to
 7018: 	keep calling getpid(), stash the value at init time and when we
 7019: 	fork().
 7020: 	[2782d30c024d]
 7021: 
 7022: 	* src/exec_pty.c:
 7023: 	Ignore SIGTTIN and SIGTTOU in main sudo process when I/O logging. It
 7024: 	is better to receive EIO from read()/write() than to be suspended
 7025: 	when we don't expect it. Fixes a problem when our terminal is
 7026: 	revoked which can happen when, e.g. our sshd is killed
 7027: 	unceremoniously. Also, only change the value of "alive" from true to
 7028: 	false, never from false to true. It is possible for us to receive
 7029: 	notification of the child having stopped after it is already dead.
 7030: 	This does not mean it has risen from the grave.
 7031: 	[26c9fe8ce0f9]
 7032: 
 7033: 	* src/exec_pty.c:
 7034: 	Distinguish between signals we received from the parent vs. those
 7035: 	delivered explicitly to the monitor process in debugging info.
 7036: 	[40716cb180e5]
 7037: 
 7038: 2012-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 7039: 
 7040: 	* plugins/sudoers/check.c:
 7041: 	In Solaris 11, /dev/pts under the "dev" filesystem, not "devices".
 7042: 	Update tty_is_devpts() to match so we can determine when the tty has
 7043: 	been reused.
 7044: 	[2689665df027]
 7045: 
 7046: 	* common/sudo_debug.c, include/error.h, include/sudo_debug.h:
 7047: 	Always pass __func__, __FILE__ and __LINE__ in sudo_debug_printf()
 7048: 	and use a new flag, SUDO_DEBUG_FILENO to specify when to use it.
 7049: 	This allows consumers of sudo_debug_printf() to log that data
 7050: 	without having to specify it manually.
 7051: 	[7c94c4879208]
 7052: 
 7053: 	* src/exec_pty.c:
 7054: 	Make this compile after last change.
 7055: 	[ee09034f3266]
 7056: 
 7057: 	* src/exec_pty.c:
 7058: 	Don't try to restore the terminal if we are not the foreground
 7059: 	process. Otherwise, we may be stopped by SIGTTOU when we try to
 7060: 	update the terminal settings when cleaning up.
 7061: 	[c48b24335456]
 7062: 
 7063: 	* src/exec.c:
 7064: 	If select() return EBADF in the main event loop, one of the ttys
 7065: 	must have gone away so perform any I/O we can and close the bad fds.
 7066: 	[3bc8678c03ce]
 7067: 
 7068: 	* common/sudo_debug.c, include/error.h, include/sudo_debug.h,
 7069: 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
 7070: 	plugins/sudoers/toke.l:
 7071: 	Log warning() at SUDO_DEBUG_WARN not SUDO_DEBUG_ERROR. Log the
 7072: 	function, file and line number in the debug log for warning() and
 7073: 	error().
 7074: 	[894cd131f11d]
 7075: 
 7076: 2012-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 7077: 
 7078: 	* common/sudo_debug.c, include/error.h, include/sudo_debug.h,
 7079: 	src/conversation.c:
 7080: 	Add SUDO_DEBUG_ERRNO flag to debug functions so we can log errno.
 7081: 	Use this flag when wrapping error() and warning() so the debug
 7082: 	output includes the error string.
 7083: 	[1e2c67adaf1f]
 7084: 
 7085: 2012-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 7086: 
 7087: 	* NEWS:
 7088: 	Update for sudo 1.8.5
 7089: 	[7d2b62b823fe]
 7090: 
 7091: 	* plugins/sudoers/po/sudoers.pot:
 7092: 	regen
 7093: 	[718ad9de92cd]
 7094: 
 7095: 	* doc/CONTRIBUTORS:
 7096: 	sync
 7097: 	[f48013aea641]
 7098: 
 7099: 	* plugins/sudoers/pwutil.c:
 7100: 	Use ecalloc()
 7101: 	[fabd23c1f271]
 7102: 
 7103: 	* src/exec_pty.c:
 7104: 	Don't need zero_bytes() after ecalloc()
 7105: 	[1a9d95cd10ef]
 7106: 
 7107: 	* config.h.in, configure, configure.in, src/sudo_noexec.c:
 7108: 	Add execvpe(), exect(), posix_spawn() and posix_spawnp() wrappers to
 7109: 	sudo_noexec.c.
 7110: 	[cbaa1d4b0f8a]
 7111: 
 7112: 	* src/utmp.c:
 7113: 	Fix compat setutxent and endutxent macros for systems with
 7114: 	setutent() but not setutxent(). From Gustavo Zacarias
 7115: 	[d7ce622fc5f2]
 7116: 
 7117: 2012-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 7118: 
 7119: 	* configure.in:
 7120: 	Add ignore_result definition to AH_BOTTOM
 7121: 	[8d4096838a98]
 7122: 
 7123: 	* common/sudo_debug.c, config.h.in, plugins/sample/sample_plugin.c,
 7124: 	plugins/sudoers/iolog.c, plugins/sudoers/toke.c,
 7125: 	plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/env_hooks.c,
 7126: 	src/exec.c, src/exec_pty.c, src/tgetpass.c:
 7127: 	Fix compiler warnings on some platforms and provide a better method
 7128: 	of defeating gcc's warn_unused_result attribute.
 7129: 	[9a8f804fcc75]
 7130: 
 7131: 	* configure, configure.in:
 7132: 	Fix building the builtin zlib from a build dir. When a zlib dir was
 7133: 	specified, prepend its include path instead of appending so we get
 7134: 	the right zlib headers.
 7135: 	[5f61d591b186]
 7136: 
 7137: 	* doc/LICENSE, zlib/adler32.c, zlib/crc32.c, zlib/crc32.h,
 7138: 	zlib/deflate.c, zlib/deflate.h, zlib/gzguts.h, zlib/gzlib.c,
 7139: 	zlib/gzread.c, zlib/gzwrite.c, zlib/infback.c, zlib/inffixed.h,
 7140: 	zlib/inflate.c, zlib/inftrees.c, zlib/trees.c, zlib/zconf.h.in,
 7141: 	zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
 7142: 	Update zlib to version 1.2.6
 7143: 	[173c4bc4d4fc]
 7144: 
 7145: 2012-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 7146: 
 7147: 	* include/missing.h:
 7148: 	g/c __unused which is no longer used
 7149: 	[7ef3f23edcd6]
 7150: 
 7151: 	* src/env_hooks.c:
 7152: 	Fix compilation if RTLD_NEXT is not defined.
 7153: 	[d5605f468b71]
 7154: 
 7155: 	* src/po/sr.mo, src/po/sr.po:
 7156: 	sync with translationproject.org
 7157: 	[27d559f7985d]
 7158: 
 7159: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
 7160: 	doc/sudoers.man.in:
 7161: 	regen
 7162: 	[f9f63ce478b6]
 7163: 
 7164: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 7165: 	regen
 7166: 	[59035d82d15a]
 7167: 
 7168: 	* Makefile.in:
 7169: 	Ignore Project-Id-Version when comparing pot files.
 7170: 	[22feb9ede46b]
 7171: 
 7172: 	* plugins/sudoers/bsm_audit.c:
 7173: 	Use error() instead of log_fatal()
 7174: 	[54130bda4b50]
 7175: 
 7176: 	* plugins/sudoers/env.c:
 7177: 	Fix signedness of didvar in env_update_didvar()
 7178: 	[77048a80b3e4]
 7179: 
 7180: 	* plugins/sudoers/iolog.c:
 7181: 	Quiet a compiler warning on some platforms.
 7182: 	[8fdcaece0400]
 7183: 
 7184: 	* compat/fnmatch.c:
 7185: 	cast ctype(3) function/macro arguments from char to unsigned char to
 7186: 	avoid potential negative subscripting.
 7187: 	[bdcf7eef21ef]
 7188: 
 7189: 	* common/setgroups.c:
 7190: 	Quiet a warning on systems where the gids array in setgroups() is
 7191: 	not prototyped as being const, even though it really is.
 7192: 	[fdd758c6302d]
 7193: 
 7194: 	* src/env_hooks.c:
 7195: 	Quiet a compiler warning on systems where the argument to putenv(3)
 7196: 	is const.
 7197: 	[51bae2193b53]
 7198: 
 7199: 	* plugins/sudoers/sudoreplay.c:
 7200: 	Undo an incorrect int -> bool conversion.
 7201: 	[b9a4ce320f14]
 7202: 
 7203: 	* MANIFEST, NEWS, plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
 7204: 	src/po/sv.mo, src/po/sv.po:
 7205: 	Add Swedish sudo and sudoers translations from
 7206: 	translationproject.org
 7207: 	[f7ce1de9073f]
 7208: 
 7209: 	* plugins/sudoers/env.c:
 7210: 	No need to preserve ODMDIR on AIX now that we always read
 7211: 	/etc/environment.
 7212: 	[4aa04b2f0125]
 7213: 
 7214: 2012-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 7215: 
 7216: 	* doc/sudoers.pod, plugins/sudoers/env.c:
 7217: 	When initializing the environment for env_reset, start out with the
 7218: 	contents of /etc/environment on AIX and login.conf on BSD.
 7219: 	[5717bdc321e2]
 7220: 
 7221: 	* doc/TROUBLESHOOTING, src/sudo.c:
 7222: 	If we are not running with an effective uid of 0, try to give the
 7223: 	user enough information to debug the problem.
 7224: 	[fa4894896d8a]
 7225: 
 7226: 	* plugins/sudoers/getdate.c, plugins/sudoers/gram.c:
 7227: 	Quiet a clang-analyzer false positive.
 7228: 	[c4c0c1b9c8b0]
 7229: 
 7230: 	* src/tgetpass.c:
 7231: 	If there is nothing to read from the askpass program, set errno to
 7232: 	EINTR. This makes the cancel button behave like the user entered ^C
 7233: 	at the password prompt when PAM is used.
 7234: 	[594302cb9caf]
 7235: 
 7236: 	* src/sudo.h, src/tgetpass.c:
 7237: 	Fetch the value of "askpass" from the sudo conf struct.
 7238: 	[4593ee8f1bd3]
 7239: 
 7240: 	* common/sudo_conf.c:
 7241: 	Fix matching of "Path askpass" and "Path noexec"
 7242: 	[4df28d62afb9]
 7243: 
 7244: 2012-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 7245: 
 7246: 	* plugins/sudoers/visudo.c:
 7247: 	Quiet a clang-analyzer dead store warning.
 7248: 	[dd90bf385a3f]
 7249: 
 7250: 	* plugins/sudoers/sudoers.c:
 7251: 	If the "timestampowner" user cannot be resolved, use ROOT_UID
 7252: 	instead of exiting with a fatal error.
 7253: 	[8d62aae99715]
 7254: 
 7255: 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/kerb5.c,
 7256: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sia.c,
 7257: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/bsm_audit.c,
 7258: 	plugins/sudoers/check.c, plugins/sudoers/env.c,
 7259: 	plugins/sudoers/iolog.c, plugins/sudoers/logging.c,
 7260: 	plugins/sudoers/logging.h, plugins/sudoers/parse.c,
 7261: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
 7262: 	Remove the NO_EXIT flag to log_error() and add a log_fatal()
 7263: 	function that exits and is marked no_return. Fixes false positives
 7264: 	from static analyzers and is easier for humans to read too.
 7265: 	[a0fe785c2a3d]
 7266: 
 7267: 2012-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 7268: 
 7269: 	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po, src/po/eo.mo,
 7270: 	src/po/eo.po:
 7271: 	sync with translationproject.org
 7272: 	[df5e8777de13]
 7273: 
 7274: 2012-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 7275: 
 7276: 	* src/po/da.mo, src/po/da.po:
 7277: 	sync with translationproject.org
 7278: 	[629d99548b78]
 7279: 
 7280: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
 7281: 	sync with translationproject.org
 7282: 	[9d122a2860d6]
 7283: 
 7284: 2012-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 7285: 
 7286: 	* src/po/it.mo, src/po/it.po:
 7287: 	sync with translationproject.org
 7288: 	[6397593b15cf]
 7289: 
 7290: 	* common/sudo_conf.c, plugins/sudoers/alias.c,
 7291: 	plugins/sudoers/defaults.c, plugins/sudoers/env.c,
 7292: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 7293: 	plugins/sudoers/interfaces.c, plugins/sudoers/ldap.c,
 7294: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
 7295: 	plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c, src/hooks.c,
 7296: 	src/load_plugins.c:
 7297: 	Use ecalloc() when allocating structs.
 7298: 	[8b5888868db2]
 7299: 
 7300: 	* common/alloc.c, include/alloc.h:
 7301: 	Add ecalloc() and commented out recalloc(). Use inline strnlen()
 7302: 	instead of strlen() in estrndup().
 7303: 	[7fb9aa46c1e0]
 7304: 
 7305: 2012-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 7306: 
 7307: 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 7308: 	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 7309: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 7310: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
 7311: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 7312: 	src/po/fi.mo, src/po/fi.po, src/po/ja.mo, src/po/ja.po,
 7313: 	src/po/pl.mo, src/po/pl.po, src/po/ru.mo, src/po/ru.po,
 7314: 	src/po/uk.mo, src/po/uk.po, src/po/vi.mo, src/po/vi.po,
 7315: 	src/po/zh_CN.mo, src/po/zh_CN.po:
 7316: 	sync with translationproject.org
 7317: 	[45a032c37334]
 7318: 
 7319: 2012-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 7320: 
 7321: 	* plugins/sudoers/set_perms.c:
 7322: 	Remove unused label
 7323: 	[2660bb0c1313]
 7324: 
 7325: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
 7326: 	Document what changed in each plugin API revision
 7327: 	[59b30a6fc4d1]
 7328: 
 7329: 	* plugins/sudoers/set_perms.c:
 7330: 	Remove bogus optimization that could lead to a double free of the
 7331: 	group list.
 7332: 	[b0bfbd2a83a8]
 7333: 
 7334: 2012-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 7335: 
 7336: 	* doc/TROUBLESHOOTING:
 7337: 	Expand AIX /etc/security/privcmds entry.
 7338: 	[9f3f072e034e]
 7339: 
 7340: 	* NEWS:
 7341: 	Update for sudo 1.8.5
 7342: 	[086049011f25]
 7343: 
 7344: 	* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.cat,
 7345: 	doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
 7346: 	doc/sudo_plugin.man.in, doc/sudo_plugin.pod, doc/sudoers.cat,
 7347: 	doc/sudoers.man.in, doc/sudoers.pod, include/sudo_conf.h,
 7348: 	include/sudo_plugin.h, src/load_plugins.c, src/sudo.c,
 7349: 	src/sudo_plugin_int.h:
 7350: 	Rename plugin "args" to "options"
 7351: 	[f25624951bd2]
 7352: 
 7353: 	* doc/CONTRIBUTORS:
 7354: 	Add Lithuanian and Vietnamese translators
 7355: 	[2b4c075b69e3]
 7356: 
 7357: 	* Makefile.in:
 7358: 	Ignore comments when comparing new and old pot files.
 7359: 	[f872999347b3]
 7360: 
 7361: 	* src/Makefile.in:
 7362: 	regen
 7363: 	[c8193b1b11c7]
 7364: 
 7365: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in:
 7366: 	regen
 7367: 	[15e3c17e8a3a]
 7368: 
 7369: 	* doc/sudo_plugin.pod, include/sudo_plugin.h,
 7370: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
 7371: 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c,
 7372: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/hooks.c,
 7373: 	src/sudo.c, src/sudo.h:
 7374: 	Pass a pointer to user_env in to the init_session policy plugin
 7375: 	function so session setup can modify the user environment as needed.
 7376: 	For PAM authentication, merge the PAM environment with the user
 7377: 	environment at init_session time. We no longer need to swap in the
 7378: 	user_env for environ during session init, nor do we need to disable
 7379: 	the env hooks at init_session time.
 7380: 	[3f5277b359d8]
 7381: 
 7382: 	* plugins/sample/sample_plugin.c:
 7383: 	Add explicit NULL entries for init_session, register_hooks and
 7384: 	deregister_hooks with appropriate comments.
 7385: 	[727a57978b40]
 7386: 
 7387: 	* compat/pw_dup.c:
 7388: 	Quiet a gcc "used uninitialized in this function" false positive.
 7389: 	[f14b68379ce9]
 7390: 
 7391: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7392: 	We should always call warning() with a format string or a string
 7393: 	literal. In this case, the argument (path) is not user-controlled.
 7394: 	[e9ef51224024]
 7395: 
 7396: 2012-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 7397: 
 7398: 	* src/selinux.c:
 7399: 	Include sudo_exec.h for the sudo_execve() prototype.
 7400: 	[769e58065edc]
 7401: 
 7402: 	* config.h.in, configure, configure.in:
 7403: 	Add check for pam_getenvlist()
 7404: 	[36bde3f26c60]
 7405: 
 7406: 	* common/sudo_conf.c:
 7407: 	Set args to NULL in default plugin info struct when there is no
 7408: 	Plugin line in sudo.conf.
 7409: 	[93ec67708f01]
 7410: 
 7411: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 7412: 	regen
 7413: 	[a9287677795c]
 7414: 
 7415: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
 7416: 	doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
 7417: 	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
 7418: 	doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
 7419: 	regen
 7420: 	[a242769d7962]
 7421: 
 7422: 	* configure, configure.in:
 7423: 	Bump version to 1.8.5
 7424: 	[e8618f0c2505]
 7425: 
 7426: 	* doc/sudo_plugin.pod:
 7427: 	Document hooks API
 7428: 	[e6ad07d27958]
 7429: 
 7430: 2012-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 7431: 
 7432: 	* sudo.pp:
 7433: 	Make sudoersdir relative to PKG_INSTALL_ROOT for Solaris.
 7434: 	[fd72340042d3]
 7435: 
 7436: 	* include/sudo_plugin.h:
 7437: 	Use sudo_hook_fn_t in struct sudo_hook.
 7438: 	[938f93112d6e]
 7439: 
 7440: 	* doc/TROUBLESHOOTING:
 7441: 	If cross compiling, --host must include the OS in the tuple. E.g.
 7442: 	--host powerpc-unknown-linux
 7443: 	[b8c010070c1e]
 7444: 
 7445: 2012-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 7446: 
 7447: 	* plugins/sudoers/parse.c:
 7448: 	Fix bogus int -> bool conversion; tags can have a value of -1.
 7449: 	[e63d6434a303]
 7450: 
 7451: 	* plugins/sudoers/env.c:
 7452: 	Add env_should_keep() and env_should_delete() wrapper functions to
 7453: 	simplify things a bit and hide the fact that matches_env_check() is
 7454: 	not bool.
 7455: 	[7a03d7a12b50]
 7456: 
 7457: 	* sudo.pp:
 7458: 	Fix application of debian-specific sudoers mods when building
 7459: 	packages as non-root.
 7460: 	[34bf4c52c425]
 7461: 
 7462: 	* plugins/sudoers/env.c:
 7463: 	matches_env_check() returns int, not boolean
 7464: 	[0ad915b8d5cb]
 7465: 
 7466: 	* src/sudo_edit.c:
 7467: 	Fix compilation when seteuid() is not available.
 7468: 	[8a722f998000]
 7469: 
 7470: 	* src/ttyname.c:
 7471: 	Simply move the free of ki_proc outside the realloc() loop.
 7472: 	[217b786da760]
 7473: 
 7474: 	* src/ttyname.c:
 7475: 	Bring back the erealloc() for the ENOMEM loop and just zero the
 7476: 	pointer after we free it.
 7477: 	[29a016e45127]
 7478: 
 7479: 	* src/ttyname.c:
 7480: 	Don't try to erealloc() a potentially freed pointer; Mateusz Guzik
 7481: 	[266e08844065]
 7482: 
 7483: 2012-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 7484: 
 7485: 	* plugins/sudoers/set_perms.c:
 7486: 	Use normal error path if unable to set sudoers gid.
 7487: 	[01c816918c99]
 7488: 
 7489: 	* plugins/sudoers/set_perms.c:
 7490: 	Make this work again on systems w/o seteuid().
 7491: 	[2e67f7421e97]
 7492: 
 7493: 2012-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 7494: 
 7495: 	* plugins/sudoers/set_perms.c:
 7496: 	Fix compilation if no seteuid/setreuid/setresuid available.
 7497: 	[d0b3c1f88eb4]
 7498: 
 7499: 	* plugins/sudoers/set_perms.c:
 7500: 	Better error messages, and added debugging throughout. Fixed
 7501: 	seteuid() version of set_perms()/restore_perms(). Fixed logic bug in
 7502: 	AIX version of restore_perms(). Added checks to avoid changing
 7503: 	uid/gid when we don't have to. Never set gid/uid state to -1, use
 7504: 	the old value instead.
 7505: 	[29188d469b5c]
 7506: 
 7507: 	* src/exec_pty.c, src/ttyname.c:
 7508: 	Fix format string warning on Solaris with gcc 3.4.3.
 7509: 	[d1eeb6e1dd0f]
 7510: 
 7511: 	* src/sudo.c:
 7512: 	Always declare environ now that we swap it around unilaterally.
 7513: 	[aaa3e92e7d0d]
 7514: 
 7515: 	* src/Makefile.in:
 7516: 	Honor LDFLAGS when linking sesh; from Vita Cizek
 7517: 	[498b41438f6e]
 7518: 
 7519: 	* src/sesh.c:
 7520: 	Include alloc.h for estrdup() prototype; from Vita Cizek
 7521: 	[93203655a320]
 7522: 
 7523: 2012-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 7524: 
 7525: 	* plugins/sudoers/sudoers.c:
 7526: 	Don't read /etc/environment on Linux when using PAM, PAM should set
 7527: 	the environment variables as needed via pam_env.
 7528: 	[b1ef62cb2d40]
 7529: 
 7530: 	* INSTALL:
 7531: 	Fix editor goof.
 7532: 	[0c3dd3bb8b57]
 7533: 
 7534: 	* src/hooks.c, src/sudo.c, src/sudo.h:
 7535: 	Disable environment hooks after we get user_env back to make sure a
 7536: 	plugin can't to modify user_env after we "own" it. This is kind of a
 7537: 	hack but we don't want the init_session plugin function to modify
 7538: 	user_env.
 7539: 	[8e6d119452a5]
 7540: 
 7541: 	* src/hooks.c, src/sudo.c:
 7542: 	Add support for deregistering hooks. If an I/O log plugin fails to
 7543: 	initialize, deregister its hooks (if any).
 7544: 	[ac00c93900c5]
 7545: 
 7546: 2012-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 7547: 
 7548: 	* plugins/sudoers/sudoers.c, src/sudo.c:
 7549: 	Move LOGIN_PATH and LOGIN_SETENV handling to plugin now that we hook
 7550: 	setenv.
 7551: 	[e75469dd9908]
 7552: 
 7553: 	* MANIFEST, aclocal.m4, common/sudo_debug.c, compat/Makefile.in,
 7554: 	compat/setenv.c, compat/unsetenv.c, config.h.in, configure,
 7555: 	configure.in, include/sudo_debug.h, include/sudo_plugin.h, mkdep.pl,
 7556: 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/env.c,
 7557: 	plugins/sudoers/ldap.c, plugins/sudoers/sudoers.c,
 7558: 	plugins/sudoers/sudoers.h, src/Makefile.in, src/env_hooks.c,
 7559: 	src/hooks.c, src/load_plugins.c, src/sudo.c, src/sudo.h,
 7560: 	src/sudo_plugin_int.h:
 7561: 	Initial cut at a hooks implementation. The plugin can register hooks
 7562: 	for getenv, putenv, setenv and unsetenv. This makes it possible for
 7563: 	the plugin to trap changes to the environment made by authentication
 7564: 	methods such as PAM or BSD auth so that such changes are reflected
 7565: 	in the environment passed back to sudo for execve().
 7566: 	[61cffa06f863]
 7567: 
 7568: 2012-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 7569: 
 7570: 	* MANIFEST, src/po/vi.mo, src/po/vi.po:
 7571: 	Add Vietnamese sudo translation from translationproject.org
 7572: 	[96df426790d5]
 7573: 
 7574: 2012-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 7575: 
 7576: 	* doc/sample.sudo.conf, doc/sudo.pod, doc/sudo_plugin.pod,
 7577: 	doc/sudoers.pod:
 7578: 	List sudo_noexec.so not noexec.so in the sample sudo.conf
 7579: 	[53844e190ec5]
 7580: 
 7581: 	* common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
 7582: 	doc/sudo_plugin.pod, doc/sudoers.pod, include/sudo_conf.h,
 7583: 	include/sudo_plugin.h, plugins/sample/sample_plugin.c,
 7584: 	plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
 7585: 	plugins/sudoers/toke.l, src/load_plugins.c, src/sudo.c,
 7586: 	src/sudo_plugin_int.h:
 7587: 	Add support for plugin args at the end of a Plugin line in
 7588: 	sudo.conf. Bump the minor number accordingly and update the
 7589: 	documentation. A plugin must check the sudo front end's version
 7590: 	before using the plugin_args parameter since it is only supported
 7591: 	for API version 1.2 and higher.
 7592: 	[587f1f819536]
 7593: 
 7594: 2012-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 7595: 
 7596: 	* plugins/sudoers/Makefile.in:
 7597: 	update depends
 7598: 	[6d2da44e11e5]
 7599: 
 7600: 	* MANIFEST:
 7601: 	secure_path.c is in common, not compat
 7602: 	[619c4a663dde]
 7603: 
 7604: 	* configure, configure.in:
 7605: 	Add check for variadic macro support in cpp.
 7606: 	[756854caf675]
 7607: 
 7608: 2012-02-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 7609: 
 7610: 	* common/secure_path.c, common/sudo_conf.c, include/secure_path.h,
 7611: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 7612: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 7613: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 7614: 	Add type param to sudo_secure_path() and add sudo_secure_file() and
 7615: 	sudo_secure_dir() wrappers which get by #includedir in sudoers.
 7616: 	[2ec2d3d8df04]
 7617: 
 7618: 2012-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 7619: 
 7620: 	* doc/visudo.pod, plugins/sudoers/visudo.c:
 7621: 	Check the owner and mode in -c (check) mode unless the -f option is
 7622: 	specified. Previously, the owner and mode were checked on the main
 7623: 	sudoers file when the -s (strict) option was given, but this was not
 7624: 	documented.
 7625: 	[b2d6ee1e547a]
 7626: 
 7627: 	* config.h.in, configure, configure.in, src/ttyname.c:
 7628: 	Prefer KERN_PROC2 over KERN_PROC. Fixes compilation on some versions
 7629: 	of OpenBSD versions that have KERN_PROC2 but not KERN_PROC.
 7630: 	[159f6a50456a]
 7631: 
 7632: 2012-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 7633: 
 7634: 	* doc/CONTRIBUTORS:
 7635: 	Add Eric Lakin for patch in bug #538
 7636: 	[490c29c234c6]
 7637: 
 7638: 	* src/exec_pty.c:
 7639: 	Fix typo in safe_close() made while converting to debug framework
 7640: 	that prevented it from actually closing anything.
 7641: 	[a66422a62afd]
 7642: 
 7643: 	* src/exec_pty.c:
 7644: 	Add some more debugging.
 7645: 	[b5667947dda9]
 7646: 
 7647: 	* common/Makefile.in, compat/Makefile.in, doc/Makefile.in,
 7648: 	include/Makefile.in:
 7649: 	We need sysconfdir in compat/Makfile to get the proper sudo.conf
 7650: 	path. Add standard prefix and foodir expansion in all Makefiles to
 7651: 	avoid this problem in the future.
 7652: 	[62b6ce4ecae9]
 7653: 
 7654: 2012-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 7655: 
 7656: 	* MANIFEST, plugins/sudoers/po/lt.mo, plugins/sudoers/po/lt.po:
 7657: 	New Lithuanian sudoers translation from translationproject.org
 7658: 	[10436b649035]
 7659: 
 7660: 	* plugins/sudoers/po/ja.po:
 7661: 	Update from translationproject.org
 7662: 	[acb8db5f8ef1]
 7663: 
 7664: 2012-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 7665: 
 7666: 	* plugins/sudoers/ldap.c:
 7667: 	When adding gids to the LDAP filter, only add the primary gid once.
 7668: 	This is consistent with the space computation/allocation. From Eric
 7669: 	Lakin
 7670: 	[35d9d99c92c6]
 7671: 
 7672: 	* doc/TROUBLESHOOTING:
 7673: 	Add entry for AIX enhanced RBAC config.
 7674: 	[5e10b6f8def7]
 7675: 
 7676: 	* mkpkg:
 7677: 	Target Mac OS X 10.5 when building packages.
 7678: 	[06fce9bbebee]
 7679: 
 7680: 2012-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 7681: 
 7682: 	* MANIFEST, common/Makefile.in, common/secure_path.c,
 7683: 	common/sudo_conf.c, include/secure_path.h,
 7684: 	plugins/sudoers/Makefile.in, plugins/sudoers/sudoers.c:
 7685: 	Relax the user/group/mode checks on sudoers files. As long as the
 7686: 	file is owned by the right user, not world-writable and not writable
 7687: 	by a group other than the one specified at configure time (gid 0 by
 7688: 	default), the file is considered OK. Note that visudo will still set
 7689: 	the mode to the value specified at configure time.
 7690: 	[241174babfcc]
 7691: 
 7692: 2012-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 7693: 
 7694: 	* plugins/sudoers/set_perms.c:
 7695: 	Add AIX-specific version of permission setting code to make sure
 7696: 	that the saved uid gets restored properly.
 7697: 	[9a6f5d22c301]
 7698: 
 7699: 	* config.h.in, configure, configure.in, src/exec_common.c:
 7700: 	Check for LD_PRELOAD variants in configure instead of checkign cpp
 7701: 	symbols. In disable_execute(), compute the length of the new envp
 7702: 	and allocate it once instead of reallocating on demand. Also append
 7703: 	old value of LD_PRELOAD (if any) to the new value.
 7704: 	[680266346917]
 7705: 
 7706: 	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
 7707: 	Fix the description of noexec.
 7708: 	[6a6d142f3c80]
 7709: 
 7710: 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
 7711: 	The "op" parameter to set_default() must be int, not bool since it
 7712: 	is set to '+' or '-' for list add and subtract.
 7713: 	[8da5b137bea2]
 7714: 
 7715: 	* sudo.pp:
 7716: 	Make sure sudoers is writable before calling ed script.
 7717: 	[95352ab6336b]
 7718: 
 7719: 2012-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 7720: 
 7721: 	* doc/CONTRIBUTORS, doc/contributors.pod:
 7722: 	Update contributors. Now includes translators and authors of compat
 7723: 	code.
 7724: 	[4fb5b616b50a]
 7725: 
 7726: 2012-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 7727: 
 7728: 	* src/po/sudo.pot:
 7729: 	regen
 7730: 	[2c86e2c328fe]
 7731: 
 7732: 	* pp, sudo.pp:
 7733: 	Build flat packages, not package bundles, on Mac OS X.
 7734: 	[57bda3cd5520]
 7735: 
 7736: 2012-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 7737: 
 7738: 	* sudo.pp:
 7739: 	Move macos section to be with the other OS-specific sections.
 7740: 	[51423bb2973a]
 7741: 
 7742: 	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 7743: 	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po:
 7744: 	Sync with translationproject.org
 7745: 	[8ce41cbb8da0]
 7746: 
 7747: 	* configure, configure.in:
 7748: 	Don't permanently add -D_FORTIFY_SOURCE=2 to CPPFLAGS
 7749: 	[fa979aa6fe7d]
 7750: 
 7751: 	* sudo.pp:
 7752: 	Add Mac OS X support, printing the latest chunk of the NEWS file and
 7753: 	the license text in the installer.
 7754: 	[ffeab72387c0]
 7755: 
 7756: 	* sudo.pp:
 7757: 	Add explicit file modes that match those used by "make install"
 7758: 	[7eb37242c920]
 7759: 
 7760: 	* pp:
 7761: 	Sync with upstream for Mac OS X fixes.
 7762: 	[97cba179041e]
 7763: 
 7764: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 7765: 	Got back to using "install-sh -M" for files installed as non-
 7766: 	readable by owner. This fixes "make install" as non-root for package
 7767: 	building.
 7768: 	[967804ee77d6]
 7769: 
 7770: 2012-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 7771: 
 7772: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
 7773: 	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 7774: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 7775: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 7776: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
 7777: 	Sync with translationproject.org
 7778: 	[0e53db12039a]
 7779: 
 7780: 	* Makefile.in, doc/Makefile.in, include/Makefile.in,
 7781: 	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
 7782: 	plugins/sudoers/Makefile.in, src/Makefile.in:
 7783: 	Use -m not -M for install-sh for everything except setuid. Install
 7784: 	locale .mo files mode 0444, not 0644. If timedir parent doesn't
 7785: 	exist, use default dir mode, not 0700.
 7786: 	[8b6f64c92090]
 7787: 
 7788: 2012-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 7789: 
 7790: 	* pp:
 7791: 	Re-sync with upstream; no longer need a local patch.
 7792: 	[97a2c7be5e59]
 7793: 
 7794: 	* mkpkg:
 7795: 	Add support for building Mac OS X packages.
 7796: 	[94d49ac223a4]
 7797: 
 7798: 	* pp:
 7799: 	Sync with upstream
 7800: 	[1c97654fc841]
 7801: 
 7802: 	* src/Makefile.in:
 7803: 	No longer need to define _PATH_SUDO_CONF here.
 7804: 	[2560905b7482]
 7805: 
 7806: 	* src/exec_common.c:
 7807: 	Fix noexec for Mac OS X.
 7808: 	[b7a744bca2c0]
 7809: 
 7810: 2012-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 7811: 
 7812: 	* common/Makefile.in:
 7813: 	Move _PATH_SUDO_CONF override to common to match sudo_debug.c
 7814: 	[f0788972a63a]
 7815: 
 7816: 	* plugins/sudoers/set_perms.c:
 7817: 	More complete fix for LDR_PRELOAD on AIX. The addition of
 7818: 	set_perm(PERM_ROOT) before calling the nss open functions (needed to
 7819: 	avoid a GNU TLS bug) also broke LDR_PRELOAD. Setting the effective
 7820: 	and then real uid to 0 for PERM_ROOT works around the issue.
 7821: 	[5888eda051af]
 7822: 
 7823: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 7824: 	regen
 7825: 	[997fe403e219]
 7826: 
 7827: 	* src/sudo.c:
 7828: 	Set real uid to root before calling sudo_edit() or run_command() so
 7829: 	that the monitor process is owned by root and not by the user.
 7830: 	Otherwise, on AIX at least, the monitor process shows up in ps as
 7831: 	belonging to the user (and can be killed by the user).
 7832: 	[d4772d7d2fc5]
 7833: 
 7834: 	* plugins/sudoers/set_perms.c:
 7835: 	For PERM_ROOT when using setreuid(), only set the euid to 0 prior to
 7836: 	the call to setuid(0) if the current euid is non-zero. This
 7837: 	effectively restores the state of things prior to rev 7bfeb629fccb.
 7838: 	Fixes a problem on AIX where LDR_PRELOAD was not being honored for
 7839: 	the command being executed.
 7840: 	[b9b40325b4dc]
 7841: 
 7842: 	* MANIFEST, compat/pw_dup.c, config.h.in, configure, configure.in,
 7843: 	include/missing.h, src/sudo.c:
 7844: 	Make a copy of the struct passwd in exec_setup() to make sure
 7845: 	nothing in the policy init modifies it.
 7846: 	[b721261c921f]
 7847: 
 7848: 2012-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 7849: 
 7850: 	* doc/sudoers.pod:
 7851: 	update copyright
 7852: 	[f9d229d1f65e]
 7853: 
 7854: 	* common/sudo_debug.c, include/sudo_debug.h:
 7855: 	g/c now-unused debug subsystems
 7856: 	[8f21726e698f]
 7857: 
 7858: 	* doc/sudo.pod, doc/sudoers.pod:
 7859: 	Enumerate the debug subsystems used by sudo and sudoers.
 7860: 	[ac4f84293d14]
 7861: 
 7862: 2012-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 7863: 
 7864: 	* NEWS, common/sudo_conf.c, doc/sample.sudo.conf, doc/sudo.pod,
 7865: 	include/sudo_conf.h, src/sudo.c:
 7866: 	Normally, sudo disables core dumps while it is running. This
 7867: 	behavior can now be modified at run time with a line in sudo.conf
 7868: 	like "Set disable_coredumps false"
 7869: 	[ad14e0508b0d]
 7870: 
 7871: 	* NEWS:
 7872: 	Mention Spanish translation
 7873: 	[600f3205bd6e]
 7874: 
 7875: 	* common/sudo_debug.c:
 7876: 	Make sure we don't try to fall back to using the conversation
 7877: 	function for debugging in the main sudo process if we are unable to
 7878: 	open the debug file.
 7879: 	[ffa329aa908c]
 7880: 
 7881: 	* MANIFEST, src/po/es.mo, src/po/es.po:
 7882: 	Add sudo Spanish translation from translationproject.org
 7883: 	[c1906654e740]
 7884: 
 7885: 2012-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 7886: 
 7887: 	* plugins/sudoers/iolog.c:
 7888: 	Better debug subsystem usage
 7889: 	[1a31f115743c]
 7890: 
 7891: 	* src/sudo.c:
 7892: 	Remove duplicate function prototypes
 7893: 	[ae04b00532eb]
 7894: 
 7895: 2012-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 7896: 
 7897: 	* configure, configure.in:
 7898: 	Error out if user specified --with-pam but we can't find the headers
 7899: 	or library. Also throw an error if the headers are present but the
 7900: 	library is not and vice versa.
 7901: 	[d6bf3e3d0aae]
 7902: 
 7903: 2012-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 7904: 
 7905: 	* plugins/sudoers/sudoers.c:
 7906: 	Fix the sudoers permission check when the expected sudoers mode is
 7907: 	owner-writable.
 7908: 	[8b0b7e770a22]
 7909: 
 7910: 2012-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 7911: 
 7912: 	* configure, configure.in:
 7913: 	Verify that we can link executables built with -D_FORTIFY_SOURCE
 7914: 	before using it.
 7915: 	[7578215d1a95]
 7916: 
 7917: 	* src/exec_common.c:
 7918: 	Fix potential off-by-one when making a copy of the environment for
 7919: 	LD_PRELOAD insertion. Fixes bug #534
 7920: 	[cc699cd551b6]
 7921: 
 7922: 	* configure, configure.in:
 7923: 	Add rudimentary check for _FORTIFY_SOURCE support by checking for
 7924: 	__sprintf_chk, one of the functions used by gcc to support it.
 7925: 	[a992673d2ef8]
 7926: 
 7927: 	* compat/stdbool.h, config.h.in, configure, configure.in:
 7928: 	Use AC_HEADER_STDBOOL instead of checking for stdbool.h ourselves.
 7929: 	[8ba1370884b3]
 7930: 
 7931: 2012-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 7932: 
 7933: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 7934: 	regen
 7935: 	[1e0b38397705]
 7936: 
 7937: 2012-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 7938: 
 7939: 	* src/exec.c, src/sudo.c:
 7940: 	The change in 818e82ecbbfc that caused to exit when the monitor dies
 7941: 	created a race condition between the monitor exiting and the status
 7942: 	being read. All we really want to do is make sure that select()
 7943: 	notifies us that there is a status change when the monitor dies
 7944: 	unexpectedly so shutdown the socketpair connected to the monitor for
 7945: 	writing when it dies. That way we can still read the status that is
 7946: 	pending on the socket and select() on Linux will tell us that the fd
 7947: 	is ready.
 7948: 	[7fb5b30ea48d]
 7949: 
 7950: 	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_common.c,
 7951: 	src/exec_pty.c, src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h,
 7952: 	src/sudo_exec.h:
 7953: 	Refactor disable_execute() and my_execve() into exec_common.c for
 7954: 	use by sesh.c. This fixes NOEXEC when SELinux is used. Instead of
 7955: 	disabling exec in exec_setup(), disable it immediately before
 7956: 	executing the command. Adapted from a diff by Arno Schuring.
 7957: 	[ec4d8b53db6b]
 7958: 
 7959: 2012-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 7960: 
 7961: 	* aclocal.m4, configure, configure.in:
 7962: 	Add custom version of AC_CHECK_LIB that uses the extra libs in the
 7963: 	cache value name. With this we no longer need to rely on a modified
 7964: 	version of autoconf.
 7965: 	[1c3b1d482d6c]
 7966: 
 7967: 2012-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 7968: 
 7969: 	* configure, configure.in:
 7970: 	Better handling of network functions that need -lsocket -lnsl
 7971: 	[cc386342ec2b]
 7972: 
 7973: 	* src/sudo.c:
 7974: 	When setting up the execution environment, set groups before
 7975: 	gid/egid like sudo 1.7 did.
 7976: 	[928e1c5fa6c1]
 7977: 
 7978: 	* configure, configure.in:
 7979: 	Remove "WARNING: unable to find foo() trying -lsocket -lnsl"
 7980: 	[84b23cdf138f]
 7981: 
 7982: 	* plugins/sudoers/sudoers.c:
 7983: 	For "sudo -g" prepend the specified group ID to the beginning of the
 7984: 	groups list. This matches BSD convention where the effective gid is
 7985: 	the first entry in the group list. This is required on newer FreeBSD
 7986: 	where the effective gid is not tracked separately and thus
 7987: 	setgroups() changes the egid if this convention is not followed.
 7988: 	Fixes bug #532
 7989: 	[782d6909108b]
 7990: 
 7991: 2012-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 7992: 
 7993: 	* configure, configure.in:
 7994: 	Fix sh warning; use "test" instead of "["
 7995: 	[c6ee3407f65e]
 7996: 
 7997: 	* src/exec.c:
 7998: 	When not logging I/O, use a signal handler that only forwards
 7999: 	SIGINT, SIGQUIT and SIGHUP when they are user-generated signals.
 8000: 	Fixes a race in the non-I/O logging path where the command may
 8001: 	receive two keyboard-generated signals; one from the kernel and one
 8002: 	from the sudo process.
 8003: 	[9638684e786a]
 8004: 
 8005: 	* src/exec.c:
 8006: 	Back out change that put the command in its own pgrp when not
 8007: 	logging I/O. It causes problems with pipelines.
 8008: 	[4fc9c6e1e770]
 8009: 
 8010: 2012-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 8011: 
 8012: 	* compat/Makefile.in, configure, configure.in:
 8013: 	Only run compat regress tests on compat objects we actually build.
 8014: 	Fixes "make check" in the compat dir for systems that don't
 8015: 	implement character classes in fnmatch() or glob(). Bug #531
 8016: 	[a7addc305e83]
 8017: 
 8018: 2012-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 8019: 
 8020: 	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
 8021: 	Update po files from translationproject.org
 8022: 	[5ea066af1356]
 8023: 
 8024: 2012-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 8025: 
 8026: 	* sudo.pp:
 8027: 	Include parent directories in case they don't already exist. This
 8028: 	fixes a directory permissions problem with the AIX package when the
 8029: 	/usr/local directories don't already exist.
 8030: 	[a14f783dc827]
 8031: 
 8032: 	* pp:
 8033: 	sync with git version
 8034: 	[2f79d0543661]
 8035: 
 8036: 	* common/Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in:
 8037: 	regen dependencies
 8038: 	[24c92ca6c64d]
 8039: 
 8040: 	* MANIFEST, src/Makefile.in, src/sudo.c, src/sudo.h, src/ttyname.c:
 8041: 	Move tty name lookup code to its own file.
 8042: 	[58faf072cbf4]
 8043: 
 8044: 2012-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 8045: 
 8046: 	* NEWS:
 8047: 	Update with latest sudo 1.8.4 changes.
 8048: 	[a4ffe4f42528]
 8049: 
 8050: 	* config.h.in, configure, configure.in:
 8051: 	Remove obsolete template for HAVE_TIMESPEC
 8052: 	[75709007c906]
 8053: 
 8054: 	* src/sudo.c:
 8055: 	Add a check for devname() returning a fully-qualified pathname. None
 8056: 	of the devname() implementations do this today but you never know
 8057: 	when this might change.
 8058: 	[16813ace38f9]
 8059: 
 8060: 2012-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 8061: 
 8062: 	* plugins/sudoers/visudo.c:
 8063: 	For "visudo -c" also list include files that were checked when
 8064: 	everything is OK.
 8065: 	[ad6f85b35c9c]
 8066: 
 8067: 	* src/sudo.c:
 8068: 	The device name returned by devname() does not include the /dev/
 8069: 	prefix so we need to add it ourselves.
 8070: 	[b55285abb7ed]
 8071: 
 8072: 	* src/sudo.c:
 8073: 	Add debug warning if KERN_PROC sysctl fails or devname() can't
 8074: 	resolve the tty device to a name.
 8075: 	[b5a23916ba3a]
 8076: 
 8077: 	* common/sudo_debug.c:
 8078: 	The result of writev() is never checked so just cast to NULL.
 8079: 	[4be4e9b58d5b]
 8080: 
 8081: 	* plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 8082: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 8083: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 8084: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po:
 8085: 	Update Esperanto, Finnish, Polish and Ukrainian translations from
 8086: 	translationproject.org.
 8087: 	[bb91bc6ad7e9]
 8088: 
 8089: 2012-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 8090: 
 8091: 	* config.h.in, configure, configure.in, src/sudo.c:
 8092: 	Add support for determining tty via sysctl on other BSD variants.
 8093: 	[fd15f63f719a]
 8094: 
 8095: 	* configure, configure.in:
 8096: 	Only check for struct kinfo_proc.ki_tdev on systems that support
 8097: 	sysctl.
 8098: 	[109b3f07a39d]
 8099: 
 8100: 	* src/sudo.c:
 8101: 	For FreeBSD, try the KERN_PROC_PID sysctl() first, falling back on
 8102: 	ttyname() of std{in,out,err}.
 8103: 	[95969b70bd68]
 8104: 
 8105: 2012-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 8106: 
 8107: 	* config.h.in, configure, configure.in, src/sudo.c:
 8108: 	On newer FreeBSD we can get the parent's tty name via sysctl().
 8109: 	[3207290501ee]
 8110: 
 8111: 	* plugins/sudoers/testsudoers.c:
 8112: 	Include locale.h
 8113: 	[a602cd0b8c2d]
 8114: 
 8115: 	* src/sudo.c:
 8116: 	Silence a gcc warning.
 8117: 	[8c6d0e3cd534]
 8118: 
 8119: 	* plugins/sudoers/bsm_audit.c:
 8120: 	Need to include gettext.h and sudo_debug.h; from John Hein
 8121: 	[447912aa7300]
 8122: 
 8123: 	* plugins/sudoers/iolog.c:
 8124: 	Initialize the debug framework from the I/O plugin too.
 8125: 	[ce1bf44d96d2]
 8126: 
 8127: 2012-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 8128: 
 8129: 	* plugins/sudoers/testsudoers.c:
 8130: 	Enable debugging via sudo.conf.
 8131: 	[d85669c749d0]
 8132: 
 8133: 2012-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 8134: 
 8135: 	* plugins/sudoers/visudo.c:
 8136: 	Use SUDO_DEBUG_ALIAS for alias checking functions.
 8137: 	[fb84af30dc76]
 8138: 
 8139: 	* configure, configure.in:
 8140: 	More complete test for getaddrinfo() that doesn't rely on the
 8141: 	network libraries already being added to LIBS.
 8142: 	[cbaf2369f4f0]
 8143: 
 8144: 2012-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 8145: 
 8146: 	* common/aix.c:
 8147: 	Add debug support.
 8148: 	[def1bdf24485]
 8149: 
 8150: 	* configure, configure.in:
 8151: 	Need -lsocket -lnsl for getaddrinfo(3) on Solaris at least.
 8152: 	[a2ea1c2eac61]
 8153: 
 8154: 	* compat/getaddrinfo.c:
 8155: 	Include errno.h and missing.h
 8156: 	[7d15e17cc2f2]
 8157: 
 8158: 	* .hgignore:
 8159: 	ignore doc/varsub
 8160: 	[417f9fc3231b]
 8161: 
 8162: 	* configure.in, doc/visudo.pod, plugins/sudoers/Makefile.in,
 8163: 	plugins/sudoers/gram.y, plugins/sudoers/match.c,
 8164: 	plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c, src/exec.c,
 8165: 	src/parse_args.c, src/sudo.c, src/sudo.h:
 8166: 	Update copyright year.
 8167: 	[5d0ffc7dd567]
 8168: 
 8169: 	* NEWS:
 8170: 	Update for sudo 1.8.4
 8171: 	[841e3eff9844]
 8172: 
 8173: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 8174: 	regen pot files
 8175: 	[c509cb45b66a]
 8176: 
 8177: 	* plugins/sudoers/sudoreplay.c:
 8178: 	Enable debugging via sudo.conf.
 8179: 	[5087aaee8484]
 8180: 
 8181: 	* plugins/sudoers/visudo.c:
 8182: 	Enable debugging via sudo.conf.
 8183: 	[04b067c16ed3]
 8184: 
 8185: 	* plugins/sudoers/visudo.c:
 8186: 	Allow "visudo -c" to work when we only have read-only access to the
 8187: 	sudoers include files.
 8188: 	[d8c6713fe5c1]
 8189: 
 8190: 	* doc/sudo.pod, doc/visudo.pod:
 8191: 	Mention the CONTRIBUTORS file, not HISTORY in AUTHOR section. Add
 8192: 	HISTORY section in sudo that points to HISTORY file.
 8193: 	[d1f1bcb051c5]
 8194: 
 8195: 	* doc/sudo.pod, doc/sudo_plugin.pod:
 8196: 	Document Debug setting in sudo.conf and debug_flags in plugin.
 8197: 	[acfc505aa4a9]
 8198: 
 8199: 2012-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 8200: 
 8201: 	* plugins/sudoers/match.c:
 8202: 	Do not include GLOB_MARK in the flags we pass to glob(3). Fixes a
 8203: 	bug where a pattern like "/usr/*" include /usr/bin/ in the results,
 8204: 	which would be incorrectly be interpreted as if the sudoers file had
 8205: 	specified a directory. From Vitezslav Cizek.
 8206: 	[0cdb6252188c]
 8207: 
 8208: 	* INSTALL, config.h.in, configure, configure.in,
 8209: 	plugins/sudoers/auth/kerb5.c:
 8210: 	Add --enable-kerb5-instance configure option to allow people using
 8211: 	Kerberos V authentication to use a custom instance. Adapted from a
 8212: 	diff by Michael E Burr.
 8213: 	[e83af8bb7aa7]
 8214: 
 8215: 	* doc/sudo.pod, src/parse_args.c, src/sudo.c, src/sudo.h:
 8216: 	Remove -D debug_level option.
 8217: 	[cbcd05094347]
 8218: 
 8219: 	* doc/LICENSE:
 8220: 	Update copyright year.
 8221: 	[9f43dd7aa852]
 8222: 
 8223: 2012-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 8224: 
 8225: 	* plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
 8226: 	plugins/sudoers/visudo.c:
 8227: 	parse_error is now bool, not int
 8228: 	[5ea7fb6fda38]
 8229: 
 8230: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 8231: 	plugins/sudoers/parse.c:
 8232: 	Print a more sensible error if yyparse() returns non-zero but
 8233: 	yyerror() was not called.
 8234: 	[d44ec88f1183]
 8235: 
 8236: 	* plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
 8237: 	plugins/sudoers/gram.c:
 8238: 	Replace y.tab.c with the correct filename in #line directives.
 8239: 	[3c84fcb7e959]
 8240: 
 8241: 2012-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 8242: 
 8243: 	* src/sudo.c:
 8244: 	When trying to determine the tty, fall back on /proc/ppid/fd/{0,1,2}
 8245: 	if the main process's fds 0-2 are not hooked up to a tty. Adapted
 8246: 	from a diff by Zdenek Behan.
 8247: 	[b9dfce12af85]
 8248: 
 8249: 	* src/exec.c:
 8250: 	When not logging I/O, put command in its own pgrp and make that the
 8251: 	controlling pgrp if the command is in the foreground. Fixes a race
 8252: 	in the non-I/O logging path where the command may receive two
 8253: 	keyboard-generated signals; one from the kernel and one from the
 8254: 	sudo process.
 8255: 	[d0e263ce496c]
 8256: 
 8257: 2011-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 8258: 
 8259: 	* src/sudo_edit.c:
 8260: 	Quiet a bogus gcc warning.
 8261: 	[2009669e0608]
 8262: 
 8263: 	* src/parse_args.c, src/sudo.h:
 8264: 	Fix warnings related to sudo.conf accessors.
 8265: 	[08ddc29ba50b]
 8266: 
 8267: 	* common/sudo_conf.c, include/sudo_conf.h:
 8268: 	Separate sudo.conf parsing from plugin loading and move the parse
 8269: 	functions into the common lib so that visudo, etc. can use them.
 8270: 	[f1fc659a8079]
 8271: 
 8272: 	* MANIFEST, common/Makefile.in, src/Makefile.in, src/load_plugins.c,
 8273: 	src/parse_args.c, src/sudo.c, src/sudo_plugin_int.h:
 8274: 	Separate sudo.conf parsing from plugin loading and move the parse
 8275: 	functions into the common lib so that visudo, etc. can use them.
 8276: 	[e1f2cf6bd57a]
 8277: 
 8278: 	* doc/sudoers.pod, plugins/sudoers/def_data.c,
 8279: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
 8280: 	plugins/sudoers/sudoers.c, src/sudo.c:
 8281: 	Remove support for noexec_file in sudoers and the plugin API
 8282: 	[3e2fd58879b5]
 8283: 
 8284: 	* plugins/sudoers/sudoers.c:
 8285: 	Don't dump interfaces if there are none.
 8286: 	[9081bb4d3e9e]
 8287: 
 8288: 	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
 8289: 	Add missing %s printf escape to the group_plugin, iolog_dir and
 8290: 	iolog_file descriptions.
 8291: 	[7db03f2b737e]
 8292: 
 8293: 2011-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 8294: 
 8295: 	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in, src/exec.c:
 8296: 	Fix typo in visiblepw description; from Joel Pickett
 8297: 	[2fb4b26d5c2c]
 8298: 
 8299: 2011-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 8300: 
 8301: 	* MANIFEST, configure, configure.in, mkdep.pl,
 8302: 	plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
 8303: 	plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
 8304: 	plugins/sudoers/sudoers.h, src/sudo.c:
 8305: 	When running a login shell with a login_class specified, use
 8306: 	LOGIN_SETENV instead of rolling our own login.conf setenv support
 8307: 	since FreeBSD's login.conf has more than just setenv capabilities.
 8308: 	This requires us to swap the plugin-provided envp for the global
 8309: 	environ before calling setusercontext() and then stash the resulting
 8310: 	environ pointer back into the command details, which is kind of a
 8311: 	hack.
 8312: 	[ad4f1190143b]
 8313: 
 8314: 	* plugins/sudoers/Makefile.in:
 8315: 	If srcdir is "." just use the basename of the yacc/lex file when
 8316: 	generating the C version. This matches the generated files currently
 8317: 	in the repo.
 8318: 	[0b11c3df87a8]
 8319: 
 8320: 	* doc/Makefile.in, plugins/sudoers/Makefile.in:
 8321: 	Clean up the DEVEL noise
 8322: 	[9de2afe457fd]
 8323: 
 8324: 	* src/exec.c:
 8325: 	Handle different Unix domain socket (actually socketpair) semantics
 8326: 	in BSD vs. Linux. In BSD if one end of the socketpair goes away
 8327: 	select() returns the fd as readable and the read will fail with
 8328: 	ECONNRESET. This doesn't appear to happen on Linux so if we notice
 8329: 	that the monitor process has died when I/O logging is enabled,
 8330: 	behave like the command has exited. This means we log the wait
 8331: 	status of the monitor, not the command, but there is nothing else we
 8332: 	can do at that point. This should only be an issue if SIGKILL is
 8333: 	sent to the monitor process.
 8334: 	[818e82ecbbfc]
 8335: 
 8336: 	* src/exec_pty.c:
 8337: 	Catch common signals in the monitor process so they get passed to
 8338: 	the command. Fixes a problem when the entire login session is killed
 8339: 	when ssh is disconnected or the terminal window is closed.
 8340: 	Previously, the monitor would exit and plugin's close method would
 8341: 	not be called.
 8342: 	[0e4658263138]
 8343: 
 8344: 	* INSTALL, configure, configure.in:
 8345: 	Mention how to configure pam_hpsec on HP-UX to play nicely with
 8346: 	sudo.
 8347: 	[a7294cd8ce98]
 8348: 
 8349: 2011-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 8350: 
 8351: 	* plugins/sudoers/ldap.c:
 8352: 	Escape values in the search expression as per RFC 4515.
 8353: 	[c2adbc5db92b]
 8354: 
 8355: 	* doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
 8356: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
 8357: 	src/Makefile.in:
 8358: 	No need for install target to depend explicitly on install-dirs, the
 8359: 	install-foo targets all depend on it.
 8360: 	[62a36ed98279]
 8361: 
 8362: 2011-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 8363: 
 8364: 	* .hgignore:
 8365: 	ignore src/sesh
 8366: 	[463d492f6782]
 8367: 
 8368: 	* MANIFEST, common/Makefile.in, configure, configure.in, mkdep.pl,
 8369: 	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
 8370: 	plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
 8371: 	plugins/sudoers/login_class.c, plugins/sudoers/sudoers.c,
 8372: 	plugins/sudoers/sudoers.h, src/Makefile.in:
 8373: 	Add support for setenv entries in login.conf. We can't use
 8374: 	LOGIN_SETENV since the plugin sets up the envp the command is
 8375: 	executed with. Also regen the Makefile.in files while here. Fixes
 8376: 	bug #527
 8377: 	[088d507926e2]
 8378: 
 8379: 2011-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 8380: 
 8381: 	* MANIFEST, aclocal.m4, compat/getaddrinfo.c, compat/getaddrinfo.h,
 8382: 	config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
 8383: 	src/net_ifs.c:
 8384: 	Add getaddrinfo() for those without it, written by Russ Allbery
 8385: 	[4cf9ac831222]
 8386: 
 8387: 	* doc/Makefile.in:
 8388: 	Restore PACKAGE_TARNAME, it is used in docdir
 8389: 	[9d65e893edb1]
 8390: 
 8391: 	* MANIFEST, compat/stdbool.h:
 8392: 	SunPro C Compiler also has a _Bool builtin. Also add stdbool.h to
 8393: 	the MANIFEST
 8394: 	[e67700dc5621]
 8395: 
 8396: 	* common/atobool.c, common/term.c, src/exec.c:
 8397: 	Remove duplicate return statements.
 8398: 	[48a20d5215fd]
 8399: 
 8400: 	* plugins/sudoers/auth/bsdauth.c:
 8401: 	Remove inaccurate comment
 8402: 	[e7f0265cf657]
 8403: 
 8404: 	* plugins/sudoers/auth/bsdauth.c, plugins/sudoers/sudoers.c:
 8405: 	Fetch the login class for the user we authenticate specifically when
 8406: 	using BSD authentication. That user may have a different login class
 8407: 	than what we will use to run the command. When setting the login
 8408: 	class for the command, use the target user's struct passwd, not the
 8409: 	invoking user's. Fixes bug 526
 8410: 	[21bf0af892f7]
 8411: 
 8412: 	* compat/Makefile.in, configure, configure.in, doc/Makefile.in,
 8413: 	plugins/sudoers/Makefile.in:
 8414: 	Replace @DEV@ prefix with DEVEL variable so we can do "make DEVEL=1"
 8415: 	[8ee6e0891f27]
 8416: 
 8417: 	* plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 8418: 	plugins/sudoers/regress/logging/check_wrap.c,
 8419: 	plugins/sudoers/regress/parser/check_addr.c,
 8420: 	plugins/sudoers/regress/parser/check_fill.c:
 8421: 	Fix "make check" fallout from the sudo_conv changes in sudo_debug.
 8422: 	[b0aaa63c9081]
 8423: 
 8424: 	* common/fileops.c, common/sudo_debug.c, configure, configure.in,
 8425: 	include/fileops.h, plugins/sample/Makefile.in,
 8426: 	plugins/sample/sample_plugin.c, plugins/sample_group/Makefile.in,
 8427: 	plugins/sample_group/sample_group.c, plugins/sudoers/alias.c,
 8428: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
 8429: 	plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
 8430: 	plugins/sudoers/env.c, plugins/sudoers/find_path.c,
 8431: 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
 8432: 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
 8433: 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
 8434: 	plugins/sudoers/ldap.c, plugins/sudoers/match.c,
 8435: 	plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
 8436: 	plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
 8437: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
 8438: 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
 8439: 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
 8440: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 8441: 	plugins/sudoers/visudo.c, src/exec.c, src/exec_pty.c,
 8442: 	src/load_plugins.c, src/sudo.c, src/sudo.h, src/sudo_exec.h,
 8443: 	src/sudo_plugin_int.h, src/utmp.c:
 8444: 	Use stdbool.h instead of rolling our own TRUE/FALSE macros.
 8445: 	[dcb0bbc42fc9]
 8446: 
 8447: 2011-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 8448: 
 8449: 	* compat/stdbool.h, config.h.in, configure, configure.in:
 8450: 	Add stdbool.h for systems without it.
 8451: 	[18bd9dda1dcd]
 8452: 
 8453: 	* aclocal.m4, config.h.in, configure, configure.in:
 8454: 	No longer need SUDO_CHECK_TYPE and SUDO_TYPE_* now that the default
 8455: 	includes have unistd.h in them. Add check for socklen_t for upcoming
 8456: 	getaddrinfo compat.
 8457: 	[d705465bef69]
 8458: 
 8459: 	* common/fileops.c, compat/nanosleep.c, config.h.in, configure,
 8460: 	configure.in, plugins/sudoers/interfaces.c,
 8461: 	plugins/sudoers/interfaces.h, plugins/sudoers/match_addr.c,
 8462: 	plugins/sudoers/sudoreplay.c, src/net_ifs.c:
 8463: 	Use HAVE_STRUCT_TIMESPEC and HAVE_STRUCT_IN6_ADDR instead of
 8464: 	HAVE_TIMESPEC and HAVE_IN6_ADDR respectively.
 8465: 	[fa187c9bd2be]
 8466: 
 8467: 	* src/sudo_noexec.c:
 8468: 	No longer need to include time.h here as missing.h does not use
 8469: 	time_t.
 8470: 	[fa3a089bf5b1]
 8471: 
 8472: 2011-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 8473: 
 8474: 	* plugins/sudoers/visudo.c:
 8475: 	Fix mode on sudoers as needed when the -f option is not specified.
 8476: 	[7a1c40b0dc03]
 8477: 
 8478: 	* MANIFEST, src/po/sr.mo, src/po/sr.po:
 8479: 	Add Serbian translation for sudo from translationproject.org
 8480: 	[9a0c25e25cba]
 8481: 
 8482: 	* common/sudo_debug.c, plugins/sudoers/sudoers.c, src/load_plugins.c,
 8483: 	src/parse_args.c:
 8484: 	No longer pass debug_file to plugin, plugins must now use
 8485: 	CONV_DEBUG_MSG
 8486: 	[810cda1abb0b]
 8487: 
 8488: 	* mkpkg:
 8489: 	Build PIE executables for newer Debian and Ubuntu
 8490: 	[1c5f25f8904a]
 8491: 
 8492: 	* common/sudo_debug.c:
 8493: 	Include time.h for ctime() prototype.
 8494: 	[10090cf3bca1]
 8495: 
 8496: 2011-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 8497: 
 8498: 	* common/sudo_debug.c, include/sudo_debug.h, src/exec.c,
 8499: 	src/exec_pty.c:
 8500: 	Do not close error pipe or debug fd via closefrom() as we need them
 8501: 	to report an exec error should one occur.
 8502: 	[732f6587fafa]
 8503: 
 8504: 	* doc/sudoers.ldap.pod:
 8505: 	Document that a sudoUser may now be a group ID.
 8506: 	[2fef46b9d3d3]
 8507: 
 8508: 	* plugins/sudoers/ldap.c:
 8509: 	Add support for permitting access by group ID in addition to group
 8510: 	name.
 8511: 	[b9450fdf1f69]
 8512: 
 8513: 	* plugins/sudoers/ldap.c:
 8514: 	Older Netscape LDAP SDKs don't prototype ldapssl_set_strength()
 8515: 	[d62a1e7cff4f]
 8516: 
 8517: 	* compat/fnmatch.c, compat/fnmatch.h, doc/LICENSE:
 8518: 	Replace UCB fnmatch.c with a non-recursive version written by
 8519: 	William A. Rowe Jr.
 8520: 	[354d3384adb8]
 8521: 
 8522: 	* plugins/sudoers/auth/pam.c:
 8523: 	Fix typo, return_debug vs. debug_return
 8524: 	[1b522efcbb0d]
 8525: 
 8526: 2011-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 8527: 
 8528: 	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
 8529: 	Update Japanese sudoers translation from translationproject.org
 8530: 	[ec0f2beaad36]
 8531: 
 8532: 	* doc/sudoers.pod:
 8533: 	Make the env_reset descriptions consistent.
 8534: 	[41c056f02688]
 8535: 
 8536: 2011-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 8537: 
 8538: 	* configure, configure.in:
 8539: 	Do multiple expansion when expanding paths to the noexec file, sesh
 8540: 	and the plugin directory. Adapted from a diff by Mike Frysinger
 8541: 	[d7e16c876c66]
 8542: 
 8543: 	* common/Makefile.in:
 8544: 	regen
 8545: 	[9d729e09c186]
 8546: 
 8547: 2011-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 8548: 
 8549: 	* .hgignore:
 8550: 	Add ignore file; from Mike Frysinger
 8551: 	[1fa8d52425f8]
 8552: 
 8553: 	* mkdep.pl:
 8554: 	no longer save old Makefile.in to .old
 8555: 	[378dd2395545]
 8556: 
 8557: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 8558: 	regen
 8559: 	[769faf517720]
 8560: 
 8561: 	* config.guess, config.sub, configure, ltmain.sh, m4/libtool.m4,
 8562: 	m4/ltoptions.m4, m4/ltversion.m4:
 8563: 	Update to libtool 2.4.2
 8564: 	[9dac78d84b4f]
 8565: 
 8566: 2011-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 8567: 
 8568: 	* plugins/sudoers/sudoers_version.h:
 8569: 	Bump grammar version for #include and #includedir relative path
 8570: 	support.
 8571: 	[82a4f7cd8f71]
 8572: 
 8573: 2011-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 8574: 
 8575: 	* doc/sudoers.pod, plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 8576: 	Add support for relative paths in #include and #includedir
 8577: 	[4d6e3bd0c24f]
 8578: 
 8579: 	* plugins/sudoers/Makefile.in:
 8580: 	Fix install-plugin when shared objects are unsupported or disabled.
 8581: 	[cbdd770a7a1b]
 8582: 
 8583: 	* plugins/sudoers/goodpath.c:
 8584: 	Don't write to sbp if it is NULL
 8585: 	[fc438f8e8570]
 8586: 
 8587: 2011-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 8588: 
 8589: 	* Makefile.in:
 8590: 	Remove all sudo/sudoers .mo files on uninstall If LINGUAS is set,
 8591: 	only install matching .mo files
 8592: 	[c1dc30ab4ebc]
 8593: 
 8594: 2011-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 8595: 
 8596: 	* plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
 8597: 	plugins/sudoers/sudoers.c, src/conversation.c:
 8598: 	Fix non-dynamic (no dlopen) sudo build.
 8599: 	[b0bd3fa925a3]
 8600: 
 8601: 	* configure, configure.in:
 8602: 	Don't error out if the user specified --disable-shared
 8603: 	[cf035dd1e5cc]
 8604: 
 8605: 	* common/sudo_debug.c, plugins/sudoers/sudoreplay.c,
 8606: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
 8607: 	src/conversation.c:
 8608: 	Use SUDO_CONV_DEBUG_MSG in the plugin instead of writing directly to
 8609: 	the debug file.
 8610: 	[640c62f83251]
 8611: 
 8612: 	* plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
 8613: 	plugins/sudoers/sudoers.h:
 8614: 	Make sudo_goodpath() return value bolean
 8615: 	[fea2d59a6e55]
 8616: 
 8617: 	* INSTALL, MANIFEST, configure, configure.in, mkdep.pl,
 8618: 	plugins/sudoers/Makefile.in, plugins/sudoers/auth/securid.c:
 8619: 	Remove obsolete securid auth method.
 8620: 	[4e54f860214b]
 8621: 
 8622: 	* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
 8623: 	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
 8624: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
 8625: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
 8626: 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
 8627: 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
 8628: 	plugins/sudoers/auth/sudo_auth.h:
 8629: 	Prefix authentication functions with a "sudo_" prefix to avoid
 8630: 	namespace problems.
 8631: 	[581d74063ea1]
 8632: 
 8633: 	* INSTALL, MANIFEST, config.h.in, configure, configure.in,
 8634: 	doc/TROUBLESHOOTING, mkdep.pl, plugins/sudoers/Makefile.in,
 8635: 	plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/sudo_auth.c,
 8636: 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/env.c:
 8637: 	Remove the old Kerberos IV support
 8638: 	[2e4b4a44209d]
 8639: 
 8640: 2011-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 8641: 
 8642: 	* plugins/sudoers/check.c:
 8643: 	Don't print garbage at the end of the custom lecture.
 8644: 	[44bb788fafaa]
 8645: 
 8646: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 8647: 	Add lexer tracing as debug@parser
 8648: 	[d850f3f9d414]
 8649: 
 8650: 	* plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
 8651: 	plugins/sudoers/defaults.h, plugins/sudoers/gram.c,
 8652: 	plugins/sudoers/match.c, plugins/sudoers/parse.c,
 8653: 	plugins/sudoers/regress/parser/check_fill.c,
 8654: 	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
 8655: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 8656: 	plugins/sudoers/visudo.c:
 8657: 	Revert 003bdb078a15. We need to #include <gram.h> not "gram.h" and
 8658: 	<def_data.h> and not "def_data.h" when generating the parser in a
 8659: 	build dir.
 8660: 	[7da701def753]
 8661: 
 8662: 2011-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 8663: 
 8664: 	* mkdep.pl, plugins/sudoers/Makefile.in:
 8665: 	Better devdir support in mkdep.pl
 8666: 	[7dcec57bd155]
 8667: 
 8668: 	* plugins/sudoers/Makefile.in:
 8669: 	Add devdir before srcdir in include path and fix up dependecies
 8670: 	accordingly.
 8671: 	[6e9958eca485]
 8672: 
 8673: 	* plugins/sudoers/alias.c, plugins/sudoers/defaults.c,
 8674: 	plugins/sudoers/defaults.h, plugins/sudoers/match.c,
 8675: 	plugins/sudoers/parse.c, plugins/sudoers/testsudoers.c,
 8676: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
 8677: 	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
 8678: 	#include "gram.h" not <gram.h> and "def_data.h" and not
 8679: 	<def_data.h>.
 8680: 	[003bdb078a15]
 8681: 
 8682: 	* sudo.pp:
 8683: 	Mark libexec files as optional. If we build without shared object
 8684: 	support, libexec is not used.
 8685: 	[4bffcf482219]
 8686: 
 8687: 	* src/load_plugins.c:
 8688: 	Change Debug sudo.conf setting to take a program name as the first
 8689: 	argument. In the future, this will allow visudo and sudoreplay to
 8690: 	use their own Debug entries.
 8691: 	[cfb8f7e4867c]
 8692: 
 8693: 	* src/sudo.c:
 8694: 	fix sudo_debug_printf priority
 8695: 	[dcb67e965609]
 8696: 
 8697: 	* plugins/sudoers/sudoers.c:
 8698: 	add missing debug_return_int
 8699: 	[d88ec450c592]
 8700: 
 8701: 2011-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 8702: 
 8703: 	* common/sudo_debug.c, include/error.h, include/sudo_debug.h,
 8704: 	plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c:
 8705: 	Fold SUDO_DEBUG_PROGERR and SUDO_DEBUG_SYSERR into SUDO_DEBUG_ERROR
 8706: 	[dcee8efc294f]
 8707: 
 8708: 	* doc/UPGRADE:
 8709: 	Add missing word in HOME security note.
 8710: 	[fd844fdcc1ac]
 8711: 
 8712: 	* plugins/sudoers/testsudoers.c:
 8713: 	Prevent "testsudoers -d username" from trying to malloc(0).
 8714: 	[839126e56e8c]
 8715: 
 8716: 2011-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 8717: 
 8718: 	* plugins/sudoers/regress/sudoers/test10.in,
 8719: 	plugins/sudoers/regress/sudoers/test10.out.ok,
 8720: 	plugins/sudoers/regress/sudoers/test10.toke.ok,
 8721: 	plugins/sudoers/regress/sudoers/test10.toke.out.ok,
 8722: 	plugins/sudoers/regress/sudoers/test11.in,
 8723: 	plugins/sudoers/regress/sudoers/test11.out.ok,
 8724: 	plugins/sudoers/regress/sudoers/test11.toke.ok,
 8725: 	plugins/sudoers/regress/sudoers/test11.toke.out.ok,
 8726: 	plugins/sudoers/regress/sudoers/test12.in,
 8727: 	plugins/sudoers/regress/sudoers/test12.out.ok,
 8728: 	plugins/sudoers/regress/sudoers/test12.toke.ok,
 8729: 	plugins/sudoers/regress/sudoers/test13.in,
 8730: 	plugins/sudoers/regress/sudoers/test13.out.ok,
 8731: 	plugins/sudoers/regress/sudoers/test13.toke.ok,
 8732: 	plugins/sudoers/regress/sudoers/test9.in,
 8733: 	plugins/sudoers/regress/sudoers/test9.out.ok,
 8734: 	plugins/sudoers/regress/sudoers/test9.toke.ok,
 8735: 	plugins/sudoers/regress/sudoers/test9.toke.out.ok:
 8736: 	Tests for empty sudoers (should parse OK) and syntax errors within a
 8737: 	line (should report correct line number) both with and without the
 8738: 	trailing newline.
 8739: 	[d57c879c4718]
 8740: 
 8741: 	* plugins/sudoers/regress/sudoers/test4.out.ok,
 8742: 	plugins/sudoers/regress/sudoers/test5.out.ok,
 8743: 	plugins/sudoers/regress/sudoers/test7.out.ok,
 8744: 	plugins/sudoers/regress/sudoers/test8.out.ok,
 8745: 	plugins/sudoers/testsudoers.c:
 8746: 	Print line number when there is a parser error.
 8747: 	[5444ef6ac6dc]
 8748: 
 8749: 2011-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 8750: 
 8751: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
 8752: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
 8753: 	Keep track of the last token returned. On error, if the last token
 8754: 	was COMMENT, decrement sudolineno since the error most likely
 8755: 	occurred on the preceding line. Previously we always uses
 8756: 	sudolineno-1 which will give the wrong line number for errors within
 8757: 	a line.
 8758: 	[d661a03a64da]
 8759: 
 8760: 2011-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 8761: 
 8762: 	* NEWS:
 8763: 	update with sudo 1.8.3p1 info
 8764: 	[0f79ff31f602]
 8765: 
 8766: 	* plugins/sudoers/sudoers.c:
 8767: 	Fix crash when "sudo -g group -i" is run. Fixes bug 521
 8768: 	[a3087ae337c4]
 8769: 
 8770: 2011-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 8771: 
 8772: 	* plugins/sudoers/visudo.c:
 8773: 	Make alias_remove_recursive() return TRUE/FALSE as its callers
 8774: 	expect and remove two unused arguments. Fixes bug 519.
 8775: 	[2ee3b2882844]
 8776: 
 8777: 	* plugins/sudoers/regress/visudo/test1.out.ok,
 8778: 	plugins/sudoers/regress/visudo/test1.sh:
 8779: 	Add regress test for bugzilla 519
 8780: 	[48000ebedf97]
 8781: 
 8782: 	* plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 8783: 	plugins/sudoers/regress/logging/check_wrap.c,
 8784: 	plugins/sudoers/regress/parser/check_addr.c,
 8785: 	plugins/sudoers/regress/parser/check_fill.c:
 8786: 	Disable warning/error wrapping in regress tests.
 8787: 	[373c589ba561]
 8788: 
 8789: 2011-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 8790: 
 8791: 	* Makefile.in:
 8792: 	Do compile-po as part of sync-po so that the .mo files get rebuild
 8793: 	automatically when we sync with translationproject.org
 8794: 	[83f3cbfc2f33]
 8795: 
 8796: 	* plugins/sudoers/Makefile.in:
 8797: 	check_addr needs to link with the network libraries on Solaris
 8798: 	[322bd70e316e]
 8799: 
 8800: 	* plugins/sudoers/match.c:
 8801: 	When matching a RunasAlias for a runas group, pass the alias in as
 8802: 	the group_list, not the user_list. From Daniel Kopecek.
 8803: 	[766545edf141]
 8804: 
 8805: 	* plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
 8806: 	We need to init the auth system regardless of whether we need a
 8807: 	password since we will be closing the PAM session in the monitor
 8808: 	process. Fixes a crash in the monitor on Solaris; bugzilla #518
 8809: 	[e82809f86fb3]
 8810: 
 8811: 2011-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 8812: 
 8813: 	* src/exec.c:
 8814: 	Get rid of done: label. If the child exits we still need to close
 8815: 	the pty, update utmp and restore the SELinux tty context.
 8816: 	[cc127bf48405]
 8817: 
 8818: 2011-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 8819: 
 8820: 	* common/Makefile.in, common/atobool.c, common/fileops.c,
 8821: 	common/fmt_string.c, common/lbuf.c, common/list.c,
 8822: 	common/setgroups.c, common/term.c, plugins/sudoers/Makefile.in,
 8823: 	plugins/sudoers/alias.c, plugins/sudoers/audit.c,
 8824: 	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
 8825: 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
 8826: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
 8827: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
 8828: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
 8829: 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
 8830: 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
 8831: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/boottime.c,
 8832: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
 8833: 	plugins/sudoers/defaults.c, plugins/sudoers/env.c,
 8834: 	plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
 8835: 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
 8836: 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
 8837: 	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
 8838: 	plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
 8839: 	plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
 8840: 	plugins/sudoers/logwrap.c, plugins/sudoers/match.c,
 8841: 	plugins/sudoers/match_addr.c, plugins/sudoers/parse.c,
 8842: 	plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
 8843: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
 8844: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 8845: 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
 8846: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
 8847: 	src/Makefile.in, src/conversation.c, src/exec.c, src/exec_pty.c,
 8848: 	src/get_pty.c, src/load_plugins.c, src/net_ifs.c, src/parse_args.c,
 8849: 	src/selinux.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
 8850: 	src/tgetpass.c, src/ttysize.c, src/utmp.c:
 8851: 	Add debug_decl/debug_return (almost) everywhere. Remove old
 8852: 	sudo_debug() and convert users to sudo_debug_printf().
 8853: 	[8f3bbf907b67]
 8854: 
 8855: 	* common/alloc.c, include/error.h, plugins/sudoers/plugin_error.c,
 8856: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
 8857: 	plugins/sudoers/visudo.c, src/error.c:
 8858: 	Wrap error/errorx and warning/warningx functions with debug
 8859: 	statements. Disable wrapping for standalone sudoers programs as well
 8860: 	as memory allocation functions (to avoid infinite recursion).
 8861: 	[562ed7b5ae8d]
 8862: 
 8863: 	* README, config.h.in, configure, configure.in:
 8864: 	Add checks for __func__ and __FUNCTION__ and mention that we now
 8865: 	require a cpp that supports variadic macros.
 8866: 	[314cfe4c5d23]
 8867: 
 8868: 	* MANIFEST, common/Makefile.in, common/sudo_debug.c,
 8869: 	include/sudo_debug.h, include/sudo_plugin.h, src/conversation.c,
 8870: 	src/load_plugins.c, src/parse_args.c, src/sudo.c,
 8871: 	src/sudo_plugin_int.h:
 8872: 	New debug framework for sudo and plugins using /etc/sudo.conf that
 8873: 	also supports function call tracing.
 8874: 	[cded741e9f10]
 8875: 
 8876: 2011-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 8877: 
 8878: 	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po:
 8879: 	Update Japanese sudoers translation from translationproject.org
 8880: 	[c24725775e32]
 8881: 
 8882: 2011-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 8883: 
 8884: 	* configure, configure.in:
 8885: 	Override and ignore the --disable-static option. Sudo already runs
 8886: 	libtool with -tag=disable-static where applicable and we need non-
 8887: 	PIC objects to build the executables.
 8888: 	[aff1227b853a]
 8889: 
 8890: 2011-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 8891: 
 8892: 	* NEWS:
 8893: 	Add sudoedit fix
 8894: 	[74655c7ccad1]
 8895: 
 8896: 	* plugins/sudoers/po/sudoers.pot:
 8897: 	regen pot files
 8898: 	[28d89a831ed3]
 8899: 
 8900: 	* plugins/sudoers/env.c:
 8901: 	Ignore set_logname (which is now the default) for sudoedit since we
 8902: 	want the LOGNAME, USER and USERNAME environment variables to refer
 8903: 	to the calling user since that is who the editor runs as. This
 8904: 	allows the editor to find the user's startup files. Fixes bugzilla
 8905: 	#515
 8906: 	[6c5dddf5ff05]
 8907: 
 8908: 	* plugins/sudoers/pwutil.c:
 8909: 	Instead of trying to grow the buffer in make_grlist_item(), simply
 8910: 	increase the total length, free the old buffer and allocate a new
 8911: 	one. This is less error prone and saves us from having to adjust all
 8912: 	the pointers in the buffer. This code path is only taken when there
 8913: 	are groups longer than the length of the user field in struct utmp
 8914: 	or utmpx, which should be quite rare.
 8915: 	[5587dc8cffaf]
 8916: 
 8917: 	* src/po/it.mo:
 8918: 	Add Italian translation for sudo from translationproject.org
 8919: 	[1b3dd886e7e3]
 8920: 
 8921: 	* MANIFEST, NEWS, plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
 8922: 	src/po/ja.mo, src/po/ja.po:
 8923: 	Japanese translation for sudo and sudoers from
 8924: 	translationproject.org
 8925: 	[c06dd866be6e]
 8926: 
 8927: 2011-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 8928: 
 8929: 	* plugins/sudoers/Makefile.in:
 8930: 	sudoreplay depends on timestr.lo too; from Mike Frysinger
 8931: 	[b9e73214b2f1]
 8932: 
 8933: 2011-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 8934: 
 8935: 	* plugins/sudoers/po/sudoers.pot:
 8936: 	Regen sudoers pot file.
 8937: 	[019588bafdb3]
 8938: 
 8939: 	* NEWS:
 8940: 	Update with latest sudo 1.8.3 news
 8941: 	[6868042a88e9]
 8942: 
 8943: 	* plugins/sudoers/sudoers.c:
 8944: 	It appears that LDAP or NSS may modify the euid so we need to be
 8945: 	root for the open(). We restore the old perms at the end of
 8946: 	sudoers_policy_open().
 8947: 	[2da67a5497ef]
 8948: 
 8949: 	* plugins/sudoers/set_perms.c:
 8950: 	Better warning message on setuid() failure for the setreuid()
 8951: 	version of set_perms().
 8952: 	[07abcfe7bd9a]
 8953: 
 8954: 2011-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 8955: 
 8956: 	* plugins/sudoers/check.c:
 8957: 	Delref auth_pw at the end of check_user() instead of getting a ref
 8958: 	twice.
 8959: 	[cb665f55e6a5]
 8960: 
 8961: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c:
 8962: 	Make sudo_auth_{init,cleanup} return TRUE on success and check for
 8963: 	sudo_auth_init() return value in check_user().
 8964: 	[92631c919356]
 8965: 
 8966: 	* plugins/sudoers/auth/sudo_auth.c:
 8967: 	Do not return without restoring permissions.
 8968: 	[59ef40b6696a]
 8969: 
 8970: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 8971: 	regen pot files
 8972: 	[9f320a340b7c]
 8973: 
 8974: 	* plugins/sudoers/auth/API, plugins/sudoers/auth/bsdauth.c,
 8975: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
 8976: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
 8977: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
 8978: 	plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
 8979: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
 8980: 	plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
 8981: 	plugins/sudoers/sudoers.h:
 8982: 	Modify the authentication API such that the init and cleanup
 8983: 	functions are always called, regardless of whether or not we are
 8984: 	going to verify a password. This is needed for proper PAM session
 8985: 	support.
 8986: 	[19a53f3fb596]
 8987: 
 8988: 	* compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
 8989: 	Add missing dependency for getspwuid.lo and regen other depends.
 8990: 	[f7f70eae819a]
 8991: 
 8992: 	* plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
 8993: 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/sudoers.c:
 8994: 	Fix a PAM_USER mismatch in session open/close. We update PAM_USER to
 8995: 	the target user immediately before setting resource limits, which is
 8996: 	after the monitor process has forked (so it has the old value).
 8997: 	Also, if the user did not authenticate, there is no pamh in the
 8998: 	monitor so we need to init pam here too. This means we end up
 8999: 	calling pam_start() twice, which should be fixed, but at least the
 9000: 	session is always properly closed now.
 9001: 	[fbc063a2a872]
 9002: 
 9003: 	* src/utmp.c:
 9004: 	Add check for old being NULL in utmp_setid(); from Steven McDonald
 9005: 	[e87126442f2e]
 9006: 
 9007: 2011-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 9008: 
 9009: 	* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
 9010: 	plugins/sudoers/sudoers.h:
 9011: 	If the invoking user cannot be resolved by uid fake the struct
 9012: 	passwd and store it in the cache so we can delref it on exit.
 9013: 	[a27e2f8b9f5e]
 9014: 
 9015: 2011-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
 9016: 
 9017: 	* plugins/sudoers/sudoers.c:
 9018: 	Don't error out if the group plugin cannot be loaded, just warn.
 9019: 	[0fbfcd381e33]
 9020: 
 9021: 2011-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 9022: 
 9023: 	* plugins/sudoers/sudoers.c:
 9024: 	Quiet a false positive found by several static analysis tools. These
 9025: 	tools don't know that log_error() does not return (it longjmps to
 9026: 	error_jmp which returns to the sudo front-end).
 9027: 	[33d0469df21b]
 9028: 
 9029: 2011-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 9030: 
 9031: 	* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/eo.mo,
 9032: 	plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
 9033: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/zh_CN.mo, src/po/it.po:
 9034: 	Add Italian translation for sudo from translationproject.org Regen
 9035: 	.mo files
 9036: 	[c3c888a82be6]
 9037: 
 9038: 2011-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
 9039: 
 9040: 	* doc/TROUBLESHOOTING:
 9041: 	Update to current reality and add bit about ssh auth
 9042: 	[184a1e7c2eeb]
 9043: 
 9044: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
 9045: 	Make "verbose" static; fixes a namespace clash with
 9046: 	pam_ssh_agent_auth (and it doesn't need to be extern these days).
 9047: 	[cc38d2eb2f4c]
 9048: 
 9049: 	* config.h.in, configure, configure.in, src/get_pty.c:
 9050: 	FreeBSD has libutil.h not util.h
 9051: 	[dab4c94b6d4f]
 9052: 
 9053: 	* configure, configure.in:
 9054: 	Define _BSD_SOURCE on FreeBSD, OpenBSD and DragonflyBSD
 9055: 	[41c362f0a92a]
 9056: 
 9057: 2011-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 9058: 
 9059: 	* plugins/sudoers/po/da.po, plugins/sudoers/po/eo.po,
 9060: 	plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po,
 9061: 	plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po:
 9062: 	Update po files from translationproject.org
 9063: 	[1e99e147c7fa]
 9064: 
 9065: 2011-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
 9066: 
 9067: 	* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
 9068: 	Add support for DEREF in ldap.conf.
 9069: 	[3c1937a98547]
 9070: 
 9071: 	* Makefile.in:
 9072: 	install target should depend on ChangeLog too, not just install-doc
 9073: 	[1a7c83941175]
 9074: 
 9075: 	* doc/sudoers.pod:
 9076: 	Only iolog_file (not iolog_dir) supports mktemp-style suffixes.
 9077: 	[0eca47d60a2c]
 9078: 
 9079: 	* NEWS:
 9080: 	Sync with 1.8 branch for sudo 1.8.2 and 1.8.3 changes.
 9081: 	[0501415cc5ff]
 9082: 
 9083: 	* doc/UPGRADE:
 9084: 	Document group lookup change and possible side effects.
 9085: 	[585743e1ebf7]
 9086: 
 9087: 	* configure, configure.in:
 9088: 	Fix some square brackets in case statements that needed to be
 9089: 	doubled up. While here, use $OSMAJOR when it makes sense.
 9090: 	[8973343f4696]
 9091: 
 9092: 	* plugins/sudoers/pwutil.c:
 9093: 	Fix a crash in make_grlist_item() on 64-bit machines with strict
 9094: 	alignment.
 9095: 	[c89508c73c46]
 9096: 
 9097: 	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
 9098: 	Remove list_options() function that is no longer used now that "sudo
 9099: 	-L" is gone.
 9100: 	[fcc6a776c135]
 9101: 
 9102: 	* configure, configure.in:
 9103: 	Error message if user tries --with-CC
 9104: 	[ec5b478f813a]
 9105: 
 9106: 	* configure, configure.in:
 9107: 	Check for -libmldap too when looking for ldap libs, which is the
 9108: 	Tivoli Directory Server client library.
 9109: 	[bb3007a97206]
 9110: 
 9111: 2011-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 9112: 
 9113: 	* plugins/sudoers/parse.c:
 9114: 	Honor NOPASSWD tag for denied commands too.
 9115: 	[8dd92656db92]
 9116: 
 9117: 2011-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 9118: 
 9119: 	* INSTALL, configure, configure.in:
 9120: 	Remove --with-CC option; it doesn't work correctly now that we use
 9121: 	libtool. Users can get the same effect by setting the CC environment
 9122: 	variable when running configure.
 9123: 	[ec22bd1a55e0]
 9124: 
 9125: 2011-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 9126: 
 9127: 	* config.h.in, configure, configure.in, plugins/sudoers/visudo.c,
 9128: 	src/sudo_edit.c:
 9129: 	Assume all modern systems support fstat(2).
 9130: 	[6a5a8985f6a0]
 9131: 
 9132: 2011-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 9133: 
 9134: 	* compat/regress/glob/globtest.c, config.h.in, configure,
 9135: 	configure.in, include/missing.h, plugins/sudoers/sudoers.h,
 9136: 	src/sudo.h, src/sudo_noexec.c:
 9137: 	Add configure test for missing errno declaration and only declare it
 9138: 	ourselves if it is missing.
 9139: 	[456e76c809a2]
 9140: 
 9141: 	* plugins/sudoers/alias.c:
 9142: 	Include errno.h before sudo.h to avoid conflicting with the system
 9143: 	definition of errno.
 9144: 	[d0b97e392512]
 9145: 
 9146: 2011-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 9147: 
 9148: 	* plugins/sudoers/regress/parser/check_addr.c:
 9149: 	Only print individual check status when there is a failure.
 9150: 	[2ac704c91441]
 9151: 
 9152: 	* plugins/sudoers/regress/iolog_path/check_iolog_path.c,
 9153: 	plugins/sudoers/regress/logging/check_wrap.c,
 9154: 	plugins/sudoers/regress/parser/check_addr.c:
 9155: 	Add calls to setprogname() for test programs.
 9156: 	[a8d9b420e826]
 9157: 
 9158: 	* configure, configure.in:
 9159: 	Add -Wall and -Werror after all tests so they don't cause failures.
 9160: 	[2661188ff3fa]
 9161: 
 9162: 	* plugins/sudoers/Makefile.in:
 9163: 	Actually run check_addr in the check target
 9164: 	[0b2778bc86bf]
 9165: 
 9166: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/match.c,
 9167: 	plugins/sudoers/match_addr.c,
 9168: 	plugins/sudoers/regress/parser/check_addr.c,
 9169: 	plugins/sudoers/regress/parser/check_addr.in:
 9170: 	Split out address matching into its own file and add regression
 9171: 	tests for it.
 9172: 	[12b9a2bf8dba]
 9173: 
 9174: 2011-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 9175: 
 9176: 	* plugins/sudoers/match.c:
 9177: 	When matching an address with a netmask in sudoers, AND the mask and
 9178: 	addr before checking against the local addresses.
 9179: 	[9747bb6d7b1c]
 9180: 
 9181: 2011-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 9182: 
 9183: 	* plugins/sudoers/match.c:
 9184: 	Fix netmask matching.
 9185: 	[a3c8f8cc1464]
 9186: 
 9187: 	* plugins/sudoers/visudo.c:
 9188: 	Don't assume all editors support the +linenumber command line
 9189: 	argument, use a whitelist of known good editors.
 9190: 	[21d43a91fd10]
 9191: 
 9192: 2011-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 9193: 
 9194: 	* plugins/sudoers/set_perms.c, plugins/sudoers/visudo.c, src/exec.c,
 9195: 	src/exec_pty.c, src/sudo.c:
 9196: 	Silence compiler warnings on Solaris with gcc 3.4.3
 9197: 	[da620bae6fdb]
 9198: 
 9199: 	* mkpkg:
 9200: 	Fix building on RHEL 3
 9201: 	[f3227fb2a252]
 9202: 
 9203: 	* INSTALL, configure, configure.in:
 9204: 	Add --enable-werror configure option.
 9205: 	[fec2cdb95543]
 9206: 
 9207: 	* common/setgroups.c:
 9208: 	setgroups() proto lives in grp.h on RHEL4, perhaps others.
 9209: 	[de91c0de5a98]
 9210: 
 9211: 	* configure, configure.in:
 9212: 	Use PAM by default on AIX 6 and higher.
 9213: 	[e16493208e5f]
 9214: 
 9215: 2011-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 9216: 
 9217: 	* MANIFEST, plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
 9218: 	src/po/eo.mo, src/po/eo.po:
 9219: 	Add new Esperanto translation from translationproject.org
 9220: 	[0d9a59e04c64]
 9221: 
 9222: 2011-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 9223: 
 9224: 	* plugins/sudoers/iolog_path.c:
 9225: 	Quiet an innocuous valgrind warning.
 9226: 	[0582b6027161]
 9227: 
 9228: 2011-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 9229: 
 9230: 	* plugins/sudoers/iolog_path.c,
 9231: 	plugins/sudoers/regress/iolog_path/data:
 9232: 	Fix expansion of strftime() escapes in log_dir and add a regress
 9233: 	test that exhibited the problem.
 9234: 	[a5c7c1c4c589]
 9235: 
 9236: 	* plugins/sudoers/Makefile.in:
 9237: 	Fix "make check" return value.
 9238: 	[33b58e175230]
 9239: 
 9240: 2011-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 9241: 
 9242: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 9243: 	Regen pot files
 9244: 	[063841aac19b]
 9245: 
 9246: 	* Makefile.in:
 9247: 	Fix logic inversion in pot file up to date check.
 9248: 	[f6a8ca8654df]
 9249: 
 9250: 2011-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
 9251: 
 9252: 	* configure, configure.in:
 9253: 	Add caching for gettext() checks.
 9254: 	[01b7200f6105]
 9255: 
 9256: 	* configure, configure.in:
 9257: 	Better handling of libintl header and library mismatch.
 9258: 	[9a49b1d4db69]
 9259: 
 9260: 2011-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 9261: 
 9262: 	* plugins/sudoers/sudoers.c:
 9263: 	Also check sudoers gid if sudoers is group writable.
 9264: 	[23ef96ca0d33]
 9265: 
 9266: 2011-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
 9267: 
 9268: 	* configure, configure.in:
 9269: 	If dlopen is present but libtool doesn't find it, error out since it
 9270: 	probably means that libtool doesn't support the system.
 9271: 	[a9da0a5f7941]
 9272: 
 9273: 	* mkpkg:
 9274: 	configure args on the command line should override builtin defaults.
 9275: 	Disable NLS for non-Linux/Solaris unless explicitly enabled.
 9276: 	[b2fb05614504]
 9277: 
 9278: 	* plugins/sudoers/auth/aix_auth.c:
 9279: 	Fix loop that calls authenticate(). If there was an error message
 9280: 	from authenticate(), display it.
 9281: 	[063a0c4f0b9a]
 9282: 
 9283: 2011-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 9284: 
 9285: 	* m4/libtool.m4, m4/ltversion.m4:
 9286: 	Update to autoconf 2.68 and libtool 2.4
 9287: 	[5a912a6eb67b]
 9288: 
 9289: 	* config.guess, config.sub, configure, configure.in, ltmain.sh:
 9290: 	Update to autoconf 2.68 and libtool 2.4
 9291: 	[931ab56aecf6]
 9292: 
 9293: 	* doc/sudoers.pod:
 9294: 	Fix typo; OPT should be OTP
 9295: 	[e97bd2e46544]
 9296: 
 9297: 	* plugins/sudoers/Makefile.in:
 9298: 	Rename libsudoers convenience library to libparsesudoers to avoid
 9299: 	libtool confusion.
 9300: 	[2a89a613f537]
 9301: 
 9302: 2011-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 9303: 
 9304: 	* MANIFEST, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
 9305: 	Add Danish sudoers translation from translationproject.org
 9306: 	[27b96e85eb13]
 9307: 
 9308: 	* plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c:
 9309: 	Add dedicated callback function for runas_default sudoers setting
 9310: 	that only sets runas_pw if no runas user or group was specified by
 9311: 	the user.
 9312: 	[b8382d8eea34]
 9313: 
 9314: 2011-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 9315: 
 9316: 	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
 9317: 	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
 9318: 	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po, src/po/ru.mo,
 9319: 	src/po/ru.po:
 9320: 	Update Finish, Polish, Russian and Ukrainian translations from
 9321: 	translationproject.org.
 9322: 	[f9339aff664e]
 9323: 
 9324: 	* plugins/sudoers/defaults.h, plugins/sudoers/sudoers.c,
 9325: 	plugins/sudoers/testsudoers.c:
 9326: 	Go back to using a callback for runas_default to keep runas_pw in
 9327: 	sync. This is needed to make per-entry runas_default settings work
 9328: 	with LDAP-based sudoers. Instead of declaring it a callback in
 9329: 	def_data.in, sudo and testsudoers poke sudo_defs_table[] which is a
 9330: 	bit naughty, but avoids requiring stub functions in visudo and the
 9331: 	tests.
 9332: 	[9aaefb908415]
 9333: 
 9334: 2011-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 9335: 
 9336: 	* Makefile.in:
 9337: 	Add check for out of date message catalogs when doing "make dist".
 9338: 	[e45a29b612f4]
 9339: 
 9340: 2011-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
 9341: 
 9342: 	* configure:
 9343: 	regen
 9344: 	[d6f9ad26774a]
 9345: 
 9346: 	* configure.in:
 9347: 	Make sure compiler supports static-libgcc before using it.
 9348: 	[b01bd9566e50]
 9349: 
 9350: 2011-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 9351: 
 9352: 	* src/Makefile.in:
 9353: 	Link libsudo_noexec.la with LDLDFLAGS for -static-libgcc
 9354: 	[c99c7ab3edef]
 9355: 
 9356: 2011-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
 9357: 
 9358: 	* MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/pl.mo,
 9359: 	plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.mo,
 9360: 	plugins/sudoers/po/zh_CN.mo, src/po/ru.mo, src/po/ru.po,
 9361: 	src/po/zh_CN.mo:
 9362: 	Add new Russian sudo translation from translationproject.org and
 9363: 	rebuild the other translation files.
 9364: 	[e20015459056]
 9365: 
 9366: 2011-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 9367: 
 9368: 	* plugins/sudoers/po/fi.po, plugins/sudoers/po/pl.po:
 9369: 	Update Finish and Polish translations from translationproject.org
 9370: 	[4e3dbba4a1de]
 9371: 
 9372: 	* plugins/sudoers/sudoers.c, src/parse_args.c, src/sudo.c:
 9373: 	Go back to escaping the command args for "sudo -i" and "sudo -s"
 9374: 	before calling the plugin. Otherwise, spaces in the command args are
 9375: 	not treated properly. The sudoers plugin will unescape non- spaces
 9376: 	to make matching easier.
 9377: 	[dfa2c4636f33]
 9378: 
 9379: 2011-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 9380: 
 9381: 	* plugins/sudoers/check.c, plugins/sudoers/group_plugin.c,
 9382: 	plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
 9383: 	plugins/sudoers/set_perms.c, plugins/sudoers/toke.c,
 9384: 	plugins/sudoers/toke.l:
 9385: 	Fix some potential problems found by the clang static analyzer, none
 9386: 	serious.
 9387: 	[ff64aa74aae6]
 9388: 
 9389: 	* plugins/sudoers/po/uk.po, plugins/sudoers/po/zh_CN.po,
 9390: 	src/po/zh_CN.po:
 9391: 	Updated Ukranian and Chinese (simplified) po files from
 9392: 	translationproject.org
 9393: 	[ec792becb48e]
 9394: 
 9395: 2011-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 9396: 
 9397: 	* plugins/sudoers/po/pl.po:
 9398: 	Updated Polish translation from translationproject.org
 9399: 	[a3af53cb649c]
 9400: 
 9401: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 9402: 	Rebuild pot files
 9403: 	[c650524c0f0a]
 9404: 
 9405: 	* plugins/sudoers/audit.c, plugins/sudoers/sudoers.c:
 9406: 	Don't try to audit failure if the runas user does not exist. We
 9407: 	don't have the user's command at this point so there is nothing to
 9408: 	audit. Add a NULL check in audit_success() and audit_failure() just
 9409: 	to be on the safe side.
 9410: 	[2a0007c2022f]
 9411: 
 9412: 	* mkpkg:
 9413: 	Add -g to CFLAG for PIE builds.
 9414: 	[32a0a9693c9c]
 9415: 
 9416: 2011-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 9417: 
 9418: 	* plugins/sudoers/pwutil.c, plugins/sudoers/sudoers.c,
 9419: 	plugins/sudoers/sudoers.h, src/sudo.c:
 9420: 	Remove fallback to per-group lookup when matching groups in sudoers.
 9421: 	The sudo front-end will now use getgrouplist() to get the user's
 9422: 	list of groups if getgroups() fails or returns zero groups so we
 9423: 	always have a list of the user's groups. For systems with
 9424: 	mbr_check_membership() which support more that NGROUPS_MAX groups
 9425: 	(Mac OS X), skip the call to getgroups() and use getgrouplist() so
 9426: 	we get all the groups.
 9427: 	[51b3ed8c600b]
 9428: 
 9429: 2011-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 9430: 
 9431: 	* common/setgroups.c:
 9432: 	Fix setgroups() fallback code on EINVAL.
 9433: 	[2b6faecd56a4]
 9434: 
 9435: 	* plugins/sudoers/set_perms.c:
 9436: 	Fix two PERM_INITIAL cases that were still using user_gids.
 9437: 	[9680bab0acc6]
 9438: 
 9439: 	* MANIFEST:
 9440: 	Add Polish sudo message catalog
 9441: 	[8bb40c3ba576]
 9442: 
 9443: 	* plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 9444: 	user_group is no longer used, remove it
 9445: 	[9acede0fe6c5]
 9446: 
 9447: 2011-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 9448: 
 9449: 	* MANIFEST, plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po:
 9450: 	Add Polish translation from translationproject.org
 9451: 	[afac5c638573]
 9452: 
 9453: 	* MANIFEST, common/Makefile.in, common/setgroups.c,
 9454: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.h, src/sudo.c,
 9455: 	src/sudo.h, src/sudo_edit.c:
 9456: 	Add a wrapper for setgroups() that trims off extra groups and
 9457: 	retries if setgroups() fails. Also add some missing addrefs for
 9458: 	PERM_USER and PERM_FULL_USER.
 9459: 	[224dfd8aae5c]
 9460: 
 9461: 	* MANIFEST, compat/Makefile.in, compat/getgrouplist.c, config.h.in,
 9462: 	configure, configure.in, include/missing.h, mkdep.pl,
 9463: 	plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
 9464: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
 9465: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/sudo.c:
 9466: 	Instead of keeping separate groups and gids arrays, create struct
 9467: 	group_info and use it to store both, along with a count for each.
 9468: 	Cache group info on a per-user basis using getgrouplist() to get the
 9469: 	groups. We no longer need special to special case the user or list
 9470: 	user for user_in_group() and thus no longer need to reset the groups
 9471: 	list when listing another user.
 9472: 	[0ad849a8b2d5]
 9473: 
 9474: 	* src/preload.c:
 9475: 	Don't rely on NULL since we don't include a header for it.
 9476: 	[b40937f1890c]
 9477: 
 9478: 2011-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 9479: 
 9480: 	* doc/sudoers.pod:
 9481: 	Fix typo
 9482: 	[c1035360e169]
 9483: 
 9484: 2011-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 9485: 
 9486: 	* plugins/sudoers/sudoers.c:
 9487: 	Do not shadow global sudo_mode with a local variable in set_cmnd()
 9488: 	[0c72969503ad]
 9489: 
 9490: 2011-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 9491: 
 9492: 	* plugins/sudoers/sudoers.c:
 9493: 	bash 2.x doesd not support the -l flag and exits with an error if it
 9494: 	is specified so use --login instead. This causes an error with bash
 9495: 	1.x (which uses -login instead) but this version is hopefully less
 9496: 	used than 2.x.
 9497: 	[5c4c296e30e6]
 9498: 
 9499: 	* src/po/pl.mo, src/po/pl.po:
 9500: 	Add Polish translation from translationproject.org
 9501: 	[48592dd6edcf]
 9502: 
 9503: 2011-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 9504: 
 9505: 	* plugins/sudoers/set_perms.c:
 9506: 	Make error strings translatable.
 9507: 	[414c5c484768]
 9508: 
 9509: 	* mkpkg:
 9510: 	Only run configure with --with-pam-login for RHEL 5 and above.
 9511: 	[6c16e4de4026]
 9512: 
 9513: 	* sudo.pp:
 9514: 	Fix typo in summary
 9515: 	[9ac618c9a749]
 9516: 
 9517: 2011-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
 9518: 
 9519: 	* plugins/sudoers/logwrap.c:
 9520: 	Add missing logwrap.c
 9521: 	[c12a413ecc1d]
 9522: 
 9523: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/logging.c,
 9524: 	plugins/sudoers/logging.h,
 9525: 	plugins/sudoers/regress/logging/check_wrap.c,
 9526: 	plugins/sudoers/regress/logging/check_wrap.in,
 9527: 	plugins/sudoers/regress/logging/check_wrap.out.ok:
 9528: 	Split out log file word wrap code into its own file and add unit
 9529: 	tests. Fixes an off-by one in the word wrap when the log line length
 9530: 	matches loglinelen.
 9531: 	[52ed277f6690]
 9532: 
 9533: 2011-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
 9534: 
 9535: 	* mkpkg:
 9536: 	For SuSE, only use /usr/lib64 as libexec if generating 64-bit
 9537: 	binaries.
 9538: 	[645ab903cf77]
 9539: 
 9540: 	* src/load_plugins.c, src/sudo.c:
 9541: 	Fix build error when --without-noexec configure option is used.
 9542: 	[b994f7b0d8b4]
 9543: 
 9544: 	* configure, configure.in:
 9545: 	Disable noexec for AIX < 5. LDR_PRELOAD is only available in AIX 5.3
 9546: 	and above.
 9547: 	[c2a6f9b472f3]
 9548: 
 9549: 2011-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 9550: 
 9551: 	* plugins/sudoers/ldap.c, plugins/sudoers/pwutil.c,
 9552: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
 9553: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
 9554: 	Resolve the list of gids passed in from the sudo frontend (the
 9555: 	result of getgroups()) to names and store both the group names and
 9556: 	ids in the sudo_user struct. When matching groups in the sudoers
 9557: 	file, match based on the names in the groups list first and only do
 9558: 	a gid-based match when we absolutely have to. By matching on the
 9559: 	group name (as it is listed in sudoers) instead of id (which we
 9560: 	would have to resolve) we save a lot of group lookups for sudoers
 9561: 	files with a lot of groups in them.
 9562: 	[8dc19353f148]
 9563: 
 9564: 2011-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 9565: 
 9566: 	* plugins/sudoers/sudoers.c:
 9567: 	Workaround for "sudo -i command" and newer versions of bash which
 9568: 	don't go into login mode when -c is specified unless -l is too.
 9569: 	[9393762b80f3]
 9570: 
 9571: 2011-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 9572: 
 9573: 	* plugins/sudoers/logging.c:
 9574: 	Rewrite logfile word wrapping code to be more straight-forward and
 9575: 	actually wrap at the correct place.
 9576: 	[f712a0c90f55]
 9577: 
 9578: 2011-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 9579: 
 9580: 	* doc/CONTRIBUTORS, doc/contributors.pod, plugins/sudoers/sudoers.c:
 9581: 	Set use_pty=true in command details when use_pty is set in sudoers.
 9582: 	From Ludwig Nussel
 9583: 	[8d95a163dfc1]
 9584: 
 9585: 2011-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 9586: 
 9587: 	* plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
 9588: 	src/po/zh_CN.mo, src/po/zh_CN.po:
 9589: 	Sync Chinese (simplified) PO files from translationproject.org
 9590: 	[acce8eb7be18]
 9591: 
 9592: 2011-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
 9593: 
 9594: 	* MANIFEST, plugins/sudoers/po/eu.mo, plugins/sudoers/po/fi.mo,
 9595: 	plugins/sudoers/po/uk.mo, src/po/da.mo, src/po/da.po, src/po/eu.mo:
 9596: 	Add Danish translation from translationproject.org and add missing
 9597: 	Basque mo files.
 9598: 	[0c22bb21b9c4]
 9599: 
 9600: 	* Makefile.in, configure, configure.in:
 9601: 	No longer need to specify LINGUAS in configure, "make install-nls"
 9602: 	now just installs all the .mo files it finds.
 9603: 	[fcd45cf04885]
 9604: 
 9605: 2011-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
 9606: 
 9607: 	* MANIFEST, doc/CONTRIBUTORS, doc/Makefile.in, doc/contributors.pod:
 9608: 	Build CONTRIBUTORS from newly-added contributors.pod
 9609: 	[8b192f2720f4]
 9610: 
 9611: 	* doc/CONTRIBUTORS:
 9612: 	Rework the wording in the leading paragraph
 9613: 	[312044145cdd]
 9614: 
 9615: 2011-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
 9616: 
 9617: 	* MANIFEST, doc/CONTRIBUTORS:
 9618: 	Add a CONTRIBUTORS file with the names of folks who have contributed
 9619: 	code or patches to sudo since I started maintaining it (plus the
 9620: 	original authors).
 9621: 	[b8bdd8b59528]
 9622: 
 9623: 2011-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
 9624: 
 9625: 	* plugins/sudoers/env.c:
 9626: 	Preserve SHELL variable for "sudo -s". Otherwise we can end up with
 9627: 	a situation where the SHELL variable and the actual shell being run
 9628: 	do not match.
 9629: 	[b8b3974aee3e]
 9630: 
 9631: 2011-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
 9632: 
 9633: 	* configure, configure.in:
 9634: 	Only enable Solaris project support when setproject() is present in
 9635: 	libproject.
 9636: 	[49ad7857ab89]
 9637: 
 9638: 	* sudo.pp:
 9639: 	Explicitly set mode and owner of /etc/sudoers instead of relying on
 9640: 	"cp -p" to work in the postinstall script. On AIX 6.1 at least the
 9641: 	postinstall script runs before the final file permissions are set.
 9642: 	[e41ffc0212b2]
 9643: 
 9644: 2011-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
 9645: 
 9646: 	* doc/sudo.pod, doc/sudoers.pod:
 9647: 	Refer the user to the "Command Environment" section in description
 9648: 	of sudo's -i option.
 9649: 	[263cc3be7eef]
 9650: 
 9651: 	* doc/sudo.pod:
 9652: 	Fix typo
 9653: 	[35dfac450f4d]
 9654: 
 9655: 2011-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
 9656: 
 9657: 	* mkdep.pl:
 9658: 	If there is no old dependency for an object file, use the MANIFEST
 9659: 	to find its source.
 9660: 	[d15e3b9899f9]
 9661: 
 9662: 	* compat/Makefile.in:
 9663: 	Remove dependency for getgrouplist.lo as we don't ship that source
 9664: 	file.
 9665: 	[312a6d5fe6b0]
 9666: 
 9667: 2011-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
 9668: 
 9669: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
 9670: 	Do not declare yyparse() static as the actual function generated by
 9671: 	yacc is extern.
 9672: 	[9017b79dcf55]
 9673: 
 9674: 2011-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
 9675: 
 9676: 	* Makefile.in:
 9677: 	Remove locale files in "make uninstall"
 9678: 	[201ff261ecbe]
 9679: 
 9680: 	* configure.in, plugins/sudoers/po/eu.po, plugins/sudoers/po/fi.po,
 9681: 	plugins/sudoers/po/uk.po, src/po/eu.po:
 9682: 	Add Basque translation and sync Finish and Ukranian translations.
 9683: 	[66d2c78c8a13]
 9684: 
 9685: 	* configure, configure.in:
 9686: 	FreeBSD no longer needs the main sudo binary to link with -lpam now
 9687: 	that plug-ins are loaded with RTLD_GLOBAL.
 9688: 	[96c710df2457]
 9689: 
 9690: 	* plugins/sudoers/group_plugin.c, src/load_plugins.c:
 9691: 	Load plugins with RTLD_GLOBAL instead of RTLD_LOCAL. This fixes
 9692: 	problems with pam modules not having access to symbols provided by
 9693: 	libpam on some platforms. Affects FreeBSD and SLES 10 at least.
 9694: 	[0d016983ec84]
 9695: 
 9696: 	* Makefile.in:
 9697: 	Move xgettext invocation out of update-po target into update-pot
 9698: 	[19a73c6d017c]
 9699: 
 9700: 2011-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
 9701: 
 9702: 	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
 9703: 	Regenerate .pot files for 1.8.2rc2
 9704: 	[c3037f591dd8]
 9705: 
 9706: 	* Makefile.in, common/Makefile.in, compat/Makefile.in,
 9707: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
 9708: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
 9709: 	src/Makefile.in, zlib/Makefile.in:
 9710: 	Move nls targets to the top level Makefile so the paths in the pot
 9711: 	file are saner
 9712: 	[65b9285cd8d9]
 9713: 
 9714: 	* src/po/fi.mo:
 9715: 	Add compiled version of sudo Finish translation
 9716: 	[8f2405384ea3]
 9717: 
 9718: 	* MANIFEST, plugins/sudoers/po/fi.mo, plugins/sudoers/po/uk.mo:
 9719: 	Update MANIFEST with .po and .mo files Rebuild sudoers fi and uk .mo
 9720: 	files
 9721: 	[a165e70fa9ec]
 9722: 
 9723: 	* configure, configure.in, plugins/sudoers/po/fi.po:
 9724: 	Add Finish translation from translationproject.org
 9725: 	[4466f8a96ceb]
 9726: 
 9727: 2011-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
 9728: 
 9729: 	* doc/sudoers.pod:
 9730: 	The group named by exempt_group should not have a % prefix.
 9731: 	[df084d6b32c8]
 9732: 
 9733: 2011-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
 9734: 
 9735: 	* doc/sudoers.pod:
 9736: 	Fix typo; "Defaults group_plugin" not "Defaults sudo_plugin"
 9737: 	[5113699a3f8b]
 9738: 
 9739: 2011-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
 9740: 
 9741: 	* src/exec.c, src/exec_pty.c:
 9742: 	Fix compressed io log corruption in background mode by using _exit()
 9743: 	instead of exit() to avoid flushing buffers twice.
 9744: 
 9745: 	Improved background mode support. When not allocating a pty, the
 9746: 	command is run in its own process group. This prevents write access
 9747: 	to the tty. When running in a pty, stdin is not hooked up and we
 9748: 	never read from /dev/tty, which results in similar behavior.
 9749: 	[87c15149894c]
 9750: 
 9751: 	* compat/Makefile.in, mkdep.pl, plugins/sudoers/Makefile.in:
 9752: 	Clean up regress files Generate proper dependencies for regress objs
 9753: 	in compat
 9754: 	[88bfc728c1e7]
 9755: 
 9756: 	* plugins/sudoers/Makefile.in:
 9757: 	Add missing dependency for check_fill.o.
 9758: 	[0bd6362e3e17]
 9759: 
 9760: 2011-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
 9761: 
 9762: 	* INSTALL, configure, configure.in:
 9763: 	Add support for --enable-nls[=location]
 9764: 	[b90db44a050f]
 9765: 
 9766: 2011-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
 9767: 
 9768: 	* plugins/sudoers/linux_audit.c:
 9769: 	Include gettext.h
 9770: 	[7f909a6e48cb]
 9771: 
 9772: 	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
 9773: 	Quiet gcc warnings.
 9774: 	[b41a6cdca583]
 9775: 
 9776: 	* configure, configure.in:
 9777: 	Don't install .mo files if gettext was not found.
 9778: 	[1397b34cc165]
 9779: 
 9780: 2011-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
 9781: 
 9782: 	* src/exec.c:
 9783: 	Always allocate a pty when running a command in the background but
 9784: 	call setsid() after forking to make sure we don't end up with a
 9785: 	controlling tty.
 9786: 	[b6454ba172e8]
 9787: 
 9788: 	* plugins/sudoers/iolog.c:
 9789: 	Add missing space between command name and the first command line
 9790: 	argument.
 9791: 	[fe217f0a36d4]
 9792: 
 9793: 	* plugins/sudoers/sudoreplay.c:
 9794: 	Quiet a compiler warning on some platforms.
 9795: 	[de9f2849f236]
 9796: 
 9797: 	* plugins/sudoers/po/README, src/po/README:
 9798: 	README file that directs people to translationproject.org
 9799: 	[30c0fc323281]
 9800: 
 9801: 	* plugins/sudoers/po/uk.po, src/po/fi.po:
 9802: 	Sync translations with TP
 9803: 	[1d7d64559cba]
 9804: 
 9805: 	* Makefile.in:
 9806: 	Add 'sync-po' target to top-level Makefile to rsync the po files
 9807: 	from translationproject.org.
 9808: 	[20508211aaa3]
 9809: 
 9810: 	* plugins/sudoers/Makefile.in:
 9811: 	install nls files from install target
 9812: 	[5fc07b6cab38]
 9813: 
 9814: 	* Makefile.in, plugins/sudoers/Makefile.in, src/Makefile.in, sudo.pp:
 9815: 	Include .mo files in sudo binary packags.
 9816: 	[278d4821a916]
 9817: 
 9818: 	* configure, configure.in, plugins/sudoers/po/zh_CN.mo,
 9819: 	plugins/sudoers/po/zh_CN.po, src/po/zh_CN.mo, src/po/zh_CN.po:
 9820: 	Add simplified chinese translation
 9821: 	[2b33ffc755b9]
 9822: 
 9823: 2011-05-26  Todd C. Miller  <Todd.Miller@courtesan.com>
 9824: 
 9825: 	* configure, configure.in, plugins/sudoers/po/uk.mo,
 9826: 	plugins/sudoers/po/uk.po, src/po/uk.mo, src/po/uk.po:
 9827: 	Add ukranian translation
 9828: 	[2d8102688e93]
 9829: 
 9830: 	* compat/Makefile.in:
 9831: 	refer to siglist.c, not ./siglist.c since not all makes will treat
 9832: 	foo and ./foo the same.
 9833: 	[6639d293ffba]
 9834: 
 9835: 	* plugins/sudoers/sudoers.c:
 9836: 	Set def_preserve_groups before searching for the command when the -P
 9837: 	flag is specified.
 9838: 	[0edc7942f875]
 9839: 
 9840: 	* Makefile.in, compat/Makefile.in, mkdep.pl,
 9841: 	plugins/sudoers/Makefile.in:
 9842: 	Add dependency for siglist.lo in compat. This is a generated file so
 9843: 	"make depend" needs to depend on it.
 9844: 	[28d0932f8b50]
 9845: 
 9846: 	* compat/Makefile.in:
 9847: 	More dependency fixes.
 9848: 	[aad0d05cd020]
 9849: 
 9850: 	* compat/Makefile.in:
 9851: 	Fix a few dependencies.
 9852: 	[eb21aa35a032]
 9853: 
 9854: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 9855: 	Place compiled mo files in the src dir, not the build dir. When
 9856: 	installing compiled mo files, display a status message.
 9857: 	[e15634c29cd3]
 9858: 
 9859: 2011-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
 9860: 
 9861: 	* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
 9862: 	Tivoli Directory Server requires that seconds be present in a
 9863: 	timestamp, even though RFC 4517 states that they are optional.
 9864: 	[55fe23dd4ef9]
 9865: 
 9866: 	* plugins/sudoers/sudo_nss.h:
 9867: 	Add missing bit of copyright
 9868: 	[d2eba3c364ca]
 9869: 
 9870: 	* doc/visudo.pod:
 9871: 	Mention cycle detection warnings
 9872: 	[a76bef15ab67]
 9873: 
 9874: 	* plugins/sudoers/visudo.c:
 9875: 	When checking aliases, also check the contents of the alias in case
 9876: 	there are problems with an alias that is referenced inside another.
 9877: 	Replace the self reference check with real alias cycle detection.
 9878: 	[a66c904cf53b]
 9879: 
 9880: 	* plugins/sudoers/alias.c:
 9881: 	Set errno to ELOOP in alias_find() if there is a cycle. Set errno to
 9882: 	ENOENT in alias_find() and alias_remove() if the entry could not be
 9883: 	found.
 9884: 	[b4f0b89e433c]
 9885: 
 9886: 	* plugins/sudoers/visudo.c:
 9887: 	Increment alias_seqno before calls to alias_remove_recursive() to
 9888: 	avoid false positives with the alias loop detection. Fixes spurious
 9889: 	warnings about unused aliases when they are nested.
 9890: 	[a344483b8193]
 9891: 
 9892: 	* MANIFEST:
 9893: 	add mkdep.pl
 9894: 	[86b7ed33eab2]
 9895: 
 9896: 	* plugins/sudoers/Makefile.in:
 9897: 	Add dependency on convenience libs to binaries
 9898: 	[cd3078b3c997]
 9899: 
 9900: 	* Makefile.in:
 9901: 	mkdep.pl only works when run from the src dir
 9902: 	[f35a5e47c944]
 9903: 
 9904: 	* Makefile.in, common/Makefile.in, compat/Makefile.in, mkdep.pl,
 9905: 	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
 9906: 	plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
 9907: 	Auto-generate Makefile dependencies with a perl script.
 9908: 	[a3e4afcd7975]
 9909: 
 9910: 2011-05-23  Todd C. Miller  <Todd.Miller@courtesan.com>
 9911: 
 9912: 	* plugins/sudoers/match.c:
 9913: 	If the user specifies a runas group via sudo's -g option that
 9914: 	matches the runas user's group in the passwd database and that group
 9915: 	is not denied in the Runas_Spec, allow it. Thus, if user root's gid
 9916: 	in /etc/passwd is 0, then "sudo -u root -g root id" is allow even if
 9917: 	no groups are present in the Runas_Spec.
 9918: 	[e3f9732dc564]
 9919: 
 9920: 2011-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
 9921: 
 9922: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 9923: 	Add dependencies on gettext.h
 9924: 	[a3a9dc51f78b]
 9925: 
 9926: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 9927: 	Fix install-nls target with HP-UX sh when gettext is not present.
 9928: 	[0c6b9655cd41]
 9929: 
 9930: 2011-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
 9931: 
 9932: 	* plugins/sudoers/Makefile.in, plugins/sudoers/po/sudoers.pot,
 9933: 	src/Makefile.in, src/po/sudo.pot:
 9934: 	regenerate .pot files for lbuf changes
 9935: 	[918ded125a0b]
 9936: 
 9937: 	* configure, configure.in:
 9938: 	Add missing "checking" message for gettext when using the cache.
 9939: 	[9c21187ad1d2]
 9940: 
 9941: 	* common/lbuf.c, include/lbuf.h, plugins/sudoers/ldap.c,
 9942: 	plugins/sudoers/parse.c, plugins/sudoers/sudo_nss.c,
 9943: 	src/parse_args.c:
 9944: 	Add primitive format string support to the lbuf code to make
 9945: 	translations simpler.
 9946: 	[ee71c7ef5299]
 9947: 
 9948: 	* MANIFEST, plugins/sudoers/Makefile.in,
 9949: 	plugins/sudoers/po/sudoers.pot, src/Makefile.in, src/po/sudo.pot:
 9950: 	Add message catalog template files for sudo and the sudoers module.
 9951: 	[f3f8acb1f014]
 9952: 
 9953: 	* MANIFEST, common/aix.c, common/alloc.c, compat/strsignal.c,
 9954: 	config.h.in, configure.in, doc/Makefile.in, include/gettext.h,
 9955: 	plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
 9956: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
 9957: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/error.c,
 9958: 	src/net_ifs.c, src/sesh.c, src/sudo.c, src/sudo.h:
 9959: 	Add gettext.h convenience header. This is similar to but distinct
 9960: 	from the one included with the gettext package.
 9961: 	[930a0591f73c]
 9962: 
 9963: 2011-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
 9964: 
 9965: 	* configure, configure.in:
 9966: 	Add checks for nroff -c and -Tascii flags
 9967: 	[19ca990b3149]
 9968: 
 9969: 	* configure, configure.in:
 9970: 	Add check for HP bundled C Compiler (which cannot create shared
 9971: 	libs)
 9972: 	[517716a7072d]
 9973: 
 9974: 	* plugins/sudoers/sudoreplay.c:
 9975: 	Fix C format warnings.
 9976: 	[6514326013fa]
 9977: 
 9978: 	* include/error.h:
 9979: 	Add __printflike
 9980: 	[e1749a30a406]
 9981: 
 9982: 	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
 9983: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoreplay.c,
 9984: 	plugins/sudoers/visudo.c, src/parse_args.c:
 9985: 	Translate help / usage strings.
 9986: 	[ee1cc9b1a8bd]
 9987: 
 9988: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
 9989: 	Set --msgid-bugs-address to the bugzilla url
 9990: 	[5a0aa250ca21]
 9991: 
 9992: 	* Makefile.in, common/Makefile.in, compat/Makefile.in, configure,
 9993: 	configure.in, doc/Makefile.in, include/Makefile.in,
 9994: 	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
 9995: 	plugins/sudoers/Makefile.in, src/Makefile.in, zlib/Makefile.in:
 9996: 	Add scaffolding to update .po files and install .mo files.
 9997: 	[f05f4eed1fe1]
 9998: 
 9999: 	* doc/license.pod:
10000: 	update copyright year
10001: 	[fa0c62523875]
10002: 
10003: 	* INSTALL, README:
10004: 	No need to include version number at the top of these files.
10005: 	[9f2981325351]
10006: 
10007: 2011-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
10008: 
10009: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/env.c,
10010: 	plugins/sudoers/find_path.c, plugins/sudoers/group_plugin.c,
10011: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
10012: 	plugins/sudoers/visudo.c:
10013: 	Minor warning/error cleanup
10014: 	[9236dc85aeab]
10015: 
10016: 	* config.h.in, configure.in:
10017: 	Emulate ngettext for the non-nls case
10018: 	[13571d63fa36]
10019: 
10020: 	* plugins/sudoers/ldap.c:
10021: 	Do not mark untranslatable strings for translation
10022: 	[735f5d4413fe]
10023: 
10024: 	* plugins/sudoers/check.c:
10025: 	Use ROOT_UID not 0.
10026: 	[09a268db8da4]
10027: 
10028: 	* plugins/sudoers/check.c, plugins/sudoers/iolog.c,
10029: 	plugins/sudoers/logging.c, src/exec.c, src/exec_pty.c,
10030: 	src/load_plugins.c, src/sudo.c, src/sudo_edit.c:
10031: 	Minor warning/error message cleanup
10032: 	[3c7b1a7939b5]
10033: 
10034: 	* plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/sudo_auth.c,
10035: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
10036: 	plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
10037: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c, src/exec.c,
10038: 	src/exec_pty.c, src/net_ifs.c, src/selinux.c:
10039: 	cannot -> "unable to" in warning/error messages
10040: 	[31c3897649e9]
10041: 
10042: 	* plugins/sudoers/check.c, plugins/sudoers/mon_systrace.c,
10043: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
10044: 	plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/exec_pty.c,
10045: 	src/sudo.c, src/utmp.c:
10046: 	can't -> "unable to" in warning/error messages
10047: 	[127b75f15291]
10048: 
10049: 	* configure, configure.in:
10050: 	FreeBSD needs the main sudo executable to link with -lpam when
10051: 	loading dynaic pam modules for some reason.
10052: 	[944522cc9bef]
10053: 
10054: 2011-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
10055: 
10056: 	* plugins/sudoers/ldap.c, src/exec.c, src/exec_pty.c, src/sudo.c:
10057: 	We don't want to translate debugging messages.
10058: 	[56a1a365815a]
10059: 
10060: 	* configure, configure.in, plugins/sudoers/Makefile.in,
10061: 	plugins/sudoers/iolog.c, plugins/sudoers/plugin_error.c,
10062: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
10063: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
10064: 	src/Makefile.in, src/sesh.c, src/sudo.c:
10065: 	Add calls to bindtextdomain() and textdomain() Currently there are
10066: 	two domains, one for the sudo front-end and one for the sudoers
10067: 	plugin and its associated utilities.
10068: 	[0426138f789e]
10069: 
10070: 	* configure, configure.in:
10071: 	Fix caching of libc gettext check.
10072: 	[942142d2c43a]
10073: 
10074: 	* plugins/sudoers/def_data.c, plugins/sudoers/defaults.c,
10075: 	plugins/sudoers/mkdefaults:
10076: 	Mark defaults descriptions for translation
10077: 	[5b27f018e6cf]
10078: 
10079: 	* NEWS:
10080: 	Update for sudo 1.8.1p2
10081: 	[747c4dee2ca7]
10082: 
10083: 2011-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
10084: 
10085: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10086: 	Quiet compiler warning when SELinux is enabled.
10087: 	[1fbf77dda240]
10088: 
10089: 	* plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
10090: 	src/error.c, src/net_ifs.c, src/sesh.c:
10091: 	Add missing includes of libintl.h.
10092: 	[bc1d66316082]
10093: 
10094: 	* plugins/sudoers/auth/pam.c:
10095: 	Fix gettext marker.
10096: 	[a5cf4ed66c66]
10097: 
10098: 	* common/aix.c, common/alloc.c, compat/strsignal.c,
10099: 	plugins/sudoers/auth/pam.c, plugins/sudoers/sudoers.h, src/sudo.h:
10100: 	Include libint.h where needed.
10101: 	[2b0e5a663c7b]
10102: 
10103: 	* plugins/sudoers/alias.c, plugins/sudoers/auth/bsdauth.c,
10104: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb5.c,
10105: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/rfc1938.c,
10106: 	plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
10107: 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
10108: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/check.c,
10109: 	plugins/sudoers/defaults.c, plugins/sudoers/env.c,
10110: 	plugins/sudoers/find_path.c, plugins/sudoers/gram.c,
10111: 	plugins/sudoers/gram.y, plugins/sudoers/group_plugin.c,
10112: 	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
10113: 	plugins/sudoers/iolog_path.c, plugins/sudoers/ldap.c,
10114: 	plugins/sudoers/linux_audit.c, plugins/sudoers/logging.c,
10115: 	plugins/sudoers/parse.c, plugins/sudoers/plugin_error.c,
10116: 	plugins/sudoers/pwutil.c, plugins/sudoers/set_perms.c,
10117: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
10118: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
10119: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
10120: 	plugins/sudoers/toke_util.c, plugins/sudoers/visudo.c:
10121: 	Prepare sudoers module messages for translation.
10122: 	[7212ae1909c5]
10123: 
10124: 	* plugins/sudoers/sudoers.c:
10125: 	Only check gid of sudoers file if it is group-readable.
10126: 	[50e3bc0cb242]
10127: 
10128: 	* plugins/sudoers/auth/aix_auth.c:
10129: 	For AIX, keep calling authenticate() until reenter reaches 0.
10130: 	[e240815b74b1]
10131: 
10132: 2011-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
10133: 
10134: 	* configure, configure.in:
10135: 	Cache the status of the initial gettext() check.
10136: 	[32751ebe1704]
10137: 
10138: 	* INSTALL, configure, configure.in:
10139: 	Add --disable-nls flag and improve checks for gettext.
10140: 	[c7e6b17052de]
10141: 
10142: 	* configure, configure.in:
10143: 	When building with gcc on HP-UX, use -march=1.1 to produce portable
10144: 	binaries on a pa-risc2 host. Previously, the +Dportable option was
10145: 	used for the HP-UX C compiler but gcc always produced native
10146: 	binaries.
10147: 	[8f4c749324d7]
10148: 
10149: 2011-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
10150: 
10151: 	* common/aix.c, common/alloc.c, compat/strsignal.c, src/error.c,
10152: 	src/exec.c, src/exec_pty.c, src/load_plugins.c, src/net_ifs.c,
10153: 	src/parse_args.c, src/selinux.c, src/sesh.c, src/sudo.c,
10154: 	src/sudo_edit.c, src/tgetpass.c, src/utmp.c:
10155: 	Prepare sudo front end messages for translation.
10156: 	[2fc2fabceccb]
10157: 
10158: 2011-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
10159: 
10160: 	* config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c:
10161: 	Add initial scaffolding to support localization via gettext()
10162: 	[7d47b59fcf95]
10163: 
10164: 	* compat/fnmatch.h, compat/glob.h:
10165: 	Don't let the fnmatch/glob macros expand the function prototype.
10166: 	[a9014aa0288e]
10167: 
10168: 2011-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
10169: 
10170: 	* compat/fnmatch.c, compat/fnmatch.h, compat/glob.c, compat/glob.h:
10171: 	Resolve namespace collisions on HP-UX ia64 and possibly others by
10172: 	adding a rpl_ prefix to our fnmatch and glob replacements and
10173: 	#defining rpl_foo to foo in the header files.
10174: 	[caa9b690a15d]
10175: 
10176: 2011-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
10177: 
10178: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10179: 	Split ALL, ROLE and TYPE into their own actions. Since you can only
10180: 	have #ifdefs inside of braces, ROLE and TYPE use a naughty goto in
10181: 	the non-SELinux case. This is safe because the actions are in one
10182: 	big switch() statement.
10183: 	[7473fc2cfa2c]
10184: 
10185: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10186: 	Fix regexp for matching a CIDR-style IPv4 netmask. From Marc Espie.
10187: 	[9be3480c2865]
10188: 
10189: 2011-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
10190: 
10191: 	* doc/UPGRADE, doc/sudoers.pod:
10192: 	askpass moved from sudoers to sudo.conf in sudo 1.8.0
10193: 	[b2c2956cec4e]
10194: 
10195: 	* doc/sudoers.pod:
10196: 	Remove obsolete warning about runas_default and ordering. Move
10197: 	syslog facility and priority lists into the section where the
10198: 	relevant options are described.
10199: 	[e57b8dc3f779]
10200: 
10201: 2011-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
10202: 
10203: 	* plugins/sudoers/auth/sia.c:
10204: 	Fix SIA support; we no longer have access to the real argc and argv
10205: 	so allocate space for a fake one and use the argv passed to the
10206: 	plugin with "sudo" for argv[0].
10207: 	[1c0552772ad2]
10208: 
10209: 2011-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
10210: 
10211: 	* src/net_ifs.c:
10212: 	Remove useless realloc when trying to get the buffer size right.
10213: 	[792225380a62]
10214: 
10215: 	* plugins/sudoers/set_perms.c:
10216: 	Be explicit when setting euid to 0 before call to setreuid(0, 0)
10217: 	[7bfeb629fccb]
10218: 
10219: 2011-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
10220: 
10221: 	* configure, configure.in:
10222: 	Need to do checks for krb5_verify_user, krb5_init_secure_context and
10223: 	krb5_get_init_creds_opt_alloc regardless of whether or not
10224: 	krb5-config is present.
10225: 	[9d1b98ece1d3]
10226: 
10227: 2011-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
10228: 
10229: 	* plugins/sudoers/set_perms.c:
10230: 	Work around weird AIX saved uid semantics on setuid() and
10231: 	setreuid(). On AIX, setuid() will only set the saved uid if the euid
10232: 	is already 0.
10233: 	[069fc08150ca]
10234: 
10235: 2011-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
10236: 
10237: 	* sudo.pp:
10238: 	update copyright year
10239: 	[1c42d579ba6e]
10240: 
10241: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10242: 	Treat a missing includedir like an empty one and do not return an
10243: 	error.
10244: 	[92f71d8cbfd4]
10245: 
10246: 2011-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
10247: 
10248: 	* pp:
10249: 	Fix ARCH setting in cross-compile Solaris packages.
10250: 	[b0de281cc889]
10251: 
10252: 	* sudo.pp:
10253: 	Fix aix version setting.
10254: 	[98437dbfb085]
10255: 
10256: 	* plugins/sudoers/ldap.c:
10257: 	Remove extraneous parens in LDAP filter when sudoers_search_filter
10258: 	is enabled that causes a search error. From Matthew Thomas.
10259: 	[1d75bf1fc8d9]
10260: 
10261: 2011-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
10262: 
10263: 	* plugins/sudoers/regress/iolog_path/check_iolog_path.c:
10264: 	Correct sizeof() to fix test failure.
10265: 	[fd2f7c0c0572]
10266: 
10267: 	* plugins/sudoers/Makefile.in:
10268: 	"install" target should depend on "install-dirs". Fixes "make -j"
10269: 	problem and closes bz #487. From Chris Coleman.
10270: 	[083902d38edb]
10271: 
10272: 2011-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
10273: 
10274: 	* config.h.in:
10275: 	Add HAVE_RFC1938_SKEYCHALLENGE
10276: 	[a94cb33758a8]
10277: 
10278: 2011-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
10279: 
10280: 	* NEWS:
10281: 	Mention plugin loading and libgcc changes
10282: 	[e11b30b5026a]
10283: 
10284: 	* src/load_plugins.c, src/sudo.c, src/sudo_plugin_int.h:
10285: 	Load plugins after parsing arguments and potentially printing the
10286: 	version. That way, an error loading or initializing a plugin doesn't
10287: 	break "sudo -h" or "sudo -V".
10288: 	[1b76f2b096a2]
10289: 
10290: 	* Makefile.in:
10291: 	When using a sub-shell to invoke the sub-make, exec make instead of
10292: 	running it inside the shell to avoid an extra process.
10293: 	[fd2c04a71fbf]
10294: 
10295: 	* compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c:
10296: 	Stop testing unspecified behavior in fnmatch Make glob test more
10297: 	portable
10298: 	[229803093725]
10299: 
10300: 	* compat/Makefile.in:
10301: 	No need to add current dir to include path and having it breaks the
10302: 	test programs that expect to get the system glob.h and fnmatch.h
10303: 	[68085f624be4]
10304: 
10305: 	* INSTALL, configure, configure.in:
10306: 	Fix and document --with-plugindir; partially from Diego Elio Petteno
10307: 	[07edc52ea89e]
10308: 
10309: 	* compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
10310: 	compat/regress/fnmatch/fnm_test.in, compat/regress/glob/globtest.c,
10311: 	compat/regress/glob/globtest.in:
10312: 	Fix fnmatch and glob tests to not use hard-coded flag values in the
10313: 	input file. Link test programs with libreplace so we get our
10314: 	replacement verions as needed.
10315: 	[c2cca448f660]
10316: 
10317: 	* Makefile.in:
10318: 	If make in a subdir fails, fail the target in the upper level
10319: 	Makefile too. Adapted from a patch from Diego Elio Petteno
10320: 	[76fc9a0d96fd]
10321: 
10322: 	* configure, configure.in, plugins/sudoers/auth/rfc1938.c:
10323: 	Add check for NetBSD-style 4-argument skeychallenge() as Gentoo also
10324: 	has this. Adapted from a patch from Diego Elio Petteno
10325: 	[a97279a59b93]
10326: 
10327: 	* plugins/sudoers/Makefile.in:
10328: 	Make SUDOERS_LDFLAGS reference $(LDFLAGS) instead of using @LDFLAGS@
10329: 	directly.
10330: 	[47b884029b3b]
10331: 
10332: 	* configure, configure.in:
10333: 	Fix warnings when -without-skey, --without-opie, --without-kerb4,
10334: 	--without-kerb5 or --without-SecurID were specified.
10335: 	[71ad150f4d24]
10336: 
10337: 	* MANIFEST:
10338: 	Add plugins/sudoers/sudoers_version.h
10339: 	[7423966de440]
10340: 
10341: 	* configure, configure.in, plugins/sample/Makefile.in,
10342: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
10343: 	Back out the --with-libpath addition to SUDOERS_LDFLAGS since that
10344: 	now include LDFLAGS in the sudoers Makefile.in. Add missing settng
10345: 	of @LDFLAGS@ in plugin Makefile.in files.
10346: 	[b835826f889c]
10347: 
10348: 2011-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
10349: 
10350: 	* NEWS:
10351: 	Mention %#gid support in User_List and Runas_List
10352: 	[5a983dff017a]
10353: 
10354: 	* plugins/sudoers/sudoers.c, plugins/sudoers/sudoers_version.h,
10355: 	plugins/sudoers/visudo.c:
10356: 	Keep track of sudoers grammar version and report it in the -V
10357: 	output.
10358: 	[52901a3c0296]
10359: 
10360: 	* plugins/sudoers/sudo_nss.h:
10361: 	Add multiple inclusion guard
10362: 	[50853aed046e]
10363: 
10364: 	* configure, configure.in, plugins/sample/Makefile.in,
10365: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
10366: 	The --with-libpath option now adds to SUDOERS_LDFLAGS as well as
10367: 	LDFLAGS. Remove old -static hack for HP-UX < 9. Add LTLDFLAGS and
10368: 	set it to -Wc,-static-libgcc if not using GNU ld so we don't have a
10369: 	dependency on the shared libgcc in sudoers.so.
10370: 	[66ad8bc5e32d]
10371: 
10372: 	* doc/sudoers.pod:
10373: 	Fix typo; from Petr Uzel
10374: 	[f9a7afd80892]
10375: 
10376: 2011-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
10377: 
10378: 	* plugins/sudoers/testsudoers.c:
10379: 	In dump-only mode, use "root" as the default username instead of
10380: 	"nobody" as the latter may not be available on all systems.
10381: 	[0c48e6414337]
10382: 
10383: 2011-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
10384: 
10385: 	* plugins/sudoers/testsudoers.c:
10386: 	Remove NewArgv/NewArgc, they are no longer needed.
10387: 	[16e18f734c7e]
10388: 
10389: 	* plugins/sudoers/testsudoers.c:
10390: 	Fix setting of user_args
10391: 	[aa29e0d0a54a]
10392: 
10393: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10394: 	Add '!' token to lex tracing
10395: 	[5227ad266235]
10396: 
10397: 	* plugins/sudoers/regress/testsudoers/test1.sh:
10398: 	Use group bin in test, not wheel as most systems have the bin group
10399: 	but the same is no longer true of wheel.
10400: 	[718802b3b45e]
10401: 
10402: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10403: 	Avoid using pre or post increment in a parameter to a ctype(3)
10404: 	function as it might be a macro that causes the increment to happen
10405: 	more than once.
10406: 	[78e281152c3a]
10407: 
10408: 2011-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
10409: 
10410: 	* sudo.pp:
10411: 	Strip off the beta or release candidate version when building AIX
10412: 	packages.
10413: 	[28fe31668559]
10414: 
10415: 	* configure, configure.in:
10416: 	We need to include OSDEFS in CFLAGS when doing the utmp/utmpx
10417: 	structure checks for glibc which only has __e_termination visible
10418: 	when _GNU_SOURCE is *not* defined.
10419: 	[59ae1698911f]
10420: 
10421: 	* common/aix.c:
10422: 	getuserattr(user, ...) will fall back to the "default" entry
10423: 	automatically, there's no need to check "default" manually.
10424: 	[3c7a47a61fdb]
10425: 
10426: 2011-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
10427: 
10428: 	* doc/UPGRADE:
10429: 	Document parser changes.
10430: 	[ec415503308d]
10431: 
10432: 	* Makefile.in, common/Makefile.in, compat/Makefile.in,
10433: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
10434: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
10435: 	src/Makefile.in, zlib/Makefile.in:
10436: 	If there is an existing sudoers file, only install if it passes a
10437: 	syntax check.
10438: 	[37427c73e8cb]
10439: 
10440: 	* plugins/sudoers/regress/sudoers/test6.out.ok,
10441: 	plugins/sudoers/testsudoers.c:
10442: 	Add runasgroup support to testsudoers
10443: 	[047ea5571f33]
10444: 
10445: 	* plugins/sudoers/Makefile.in:
10446: 	For "make check", keep going even if a test fails.
10447: 	[ce6a0a73c372]
10448: 
10449: 	* plugins/sudoers/testsudoers.c:
10450: 	More useful exit codes:
10451: 	 * 0 - parsed OK and command matched.
10452: 	 * 1 - parse error
10453: 	 * 2 - command not matched
10454: 	 * 3 - command denied
10455: 	[1d2ce1361903]
10456: 
10457: 	* doc/sudoers.pod:
10458: 	Document %#gid, and %:#nonunix_gid syntax.
10459: 	[492d4f9696c4]
10460: 
10461: 	* plugins/sudoers/pwutil.c:
10462: 	Add support to user_in_group() for treating group names that begin
10463: 	with a '#' as gids.
10464: 	[20240c94a134]
10465: 
10466: 	* config.h.in, configure, configure.in, src/utmp.c:
10467: 	Add explicit check for struct utmpx.ut_exit.e_termination and struct
10468: 	utmpx.ut_exit.__e_termination. HP-UX uses the latter. Only update
10469: 	ut_exit if we detect one or the other.
10470: 	[b4e8cab777e6]
10471: 
10472: 2011-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
10473: 
10474: 	* plugins/sudoers/toke.c:
10475: 	Add back missing #include of config.h
10476: 	[9ab3897a1b2e]
10477: 
10478: 	* plugins/sudoers/iolog_path.c,
10479: 	plugins/sudoers/regress/iolog_path/data:
10480: 	Avoid a NULL deref on unrecognized escapes. Collapse %% -> % like
10481: 	strftime() does.
10482: 	[93395762cdcd]
10483: 
10484: 	* aclocal.m4:
10485: 	Quote first argument to AC_DEFUN(); from Elan Ruusamae
10486: 	[97f53ad31d77]
10487: 
10488: 2011-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
10489: 
10490: 	* MANIFEST:
10491: 	add new sudoers tests
10492: 	[476af91b3da3]
10493: 
10494: 	* plugins/sudoers/regress/sudoers/test8.in,
10495: 	plugins/sudoers/regress/sudoers/test8.out.ok,
10496: 	plugins/sudoers/regress/sudoers/test8.toke.ok:
10497: 	Add test for a newline in the middle of a string when no line
10498: 	continuation character is used.
10499: 	[de2394bc86ab]
10500: 
10501: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10502: 	Use bitwise AND instead of modulus to check for length being odd. A
10503: 	newline in the middle of a string is an error unless a line
10504: 	continuation character is used.
10505: 	[bdb1d762a1d5]
10506: 
10507: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10508: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10509: 	Move lexer globals initialization into init_lexer.
10510: 	[1ce62211aadb]
10511: 
10512: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10513: 	Fix a potential crash when a non-regular file is present in an
10514: 	includedir. Fixes bz #452
10515: 	[1586760c3525]
10516: 
10517: 	* pp:
10518: 	On some Linux systems, "uname -p" contains detailed processor info
10519: 	so check "uname -m" first and then "uname -p" if needed. Recognize
10520: 	PLD Linux.
10521: 	[b8535cb9012e]
10522: 
10523: 2011-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
10524: 
10525: 	* plugins/sudoers/redblack.c:
10526: 	Don't need all sudoers.h here.
10527: 	[8c0929f42dab]
10528: 
10529: 	* src/sudo.c:
10530: 	Print sudo version early, in case policy plugin init fails.
10531: 	[47cddc4358bc]
10532: 
10533: 2011-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
10534: 
10535: 	* plugins/sudoers/regress/sudoers/test4.toke.ok:
10536: 	Update to match change in input.
10537: 	[4a3af8e68790]
10538: 
10539: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10540: 	Make an empty group or netgroup a syntax error.
10541: 	[66f51ddc2ff6]
10542: 
10543: 	* plugins/sudoers/regress/sudoers/test7.in,
10544: 	plugins/sudoers/regress/sudoers/test7.out.ok,
10545: 	plugins/sudoers/regress/sudoers/test7.toke.ok:
10546: 	An empty group or netgroup should be a syntax error.
10547: 	[bd5bf1e2edce]
10548: 
10549: 	* plugins/sudoers/regress/sudoers/test6.in,
10550: 	plugins/sudoers/regress/sudoers/test6.out.ok,
10551: 	plugins/sudoers/regress/sudoers/test6.toke.ok:
10552: 	Check that uids work in per-user and per-runas Defaults Check that
10553: 	uids and gids work in a Command_Spec
10554: 	[c5e848e6082b]
10555: 
10556: 	* plugins/sudoers/regress/sudoers/test5.in,
10557: 	plugins/sudoers/regress/sudoers/test5.out.ok,
10558: 	plugins/sudoers/regress/sudoers/test5.toke.ok:
10559: 	Test empty string in User_Alias and Command_Spec
10560: 	[3a084d777e03]
10561: 
10562: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10563: 	Allow a group ID in the User_Spec.
10564: 	[bc2859eb71dc]
10565: 
10566: 2011-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
10567: 
10568: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10569: 	Return an error for the empty string when a word is expected. Allow
10570: 	an ID for per-user or per-runas Defaults.
10571: 	[915c259b00ff]
10572: 
10573: 	* plugins/sudoers/testsudoers.c:
10574: 	Fix printing "User_Alias FOO = ALL"
10575: 	[ba58c3d548b3]
10576: 
10577: 2011-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
10578: 
10579: 	* src/parse_args.c:
10580: 	Better error message about invalid -C argument
10581: 	[c9a8d15bbf5d]
10582: 
10583: 	* NEWS:
10584: 	fix typo
10585: 	[cdcfbafed013]
10586: 
10587: 	* doc/sudoers.pod:
10588: 	Fix placement of equal size ('=') in user specification summary.
10589: 	[5ad7178b230d]
10590: 
10591: 2011-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
10592: 
10593: 	* MANIFEST:
10594: 	update to match sudoers regress
10595: 	[e04db0648717]
10596: 
10597: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10598: 	Restore ability to define TRACELEXER and have trace output go to
10599: 	stderr.
10600: 	[d9531e4d1b20]
10601: 
10602: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10603: 	Restore old behavior of setting sawspace = TRUE for command line
10604: 	args when a line continuation character is hit to avoid causing
10605: 	problems for existing sudoers files.
10606: 	[fd930ad25550]
10607: 
10608: 	* plugins/sudoers/regress/sudoers/test4.in,
10609: 	plugins/sudoers/regress/sudoers/test4.out.ok,
10610: 	plugins/sudoers/regress/sudoers/test4.toke.ok:
10611: 	Add test for line continuation and aliases
10612: 	[29ab538ca6bb]
10613: 
10614: 	* plugins/sudoers/Makefile.in:
10615: 	Make test output line up nicely for parse vs. toke
10616: 	[257ef82c1434]
10617: 
10618: 	* plugins/sudoers/Makefile.in,
10619: 	plugins/sudoers/regress/sudoers/test1.in,
10620: 	plugins/sudoers/regress/sudoers/test1.out.ok,
10621: 	plugins/sudoers/regress/sudoers/test1.toke.ok,
10622: 	plugins/sudoers/regress/sudoers/test2.in,
10623: 	plugins/sudoers/regress/sudoers/test2.out.ok,
10624: 	plugins/sudoers/regress/sudoers/test2.toke.ok,
10625: 	plugins/sudoers/regress/sudoers/test3.in,
10626: 	plugins/sudoers/regress/sudoers/test3.out.ok,
10627: 	plugins/sudoers/regress/sudoers/test3.toke.ok,
10628: 	plugins/sudoers/regress/testsudoers/test1.ok,
10629: 	plugins/sudoers/regress/testsudoers/test1.out.ok,
10630: 	plugins/sudoers/regress/testsudoers/test1.sh,
10631: 	plugins/sudoers/regress/testsudoers/test2.out,
10632: 	plugins/sudoers/regress/testsudoers/test2.sh,
10633: 	plugins/sudoers/regress/testsudoers/test3.ok,
10634: 	plugins/sudoers/regress/testsudoers/test3.sh,
10635: 	plugins/sudoers/regress/visudo/test1.ok,
10636: 	plugins/sudoers/regress/visudo/test1.sh:
10637: 	Move parser tests to sudoers directory and test the tokenizer output
10638: 	too.
10639: 	[44f529b3cdb6]
10640: 
10641: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10642: 	If we match a rule anchored to the beginning of a line after parsing
10643: 	a line continuation character, return an ERROR token. It would be
10644: 	nicer to use REJECT instead but that substantially slows down the
10645: 	lexer.
10646: 	[355478293f8c]
10647: 
10648: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
10649: 	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
10650: 	plugins/sudoers/toke.l:
10651: 	Move LEXTRACE macro to toke.h so we can use it in yyerror().
10652: 	[72ee7a06d3ca]
10653: 
10654: 2011-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
10655: 
10656: 	* plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
10657: 	plugins/sudoers/toke.l:
10658: 	Make lex tracing settable at run-time in testsudoers via the -t
10659: 	flag. Trace output goes to stderr. Will be used by regress tests to
10660: 	check lexer.
10661: 	[93bd53c413c8]
10662: 
10663: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10664: 	Allow whitespace after the modifier in a Defaults entry. E.g.
10665: 	"Defaults: username set_home"
10666: 	[9dfcf8dd8a3a]
10667: 
10668: 2011-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
10669: 
10670: 	* mkpkg:
10671: 	Don't set CC when cross-compiling.
10672: 	[4b95b0c04e1c]
10673: 
10674: 	* NEWS:
10675: 	Credit Matthew Thomas for the sudoers_search_filter changes.
10676: 	[a65998ab09f7]
10677: 
10678: 	* MANIFEST:
10679: 	Add the .sym files to the MANIFEST
10680: 	[f599225cc861]
10681: 
10682: 	* NEWS:
10683: 	Update for sudo 1.8.1 beta
10684: 	[71021e854c49]
10685: 
10686: 	* doc/sudo_plugin.pod, plugins/sudoers/sudoers.c, src/parse_args.c:
10687: 	user_shell -> run_shell to avoid confusion with the user's SHELL
10688: 	variable.
10689: 	[dc0ac6dafc21]
10690: 
10691: 	* src/exec_pty.c:
10692: 	Save the controlling tty process group before suspending in pty
10693: 	mode. Previously, we assumed that the child pgrp == child pid (which
10694: 	is usually, but not always, the case).
10695: 	[10b2883b7875]
10696: 
10697: 	* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
10698: 	Add support for sudoers_search_filter setting in ldap.conf. This can
10699: 	be used to restrict the set of records returned by the LDAP query.
10700: 	[b0f1b721d102]
10701: 
10702: 2011-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
10703: 
10704: 	* configure, configure.in:
10705: 	Remove the hack to disable -g in CFLAGS unless --with-devel
10706: 	[89822cf84ef4]
10707: 
10708: 	* doc/sudoers.pod:
10709: 	The '@' character does not normally need to be quoted.
10710: 	[7823f5ed829a]
10711: 
10712: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10713: 	We normaly transition from GOTDEFS to STARTDEFS on whitespace, but
10714: 	if that whitespace is followed by a comma, we want to treat it as
10715: 	part of a list and not transition.
10716: 	[1ca6943e1824]
10717: 
10718: 	* plugins/sudoers/regress/testsudoers/test3.ok,
10719: 	plugins/sudoers/regress/testsudoers/test3.sh:
10720: 	Add check for whitespace when a User_List is used for a per-user
10721: 	Defaults entry.
10722: 	[91f75e6dd19a]
10723: 
10724: 	* plugins/sudoers/regress/testsudoers/test2.out,
10725: 	plugins/sudoers/regress/testsudoers/test2.sh:
10726: 	Expand quoted name checks to cover recent fixes.
10727: 	[ce4f76bca146]
10728: 
10729: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
10730: 	Fix parsing of double-quoted names in Defaultd and Aliases which was
10731: 	broken in 601d97ea8792.
10732: 	[424b0d6c1dc4]
10733: 
10734: 	* plugins/sudoers/Makefile.in:
10735: 	toke_util.c lives in $(srcdir) not $(devdir)
10736: 	[94866bebee83]
10737: 
10738: 2011-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
10739: 
10740: 	* configure, configure.in:
10741: 	Change trunk version to 1.8.x to distinguish from real 1.8.0.
10742: 	[a9781e61d064]
10743: 
10744: 	* NEWS, doc/UPGRADE:
10745: 	Document major changes in 1.8.1 and add upgrade notes.
10746: 	[f2cf51b0d9ce]
10747: 
10748: 	* plugins/sudoers/match.c:
10749: 	Be careful not to deref user_stat if it is NULL. This cannot
10750: 	currently happen in sudo but might in other programs using the
10751: 	parser.
10752: 	[06a2334dd674]
10753: 
10754: 	* mkpkg:
10755: 	configure will not add -O2 to CFLAGS if it is already defined to add
10756: 	-O2 to the CFLAGS we pass in when PIE is being used.
10757: 	[1ce6481ece59]
10758: 
10759: 	* doc/sudoers.pod:
10760: 	Warn about the dangers of log_input and mention iolog_file and
10761: 	iolog_dir in the log_input and log_output descriptions.
10762: 	[ae854ffb0768]
10763: 
10764: 	* pp:
10765: 	sync with git version
10766: 	[a993e39ce3cb]
10767: 
10768: 	* doc/sudoers.pod:
10769: 	It seems that h comes after i
10770: 	[0f621109220d]
10771: 
10772: 	* doc/sudoers.pod:
10773: 	Move log_input and log_output to their proper, sorted, location.
10774: 	Document set_utmp and utmp_runas.
10775: 	[273b234b9c34]
10776: 
10777: 	* src/exec.c:
10778: 	Save the controlling tty process group before suspending so we can
10779: 	restore it when we resume. Fixes job control problems on Linux
10780: 	caused by the previous attemp to fix resuming a shell when I/O
10781: 	logging not enabled.
10782: 	[f03a660315ee]
10783: 
10784: 	* common/lbuf.c:
10785: 	Fix printing of the remainder after a newline. Fixes "sudo -l"
10786: 	output corruption that could occur in some cases.
10787: 	[25d83fb501fc]
10788: 
10789: 2011-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
10790: 
10791: 	* config.h.in, configure, configure.in, src/exec_pty.c,
10792: 	src/sudo_exec.h, src/utmp.c:
10793: 	Add support for ut_exit
10794: 	[b574c13f1bba]
10795: 
10796: 	* doc/sudo_plugin.pod, plugins/sudoers/def_data.c,
10797: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
10798: 	plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c, src/exec.c,
10799: 	src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_exec.h, src/utmp.c:
10800: 	Add support for controlling whether utmp is updated and which user
10801: 	is listed in the entry.
10802: 	[44a81632133f]
10803: 
10804: 	* plugins/sudoers/def_data.h, plugins/sudoers/defaults.h,
10805: 	plugins/sudoers/ldap.c, plugins/sudoers/mkdefaults,
10806: 	plugins/sudoers/parse.c:
10807: 	Fix typo; tupple vs. tuple
10808: 	[697744acb710]
10809: 
10810: 	* src/utmp.c:
10811: 	For legacy utmp, strip the /dev/ prefix before trying to determine
10812: 	slot since the ttys file does not include the /dev/ prefix.
10813: 	[7ad5b81ff90c]
10814: 
10815: 	* aclocal.m4, configure, configure.in, pathnames.h.in:
10816: 	Add check for _PATH_UTMP
10817: 	[21e638029bfd]
10818: 
10819: 2011-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
10820: 
10821: 	* plugins/sudoers/regress/iolog_path/check_iolog_path.c:
10822: 	Adapt check_iolog_path to sessid changes
10823: 	[728b5fe2be6f]
10824: 
10825: 	* config.h.in, configure, configure.in, src/Makefile.in,
10826: 	src/exec_pty.c, src/sudo_exec.h, src/utmp.c:
10827: 	Redo utmp handling. If no getutent()/getutxent() is available,
10828: 	assume a ttyslot-based utmp. If getttyent() is available, use that
10829: 	directly instead of ttyslot() so we don't have to do the stdin dup2
10830: 	dance.
10831: 	[18aa455cd140]
10832: 
10833: 2011-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
10834: 
10835: 	* MANIFEST, src/Makefile.in, src/exec_pty.c, src/sudo_exec.h,
10836: 	src/utmp.c:
10837: 	Move utmp handling into utmp.c
10838: 	[f6eae6c8e012]
10839: 
10840: 	* common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
10841: 	common/lbuf.c, common/list.c, compat/isblank.c, compat/memrchr.c,
10842: 	compat/mksiglist.c, compat/nanosleep.c, compat/snprintf.c,
10843: 	compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
10844: 	compat/utimes.c, doc/sudo.pod, doc/visudo.pod,
10845: 	include/sudo_plugin.h, plugins/sample/sample_plugin.c,
10846: 	plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
10847: 	plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
10848: 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
10849: 	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
10850: 	plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
10851: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
10852: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
10853: 	plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
10854: 	plugins/sudoers/auth/sia.c, plugins/sudoers/boottime.c,
10855: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/env.c,
10856: 	plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
10857: 	plugins/sudoers/logging.c, plugins/sudoers/parse.c,
10858: 	plugins/sudoers/parse.h, plugins/sudoers/redblack.c,
10859: 	plugins/sudoers/set_perms.c, plugins/sudoers/timestr.c,
10860: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c, src/exec.c,
10861: 	src/exec_pty.c, src/get_pty.c, src/parse_args.c, src/sudo.c,
10862: 	src/sudo.h, src/sudo_edit.c, src/sudo_exec.h, src/sudo_noexec.c,
10863: 	src/sudo_plugin_int.h, src/tgetpass.c:
10864: 	Update copyright years.
10865: 	[16aa39f9060a]
10866: 
10867: 	* doc/sudo_plugin.pod, plugins/sudoers/sudoers.c,
10868: 	plugins/sudoers/sudoers.h, src/parse_args.c:
10869: 	Add "user_shell" boolean as a way to indicate to the plugin that the
10870: 	-s flag was given.
10871: 	[fb1ef0897b32]
10872: 
10873: 	* plugins/sudoers/iolog_path.c, plugins/sudoers/logging.c,
10874: 	plugins/sudoers/sudoers.h:
10875: 	Move sessid out of sudo_user.
10876: 	[ba298ddb57f4]
10877: 
10878: 	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
10879: 	plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
10880: 	plugins/sudoers/sudoers.h:
10881: 	Log the TSID even if it is not a simple session ID.
10882: 	[d7cc1b9c513c]
10883: 
10884: 	* doc/sample.sudo.conf, doc/sudo.pod, doc/sudoers.pod:
10885: 	Document noexec in sample.sudo.conf and add back noexec_file section
10886: 	in sudoers with a note that it is deprecated.
10887: 	[4a6e961e494d]
10888: 
10889: 	* plugins/sudoers/set_perms.c:
10890: 	Fix running commands as non-root on systems where setreuid() changes
10891: 	the saved uid based on the effective uid we are changing to.
10892: 	[df0769b71b34]
10893: 
10894: 2011-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
10895: 
10896: 	* plugins/sudoers/defaults.c, src/load_plugins.c, src/sudo.c,
10897: 	src/sudo.h:
10898: 	Move noexec path into sudo.conf now that sudo itself handles noexec.
10899: 	Currently can be configured in sudoers too but is now undocumented
10900: 	and will be removed in a future release.
10901: 	[6fa8befdc110]
10902: 
10903: 	* doc/sudo.pod, doc/sudoers.pod:
10904: 	Document "Path noexec ..." in sudo.conf. No longer document
10905: 	noexec_file in sudoers, it will be removed in a future release.
10906: 	[24eee3a0b3e5]
10907: 
10908: 	* plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
10909: 	plugins/sudoers/sudoers.h, src/sudo.c, src/sudo.h:
10910: 	Move noexec handling to sudo front-end where it is documented as
10911: 	being.
10912: 	[3ed4f10d7052]
10913: 
10914: 	* config.h.in, configure, configure.in, plugins/sudoers/sudoers.c,
10915: 	src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h, src/sudo_edit.c,
10916: 	src/sudo_exec.h:
10917: 	Add support for disabling exec via solaris privileges. Includes
10918: 	preparation for moving noexec support out of sudoers and into front
10919: 	end as documented.
10920: 	[dec843ed553e]
10921: 
10922: 	* plugins/sample/Makefile.in, plugins/sample/sample_plugin.sym,
10923: 	plugins/sample_group/Makefile.in,
10924: 	plugins/sample_group/sample_group.sym, plugins/sudoers/Makefile.in,
10925: 	plugins/sudoers/sudoers.sym:
10926: 	Only export the symbols corresponding to the plugin structs.
10927: 	[8d8d03b0ca54]
10928: 
10929: 	* configure, configure.in, plugins/sample/Makefile.in,
10930: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in:
10931: 	Install plugins manually instead of using libtool. This works around
10932: 	a problem on AIX where libtool will install a .a file containing the
10933: 	.so file instead of the .so file itself.
10934: 	[796971cfbddb]
10935: 
10936: 	* Makefile.in:
10937: 	Move check into its own rule since some versions of make will run
10938: 	both targets as the default rule.
10939: 	[34d759979176]
10940: 
10941: 	* configure, ltmain.sh, m4/libtool.m4, m4/ltoptions.m4,
10942: 	m4/ltversion.m4, m4/lt~obsolete.m4:
10943: 	Update to libtool 2.2.10
10944: 	[34c130de6af7]
10945: 
10946: 2011-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
10947: 
10948: 	* src/exec.c:
10949: 	In handle_signals(), restart the read() on EINTR to make sure we
10950: 	keep up with the signal pipe. Don't return -1 on EAGAIN, it just
10951: 	means we have emptied the pipe.
10952: 	[d5b9c8eb9000]
10953: 
10954: 	* compat/mktemp.c:
10955: 	Reorder functions to quiet a compiler warning.
10956: 	[c9e9a23729f0]
10957: 
10958: 	* mkpkg:
10959: 	Use the Sun Studio C compiler on Solaris if possible
10960: 	[11a86e27891e]
10961: 
10962: 2011-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
10963: 
10964: 	* mkpkg:
10965: 	Fix default setting of osversion variable.
10966: 	[52e49ca1cedd]
10967: 
10968: 	* doc/sudo_plugin.pod:
10969: 	Make two login_class entris consistent.
10970: 	[18ff1fa94a91]
10971: 
10972: 	* config.h.in, configure, configure.in, src/exec.c, src/exec_pty.c,
10973: 	src/sudo_exec.h:
10974: 	Add support for adding a utmp entry when allocating a new pty.
10975: 	Requires the BSD login(3) or SYSV/POSIX getutent()/getutxent().
10976: 	Currently only creates a new entry if the existing tty has a utmp
10977: 	entry.
10978: 	[32db72b81d80]
10979: 
10980: 	* plugins/sudoers/boottime.c:
10981: 	Avoid pulling in headers we don't need on Linux For getutx?id(),
10982: 	call setutx?ent() first and always call endutx?ent().
10983: 	[5dad21e1ee1b]
10984: 
10985: 	* configure, configure.in:
10986: 	Add some more libs to SUDOERS_LIBS instead of relying on them to be
10987: 	pulled in by SUDO_LIBS.
10988: 	[18a7c21c09a7]
10989: 
10990: 	* plugins/sudoers/sudoers.c:
10991: 	Fix return value of "sudo -l command" when command is not allowed,
10992: 	broken in [c7097ea22111]. The default return value is now TRUE and a
10993: 	bad: label is used when permission is denied. Also fixed missing
10994: 	permissions restoration on certain errors. On error()/errorx(), the
10995: 	password and group files are now closed before returning.
10996: 	[4f2d0e869ae5]
10997: 
10998: 2011-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
10999: 
11000: 	* plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c:
11001: 	Fix passing of login class back to sudo front end.
11002: 	[6f70a784ce48]
11003: 
11004: 	* mkpkg:
11005: 	Add --osversion flag to specify OS instead of running "pp
11006: 	--probeonly"
11007: 	[a8efdccb7bc1]
11008: 
11009: 	* sudo.pp:
11010: 	Fix expr usage w/ GNU expr
11011: 	[48895599ee63]
11012: 
11013: 2011-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
11014: 
11015: 	* plugins/sudoers/sudoers.c:
11016: 	Fix exit value for validate and list mode.
11017: 	[c7097ea22111]
11018: 
11019: 	* plugins/sudoers/sudoers.c:
11020: 	Fix non-interactive mode with sudoers plugin.
11021: 	[172f29597bd2]
11022: 
11023: 2011-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
11024: 
11025: 	* doc/sudoreplay.pod:
11026: 	sudoreplay can now find IDs other than %{seq} and display the
11027: 	session.
11028: 	[fc3dd3be67e9]
11029: 
11030: 2011-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
11031: 
11032: 	* plugins/sudoers/sudoreplay.c:
11033: 	Add support for replaying sessions when iolog_file is set to
11034: 	something other than %{seq}.
11035: 	[ca3131243874]
11036: 
11037: 	* plugins/sudoers/visudo.c:
11038: 	If we are killed by a signal, display the name of the signal that
11039: 	got us.
11040: 	[994bb76a990e]
11041: 
11042: 	* configure, configure.in:
11043: 	Move libs used for authentication from SUDO_LIBS to SUDOERS_LIBS
11044: 	where they belong.
11045: 	[40f94b936fa4]
11046: 
11047: 	* configure.in:
11048: 	Fix bug in skey/opie check that could cause a shell warning.
11049: 	[83c043072be5]
11050: 
11051: 	* plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
11052: 	No longer need sudo_getepw() stubs.
11053: 	[bbee15c36912]
11054: 
11055: 2011-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
11056: 
11057: 	* plugins/sudoers/sudo_nss.c:
11058: 	Fix exit value of "sudo -l command" in sudoers module.
11059: 	[a6541867521b]
11060: 
11061: 2011-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
11062: 
11063: 	* compat/regress/glob/globtest.c:
11064: 	Use fgets() not fgetln() for portability.
11065: 	[df1bb67fb168]
11066: 
11067: 	* sudo.pp:
11068: 	Don't use the beta or release candidate version as the rpm release.
11069: 	[d661ef78021a]
11070: 
11071: 2011-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
11072: 
11073: 	* configure, configure.in:
11074: 	version 1.8.0
11075: 	[f6530d56f6ae] [SUDO_1_8_0]
11076: 
11077: 	* NEWS:
11078: 	update sudo 1.8 section
11079: 	[f2ee2cf95d18]
11080: 
11081: 2011-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
11082: 
11083: 	* plugins/sudoers/regress/testsudoers/test2.sh:
11084: 	fix test description
11085: 	[cd5730fa9f09]
11086: 
11087: 	* plugins/sudoers/regress/testsudoers/test2.out,
11088: 	plugins/sudoers/regress/testsudoers/test2.sh,
11089: 	plugins/sudoers/regress/visudo/test2.out,
11090: 	plugins/sudoers/regress/visudo/test2.sh:
11091: 	convert test2 to use testsudoers
11092: 	[b5ec3f0b69f1]
11093: 
11094: 	* include/sudo_plugin.h, src/sudo_plugin_int.h:
11095: 	Move struct generic_plugin to sudo_plugin_int.h
11096: 	[6f7bc629329c]
11097: 
11098: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11099: 	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
11100: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
11101: 	plugins/sudoers/sudoers.h:
11102: 	Allow sudoers file name, mode, uid and gid to be specified in the
11103: 	settings list. The sudo front end does not currently set these but
11104: 	may in the future.
11105: 	[22f38a0fda2a]
11106: 
11107: 2011-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
11108: 
11109: 	* configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
11110: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
11111: 	doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
11112: 	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
11113: 	doc/visudo.man.in:
11114: 	1.8.0rc1
11115: 	[5d4588b9c057]
11116: 
11117: 	* doc/sudo.pod, doc/sudoreplay.pod, doc/visudo.pod,
11118: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
11119: 	src/parse_args.c, src/sudo.h:
11120: 	add help text to sudo, visudo and sudoreplay for the -h option
11121: 	[52e7378d8476]
11122: 
11123: 2011-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
11124: 
11125: 	* compat/snprintf.c:
11126: 	avoid using "howmany" for a parameter name since it is a select-
11127: 	related macro
11128: 	[a14d565401a1]
11129: 
11130: 	* doc/sudoers.pod:
11131: 	mention group_plugin when describing nonunix_group
11132: 	[e0d1d0034b17]
11133: 
11134: 	* doc/sudo_plugin.pod:
11135: 	Add missing period at end of sentence
11136: 	[6744d7e9056d]
11137: 
11138: 	* Makefile.in, doc/Makefile.in, include/Makefile.in,
11139: 	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
11140: 	plugins/sudoers/Makefile.in, src/Makefile.in:
11141: 	add localstatedir; closes bug 471
11142: 	[7aefcab85088]
11143: 
11144: 	* config.h.in, configure, configure.in, plugins/sudoers/sudoreplay.c,
11145: 	src/exec.c, src/exec_pty.c:
11146: 	The howmany macro lives in sys/sysmacros.h on SVR5 systems Closes
11147: 	Bug 470
11148: 	[927ed6740f32]
11149: 
11150: 	* configure.in:
11151: 	add missing AH_TEMPLATE for ENV_RESET
11152: 	[16300010c986]
11153: 
11154: 	* src/exec.c:
11155: 	SVR5 systems return non-zero for success on socketpair(), check for
11156: 	-1 instead. Closes Bug 469
11157: 	[4d276494bf8e]
11158: 
11159: 2011-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
11160: 
11161: 	* configure, configure.in:
11162: 	1.8.0b5
11163: 	[d611cd5d73d3]
11164: 
11165: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
11166: 	doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
11167: 	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
11168: 	doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
11169: 	regen
11170: 	[85e96eeaed82]
11171: 
11172: 	* doc/sudo.pod:
11173: 	Document that a sudo.conf file with no Pligin lines uses the default
11174: 	sudoers plugins.
11175: 	[88bd52da977f]
11176: 
11177: 	* src/load_plugins.c:
11178: 	If sudo.conf contains no Plugin lines, use the default sudoers
11179: 	policy and I/O plugins.
11180: 	[fd8f4cb811ab]
11181: 
11182: 2011-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
11183: 
11184: 	* plugins/sudoers/sudo_nss.c:
11185: 	Avoid printing empty "Runas and Command-specific defaults for user"
11186: 	line.
11187: 	[2dd330fe4f8b]
11188: 
11189: 	* common/lbuf.c:
11190: 	Truncate the buffer at buf.len before printing in the non-wordwrap
11191: 	case.
11192: 	[901e9833f80d]
11193: 
11194: 	* common/lbuf.c:
11195: 	Remove extra newline when the tty width is very small or unavailable
11196: 	[245c05506c0e]
11197: 
11198: 2011-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
11199: 
11200: 	* plugins/sudoers/alias.c:
11201: 	Remove unneeded variable.
11202: 	[2c086d30b796]
11203: 
11204: 2011-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
11205: 
11206: 	* configure, configure.in:
11207: 	Prefer getutxid over getutid
11208: 	[3f3322e9c93e]
11209: 
11210: 	* plugins/sudoers/boottime.c:
11211: 	Include utmp.h / utmpx.h before missing.h as apparently including it
11212: 	afterwards causes a compilation problem on GNU Hurd.
11213: 	[a528029ae962]
11214: 
11215: 2011-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
11216: 
11217: 	* plugins/sudoers/sudoreplay.c, plugins/sudoers/toke_util.c:
11218: 	#include "foo.h", not <foo.h> for local includes.
11219: 	[f65ec693998e]
11220: 
11221: 	* src/parse_args.c:
11222: 	remove bogus XXX
11223: 	[9136c17d53ce]
11224: 
11225: 	* compat/mksiglist.c:
11226: 	Fix typo
11227: 	[1a3bb7b455c9]
11228: 
11229: 	* compat/glob.c, plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
11230: 	plugins/sudoers/match.c:
11231: 	return foo not return(foo)
11232: 	[5c9e0647359a]
11233: 
11234: 2011-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
11235: 
11236: 	* src/exec.c:
11237: 	Remove duplicate FD_SET of signal_pipe[0]
11238: 	[3096527d2215]
11239: 
11240: 2011-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
11241: 
11242: 	* compat/mksiglist.c:
11243: 	Use "missing.h" not <missing.h> in generated code.
11244: 	[d8e09cffbe09]
11245: 
11246: 2011-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
11247: 
11248: 	* aclocal.m4, configure:
11249: 	fix --with-iologdir=no
11250: 	[a89699cb5f5f]
11251: 
11252: 	* aclocal.m4, configure:
11253: 	fix typo that broke --with-iologdir
11254: 	[91b54eb22403]
11255: 
11256: 2011-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
11257: 
11258: 	* configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
11259: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.cat,
11260: 	doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.man.in,
11261: 	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/visudo.cat,
11262: 	doc/visudo.man.in:
11263: 	Bump version to 1.8.0b4
11264: 	[e2b7f2cdc02e]
11265: 
11266: 	* NEWS:
11267: 	sync
11268: 	[decf5a0a8a33]
11269: 
11270: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11271: 	Attempt to clarify how users and groups interact in Runas_Specs
11272: 	[e6fb3a2dbd77]
11273: 
11274: 	* plugins/sudoers/regress/visudo/test2.out,
11275: 	plugins/sudoers/regress/visudo/test2.sh:
11276: 	Add test for quoted group that contains escaped double quotes
11277: 	[44596c48c629]
11278: 
11279: 	* src/exec.c, src/exec_pty.c:
11280: 	Pass SIGUSR1/SIGUSR2 through to the child.
11281: 	[c3108a827b01]
11282: 
11283: 	* src/exec_pty.c, src/sudo_exec.h:
11284: 	Use special values SIGCONT_FG and SIGCONT_BG instead of SIGUSR1 and
11285: 	SIGUSR2 to indicate whether the child should be continued in the
11286: 	foreground or background.
11287: 	[35ca47cc6785]
11288: 
11289: 	* src/exec.c:
11290: 	Use pid_t not int and check the return value of kill()
11291: 	[36ae7d37d7f9]
11292: 
11293: 2011-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
11294: 
11295: 	* src/exec_pty.c:
11296: 	Remove obsolete comment
11297: 	[baebef4919f6]
11298: 
11299: 	* src/exec.c:
11300: 	In non-pty mode before continuing the child, make it the foreground
11301: 	pgrp if possible. Fixes resuming a shell.
11302: 	[fef5b1d02ddb]
11303: 
11304: 	* src/exec_pty.c:
11305: 	If we get a signal other than SIGCHLD in the monitor, pass it
11306: 	directly to the child.
11307: 	[b3ecb28163a0]
11308: 
11309: 	* src/exec.c, src/exec_pty.c, src/sudo.h:
11310: 	Save signal state before changing handlers and restore before we
11311: 	execute the command.
11312: 	[faf7475dc4bf]
11313: 
11314: 2011-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
11315: 
11316: 	* plugins/sudoers/iolog.c:
11317: 	Use a char array to map a number to a base36 digit.
11318: 	[257576c51f8b]
11319: 
11320: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod:
11321: 	Be clear about what versions of sudo support new LDAP attributes.
11322: 	Fix up some formatting of attribute names. Minor other tweaks.
11323: 	[39f65df71f65]
11324: 
11325: 2011-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
11326: 
11327: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11328: 	match quoted strings the same way whether in a Defaults line or as a
11329: 	user/group/netgroup name. Fixes escaped double quotes in quoted
11330: 	user/group/netgroup names.
11331: 	[601d97ea8792]
11332: 
11333: 	* plugins/sudoers/Makefile.in:
11334: 	'make check' depends on visudo and testsudoers
11335: 	[127c5a24df8f]
11336: 
11337: 	* plugins/sudoers/sudoers2ldif:
11338: 	Add sudoOrder attribute to each entry Parse LOG_{INPUT,OUTPUT} tags
11339: 	[9029163a58c3]
11340: 
11341: 2011-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
11342: 
11343: 	* doc/UPGRADE:
11344: 	Mention LDAP attribute compatibility status.
11345: 	[2c3595aaec63]
11346: 
11347: 2011-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>
11348: 
11349: 	* README.LDAP:
11350: 	Mention phpQLAdmin
11351: 	[9304c9064fbe]
11352: 
11353: 	* INSTALL, NEWS, config.h.in, configure, configure.in,
11354: 	doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
11355: 	Add --disable-env-reset configure option.
11356: 	[8a753aa13a46]
11357: 
11358: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11359: 	Document that sudoers_locale also affects logging and email.
11360: 	[998d6ac11277]
11361: 
11362: 	* NEWS, config.h.in, configure, configure.in,
11363: 	plugins/sudoers/logging.c:
11364: 	Do logging and email sending in the locale specified by the
11365: 	"sudoers_locale" setting ("C" by default). Email send by sudo
11366: 	includes MIME headers when the sudoers locale is not "C".
11367: 	[cb7e55408400]
11368: 
11369: 2011-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
11370: 
11371: 	* plugins/sudoers/check.c:
11372: 	Fix indentation
11373: 	[65ae7e92b9e4]
11374: 
11375: 2011-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
11376: 
11377: 	* NEWS, src/parse_args.c, src/sudo.c:
11378: 	Perform command escaping for "sudo -s" and "sudo -i" after
11379: 	validating sudoers so the sudoers entries don't need to have all the
11380: 	backslashes.
11381: 	[4e168c103f4b]
11382: 
11383: 2011-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
11384: 
11385: 	* plugins/sudoers/logging.c:
11386: 	Prepend "list " to the command logged when "sudo -l command" is used
11387: 	to make it clear that the command was listed, not run.
11388: 	[f392a6056cd6]
11389: 
11390: 	* plugins/sudoers/parse.c:
11391: 	cosmetic change
11392: 	[7c0951dbc2dd]
11393: 
11394: 	* common/aix.c, common/alloc.c, common/fileops.c, common/fmt_string.c,
11395: 	common/list.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
11396: 	compat/glob.c, compat/isblank.c, compat/memrchr.c, compat/mktemp.c,
11397: 	compat/nanosleep.c, compat/regress/glob/globtest.c,
11398: 	compat/snprintf.c, compat/strlcat.c, compat/strlcpy.c,
11399: 	compat/strsignal.c, compat/utimes.c, plugins/sample/sample_plugin.c,
11400: 	plugins/sample_group/getgrent.c, plugins/sample_group/plugin_test.c,
11401: 	plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
11402: 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
11403: 	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
11404: 	plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
11405: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
11406: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
11407: 	plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
11408: 	plugins/sudoers/auth/sia.c, plugins/sudoers/bsm_audit.c,
11409: 	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
11410: 	plugins/sudoers/find_path.c, plugins/sudoers/goodpath.c,
11411: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11412: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
11413: 	plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
11414: 	plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
11415: 	plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
11416: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
11417: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11418: 	plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
11419: 	plugins/sudoers/toke.l, plugins/sudoers/toke_util.c,
11420: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
11421: 	src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
11422: 	src/sudo_noexec.c, src/tgetpass.c:
11423: 	standardize on "return foo;" rather than "return(foo);" or "return
11424: 	(foo);"
11425: 	[32d76c5aaf8c]
11426: 
11427: 	* plugins/sudoers/sudoers.c:
11428: 	Do not reject sudoers file just because it is root-writable.
11429: 	[0febc579185b]
11430: 
11431: 2011-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
11432: 
11433: 	* NEWS:
11434: 	sync
11435: 	[1ab03f8278ff]
11436: 
11437: 	* plugins/sudoers/sudo_nss.c:
11438: 	For "sudo -U user -l" if user is not authorized on the host, say so.
11439: 	[289afe6dd15c]
11440: 
11441: 	* plugins/sudoers/ldap.c:
11442: 	In sudo_ldap_lookup(), always do the initial sudoers check as the
11443: 	invoking user. If we are listing another user's privs we will do a
11444: 	separate lookup using list_pw later.
11445: 	[e52bc15de76d]
11446: 
11447: 2011-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
11448: 
11449: 	* MANIFEST:
11450: 	add parser fill tests
11451: 	[4f65140d3515]
11452: 
11453: 	* compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
11454: 	Don't test features not supported by the bundled glob()
11455: 	[8ec7ace11949]
11456: 
11457: 	* Makefile.in, aclocal.m4, common/Makefile.in, common/term.c,
11458: 	compat/Makefile.in, configure.in, doc/LICENSE, doc/Makefile.in,
11459: 	doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11460: 	doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod, doc/sudoers.man.in,
11461: 	doc/sudoers.pod, include/Makefile.in, plugins/sample/Makefile.in,
11462: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11463: 	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
11464: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11465: 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
11466: 	plugins/sudoers/ldap.c, plugins/sudoers/match.c,
11467: 	plugins/sudoers/pwutil.c, plugins/sudoers/sudo_nss.c,
11468: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
11469: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
11470: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
11471: 	plugins/sudoers/toke_util.c, src/Makefile.in, zlib/Makefile.in:
11472: 	Update copyright year to 2011
11473: 	[ac1b45cb1809]
11474: 
11475: 	* plugins/sudoers/sudo_nss.c:
11476: 	When listing, use separate lbufs for the defaults and the privileges
11477: 	and only print something if the number of privileges is non-zero.
11478: 	Fixes extraneous Defaults output for "sudo -U unauthorized_user -l".
11479: 	[d0854d39f8ef]
11480: 
11481: 	* plugins/sudoers/ldap.c:
11482: 	Stash pointer to user group vector in LDAP handle and only reuse the
11483: 	query if it has not changed. We always allocate a new buffer when we
11484: 	reset the group vector so a simple pointer check is sufficient.
11485: 	[88861d4eba69]
11486: 
11487: 	* plugins/sudoers/sudo_nss.c:
11488: 	Check initgroups() return value.
11489: 	[3bdaf58408a7]
11490: 
11491: 	* plugins/sudoers/Makefile.in,
11492: 	plugins/sudoers/regress/parser/check_fill.c:
11493: 	Add tests for the fill functions in toke_util.c
11494: 	[bca587ab4956]
11495: 
11496: 2011-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
11497: 
11498: 	* plugins/sudoers/regress/iolog_path/check_iolog_path.c:
11499: 	fix copyright year
11500: 	[e2038cdaf055]
11501: 
11502: 	* NEWS:
11503: 	sync
11504: 	[56ca5d5eaebe]
11505: 
11506: 2011-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
11507: 
11508: 	* common/term.c:
11509: 	Clear, don't set, OPOST in c_oflag as was intended in 506ad5ae9b4e.
11510: 	[b91f266624ec]
11511: 
11512: 2011-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
11513: 
11514: 	* mkpkg, sudo.pp:
11515: 	Add Requires line for audit-libs >= 1.4 for RHEL5+
11516: 	[6c02f976171b]
11517: 
11518: 	* pp:
11519: 	sync with git version
11520: 	[d301c32d5865]
11521: 
11522: 2011-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
11523: 
11524: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11525: 	fix typo
11526: 	[39353f92976f]
11527: 
11528: 2011-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
11529: 
11530: 	* NEWS:
11531: 	Update for sudo 1.7.4p5
11532: 	[b444da76901f]
11533: 
11534: 	* doc/schema.OpenLDAP, doc/schema.iPlanet:
11535: 	Add sudoNotBefore and sudoNotAfter attributes as optional attributes
11536: 	to the sudoRole object class. From Andreas Mueller
11537: 	[dacfad7e7a95]
11538: 
11539: 2011-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
11540: 
11541: 	* NEWS:
11542: 	Mention "sudo -g group" password check fix.
11543: 	[1eb8fb14e53b]
11544: 
11545: 	* plugins/sudoers/sudoers.c:
11546: 	Fix "sudo -g" support in the sudoers module.
11547: 	[07d1b0ce530e]
11548: 
11549: 	* plugins/sudoers/check.c:
11550: 	If the user is running sudo as himself but as a different group we
11551: 	need to prompt for a password.
11552: 	[caf1fcc9a117]
11553: 
11554: 2011-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
11555: 
11556: 	* NEWS, config.h.in, configure, configure.in, doc/sudoers.ldap.cat,
11557: 	doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
11558: 	plugins/sudoers/ldap.c:
11559: 	Add support for TIMEOUT in ldap.conf, mapping to the OpenLDAP
11560: 	LDAP_OPT_TIMEOUT. There is no corresponding option for mozilla-
11561: 	derived LDAP SDKs but we can pass the timeout parameter to
11562: 	ldap_search_ext_s() or ldap_search_st() when possible.
11563: 	[5537049991f7]
11564: 
11565: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
11566: 	regen
11567: 	[5b361c3c4324]
11568: 
11569: 	* NEWS, doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
11570: 	Add NETWORK_TIMEOUT as an alias for BIND_TIMELIMIT for compatibility
11571: 	with OpenLDAP ldap.conf files.
11572: 	[e97843bd16fb]
11573: 
11574: 	* plugins/sudoers/pwutil.c:
11575: 	If user has no supplementary groups, fall back on checking the group
11576: 	file expliticly.
11577: 	[5223ad4eb690]
11578: 
11579: 2011-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
11580: 
11581: 	* plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
11582: 	constify
11583: 	[6e132a4cca61]
11584: 
11585: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.h,
11586: 	plugins/sudoers/toke.l:
11587: 	Move fill macro to toke.h
11588: 	[623d430798cf]
11589: 
11590: 	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/toke.c,
11591: 	plugins/sudoers/toke.h, plugins/sudoers/toke.l,
11592: 	plugins/sudoers/toke_util.c:
11593: 	Split tokenizer utility functions out into toke_util.c
11594: 	[89a97bd51618]
11595: 
11596: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
11597: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
11598: 	ANSIfy
11599: 	[ca0eba1dfaa9]
11600: 
11601: 2011-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
11602: 
11603: 	* MANIFEST:
11604: 	sync
11605: 	[a43f94064bb3]
11606: 
11607: 	* plugins/sudoers/Makefile.in:
11608: 	Add visudo tests to check target
11609: 	[8c82fb4ed40f]
11610: 
11611: 	* compat/Makefile.in, compat/regress/fnmatch/fnm_test.c,
11612: 	compat/regress/fnmatch/fnm_test.in, compat/regress/glob/files,
11613: 	compat/regress/glob/globtest.c, compat/regress/glob/globtest.in:
11614: 	Add my regress tests for fnmatch() and glob() from OpenBSD.
11615: 	[6e8c1f211723]
11616: 
11617: 	* plugins/sudoers/regress/testsudoers/test1.sh,
11618: 	plugins/sudoers/regress/visudo/test1.ok,
11619: 	plugins/sudoers/regress/visudo/test1.sh:
11620: 	Add regress test for command tags using visudo -c
11621: 	[18b0ef207c0f]
11622: 
11623: 	* plugins/sudoers/Makefile.in,
11624: 	plugins/sudoers/regress/testsudoers/test1.ok,
11625: 	plugins/sudoers/regress/testsudoers/test1.sh:
11626: 	Add support for regress tests using testsudoers
11627: 	[1fa94bd2671b]
11628: 
11629: 	* plugins/sudoers/testsudoers.c:
11630: 	Need to set user_name explicitly due to internal changes made when
11631: 	converting sudoers to a plugin.
11632: 	[1fa54e86a364]
11633: 
11634: 2011-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
11635: 
11636: 	* MANIFEST, Makefile.in, common/Makefile.in, compat/Makefile.in,
11637: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11638: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11639: 	plugins/sudoers/regress/iolog_path/check_iolog_path.c,
11640: 	plugins/sudoers/regress/iolog_path/data, src/Makefile.in,
11641: 	zlib/Makefile.in:
11642: 	Add regression tests for iolog_path()
11643: 	[afa4b416e559]
11644: 
11645: 	* Makefile.in, common/Makefile.in, compat/Makefile.in,
11646: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
11647: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
11648: 	src/Makefile.in, zlib/Makefile.in:
11649: 	Add support for "make Makefile" to regenerate Makefile from
11650: 	Makefile.in
11651: 	[98bd2dda3294]
11652: 
11653: 	* plugins/sudoers/iolog_path.c:
11654: 	Quiest a bogus compiler warning.
11655: 	[5ff932a7ad67]
11656: 
11657: 2011-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
11658: 
11659: 	* plugins/sudoers/iolog_path.c:
11660: 	Protect call to setlocale() with HAVE_SETLOCALE
11661: 	[2c29ee3ccc81]
11662: 
11663: 2011-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
11664: 
11665: 	* MANIFEST:
11666: 	mkstemps.c was renamed mktemp.c
11667: 	[ae299c3b1827]
11668: 
11669: 	* NEWS:
11670: 	Update from 1.7 branch
11671: 	[20817d79717b]
11672: 
11673: 	* Makefile.in:
11674: 	Use "mv -f" when regenerating ChangeLog
11675: 	[c163635206c6]
11676: 
11677: 	* plugins/sudoers/match.c:
11678: 	Fix NULL dereference with "sudo -g group" when the sudoers rule has
11679: 	no runas user or group listed. Fixes RedHat bug Bug 667103.
11680: 	[41a6a1243d9e]
11681: 
11682: 2011-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
11683: 
11684: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11685: 	Correct the default sudo.conf example
11686: 	[4e791698cad1]
11687: 
11688: 2010-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
11689: 
11690: 	* plugins/sudoers/iolog_path.c:
11691: 	Reset slashp if we allocate a new buffer for strftime()
11692: 	[e491daa4203b]
11693: 
11694: 	* plugins/sudoers/iolog_path.c, plugins/sudoers/sudoers.c,
11695: 	plugins/sudoers/sudoers.h:
11696: 	Add extra out parameter to expand_iolog_path() to allow the caller
11697: 	to split the path into dir and file components if needed.
11698: 	[88346bc5ae39]
11699: 
11700: 2010-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
11701: 
11702: 	* plugins/sudoers/iolog.c:
11703: 	mkdir_iopath() returns size_t now that it uses strlcpy() and not
11704: 	snprintf()
11705: 	[3c4c64d265eb]
11706: 
11707: 	* plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c:
11708: 	Trim leading slashes from iolog_file and trailing slashes from
11709: 	iolog_dir
11710: 	[a803b51f8948]
11711: 
11712: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
11713: 	plugins/sudoers/iolog.c, plugins/sudoers/iolog_path.c,
11714: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
11715: 	Pass a single I/O log file name in command_details instead of
11716: 	separate dir + file parameters.
11717: 	[d672a3e46e80]
11718: 
11719: 	* plugins/sudoers/sudoreplay.c:
11720: 	change an error() to errorx()
11721: 	[8013dcfdd69d]
11722: 
11723: 	* plugins/sudoers/iolog.c:
11724: 	Add missing cwd line to I/O log info file that got dropped when
11725: 	iolog_deserialize_info() was added
11726: 	[7cf84f208423]
11727: 
11728: 2010-12-29  Todd C. Miller  <Todd.Miller@courtesan.com>
11729: 
11730: 	* plugins/sudoers/iolog.c:
11731: 	Avoid relying on globals filled in by the sudoers policy module for
11732: 	the sudoers I/O log module. The I/O log open function now pulls the
11733: 	bits it needs out of user_info and command_info.
11734: 	[c02f6951b0cc]
11735: 
11736: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
11737: 	plugins/sudoers/sudoers.h:
11738: 	If no iolog file is specified by the policy plugin, use io_nextid()
11739: 	to determine the next file in the sequence.
11740: 	[faa1130b1020]
11741: 
11742: 2010-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
11743: 
11744: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
11745: 	Document iolog_compress in command_info
11746: 	[58895c7d12f5]
11747: 
11748: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11749: 	Add support for the iolog_compress variable in command_info.
11750: 	[36f13a2fd1c1]
11751: 
11752: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
11753: 	Add sigsetjmp() calls to all plugin entry points just to be safe.
11754: 	[3fa482355bc4]
11755: 
11756: 	* src/sudo.c, src/sudo.h:
11757: 	Don't need iolog variables in struct command_details, they are for
11758: 	the I/O log plugins to handle.
11759: 	[5111579ffd9d]
11760: 
11761: 2010-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>
11762: 
11763: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
11764: 	Document use of mkdtemp() for iolog path teplates
11765: 	[5db6101408a9]
11766: 
11767: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
11768: 	doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
11769: 	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
11770: 	doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
11771: 	regen
11772: 	[1ee11fd6d4eb]
11773: 
11774: 	* doc/sudo_plugin.pod, doc/sudoers.pod:
11775: 	Document iolog_file and supported escape sequences for sudoers.
11776: 	Clarify that iolog_file can contain directories.
11777: 	[da611dedcbdb]
11778: 
11779: 	* compat/Makefile.in, configure, configure.in:
11780: 	Fix building of mkstemps/mkdtemp replacements.
11781: 	[793a5e303122]
11782: 
11783: 	* compat/mkstemps.c, compat/mktemp.c, config.h.in, configure,
11784: 	configure.in, include/missing.h:
11785: 	Provide mkdtemp() for systems without it.
11786: 	[b0527dfa965c]
11787: 
11788: 	* plugins/sudoers/iolog_path.c:
11789: 	Fix typo
11790: 	[277f6c514cba]
11791: 
11792: 	* plugins/sudoers/iolog.c:
11793: 	Only use mkdtemp() if the path ends in at least 6 Xs since otherwise
11794: 	glibc mkdtemp() returns EINVAL.
11795: 	[2e7323b05579]
11796: 
11797: 	* plugins/sudoers/Makefile.in, plugins/sudoers/def_data.c,
11798: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11799: 	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
11800: 	plugins/sudoers/iolog_path.c, plugins/sudoers/plugin_error.c,
11801: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
11802: 	Allow sudoers to specify the iolog file in addition to the iolog
11803: 	dir. Add escape sequence support to iolog file and dir: sequence
11804: 	number, user, group, runas_user, runas_group, hostname and command
11805: 	in addition to any escape sequence recognized by strftime(3).
11806: 	[75cd32ee0435]
11807: 
11808: 	* plugins/sudoers/iolog.c:
11809: 	Add missing sigsetjmp() call in I/O plugin open function. Fixes a
11810: 	crash when the I/O plugin calls error(), errorx() or log_error().
11811: 	[1a6718bd817d]
11812: 
11813: 2010-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
11814: 
11815: 	* doc/sudo_plugin.pod, plugins/sudoers/iolog.c,
11816: 	plugins/sudoers/sudoers.c:
11817: 	Give the policy module fine-grained control over what the I/O plugin
11818: 	logs.
11819: 	[d29784fd2a66]
11820: 
11821: 	* common/term.c:
11822: 	Clear OPOST from c_oflag like we used to. Fixes screen-based editors
11823: 	such as vi.
11824: 	[506ad5ae9b4e]
11825: 
11826: 	* doc/sudoers.pod:
11827: 	Clarify umask option description. From Reuben Thomas.
11828: 	[1294ac84222b]
11829: 
11830: 2010-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
11831: 
11832: 	* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
11833: 	Pick last match in LDAP sudoers too
11834: 	[fbfd8e85703b]
11835: 
11836: 	* doc/sudo_plugin.pod:
11837: 	Document iolog_file, iolog_dir and use_pty
11838: 	[26120a59c20e]
11839: 
11840: 	* plugins/sample/sample_plugin.c, plugins/sudoers/iolog.c,
11841: 	plugins/sudoers/sudoers.c:
11842: 	Adapt plugins to version I/O logging ABI 1.1
11843: 	[880dd64bc1e8]
11844: 
11845: 	* src/exec.c, src/sudo.h:
11846: 	Add use_pty command_info flag for policies to indicate that a pty
11847: 	should be allocated even if no I/O logging is performed.
11848: 	[e7b167f8a6e5]
11849: 
11850: 	* src/sudo.c:
11851: 	Add remaining plugin convenience functions
11852: 	[ffeaf96da031]
11853: 
11854: 	* include/sudo_plugin.h, src/sudo.c, src/sudo.h,
11855: 	src/sudo_plugin_int.h:
11856: 	Change I/O log API to pass in command info to the I/O log open
11857: 	function. Add iolog_file and iolog_dir parameters to command info.
11858: 	This allows the policy plugin to specify the I/O log pathname. Add
11859: 	convenience functions for calling plugin functions that handle ABI
11860: 	backwards compatibility.
11861: 	[9b81dce76ce5]
11862: 
11863: 	* compat/dlopen.c:
11864: 	Remove useless cast
11865: 	[7cecce969739]
11866: 
11867: 2010-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
11868: 
11869: 	* configure, configure.in:
11870: 	Bump version to 1.8.0b3
11871: 	[1dc9f040aae0]
11872: 
11873: 2010-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
11874: 
11875: 	* configure.in:
11876: 	Remove extraneous newline
11877: 	[71c94551eea5]
11878: 
11879: 2010-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
11880: 
11881: 	* doc/sudoers.pod, plugins/sudoers/def_data.c,
11882: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
11883: 	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c:
11884: 	Make I/O log dir configurable.
11885: 	[99b576667a38]
11886: 
11887: 	* aclocal.m4, configure, configure.in, doc/sudoers.pod:
11888: 	Rename io_logdir to iolog_dir
11889: 	[0731662acc8d]
11890: 
11891: 2010-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
11892: 
11893: 	* pp:
11894: 	Add missing '*' that prevented the generic ELF case from matching.
11895: 	[be77ca26bfb2]
11896: 
11897: 	* pp:
11898: 	If file(1) can't identify the ELF binary type, try readelf(1).
11899: 	[38a18d32a9e3]
11900: 
11901: 2010-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
11902: 
11903: 	* plugins/sudoers/auth/kerb4.c, plugins/sudoers/check.c,
11904: 	plugins/sudoers/env.c, plugins/sudoers/pwutil.c,
11905: 	plugins/sudoers/sudoers.c, src/sudo.c:
11906: 	Use %u to print uid/gid, not %lu and adjust casts to match.
11907: 	[03c43b8749cf]
11908: 
11909: 	* doc/sudoers.ldap.pod:
11910: 	Clarify ordering of entries and attributes.
11911: 	[924e2a6bb603]
11912: 
11913: 	* doc/sudoers.ldap.pod:
11914: 	Fix typo and editing goof.
11915: 	[79dc7ccd85a8]
11916: 
11917: 	* doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
11918: 	doc/sudoers.ldap.pod:
11919: 	Merge in ordered LDAP entry support from Andreas Mueller.
11920: 	[ea5885989bad]
11921: 
11922: 	* plugins/sudoers/ldap.c:
11923: 	Make sure we don't dereference a NULL handle.
11924: 	[1a9f9ee15371]
11925: 
11926: 2010-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
11927: 
11928: 	* pp:
11929: 	Add support for RHEL 6 file modes that include a trailing dot on
11930: 	files with an SELinux security context
11931: 	[dc09be959547]
11932: 
11933: 2010-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
11934: 
11935: 	* src/sudo.c:
11936: 	exec_setup() does not need to setuid(0), the Ubuntu issue was in the
11937: 	sudoers module.
11938: 	[d6dd99fc6062]
11939: 
11940: 	* plugins/sudoers/sudoers.c:
11941: 	create_admin_success_flag() should use restore_perms() rather than
11942: 	set_perms() to restore the uid.
11943: 	[eba7a91c1f57]
11944: 
11945: 	* src/sudo.c:
11946: 	In exec_setup() call setuid(0) to make certain the subsequent uid
11947: 	and gid changes will succeed. Fixes a problem on Ubuntu.
11948: 	[c5d32abf0645]
11949: 
11950: 	* src/sudo_edit.c:
11951: 	Error out if we cannot change to root's uid so we catch the failure
11952: 	early.
11953: 	[7a2e7f8f2c80]
11954: 
11955: 2010-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
11956: 
11957: 	* doc/sudoers.pod:
11958: 	fix typo; from Michael T Hunter
11959: 	[a574a9d0db5b]
11960: 
11961: 	* plugins/sudoers/match.c:
11962: 	In sudoedit mode, assume command line arguments are paths and pass
11963: 	FNM_PATHNAME to fnmatch().
11964: 	[ce0abff8ce9f]
11965: 
11966: 2010-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
11967: 
11968: 	* configure, configure.in:
11969: 	Add workaround for an error in sys/types.h on HP-UX 11.23 when large
11970: 	file support is enabled. Defining _XOPEN_SOURCE_EXTENDED avoids the
11971: 	broken bits of the header file.
11972: 	[e337217f097a]
11973: 
11974: 	* aclocal.m4:
11975: 	Fix SUDO_MAILDIR usage of AC_LANG_PROGRAM
11976: 	[fbbcee28961f]
11977: 
11978: 	* sudo.pp:
11979: 	For Tru64, strip off beta version.
11980: 	[eeccd762df5e]
11981: 
11982: 	* MANIFEST, plugins/sudoers/testsudoers.c,
11983: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/tsgetgrpw.h:
11984: 	Avoid conflicts with system definitions in grp.h and pwd.h
11985: 	[b219ffe1da09]
11986: 
11987: 	* zlib/gzguts.h:
11988: 	Include stdio.h after zlib.h, not before. We need the large file
11989: 	defines to come first.
11990: 	[21d6df39790f]
11991: 
11992: 2010-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
11993: 
11994: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in:
11995: 	regen
11996: 	[3ff8750d0aac]
11997: 
11998: 	* Makefile.in:
11999: 	Don't clean ChangeLog
12000: 	[ab0d30d289d4]
12001: 
12002: 	* plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
12003: 	Add prototype for cleanup()
12004: 	[75626fd3769a]
12005: 
12006: 2010-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
12007: 
12008: 	* plugins/sudoers/group_plugin.c:
12009: 	Avoid deferencing group_plugin if it is NULL in
12010: 	group_plugin_query(). This should not happen.
12011: 	[4f2933c8da7e]
12012: 
12013: 	* plugins/sudoers/group_plugin.c:
12014: 	group plugin init function return TRUE when successful
12015: 	[198024477030]
12016: 
12017: 2010-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
12018: 
12019: 	* plugins/sudoers/ldap.c:
12020: 	Enlarge the array of entry wrappers int blocks of 100 entries to
12021: 	save on allocation time. From Andreas Mueller
12022: 	[375c916bb03b]
12023: 
12024: 	* plugins/sudoers/ldap.c:
12025: 	Add back call to sudo_ldap_timefilter() in sudo_ldap_build_pass2()
12026: 	that was mistakenly dropped.
12027: 	[1555f5bc132d]
12028: 
12029: 2010-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
12030: 
12031: 	* doc/TROUBLESHOOTING:
12032: 	Mention that sudo needs "ar" to build.
12033: 	[65582ace2d09]
12034: 
12035: 	* configure, configure.in:
12036: 	Fail with a more useful error if "ar" is not found.
12037: 	[d1cb83719c17]
12038: 
12039: 2010-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
12040: 
12041: 	* plugins/sudoers/ldap.c:
12042: 	Merge in ordered LDAP entry support from Andreas Mueller and add
12043: 	local changes from the 1.7 branch.
12044: 	[bca29e461618]
12045: 
12046: 2010-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
12047: 
12048: 	* doc/schema.ActiveDirectory, doc/schema.OpenLDAP, doc/schema.iPlanet,
12049: 	doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
12050: 	Add timed entry support from Andreas Mueller.
12051: 	[e18d1df46a8d]
12052: 
12053: 	* plugins/sudoers/group_plugin.c:
12054: 	Don't try to unload if group_plugin is NULL. Don't call dlclose() if
12055: 	group_handle is NULL
12056: 	[de2273da37d5]
12057: 
12058: 	* plugins/sudoers/sudoers.h:
12059: 	It is now plugin_cleanup(), not cleanup()
12060: 	[da62a4e1a78c]
12061: 
12062: 	* plugins/sudoers/logging.c, plugins/sudoers/sudoers.c:
12063: 	Call plugin_cleanup(), not cleanup()
12064: 	[e800ad8b33ad]
12065: 
12066: 2010-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
12067: 
12068: 	* plugins/sudoers/ldap.c:
12069: 	Use efree() not free() and remove malloc.h include since we never
12070: 	directly call malloc() or free().
12071: 	[107fffd134bb]
12072: 
12073: 2010-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
12074: 
12075: 	* sudo.pp:
12076: 	set PSTAMP for Solaris and move the backend-specific bits to their
12077: 	own %if [xxx] %endif blocks in %set.
12078: 	[a94ebe8920c1]
12079: 
12080: 	* pp:
12081: 	sync with git repo
12082: 	[75ff509696b4]
12083: 
12084: 	* configure, configure.in:
12085: 	Only substitute file zlib files when using the builtin zlib
12086: 	[6c8145b2deb4]
12087: 
12088: 	* common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
12089: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
12090: 	src/Makefile.in, zlib/Makefile.in:
12091: 	Give up on using VPATH to find sources as it is implemented
12092: 	inconsistenly in different versions of make.
12093: 	[60517c69aaee]
12094: 
12095: 	* plugins/sudoers/Makefile.in, plugins/sudoers/getdate.c,
12096: 	plugins/sudoers/gram.c, plugins/sudoers/toke.c:
12097: 	Include config.h before any other includes to make sure we get the
12098: 	right value for _FILE_OFFSET_BITS.
12099: 	[8fb007ca832e]
12100: 
12101: 	* MANIFEST:
12102: 	Add zlib
12103: 	[04a3e23dfaa9]
12104: 
12105: 	* zlib/Makefile.in:
12106: 	Add missing targets
12107: 	[40e45a177168]
12108: 
12109: 	* src/Makefile.in:
12110: 	g/c unused $(GENERATED)
12111: 	[c8758068c1bc]
12112: 
12113: 2010-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
12114: 
12115: 	* plugins/sudoers/group_plugin.c:
12116: 	Zero out group_plugin on unload just to be safe.
12117: 	[0b10f4d101ca]
12118: 
12119: 	* plugins/sudoers/group_plugin.c:
12120: 	Unload group plugin if its init function fails.
12121: 	[6552cdac4b7c]
12122: 
12123: 	* src/sudo.c:
12124: 	Only chdir to cwd if it is different from the current cwd or there
12125: 	is a new root (chroot).
12126: 	[b8203e875e84]
12127: 
12128: 	* configure, configure.in, doc/sudo.cat, doc/sudo.man.in,
12129: 	doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudoers.ldap.cat,
12130: 	doc/sudoers.ldap.man.in, doc/visudo.cat, doc/visudo.man.in:
12131: 	Bump version to 1.8.0b2
12132: 	[6dadeb75a878]
12133: 
12134: 2010-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
12135: 
12136: 	* INSTALL:
12137: 	Better --enable-zlib description
12138: 	[e0da54fa59a6]
12139: 
12140: 	* mkpkg:
12141: 	Use system zlib on Linux Let configure decide on Solaris For all
12142: 	others, use builtin zlib
12143: 	[3d52eddb523c]
12144: 
12145: 	* zlib/zconf.h.in:
12146: 	Add large file support.
12147: 	[bec01215270d]
12148: 
12149: 	* config.h.in:
12150: 	Add large file support.
12151: 	[244e95b034ec]
12152: 
12153: 	* Makefile.in, configure, configure.in, doc/LICENSE, doc/license.pod,
12154: 	zlib/Makefile.in, zlib/adler32.c, zlib/compress.c, zlib/crc32.c,
12155: 	zlib/crc32.h, zlib/deflate.c, zlib/deflate.h, zlib/gzclose.c,
12156: 	zlib/gzguts.h, zlib/gzlib.c, zlib/gzread.c, zlib/gzwrite.c,
12157: 	zlib/infback.c, zlib/inffast.c, zlib/inffast.h, zlib/inffixed.h,
12158: 	zlib/inflate.c, zlib/inflate.h, zlib/inftrees.c, zlib/inftrees.h,
12159: 	zlib/trees.c, zlib/trees.h, zlib/uncompr.c, zlib/zconf.h.in,
12160: 	zlib/zlib.h, zlib/zutil.c, zlib/zutil.h:
12161: 	Add local copy of zlib for systems that lack it.
12162: 	[7542ca465c5a]
12163: 
12164: 2010-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
12165: 
12166: 	* src/exec.c:
12167: 	If perform_io() fails, kill the child before exiting so it doesn't
12168: 	complain about connection reset. We can get an I/O error if, for
12169: 	example, and we get EIO reading from stdin.
12170: 	[e59a05fa729f]
12171: 
12172: 2010-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
12173: 
12174: 	* plugins/sudoers/sudoers.c, src/sudo.c:
12175: 	Fix complilation on systems with set_auth_parameters() Sprinkle
12176: 	volatile to quiet warnings from gcc 2.8.0
12177: 	[a34c2b924ba7]
12178: 
12179: 	* compat/dlfcn.h, compat/dlopen.c:
12180: 	Avoid potential namespace issues with dlopen() emulation.
12181: 	[aedfababd6ca]
12182: 
12183: 	* MANIFEST:
12184: 	sync
12185: 	[6afb97e6d308]
12186: 
12187: 	* plugins/sudoers/interfaces.c:
12188: 	Use INADDR_NONE instead of casting -1 to in_addr_t (which may not
12189: 	exist).
12190: 	[ddfca5af1a36]
12191: 
12192: 	* Makefile.in:
12193: 	Mark ChangeLog as PHONY Don't overwrite ChangeLog if we can't run hg
12194: 	[e9d04bfa4505]
12195: 
12196: 	* configure, configure.in:
12197: 	HP-UX 10.20 libc has an incompatible getline
12198: 	[2e7bc202e78d]
12199: 
12200: 	* plugins/sudoers/visudo.c:
12201: 	Quiet an HP-UX compiler warning.
12202: 	[55b9d587ac8c]
12203: 
12204: 	* configure, configure.in:
12205: 	Check for vi even with --with-editor specified; the sample plugin
12206: 	needs it.
12207: 	[94dfc3643f76]
12208: 
12209: 2010-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
12210: 
12211: 	* compat/dlopen.c:
12212: 	Fix remaining syntax errors.
12213: 	[9d729b5b577e]
12214: 
12215: 	* src/Makefile.in:
12216: 	sudo binary depends on the libtool-generated libs
12217: 	[9e6148406adb]
12218: 
12219: 	* plugins/sudoers/group_plugin.c, src/load_plugins.c:
12220: 	Use HAVE_DLOPEN instead of HAVE_DLFCN_H when determining whether to
12221: 	include the local or system dlfcn.h
12222: 	[68cfe4c1089b]
12223: 
12224: 	* pp:
12225: 	Don't use run_as_superuser=false on HP-UX
12226: 	[532242370b09]
12227: 
12228: 	* src/net_ifs.c:
12229: 	Use memset() instead of zero_bytes() since we don't include
12230: 	sudoers.h
12231: 	[a187c18c2472]
12232: 
12233: 	* plugins/sudoers/interfaces.c:
12234: 	Fix pasto; AF_INET not AF_INET6
12235: 	[2d2e9d7dc6f9]
12236: 
12237: 	* compat/dlopen.c:
12238: 	Actually call shl_load()
12239: 	[ed8153b8a3cd]
12240: 
12241: 	* pp:
12242: 	Update from git repo. Debian: version numbers now compliant with
12243: 	policy section 5.6.12 HP-UX: minimal changes needed to work on HP-UX
12244: 	10.20
12245: 	[ecf2692bceeb]
12246: 
12247: 	* configure, configure.in:
12248: 	Fix dlopen() detection for systems where dlopen() is in a separate
12249: 	library.
12250: 	[fa6b175582b6]
12251: 
12252: 	* plugins/sudoers/auth/pam.c:
12253: 	If pam_acct_mgmt() returns PAM_AUTH_ERR print a (hopefully) more
12254: 	useful message and return AUTH_FATAL so sudo does not keep trying to
12255: 	validate the user.
12256: 	[1be8857e5291]
12257: 
12258: 	* src/preload.c:
12259: 	sudo_preload_table is an array
12260: 	[b7704e72a9da]
12261: 
12262: 	* compat/dlopen.c:
12263: 	Quiet a compiler warning and fix sudo_preload_table external
12264: 	definition.
12265: 	[8234987664cc]
12266: 
12267: 	* compat/dlfcn.h:
12268: 	Fix multiple inclusion guard in dlfcn.h and fix dlerror() prototype.
12269: 	[8bab6a4053cc]
12270: 
12271: 	* plugins/sudoers/group_plugin.c:
12272: 	Make this compile correctly when no dlopen is available.
12273: 	[57643879bd2b]
12274: 
12275: 2010-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
12276: 
12277: 	* plugins/sudoers/check.c:
12278: 	Having a timestamp file defined is no longer indicative of tty
12279: 	tickets being enabled. Check def_tty_tickets directly.
12280: 	[efcc11ad157f]
12281: 
12282: 	* src/exec_pty.c, src/sudo.h, src/ttysize.c:
12283: 	Fix TCGETWINSZ compat.
12284: 	[da3a8b17cf7a]
12285: 
12286: 2010-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>
12287: 
12288: 	* src/exec_pty.c, src/ttysize.c:
12289: 	Prefer newer TIOCGWINSZ ioctl to old TIOCGSIZE
12290: 	[926492dd10a6]
12291: 
12292: 2010-10-01  Todd C. Miller  <Todd.Miller@courtesan.com>
12293: 
12294: 	* plugins/sudoers/sudoers.c, src/sudo.c:
12295: 	Move set_project() from sudoers module into sudo proper.
12296: 	[beabafac03b4]
12297: 
12298: 	* configure, configure.in:
12299: 	Fix typo and regenerate
12300: 	[4a3caf4234f3]
12301: 
12302: 	* plugins/sudoers/ldap.c:
12303: 	When iterating over returned LDAP entries, keep looking at remaining
12304: 	matches even if we have a positive match. This catches negative
12305: 	matches that may exist in other entries and more closely match the
12306: 	sudoers file behavior.
12307: 	[f47db6e609b0]
12308: 
12309: 	* pp:
12310: 	Add support for multiple package instances on Solaris.
12311: 	[7f2a8b942545]
12312: 
12313: 	* src/exec.c:
12314: 	Add missing signal_pipe[0] to fdsr for the non-pty case.
12315: 	[79d01e11b19c]
12316: 
12317: 	* mkpkg:
12318: 	Add --with-project for Solaris
12319: 	[ffa4c2bb93f7]
12320: 
12321: 	* README:
12322: 	Need ar and ranlib too
12323: 	[5c2f679172ef]
12324: 
12325: 2010-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
12326: 
12327: 	* plugins/sudoers/env.c:
12328: 	Preserve ODMDIR environment variable by default on AIX.
12329: 	[bd47cb1e804f]
12330: 
12331: 2010-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
12332: 
12333: 	* Makefile.in, compat/Makefile.in, compat/dlfcn.h, compat/dlopen.c,
12334: 	config.h.in, configure, configure.in, plugins/sample/Makefile.in,
12335: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
12336: 	plugins/sudoers/group_plugin.c, plugins/sudoers/plugin_error.c,
12337: 	plugins/sudoers/sudoers.c, src/Makefile.in, src/load_plugins.c,
12338: 	src/preload.c:
12339: 	Add dlopen() emulation for systems without it. For HP-UX 10, emulate
12340: 	using shl_load(). For others, link sudoers plugin statically and use
12341: 	a lookup table to emulate dlsym().
12342: 	[e92edfb3c642]
12343: 
12344: 2010-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
12345: 
12346: 	* compat/fnmatch.c, compat/glob.c, compat/mksiglist.c,
12347: 	compat/nanosleep.c, compat/utimes.c:
12348: 	When including compat headers, use the compat dir as part of the
12349: 	path so we are sure to get the correct header.
12350: 	[6c2a45da6af5]
12351: 
12352: 2010-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
12353: 
12354: 	* plugins/sudoers/linux_audit.c:
12355: 	Ignore ECONNREFUSED from audit_log_user_command() which will occur
12356: 	if auditd is not running.
12357: 	[d314fe4c8d03]
12358: 
12359: 2010-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
12360: 
12361: 	* pp:
12362: 	Sync with git version
12363: 	[1c0357744222]
12364: 
12365: 2010-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
12366: 
12367: 	* common/fileops.c, plugins/sudoers/defaults.c:
12368: 	Cast isblank argument to unsigned char.
12369: 	[c822dbb3ca54]
12370: 
12371: 2010-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
12372: 
12373: 	* INSTALL, config.h.in, configure, configure.in, doc/sudoers.cat,
12374: 	doc/sudoers.man.in, doc/sudoers.pod, plugins/sudoers/defaults.c:
12375: 	Implement --with-umask-override configure flag.
12376: 	[863e3047df22]
12377: 
12378: 	* plugins/sudoers/env.c:
12379: 	Take MODE_LOGIN_SHELL into account when initially setting reset_home
12380: 	instead of special-casing it later.
12381: 	[5d6b16480fd6]
12382: 
12383: 	* plugins/sudoers/sudoers.c:
12384: 	In login mode, make a copy of the runas user's pw_shell for
12385: 	NewArgv[0] because 1) we modify it and 2) it will runas_pw gets
12386: 	freed before exec.
12387: 	[1d1ccb568dfa]
12388: 
12389: 	* plugins/sudoers/env.c:
12390: 	Reset HOME for "sudo -i" even if HOME was listed in env_keep.
12391: 	[c1c1c65a2d63]
12392: 
12393: 	* src/sudo.c:
12394: 	Use SIG_SETMASK when resetting signal mask instead of SIG_UNBLOCK.
12395: 	[7443454e5f88]
12396: 
12397: 	* src/sudo.c:
12398: 	Reset signal mask at sudo startup time; we need to be able to rely
12399: 	on normal signal delivery to control the child process.
12400: 	[95800163ff94]
12401: 
12402: 2010-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
12403: 
12404: 	* install-sh:
12405: 	Use sed instead of expr to split a flag from its argument. Fixes a
12406: 	problem with expr interpreting its arguments as a flag when they
12407: 	start with a dash.
12408: 	[736065e14301]
12409: 
12410: 	* common/lbuf.c:
12411: 	Do not need sys/time.h after all
12412: 	[91f6f668ccda]
12413: 
12414: 	* common/lbuf.c:
12415: 	Include sys/time.h for utimes() and struct timeval. No longer need
12416: 	ioctl.h or termios.h
12417: 	[2d75273d3213]
12418: 
12419: 	* compat/snprintf.c:
12420: 	Quiet bogus compiler warnings.
12421: 	[fe252e1968f5]
12422: 
12423: 	* include/missing.h:
12424: 	Declare innetgr() for HP-UX which is missing a declaration. Declare
12425: 	domainname() for HP-UX and Solaris which are missing a declaration.
12426: 	[b37c50751138]
12427: 
12428: 	* plugins/sudoers/bsm_audit.c:
12429: 	Use __sun for consistency with the rest of the sources.
12430: 	[6b086b61ccb6]
12431: 
12432: 	* plugins/sudoers/group_plugin.c:
12433: 	Quiet a bogus compiler warning.
12434: 	[ebc069842c4a]
12435: 
12436: 	* plugins/sudoers/pwutil.c:
12437: 	Don't try to delref a NULL group.
12438: 	[f6ff0838be21]
12439: 
12440: 	* common/alloc.c, common/lbuf.c:
12441: 	Include memory.h on systems that need it.
12442: 	[4e676da81c6f]
12443: 
12444: 2010-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
12445: 
12446: 	* src/exec.c:
12447: 	Quiet gcc warnings on glibc systems that use warn_unused_result for
12448: 	write(2).
12449: 	[0532da0b7cf7]
12450: 
12451: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
12452: 	sudo_plugin is in section 8; from Ted Percival
12453: 	[b4506a0de87e]
12454: 
12455: 	* plugins/sudoers/Makefile.in:
12456: 	testsudoers depends on libsudoers.la, not sudoreplay
12457: 	[cdb1cc3bf06a]
12458: 
12459: 2010-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
12460: 
12461: 	* src/exec.c:
12462: 	Read as many signals on the signal pipe as we can before returning.
12463: 	[b181671da047]
12464: 
12465: 	* src/exec.c, src/exec_pty.c, src/sudo_exec.h:
12466: 	Instead of using a array to store received signals, open a pipe and
12467: 	have the signal handler write the signal number to one end and
12468: 	select() on the other end. This makes it possible to handle signals
12469: 	similar to I/O without race conditions.
12470: 	[ee84d65c16b6]
12471: 
12472: 2010-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
12473: 
12474: 	* doc/visudo.pod, plugins/sudoers/visudo.c:
12475: 	Make "visudo -c -f -" check the standard input.
12476: 	[195a3d2a9a26]
12477: 
12478: 	* doc/sudoers.pod:
12479: 	set_home and always_set_home have an effect if HOME is present in
12480: 	the env_keep list.
12481: 	[159d0b9dc5c8]
12482: 
12483: 	* plugins/sudoers/env.c:
12484: 	Make -H flag work when HOME is listed in env_keep. Also makes
12485: 	"set_home" and "always_set_home" override override HOME in env_keep.
12486: 	[a3e5b966193f]
12487: 
12488: 2010-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
12489: 
12490: 	* plugins/sudoers/Makefile.in, plugins/sudoers/interfaces.c,
12491: 	plugins/sudoers/interfaces.h, plugins/sudoers/match.c,
12492: 	plugins/sudoers/sudoers.c, plugins/sudoers/testsudoers.c,
12493: 	plugins/sudoers/visudo.c, src/net_ifs.c:
12494: 	Convert sudoers plugin to use interface list passed in settings.
12495: 	[87d9b5f4f586]
12496: 
12497: 	* doc/sudo_plugin.pod, src/Makefile.in, src/net_ifs.c,
12498: 	src/parse_args.c, src/sudo.h:
12499: 	Query local network interfaces in the main sudo driver and pass to
12500: 	the plugin as "network_addrs" in the settings list.
12501: 	[7f35bcfe77a7]
12502: 
12503: 	* plugins/sudoers/bsm_audit.c:
12504: 	Solaris BSM audit return EINVAL when auditing is not enabled,
12505: 	whereas OpenBSM returns ENOSYS.
12506: 	[411b980ec58b]
12507: 
12508: 2010-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
12509: 
12510: 	* compat/fnmatch.c:
12511: 	missing.h should come before most local includes
12512: 	[53921a7b8b5b]
12513: 
12514: 	* plugins/sudoers/sudoreplay.c:
12515: 	missing.h should come before most local includes
12516: 	[e9abb0db1aac]
12517: 
12518: 	* plugins/sudoers/sudoers.h:
12519: 	Make local includes consistent; use double quotes for local includes
12520: 	except for generated ones where we use angle brackets.
12521: 	[09de4faa9547]
12522: 
12523: 	* plugins/sudoers/sudoers.c:
12524: 	Always fill in NewArgv for audit code.
12525: 	[7c3aca60519f]
12526: 
12527: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
12528: 	Add missing LOG_INPUT/LOG_OUTPUT support in the lexer.
12529: 	[007cf6560f92]
12530: 
12531: 	* common/alloc.c, common/atobool.c, common/fileops.c,
12532: 	common/fmt_string.c, common/lbuf.c, common/list.c, common/term.c,
12533: 	common/zero_bytes.c, compat/closefrom.c, compat/fnmatch.c,
12534: 	compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
12535: 	compat/getprogname.c, compat/glob.c, compat/isblank.c,
12536: 	compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
12537: 	compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
12538: 	compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
12539: 	compat/unsetenv.c, compat/utimes.c, include/compat.h,
12540: 	plugins/sample/sample_plugin.c, plugins/sample_group/getgrent.c,
12541: 	plugins/sample_group/plugin_test.c,
12542: 	plugins/sample_group/sample_group.c, plugins/sudoers/audit.c,
12543: 	plugins/sudoers/auth/afs.c, plugins/sudoers/boottime.c,
12544: 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
12545: 	plugins/sudoers/linux_audit.c, plugins/sudoers/match.c,
12546: 	plugins/sudoers/plugin_error.c, plugins/sudoers/sudoreplay.c,
12547: 	plugins/sudoers/timestr.c, src/error.c, src/sesh.c, src/sudo.h,
12548: 	src/sudo_noexec.c, src/ttysize.c:
12549: 	Make local includes consistent; use double quotes for local includes
12550: 	except for generated ones where we use angle brackets. Also g/c
12551: 	unused compat.h.
12552: 	[e57070dc8f04]
12553: 
12554: 2010-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
12555: 
12556: 	* plugins/sudoers/match.c:
12557: 	When matching the runas user and runas group (-u and -g command line
12558: 	options), keep track of runas group and runas user matches
12559: 	separately. Only return a positive match if we have a match for both
12560: 	runas user and runas group (if specified).
12561: 	[815219e04cc8]
12562: 
12563: 2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
12564: 
12565: 	* doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
12566: 	Add support for multiple URI lines by joining the contents and
12567: 	passing the result to ldap_initialize.
12568: 	[a47cae3b72e8]
12569: 
12570: 	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c:
12571: 	Do not return -1 on error from the display functions; the caller
12572: 	expects a return value >= 0.
12573: 	[101456a7dd00]
12574: 
12575: 	* plugins/sudoers/sudoers.c:
12576: 	Do not set both MODE_EDIT and MODE_RUN
12577: 	[8faa36694d54]
12578: 
12579: 2010-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
12580: 
12581: 	* include/missing.h:
12582: 	Move includes to the top of the file.
12583: 	[a51436798e8c]
12584: 
12585: 2010-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
12586: 
12587: 	* plugins/sudoers/Makefile.in:
12588: 	Add missing definition of timedir
12589: 	[458a749c2c5e]
12590: 
12591: 	* compat/fnmatch.c, compat/getprogname.c, compat/isblank.c,
12592: 	compat/mksiglist.c, compat/strsignal.c,
12593: 	plugins/sudoers/plugin_error.c, src/error.c, src/sudo_noexec.c:
12594: 	Add #include of sys/types.h for .c files that include missing.h to
12595: 	be sure that size_t and ssize_t are defined.
12596: 	[08e3132dbf4f]
12597: 
12598: 	* plugins/sudoers/Makefile.in:
12599: 	Install sudoers file from the build dir not hte src dir.
12600: 	[ca89e962dbf4]
12601: 
12602: 2010-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
12603: 
12604: 	* plugins/sudoers/set_perms.c:
12605: 	If runas_pw changes, reset the stashed runas aux group vector.
12606: 	Otherwise, if runas_default is set in a per-command Defaults
12607: 	statement, the command runs with root's aux group vector (i.e. the
12608: 	one that was used when locating the command).
12609: 	[24f9107cedd2]
12610: 
12611: 	* plugins/sudoers/Makefile.in:
12612: 	Add target to generate sudoers file Remove generated sudoers file as
12613: 	part of distclean
12614: 	[fb7422e90f03]
12615: 
12616: 2010-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
12617: 
12618: 	* src/exec.c:
12619: 	When not logging I/O install a handler for SIGCONT and deliver it to
12620: 	the command upon resume. Fixes bugzilla #431
12621: 	[495dce52a5aa]
12622: 
12623: 2010-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
12624: 
12625: 	* plugins/sudoers/sudoers.h:
12626: 	g/c unused auth_pw extern definition
12627: 	[40eb7477ba17]
12628: 
12629: 	* plugins/sudoers/check.c, plugins/sudoers/sudoers.c:
12630: 	Move get_auth() into check.c where it is actually used.
12631: 	[e31db0ce3a61]
12632: 
12633: 2010-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
12634: 
12635: 	* common/lbuf.c:
12636: 	Convert a remaining puts() and putchar() to use the output function.
12637: 	[d69e363a506b]
12638: 
12639: 	* plugins/sudoers/plugin_error.c:
12640: 	Plug memory leak
12641: 	[68895469ea8d]
12642: 
12643: 2010-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
12644: 
12645: 	* plugins/sudoers/env.c:
12646: 	Set dupcheck to TRUE when setting new HOME value if !env_reset but
12647: 	always_set_home is true. Prevents a duplicate HOME in the
12648: 	environment (old value plus the new one) introduced in f421f8827340.
12649: 	[9ca19183794f]
12650: 
12651: 	* configure, configure.in, plugins/sudoers/sudoers,
12652: 	plugins/sudoers/sudoers.in:
12653: 	Substitute sysconfdir in the installed sudoers file to get the
12654: 	correct path for sudoers.d.
12655: 	[86072b6cd55d]
12656: 
12657: 2010-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
12658: 
12659: 	* src/get_pty.c:
12660: 	Fix typo that prevented compilation on Irix; Friedrich Haubensak
12661: 	[b48be51b65fc]
12662: 
12663: 2010-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
12664: 
12665: 	* MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
12666: 	common/atobool.c, common/fileops.c, common/fmt_string.c,
12667: 	common/lbuf.c, common/list.c, common/term.c, common/zero_bytes.c,
12668: 	compat/Makefile.in, compat/closefrom.c, compat/fnmatch.c,
12669: 	compat/getcwd.c, compat/getgrouplist.c, compat/getline.c,
12670: 	compat/getprogname.c, compat/glob.c, compat/isblank.c,
12671: 	compat/memrchr.c, compat/mksiglist.c, compat/mkstemps.c,
12672: 	compat/nanosleep.c, compat/setenv.c, compat/snprintf.c,
12673: 	compat/strlcat.c, compat/strlcpy.c, compat/strsignal.c,
12674: 	compat/unsetenv.c, compat/utimes.c, include/compat.h,
12675: 	include/missing.h, plugins/sample/sample_plugin.c,
12676: 	plugins/sample_group/getgrent.c,
12677: 	plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
12678: 	plugins/sudoers/audit.c, plugins/sudoers/boottime.c,
12679: 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
12680: 	plugins/sudoers/linux_audit.c, plugins/sudoers/plugin_error.c,
12681: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
12682: 	plugins/sudoers/timestr.c, src/Makefile.in, src/error.c, src/sesh.c,
12683: 	src/sudo.h, src/sudo_noexec.c, src/ttysize.c:
12684: 	Merge compat.h and missing.h into missing.h
12685: 	[572909ae9716]
12686: 
12687: 2010-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
12688: 
12689: 	* plugins/sudoers/auth/pam.c:
12690: 	If the user hits ^C while a password is being read, error out before
12691: 	reading any further passwords in the pam conversation function.
12692: 	Otherwise, if multiple PAM auth methods are required, the user will
12693: 	have to hit ^C for each one.
12694: 	[23782631748c]
12695: 
12696: 2010-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
12697: 
12698: 	* plugins/sudoers/check.c:
12699: 	Update comment
12700: 	[a5296cb3a20a]
12701: 
12702: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
12703: 	Document sudo_conv_t function and sudo_printf_t return values.
12704: 	[745c0017814c]
12705: 
12706: 	* src/conversation.c:
12707: 	Make _sudo_printf return the number of characters printed on success
12708: 	like printf(3).
12709: 	[8eeefe8d7e77]
12710: 
12711: 2010-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
12712: 
12713: 	* plugins/sudoers/sudoers.c:
12714: 	sudoers.h includes sudo_plugin.h for us
12715: 	[cabe68e07807]
12716: 
12717: 	* common/Makefile.in, common/gettime.c, compat/mkstemps.c,
12718: 	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/sudo.h,
12719: 	src/sudo_edit.c:
12720: 	Use gettimeofday() directly instead of via the gettime() wrapper.
12721: 	[7490426c99ae]
12722: 
12723: 	* common/gettime.c, compat/snprintf.c, compat/strcasecmp.c,
12724: 	compat/strerror.c, config.h.in, configure, configure.in,
12725: 	include/compat.h, include/missing.h, plugins/sudoers/logging.c,
12726: 	plugins/sudoers/sudoers.c, plugins/sudoers/visudo.c, src/sudo.c:
12727: 	Remove some obsolete configure tests, ancient Unix systems are no
12728: 	longer supported.
12729: 	[2be6218c3a36]
12730: 
12731: 2010-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
12732: 
12733: 	* sudo.pp:
12734: 	Set pp_kit_version and strip off patch level
12735: 	[aacfda1b676d]
12736: 
12737: 	* sudo.pp:
12738: 	Better handling of versions with a patchlevel. For rpm and deb, use
12739: 	the patchlevel+1 as the release. For AIX, use the patchlevel as the
12740: 	4th version number. For the rest, just leave the patchlevel in the
12741: 	version string.
12742: 	[638bd35f2346]
12743: 
12744: 2010-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
12745: 
12746: 	* plugins/sudoers/auth/sudo_auth.c:
12747: 	For non-standalone auth methods, stop reading the password if the
12748: 	user enters ^C at the prompt.
12749: 	[82c2911bb264]
12750: 
12751: 	* configure, configure.in, plugins/sudoers/Makefile.in,
12752: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c,
12753: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
12754: 	plugins/sudoers/pwutil.c:
12755: 	No need to look up shadow password unless we are doing password-
12756: 	style authentication. This moves the shadow password lookup to the
12757: 	auth functions that need it.
12758: 	[ba9e3eba2b72]
12759: 
12760: 	* plugins/sudoers/sudoers.c:
12761: 	Retain final passwd/group refs until the policy close() function.
12762: 	Note that this doesn't get called in all cases so putting this in a
12763: 	cleanup function is probably better.
12764: 	[bbe214cb4119]
12765: 
12766: 	* plugins/sudoers/check.c:
12767: 	Fix mismerge
12768: 	[395115f89dd6]
12769: 
12770: 	* plugins/sudoers/check.c:
12771: 	When removing/resetting the timestamp file ignore the tty ticket
12772: 	contents.
12773: 	[b709f5667a0b]
12774: 
12775: 	* plugins/sudoers/sudoers.c:
12776: 	delref sudo_user.pw, runas_pw and runas_gr immediately before we
12777: 	return.
12778: 	[4d67d15dfd3b]
12779: 
12780: 2010-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
12781: 
12782: 	* plugins/sudoers/check.c, plugins/sudoers/ldap.c,
12783: 	plugins/sudoers/match.c, plugins/sudoers/pwutil.c,
12784: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
12785: 	Reference count cached passwd and group structs. The cache holds one
12786: 	reference itself and another is added by sudo_getgr{gid,nam} and
12787: 	sudo_getpw{uid,nam}. The final ref on the runas and user passwd and
12788: 	group structs are persistent for now.
12789: 	[e544685523c3]
12790: 
12791: 	* doc/UPGRADE:
12792: 	fix typo
12793: 	[e32f2d35e6c9]
12794: 
12795: 2010-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
12796: 
12797: 	* plugins/sudoers/check.c:
12798: 	Do not produce a warning for "sudo -k" if the ticket file does not
12799: 	exist.
12800: 	[1598f6061b75]
12801: 
12802: 	* plugins/sudoers/pwutil.c:
12803: 	Instead of caching struct passwd and struct group in the red-black
12804: 	tree, store a struct cache_item which includes both the key and
12805: 	datum. This allows us to user the actual name that was looked up as
12806: 	the key instead of the contents of struct passwd or struct group.
12807: 	This matters because the name in the database may not match what we
12808: 	looked up, due either to case folding or truncation (historically at
12809: 	8 characters). Also mark the disabled calls to sudo_freepwcache()
12810: 	and sudo_freegrcache() as broken since we use cached data for things
12811: 	like set_perms() and the logging functions. Fixing this would
12812: 	require making a copy of the structs for user and runas or adding a
12813: 	reference count (better).
12814: 	[225d4a22f60e]
12815: 
12816: 	* plugins/sudoers/Makefile.in:
12817: 	Fix path to mkinstalldirs
12818: 	[b4968379b12d]
12819: 
12820: 	* plugins/sudoers/check.c, plugins/sudoers/logging.c,
12821: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/visudo.c,
12822: 	src/exec_pty.c, src/get_pty.c, src/tgetpass.c:
12823: 	Quiet gcc warnings on glibc systems that use warn_unused_result for
12824: 	write(2) and others.
12825: 	[c99f138960e0]
12826: 
12827: 2010-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
12828: 
12829: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
12830: 	Add %option noinput
12831: 	[72b9cd49b4f1]
12832: 
12833: 	* aclocal.m4, configure, configure.in:
12834: 	Add cross-compile defaults for remaining AC_TRY_RUN usage. Also add
12835: 	back getgroups() check since AC_FUNC_GETGROUPS defaults to "no" when
12836: 	cross-compiling.
12837: 	[e385c176d0ee]
12838: 
12839: 2010-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
12840: 
12841: 	* aclocal.m4, compat/snprintf.c, config.h.in, configure, configure.in:
12842: 	Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
12843: 	and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
12844: 	[cf3e60d9c440]
12845: 
12846: 2010-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
12847: 
12848: 	* pp:
12849: 	Update to latest version
12850: 	[32f93be33961]
12851: 
12852: 2010-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
12853: 
12854: 	* sudo.pp:
12855: 	Let pp determine pp_aix_version itself.
12856: 	[7cf0245d84ed]
12857: 
12858: 	* INSTALL, config.h.in, configure, configure.in, mkpkg,
12859: 	plugins/sudoers/sudoers.c:
12860: 	Add support for Ubuntu admin flag file and enable it when building
12861: 	Ubuntu packages.
12862: 	[00e27cff2dfb]
12863: 
12864: 	* plugins/sudoers/sudoers, sudo.pp:
12865: 	Add commented out SuSE-like targetpw settings
12866: 	[4605d47b7413]
12867: 
12868: 	* configure, configure.in:
12869: 	Only try to use +DAportable for non-GCC on hppa
12870: 	[75d0f284ccf7]
12871: 
12872: 	* configure, configure.in:
12873: 	Prevent configure from adding the -g flag unless in devel mode
12874: 	[b1fd3f8d45c0]
12875: 
12876: 2010-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
12877: 
12878: 	* sudo.pp:
12879: 	Go back to sudo-flavor to match existing packages and only use an
12880: 	underscore for those that need it.
12881: 	[d737069d1e1c]
12882: 
12883: 	* sudo.pp:
12884: 	Use sudo_$flavor instead of sudo-$flavor since that causes the least
12885: 	amount of trouble for the various package managers.
12886: 	[71f547af35fc]
12887: 
12888: 	* mkpkg:
12889: 	Fix handling of the ldap flavor Remove destdir unless --debug was
12890: 	specified Make distclean before running configure if there is a
12891: 	Makefile present
12892: 	[6316f08de7d3]
12893: 
12894: 	* sudo.pp:
12895: 	Add back include file.
12896: 	[195627bf68b8]
12897: 
12898: 	* mkpkg:
12899: 	Pass extra args on to configure on HP-UX, if we don't have the HP C
12900: 	compiler, disable zlib to prevent gcc from finding it in
12901: 	/usr/local/lib.
12902: 	[473efa0e2bac]
12903: 
12904: 	* mkpkg:
12905: 	Use the HP ANSI C compiler on HP-UX if possible
12906: 	[fb249b6b175d]
12907: 
12908: 	* plugins/sudoers/sudoreplay.c:
12909: 	Some getline() implementations (FreeBSD 8.0) do not ignore the
12910: 	length pointer when the line pointer is NULL as they should.
12911: 	[2410a1a3543c]
12912: 
12913: 	* plugins/sudoers/sudoreplay.c:
12914: 	Don't need to check for *cp being non-zero, isdigit() will do that.
12915: 	[7df11ea8a487]
12916: 
12917: 	* plugins/sudoers/sudoreplay.c:
12918: 	Add setlocale() so the command line arguments that use floating
12919: 	point work in different locales. Since sudo now logs the timing data
12920: 	in the C locale we must Parse the seconds in the timing file
12921: 	manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
12922: 	the number of seconds with the user's locale so if the decimal point
12923: 	is not '.' try using the locale-specific version.
12924: 	[4d385765f23b]
12925: 
12926: 	* src/exec.c:
12927: 	Do I/O logging in the C locale so the floating point numbers in the
12928: 	timing file are not locale-dependent.
12929: 	[5961cec044ec]
12930: 
12931: 	* plugins/sudoers/sudoreplay.c:
12932: 	Use errorx() not error() for thingsthat don't set errno.
12933: 	[0fe5e692af84]
12934: 
12935: 2010-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
12936: 
12937: 	* pp:
12938: 	Better support for 1.2.3 style versions in Tru64 kits
12939: 	[997c549bb777]
12940: 
12941: 	* sudo.pp:
12942: 	Add Tru64 kit support
12943: 	[e273a954f981]
12944: 
12945: 	* pp:
12946: 	Remove apparently unnecessary use of sudo
12947: 	[be8840d85125]
12948: 
12949: 	* Makefile.in, plugins/sudoers/Makefile.in:
12950: 	Create timedir as part of install-dirs target.
12951: 	[c736bc2fb14f]
12952: 
12953: 	* src/exec_pty.c:
12954: 	Handle ENXIO from read/write which can occur when reading/writing a
12955: 	pty that has gone away.
12956: 	[fa2e8059879f]
12957: 
12958: 	* plugins/sudoers/pwutil.c:
12959: 	sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
12960: 	[3a045475d5ee]
12961: 
12962: 	* mkpkg:
12963: 	platform is a pp flag not a variable
12964: 	[12eba39a47c1]
12965: 
12966: 	* Makefile.in, mkpkg, sudo.pp:
12967: 	Add simple arg parsing for mkpkg so we can set debug, flavor or
12968: 	platform.
12969: 	[ada839fe252d]
12970: 
12971: 	* pp:
12972: 	Make rpm backend work on AIX 5.x
12973: 	[549a76d11393]
12974: 
12975: 2010-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
12976: 
12977: 	* plugins/sudoers/sudoers:
12978: 	Add commented out Defaults entry for log_output
12979: 	[7e67d7588900]
12980: 
12981: 2010-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
12982: 
12983: 	* doc/Makefile.in:
12984: 	Remove sudo docdir completely
12985: 	[dce8e82878ef]
12986: 
12987: 	* doc/sample.sudo.conf:
12988: 	Add sample sudo.conf
12989: 	[aafdba3fc411]
12990: 
12991: 2010-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
12992: 
12993: 	* plugins/sudoers/Makefile.in:
12994: 	Add PACKAGE_TARNAME for docdir
12995: 	[930c92b8f8f0]
12996: 
12997: 2010-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
12998: 
12999: 	* src/Makefile.in:
13000: 	Pass install-sh -b~ here too.
13001: 	[c3f5eb446c38]
13002: 
13003: 	* plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
13004: 	plugins/sudoers/Makefile.in, src/Makefile.in:
13005: 	Install binary files with -b~ to make a backup. Fixes "text file
13006: 	busy" error on HP-UX during install.
13007: 	[81f306f54f8c]
13008: 
13009: 	* install-sh:
13010: 	"mv -f" on HP-UX doesn't unlink the destination first so add an
13011: 	explicit rm before moving the temporary into place.
13012: 	[fb719a79582d]
13013: 
13014: 	* configure, configure.in:
13015: 	Some more ${foo} -> $(foo) conversion for consistent Makefiles.
13016: 	[0aa098770074]
13017: 
13018: 	* doc/Makefile.in, plugins/sudoers/Makefile.in:
13019: 	Install sudoers2ldif in the doc dir
13020: 	[33ac3b53d7f5]
13021: 
13022: 2010-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
13023: 
13024: 	* pathnames.h.in:
13025: 	Add missing include of maillock.h for Solaris
13026: 	[5a58883be23a]
13027: 
13028: 	* NEWS, configure, configure.in, doc/TROUBLESHOOTING, doc/UPGRADE,
13029: 	doc/sample.syslog.conf, doc/sudoers.cat:
13030: 	Change the default syslog facility from local2 to authpriv (or auth
13031: 	if the operating system doesn't support authpriv).
13032: 	[3b70ba514f49]
13033: 
13034: 	* Makefile.in, sudo.pp:
13035: 	Install sudoers as /etc/sudoers on RPM and debian systems where the
13036: 	package manager will not replace a user-modified configuration file.
13037: 	This fixes upgrades from the vendor sudo packages.
13038: 	[d886b6d60b5b]
13039: 
13040: 	* pp:
13041: 	RPM: use %config(noreplace) instead of %config for volatile This
13042: 	results in the new file being installed with a .rpmnew suffix
13043: 	instead of the file being replaced and the old one renamed with a
13044: 	.rpmsave suffix.
13045: 	[58be2119f8e8]
13046: 
13047: 2010-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>
13048: 
13049: 	* compat/mkstemps.c, plugins/sudoers/boottime.c:
13050: 	Include time.h for struct timeval
13051: 	[ddf8b04f0276]
13052: 
13053: 	* src/exec_pty.c:
13054: 	The return value of strsignal() may be const and should be treated
13055: 	as const regardless.
13056: 	[620074ae1e77]
13057: 
13058: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13059: 	Mention that 127.0.0.1 will not match, nor will localhost unless
13060: 	that is the actual host name.
13061: 	[8b574122eb8f]
13062: 
13063: 	* MANIFEST, NEWS, README, WHATSNEW, doc/Makefile.in, doc/UPGRADE:
13064: 	Rename WHATSNEW -> NEWS
13065: 	[d1a2c8c47d89]
13066: 
13067: 	* pp:
13068: 	Updated pp with latest patches
13069: 	[98e16b9b8f62]
13070: 
13071: 	* WHATSNEW:
13072: 	Sync with 1.7.4
13073: 	[65ac4dafeef7]
13074: 
13075: 	* doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
13076: 	plugins/sudoers/sudoers:
13077: 	Add commented out line to add HOME to env_keep and add a warning to
13078: 	the note about the HOME change in UPGRADE.
13079: 	[0d6a775bb6c8]
13080: 
13081: 2010-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
13082: 
13083: 	* plugins/sudoers/sudoreplay.c:
13084: 	Add LINE_MAX define for those without it.
13085: 	[446d9dbe7859]
13086: 
13087: 	* INSTALL, WHATSNEW, config.h.in, configure, configure.in,
13088: 	doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
13089: 	plugins/sudoers/defaults.c:
13090: 	The tty_tickets option is now on by default.
13091: 	[a01c48206d80]
13092: 
13093: 	* WHATSNEW:
13094: 	Mention that AIX authdb support has been fixed.
13095: 	[87bd7f4eba6a]
13096: 
13097: 	* common/aix.c:
13098: 	setauthdb() only sets the "old" registry if it was set by a previous
13099: 	call to setauthdb(). To restore the original value, passing NULL (or
13100: 	an empty string) to setauthdb() is sufficient.
13101: 	[470da190a254]
13102: 
13103: 2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
13104: 
13105: 	* WHATSNEW, doc/UPGRADE, doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod,
13106: 	doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
13107: 	plugins/sudoers/env.c:
13108: 	Reset HOME when env_reset is enabled unless it is in env_keep
13109: 	[f421f8827340]
13110: 
13111: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13112: 	The default for set_logname has been "true" for some time now.
13113: 	[f489da5674c3]
13114: 
13115: 	* plugins/sudoers/boottime.c:
13116: 	Add missing include of time.h
13117: 	[624d7014932f]
13118: 
13119: 	* plugins/sudoers/logging.c:
13120: 	Fix check for dup2() return value.
13121: 	[140ea2d50d20]
13122: 
13123: 	* plugins/sudoers/env.c:
13124: 	Add PYTHONUSERBASE to initial_badenv_table
13125: 	[3149aae5b12c]
13126: 
13127: 	* plugins/sudoers/visudo.c:
13128: 	Treat an unknown defaults entry as a parse error.
13129: 	[b3ebad73efb2]
13130: 
13131: 	* plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
13132: 	Check return value of setdefs() but don't stop setting defaults if
13133: 	we hit an unknown one.
13134: 	[945e752239ab]
13135: 
13136: 	* WHATSNEW, aclocal.m4, config.h.in, configure, configure.in,
13137: 	doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
13138: 	doc/sudoers.man.in, doc/sudoers.pod, pathnames.h.in,
13139: 	plugins/sudoers/env.c:
13140: 	If env_reset is enabled, set the MAIL environment variable based on
13141: 	the target user unless MAIL is explicitly preserved in sudoers.
13142: 	[a1b03e2e0e96]
13143: 
13144: 2010-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
13145: 
13146: 	* pp:
13147: 	decode debian code names
13148: 	[8741280d9960]
13149: 
13150: 	* WHATSNEW:
13151: 	fix typo
13152: 	[a8a19451110b]
13153: 
13154: 2010-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
13155: 
13156: 	* WHATSNEW:
13157: 	Merge with 1.7.4
13158: 	[9348fa7e15b8]
13159: 
13160: 	* src/sudo.c:
13161: 	Restore RLIMIT_NPROC after the uid switch if it appears that
13162: 	runas_setup() did not do it for us. Fixes a bash script problem on
13163: 	SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
13164: 	[786fb272e5fd]
13165: 
13166: 2010-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
13167: 
13168: 	* mkpkg, pp, sudo.pp:
13169: 	Restore the dot removal in the os version reported by polypkg. Adapt
13170: 	mkpkg and sudo.pp to the change.
13171: 	[dcafdd53b88f]
13172: 
13173: 2010-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
13174: 
13175: 	* INSTALL:
13176: 	document --with-pam-login
13177: 	[ea93e4c6873c]
13178: 
13179: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13180: 	The tag is NOSETENV, not UNSETENV. From Petr Uzel.
13181: 	[2ac90d8de36e]
13182: 
13183: 2010-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
13184: 
13185: 	* sudo.pp:
13186: 	Include flavor in solaris package name
13187: 	[e605f6364c9f]
13188: 
13189: 	* mkpkg:
13190: 	Older shells don't support IFS= so set explictly to space, tab,
13191: 	newline.
13192: 	[7773960bc8a0]
13193: 
13194: 	* mkpkg:
13195: 	Use '=' not '==' in test
13196: 	[c99d42bc48e6]
13197: 
13198: 	* mkpkg:
13199: 	Fix typo that prevented debian from matching
13200: 	[84421078fcb7]
13201: 
13202: 	* mkpkg:
13203: 	Add missing prefix setting for debian
13204: 	[6466f23de4aa]
13205: 
13206: 	* sudo.pp:
13207: 	Use tab indents to reduce the chance of problem with <<- Fix the
13208: 	debian %set section, pp does not set pp_deb_distro Uncomment %sudo
13209: 	line in sudoers for debian Uncomment some env_keep lines for RHEL,
13210: 	SLES and debian to more closely match the vendor sudoers files. Add
13211: 	/etc/pam.d to %files Remove the /etc/sudo-ldap.conf symlink on
13212: 	debian for ldap flavor
13213: 	[c5b49feb1a0c]
13214: 
13215: 	* plugins/sudoers/sudoers:
13216: 	Add commented out env_keep entries, sample Aliases and a %sudo line
13217: 	for debian.
13218: 	[387719e52d0f]
13219: 
13220: 	* configure, configure.in:
13221: 	Move zlib check later on in the script to avoid a strange shell
13222: 	problem on SLES11.
13223: 	[1a3153bb1291]
13224: 
13225: 	* configure.in:
13226: 	Remove check for egrep; configure has its own
13227: 	[a3b9d98cb5d2]
13228: 
13229: 2010-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
13230: 
13231: 	* mkpkg:
13232: 	Enable zlib for linux distros
13233: 	[8fa51a1405a4]
13234: 
13235: 	* mkpkg:
13236: 	Add ldap flavor to default build
13237: 	[97644f5a555f]
13238: 
13239: 	* mkpkg, sudo.pp:
13240: 	Simplify rpm linux distro settings
13241: 	[b9dcf10cdf20]
13242: 
13243: 	* aclocal.m4, configure, configure.in, doc/UPGRADE, doc/sudoers.cat:
13244: 	Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
13245: 	[2c549c1acde9]
13246: 
13247: 	* Makefile.in:
13248: 	Fix ChangeLog creation from build dir
13249: 	[3d0c7904f173]
13250: 
13251: 	* plugins/sudoers/sudoers.c:
13252: 	Handle getcwd() failure.
13253: 	[aef7bef87394]
13254: 
13255: 	* doc/Makefile.in, mkpkg, sudo.pp:
13256: 	Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
13257: 	environment variable.
13258: 	[be6ed611b7a8]
13259: 
13260: 	* sudo.pp:
13261: 	Create sudo group on debian
13262: 	[6ed6c032042e]
13263: 
13264: 	* mkpkg, sudo.pp:
13265: 	Add debian 4/5/6 and use the dot when doing version matches
13266: 	[6bcb664d1f4f]
13267: 
13268: 	* aclocal.m4, configure:
13269: 	Use a loop when searching for mv, sendmail and sh
13270: 	[d5e9369f8d13]
13271: 
13272: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13273: 	Remove spurious "and"; from debian
13274: 	[a21e6f7c5b99]
13275: 
13276: 	* aclocal.m4, configure, configure.in, doc/sudoers.cat,
13277: 	doc/sudoers.man.in, doc/sudoers.pod, doc/visudo.cat,
13278: 	doc/visudo.man.in, doc/visudo.pod:
13279: 	Substitute the value of EDITOR into the sudoers and visudo manuals.
13280: 	[cd79e587dd7f]
13281: 
13282: 2010-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
13283: 
13284: 	* mkpkg, pp, sudo.pp:
13285: 	Initial support for debian 4.0
13286: 	[ac6707915fa8]
13287: 
13288: 	* mkpkg:
13289: 	Some platforms need -fPIE instead of -fpie
13290: 	[fd6be19e5bc2]
13291: 
13292: 	* plugins/sudoers/auth/pam.c:
13293: 	Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
13294: 	On Linux it causes a DNS lookup via libaudit.
13295: 	[1e10105ade5b]
13296: 
13297: 	* MANIFEST:
13298: 	Update MANIFEST to match packaging changes
13299: 	[ef86ee557b5b]
13300: 
13301: 	* sudo.psf:
13302: 	We now use pp to generate HP-UX packages
13303: 	[f7aa8da7844e]
13304: 
13305: 	* INSTALL.binary, plugins/sudoers/Makefile.binary.in:
13306: 	Remove vestiges of old binary package bits.
13307: 	[afffd005452f]
13308: 
13309: 	* INSTALL, Makefile.in, common/Makefile.in, compat/Makefile.in,
13310: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
13311: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
13312: 	src/Makefile.in:
13313: 	install-man -> install-doc
13314: 	[99b5fa05567c]
13315: 
13316: 	* Makefile.in, doc/Makefile.in, include/Makefile.in, mkpkg,
13317: 	plugins/sudoers/Makefile.in, pp, src/Makefile.in, sudo.pp:
13318: 	Use http://rc.quest.com/topics/polypkg/ for packaging
13319: 	[5ca8eb75b223]
13320: 
13321: 	* install-sh:
13322: 	Just ignore the -c option, it is the default Add support for -d
13323: 	option
13324: 	[a8b6b0a131e8]
13325: 
13326: 2010-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
13327: 
13328: 	* pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/logging.c:
13329: 	Use _PATH_STDPATH instead of _PATH_DEFPATH
13330: 	[137fa911908e]
13331: 
13332: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
13333: 	Do not strip binaries.
13334: 	[20166e287176]
13335: 
13336: 	* INSTALL, configure, configure.in:
13337: 	Add --insults=disabled configure option to allow people to build in
13338: 	insult support but have the insults disabled unless explicitly
13339: 	enabled in sudoers.
13340: 	[523b8c552e90]
13341: 
13342: 	* compat/mkstemps.c:
13343: 	Add prototype for gettime()
13344: 	[275eee40473b]
13345: 
13346: 	* config.h.in, configure, configure.in, plugins/sudoers/auth/pam.c,
13347: 	plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
13348: 	plugins/sudoers/sudoers.h:
13349: 	Add support for a sudo-i pam.d file to be used for "sudo -i".
13350: 	Adapted from a RedHat patch.
13351: 	[06d34f16520b]
13352: 
13353: 2010-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
13354: 
13355: 	* include/missing.h:
13356: 	Fix mkstemps() prototype
13357: 	[2421841e815b]
13358: 
13359: 	* MANIFEST, compat/Makefile.in, compat/mkstemp.c, compat/mkstemps.c,
13360: 	config.h.in, configure, configure.in, include/missing.h,
13361: 	src/sudo_edit.c:
13362: 	Use mkstemps() instead of mkstemp() in sudoedit. This allows
13363: 	sudoedit to preserve the file extension (if any) which may be used
13364: 	by the editor (like emacs) to choose the editing mode.
13365: 	[d33172d2c086]
13366: 
13367: 2010-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
13368: 
13369: 	* doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
13370: 	plugins/sudoers/ldap.c:
13371: 	TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
13372: 	TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
13373: 	code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
13374: 	should avoid disabling TLS_CHECKPEER is possible.
13375: 	[196622436212]
13376: 
13377: 2010-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
13378: 
13379: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13380: 	Make sudo_plugin format a bit more like a man page
13381: 	[048d596e32da]
13382: 
13383: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
13384: 	Add suport for negated user/host/command lists in a Defaults entry.
13385: 	E.g. Defaults:!baduser noexec
13386: 	[d41112cf0342]
13387: 
13388: 	* Makefile.in, common/Makefile.in, compat/Makefile.in,
13389: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
13390: 	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
13391: 	src/Makefile.in:
13392: 	Add uninstall target
13393: 	[fea66ebf136a]
13394: 
13395: 	* common/Makefile.in, compat/Makefile.in:
13396: 	Remove unused AR, SED and RANLIB variables
13397: 	[2ff9928bfdb3]
13398: 
13399: 	* Makefile.in:
13400: 	Do not install sample plugins
13401: 	[5443b87bd1c3]
13402: 
13403: 2010-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
13404: 
13405: 	* MANIFEST, aclocal.m4, compat/setenv.c, compat/unsetenv.c, configure,
13406: 	configure.in, plugins/sudoers/env.c:
13407: 	Now that sudoers is a dynamically loaded module we cannot override
13408: 	the libc environment functions because the symbols may already have
13409: 	been resolved via libc. Remove getenv/putenv/setenv/unsetenv
13410: 	replacements from sudoers and add replacements for setenv/unsetenv
13411: 	for systems that lack them.
13412: 	[3f2b43cb8851]
13413: 
13414: 	* configure, configure.in, plugins/sudoers/Makefile.in:
13415: 	Link testsudoers with -ldl when needed
13416: 	[f79606f9fcd7]
13417: 
13418: 	* plugins/sample_group/plugin_test.c:
13419: 	Remove unused time.h and add limits.h for PATH_MAX
13420: 	[3f5d0074d621]
13421: 
13422: 	* doc/sudoers.ldap.pod:
13423: 	Fix typo.
13424: 	[bc855fd57397]
13425: 
13426: 2010-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
13427: 
13428: 	* plugins/sample_group/plugin_test.c:
13429: 	Do not depend on strlcpy/strlcat
13430: 	[6e7e2b5af051]
13431: 
13432: 	* plugins/sample_group/plugin_test.c:
13433: 	Standalone test driver for sudoers group plugin.
13434: 	[eb1235fc3b8e]
13435: 
13436: 2010-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
13437: 
13438: 	* plugins/sudoers/group_plugin.c, src/load_plugins.c:
13439: 	Use RTLD_LAZY instead of RTLD_NOW; was using RTLD_NOW as a debugging
13440: 	aid.
13441: 	[2a34e616229b]
13442: 
13443: 	* plugins/sample_group/sample_group.c:
13444: 	Fix style nit in function declarations
13445: 	[ab87c7c76bf9]
13446: 
13447: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
13448: 	Document group_plugin syntax.
13449: 	[ed1faf72ddcb]
13450: 
13451: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13452: 	Document the sudoers group plugin.
13453: 	[f19a62dc8cfc]
13454: 
13455: 	* INSTALL, MANIFEST, Makefile.in, config.h.in, configure,
13456: 	configure.in, doc/LICENSE, doc/license.pod, include/sudo_plugin.h,
13457: 	plugins/sample_group/Makefile.in, plugins/sample_group/getgrent.c,
13458: 	plugins/sample_group/sample_group.c, plugins/sudoers/Makefile.in,
13459: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
13460: 	plugins/sudoers/def_data.in, plugins/sudoers/group_plugin.c,
13461: 	plugins/sudoers/match.c, plugins/sudoers/nonunix.h,
13462: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
13463: 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
13464: 	plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c, src/sudo.c:
13465: 	Replace built-in non-unix group support with a sudoers group plugin.
13466: 	Include a sample plugin that can read Unix-format group files.
13467: 	[8fc58ce0b1a8]
13468: 
13469: 	* configure, configure.in, src/load_plugins.c:
13470: 	Add a trailing slash to _PATH_SUDO_PLUGIN_DIR to simplify usage.
13471: 	[5c491dddb8ef]
13472: 
13473: 2010-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
13474: 
13475: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudoers.cat,
13476: 	doc/sudoers.man.in, doc/sudoers.pod:
13477: 	Move sudoers-specific bits out of sudo(8) and into sudoers(5)
13478: 	[e8a5a5830cfe]
13479: 
13480: 	* aclocal.m4, configure, configure.in:
13481: 	Substitute @io_logdir@ for the sudoers I/O log directory.
13482: 	[21a75ca7b0ab]
13483: 
13484: 2010-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
13485: 
13486: 	* MANIFEST, common/Makefile.in, common/aix.c, common/alloc.c,
13487: 	common/atobool.c, common/fileops.c, common/fmt_string.c,
13488: 	common/lbuf.c, common/term.c, compat/fnmatch.c, compat/getcwd.c,
13489: 	compat/getgrouplist.c, compat/getline.c, compat/glob.c,
13490: 	compat/snprintf.c, config.h.in, configure, configure.in,
13491: 	include/fileops.h, plugins/sample/sample_plugin.c,
13492: 	plugins/sudoers/alias.c, plugins/sudoers/auth/afs.c,
13493: 	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
13494: 	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
13495: 	plugins/sudoers/auth/kerb4.c, plugins/sudoers/auth/kerb5.c,
13496: 	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/passwd.c,
13497: 	plugins/sudoers/auth/rfc1938.c, plugins/sudoers/auth/secureware.c,
13498: 	plugins/sudoers/auth/securid.c, plugins/sudoers/auth/securid5.c,
13499: 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
13500: 	plugins/sudoers/boottime.c, plugins/sudoers/check.c,
13501: 	plugins/sudoers/defaults.c, plugins/sudoers/env.c,
13502: 	plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
13503: 	plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
13504: 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
13505: 	plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
13506: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
13507: 	plugins/sudoers/logging.c, plugins/sudoers/match.c,
13508: 	plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
13509: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
13510: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
13511: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
13512: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
13513: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/visudo.c,
13514: 	src/Makefile.in, src/aix.c, src/conversation.c, src/exec.c,
13515: 	src/exec_pty.c, src/get_pty.c, src/load_plugins.c, src/parse_args.c,
13516: 	src/sudo.c, src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
13517: 	Set usrinfo for AIX Set adminstrative domain for the process when
13518: 	looking up user's password or group info and when preparing for
13519: 	execve(). Include strings.h even if string.h exists since they may
13520: 	define different things. Fixes warnings on AIX and others.
13521: 	[cf8b93e872c9]
13522: 
13523: 	* Makefile.in:
13524: 	Add a separate all target for AIX make which was using the entire
13525: 	LHS (not just the first entry) of the first target as the implicit
13526: 	target.
13527: 	[a45b980a01ef]
13528: 
13529: 	* plugins/sudoers/env.c:
13530: 	Do not rely on env.env_len when unsetting a variable, just use the
13531: 	NULL terminator.
13532: 	[ca6eb239c829]
13533: 
13534: 	* plugins/sudoers/env.c:
13535: 	In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
13536: 	[7046ba7caa4e]
13537: 
13538: 2010-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
13539: 
13540: 	* plugins/sudoers/vasgroups.c:
13541: 	Use warningx() instead of log_error() since the latter is not
13542: 	available to visudo or testsudoers. This does mean that they don't
13543: 	end up in syslog.
13544: 	[152b7c50f426]
13545: 
13546: 	* plugins/sudoers/sudoers.c:
13547: 	Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
13548: 	closed the sudoers sources. From Quest sudo.
13549: 	[c1cd573bab94]
13550: 
13551: 	* plugins/sudoers/pwutil.c:
13552: 	Ignore case when matching user/group names in the cache. From Quest
13553: 	sudo.
13554: 	[2aa4ecc7d7f5]
13555: 
13556: 2010-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
13557: 
13558: 	* config.h.in, configure, configure.in, src/selinux.c:
13559: 	Add check for setkeycreatecon() when --with-selinux is specified.
13560: 	[affae247b4e0]
13561: 
13562: 	* configure, configure.in:
13563: 	Error out if libaudit.h is missing or ununable when --with-linux-
13564: 	audit was specified
13565: 	[d82e743fac04]
13566: 
13567: 	* doc/HISTORY, doc/history.pod:
13568: 	Add =head3 entries, mostly for the html version
13569: 	[ee93112d0308]
13570: 
13571: 2010-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
13572: 
13573: 	* doc/HISTORY, doc/history.pod:
13574: 	Mention when LDAP was incorporate.
13575: 	[2923dc17f79c]
13576: 
13577: 2010-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
13578: 
13579: 	* configure, configure.in:
13580: 	Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
13581: 	not covered by _ALL_SOURCE.
13582: 	[c92fd69809d0]
13583: 
13584: 2010-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
13585: 
13586: 	* plugins/sudoers/iolog.c:
13587: 	Add a cast to quiet a compiler warning.
13588: 	[a200e07ee1bc]
13589: 
13590: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
13591: 	Quiet a compiler warning.
13592: 	[c9acfc927cea]
13593: 
13594: 	* plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c:
13595: 	Call set_fqdn() after sudoers has parsed instead of inline as a
13596: 	callback.
13597: 	[5f4e5d075f2d]
13598: 
13599: 	* WHATSNEW, plugins/sudoers/sudoers.c:
13600: 	Do not call set_fqdn() until sudoers parses (where is gets run as a
13601: 	callback).
13602: 	[09040fca6d40]
13603: 
13604: 	* WHATSNEW:
13605: 	mention the change in tty ticket behavior when there is no tty
13606: 	[575a1fd98f05]
13607: 
13608: 	* plugins/sudoers/check.c:
13609: 	Do not update tty ticket if there is no tty.
13610: 	[63f9c33ce6a7]
13611: 
13612: 	* doc/LICENSE, doc/license.pod:
13613: 	Update copyright year
13614: 	[0722ab5d404b]
13615: 
13616: 	* doc/Makefile.in:
13617: 	Do not rely on BSD make's $>
13618: 	[936a86398bd9]
13619: 
13620: 	* configure, configure.in:
13621: 	Set timedir to /var/db/sudo for darwin to match Apple sudo's
13622: 	location
13623: 	[d5b9b03096f1]
13624: 
13625: 2010-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
13626: 
13627: 	* plugins/sudoers/sudoers.h:
13628: 	Add stub declarations for struct stat and struct timeval
13629: 	[f6d90551a4fd]
13630: 
13631: 	* MANIFEST:
13632: 	Remove compat/sigaction.c
13633: 	[d0ed6d9a770e]
13634: 
13635: 	* config.h.in, configure, configure.in, plugins/sudoers/defaults.c,
13636: 	plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
13637: 	Check for zlib.h in addition to libz.
13638: 	[6e191b4a6065]
13639: 
13640: 	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h,
13641: 	src/sudo_exec.h:
13642: 	Move functions and symbols shared between exec.c and exec_pty.c into
13643: 	sudo_exec.h.
13644: 	[14ae63403544]
13645: 
13646: 	* doc/Makefile.in:
13647: 	Comment out rules to build .man.in and .cat files unless --with-
13648: 	devel
13649: 	[3cf7e5606a85]
13650: 
13651: 	* doc/Makefile.in:
13652: 	Comment out rules to build .man.in and .cat files unless --with-
13653: 	devel
13654: 	[d30495b0e29e]
13655: 
13656: 	* src/parse_args.c:
13657: 	Quote any non-alphanumeric characters other than '_' or '-' when
13658: 	passing a command to be run via the shell for the -s and -i options.
13659: 	[d633f74fe2d9]
13660: 
13661: 	* doc/Makefile.in:
13662: 	Add back .man suffix
13663: 	[6e63b60a2739]
13664: 
13665: 	* INSTALL, MANIFEST, WHATSNEW, config.h.in, configure, configure.in,
13666: 	plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
13667: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/linux_audit.c,
13668: 	plugins/sudoers/linux_audit.h, plugins/sudoers/logging.h,
13669: 	src/selinux.c:
13670: 	Add Linux audit support.
13671: 	[5a2f445e0bd4]
13672: 
13673: 2010-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
13674: 
13675: 	* plugins/sudoers/iolog.c:
13676: 	Remove an XXX
13677: 	[a170cbe651d1]
13678: 
13679: 	* doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
13680: 	plugins/sudoers/sudoreplay.c:
13681: 	Add -f (filter) option to sudoreplay to allow certain streams to be
13682: 	replayed and others ignored.
13683: 	[62e51b432ea1]
13684: 
13685: 	* src/load_plugins.c, src/parse_args.c, src/sudo.c, src/sudo.h,
13686: 	src/tgetpass.c:
13687: 	Fix -A flag when askpass is specified in sudo.conf or if sudo
13688: 	doesn't need to read a password.
13689: 	[2e401e4a00e3]
13690: 
13691: 	* src/exec.c, src/exec_pty.c, src/parse_args.c, src/sudo.c,
13692: 	src/sudo.h, src/sudo_edit.c, src/tgetpass.c:
13693: 	Clean up some XXXs
13694: 	[689f0b002d3d]
13695: 
13696: 	* WHATSNEW, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
13697: 	doc/sudoers.ldap.pod, plugins/sudoers/ldap.c:
13698: 	Add support for multiple sudoers_base entries in ldap.conf. From
13699: 	Joachim Henke
13700: 	[e3e4a3c2bd5b]
13701: 
13702: 	* config.h.in, configure, configure.in, plugins/sudoers/logging.c,
13703: 	src/exec_pty.c:
13704: 	remove setsid check, we require a POSIX system
13705: 	[cc73cb9e22c0]
13706: 
13707: 	* plugins/sudoers/logging.c, src/exec_pty.c, src/selinux.c,
13708: 	src/sudo.c, src/tgetpass.c:
13709: 	Check for dup2() failure.
13710: 	[5d46d66794f5]
13711: 
13712: 	* config.h.in, configure, configure.in:
13713: 	Remove dup2() check, it is not optional.
13714: 	[5f1d56de4384]
13715: 
13716: 2010-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
13717: 
13718: 	* WHATSNEW:
13719: 	sync with sudo 1.7.3
13720: 	[88e5c0bd6d59]
13721: 
13722: 	* INSTALL:
13723: 	SunOS does not ship with an ANSI compiler
13724: 	[f13c85c67069]
13725: 
13726: 	* INSTALL:
13727: 	Update OS specific notes. Delete some really ancient ones and move
13728: 	older ones to the end of the list.
13729: 	[59ce592c4c52]
13730: 
13731: 	* README:
13732: 	Sudo can be downloaded from the web site too Mention "OS dependent
13733: 	notes" section in INSTALL
13734: 	[191871538984]
13735: 
13736: 	* src/exec_pty.c, src/selinux.c:
13737: 	Call selinux_restore_tty() as part of cleanup() so it gets called
13738: 	from error()/errorx()
13739: 	[bb017da6b6da]
13740: 
13741: 	* MANIFEST, doc/PORTING:
13742: 	Remove obsolete porting guide
13743: 	[321e35591344]
13744: 
13745: 	* plugins/sudoers/interfaces.h, plugins/sudoers/match.c:
13746: 	Move union sudo_in_addr_un into interfaces.h
13747: 	[b2c8b19ee094]
13748: 
13749: 	* doc/Makefile.in:
13750: 	Remove useless circular dependencies
13751: 	[5682181b59cf]
13752: 
13753: 	* plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
13754: 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
13755: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
13756: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
13757: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
13758: 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
13759: 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c:
13760: 	Convert to ANSI C function declarations
13761: 	[a4f76927d034]
13762: 
13763: 	* common/alloc.c, common/fileops.c, common/gettime.c, common/list.c,
13764: 	common/zero_bytes.c, compat/charclass.h, compat/closefrom.c,
13765: 	compat/fnmatch.c, compat/glob.c, compat/isblank.c, compat/memrchr.c,
13766: 	compat/mkstemp.c, compat/nanosleep.c, compat/snprintf.c,
13767: 	compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
13768: 	compat/strlcpy.c, compat/timespec.h, compat/utime.h,
13769: 	compat/utimes.c, doc/HISTORY, doc/history.pod, doc/license.pod,
13770: 	include/alloc.h, include/error.h, include/lbuf.h, include/list.h,
13771: 	include/missing.h, pathnames.h.in, plugins/sudoers/alias.c,
13772: 	plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.h,
13773: 	plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
13774: 	plugins/sudoers/bsm_audit.h, plugins/sudoers/defaults.c,
13775: 	plugins/sudoers/defaults.h, plugins/sudoers/find_path.c,
13776: 	plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
13777: 	plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
13778: 	plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
13779: 	plugins/sudoers/logging.h, plugins/sudoers/match.c,
13780: 	plugins/sudoers/parse.h, plugins/sudoers/plugin_error.c,
13781: 	plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
13782: 	plugins/sudoers/redblack.h, plugins/sudoers/sudo_nss.h,
13783: 	plugins/sudoers/sudoers.h, plugins/sudoers/sudoreplay.c,
13784: 	plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
13785: 	plugins/sudoers/toke.l, plugins/sudoers/visudo.c, src/aix.c,
13786: 	src/conversation.c, src/error.c, src/load_plugins.c,
13787: 	src/parse_args.c, src/sesh.c, src/sudo.h, src/sudo_noexec.c,
13788: 	src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c:
13789: 	Update copyright year
13790: 	[26ac7991f7d8]
13791: 
13792: 	* doc/Makefile.in:
13793: 	Fix commented DEVDOCS when not in devel mode.
13794: 	[e0a97eaf3793]
13795: 
13796: 	* plugins/sudoers/match.c:
13797: 	Quiet a compiler warning.
13798: 	[b2a17ebd5d38]
13799: 
13800: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
13801: 	Quiet a compiler warning.
13802: 	[687843bc593d]
13803: 
13804: 	* plugins/sudoers/ldap.c, plugins/sudoers/sudoers.h:
13805: 	Make all functions in ldap.c static
13806: 	[b2111e89eeba]
13807: 
13808: 	* doc/schema.ActiveDirectory:
13809: 	Updates from Alain Roy to provide better examples for importing the
13810: 	schema and to fix problems caused by Windows validating attributes
13811: 	which have not yet been added before committing the changes.
13812: 	[69f4c5ccaf89]
13813: 
13814: 2010-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
13815: 
13816: 	* configure, configure.in, doc/Makefile.in, doc/sudo.cat,
13817: 	doc/sudo.man.in, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
13818: 	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
13819: 	doc/sudoers.man.in, doc/sudoreplay.cat, doc/sudoreplay.man.in,
13820: 	doc/visudo.cat, doc/visudo.man.in:
13821: 	Leave rules to build .man.in and .cat files uncommented but only
13822: 	make them part of the "all" rule in devel mode. Generate .cat files
13823: 	directly from .man.in instead of .man using default values in
13824: 	configure.in
13825: 	[c3054a44f6a5]
13826: 
13827: 	* configure, configure.in:
13828: 	Bump sudo version to 1.8.0b1
13829: 	[8f79c85135e1]
13830: 
13831: 	* configure, configure.in, src/sudo.c, src/sudo_usage.h.in:
13832: 	Print configure args with verbose version information.
13833: 	[1ce690660ed2]
13834: 
13835: 	* TODO, plugins/sudoers/visudo.c:
13836: 	Remove tfd from struct sudoersfile; it is not used. Add prev pointer
13837: 	to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
13838: 	Use tq_append to append sudoers entries to the tail queue.
13839: 	[1743f9a286e4]
13840: 
13841: 2010-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
13842: 
13843: 	* WHATSNEW:
13844: 	Describe tty timestamp improvements
13845: 	[e214e863a313]
13846: 
13847: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
13848: 	A comment character may not be part of a command line argument
13849: 	unless it is quoted with a backslash. Fixes parsing of: testuser
13850: 	ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
13851: 	[ea2e990f85ed]
13852: 
13853: 	* doc/sudoers.pod:
13854: 	Make this read a little bit better when passwd_timeout is 0.
13855: 	[39d362757f31]
13856: 
13857: 	* doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod:
13858: 	Attempt to handle a default password prompt timeout of zero more
13859: 	gracefully.
13860: 	[ea47d43acf5b]
13861: 
13862: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
13863: 	Do not override value of keepopen global, instead restore it to the
13864: 	value we pushed onto the stack when popping.
13865: 	[fe282e5a3402]
13866: 
13867: 	* plugins/sudoers/Makefile.in:
13868: 	Add dependency for utility programs on libreplace and libcommon
13869: 	[2339aba64928]
13870: 
13871: 	* compat/sigaction.c, config.h.in, configure.in, include/compat.h,
13872: 	plugins/sudoers/logging.c, plugins/sudoers/mon_systrace.c,
13873: 	src/exec.c, src/exec_pty.c, src/tgetpass.c:
13874: 	Remove sigaction emulation Use SA_INTERRUPT in sa_flags
13875: 	[7dd61f1bd8d2]
13876: 
13877: 	* MANIFEST, config.h.in, configure, configure.in, include/missing.h:
13878: 	We don't use getgrouplist() at the moment so there's no need to
13879: 	provide a compat version.
13880: 	[1597536fbada]
13881: 
13882: 	* TODO:
13883: 	sync with reality
13884: 	[9e1a874e7885]
13885: 
13886: 	* include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
13887: 	src/conversation.c, src/sudo.h, src/tgetpass.c:
13888: 	Fix visiblepw sudoers option; the plugin API portion still needs
13889: 	documenting
13890: 	[60b6933ef5e0]
13891: 
13892: 	* src/sudo.c:
13893: 	Print sudo version as well.
13894: 	[987ed459b459]
13895: 
13896: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
13897: 	Use sudo_printf for I/O log version Clarify policy plugin version
13898: 	string
13899: 	[5a58b7e8c80b]
13900: 
13901: 	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
13902: 	plugins/sudoers/ldap.c, plugins/sudoers/sudoreplay.c:
13903: 	Silence some compiler warnings
13904: 	[afb1eba90915]
13905: 
13906: 	* src/load_plugins.c, src/tgetpass.c:
13907: 	Store askpass path in a global instead of uses setenv() which many
13908: 	systems lack.
13909: 	[b440bcc0e660]
13910: 
13911: 2010-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
13912: 
13913: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
13914: 	doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13915: 	plugins/sudoers/check.c, plugins/sudoers/def_data.c,
13916: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
13917: 	plugins/sudoers/defaults.c, plugins/sudoers/sudoers.c,
13918: 	plugins/sudoers/sudoers.h, src/load_plugins.c, src/parse_args.c,
13919: 	src/tgetpass.c:
13920: 	Move askpass path specification from sudoers to sudo.conf.
13921: 	[5507ab867c26]
13922: 
13923: 	* src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
13924: 	Use a flag bit in struct command_details for selinux instead of a
13925: 	separate field.
13926: 	[c59ca4acded9]
13927: 
13928: 	* src/exec.c, src/exec_pty.c, src/sudo.c, src/sudo.h:
13929: 	Implement background mode. If I/O logging we use pipes instead of a
13930: 	pty.
13931: 	[c07a4b356cbd]
13932: 
13933: 	* compat/mksiglist.c, compat/strsignal.c, include/compat.h,
13934: 	src/exec.c, src/exec_pty.c, src/tgetpass.c:
13935: 	Move compat definition of NSIG to compat.h
13936: 	[ab0385467f25]
13937: 
13938: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.cat,
13939: 	doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
13940: 	Mention plugins in the sudo manual and add some missing path
13941: 	substitution in the sudo_plugin manual.
13942: 	[570f831f47a3]
13943: 
13944: 	* src/Makefile.in:
13945: 	Set _PATH_SUDO_CONF based on $(sysconfdir)
13946: 	[fde51869cf07]
13947: 
13948: 	* common/lbuf.c, common/term.c, config.h.in, configure, configure.in,
13949: 	src/exec.c, src/exec_pty.c, src/ttysize.c:
13950: 	Require POSIX termios to build sudo
13951: 	[9ec6b41f3f95]
13952: 
13953: 	* src/tgetpass.c:
13954: 	Ignore SIGPIPE for "sudo -S"
13955: 	[7ad27fde0c06]
13956: 
13957: 	* src/tgetpass.c:
13958: 	Fix uninitialized variable in TGP_ECHO case and print a newline if
13959: 	the user interrupted password input.
13960: 	[ce19204d8dd4]
13961: 
13962: 	* src/tgetpass.c:
13963: 	Make TGP_ECHO override TGP_MASK and don't try to restore the
13964: 	terminal if we didn't modify it.
13965: 	[a7e11abfe7e4]
13966: 
13967: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
13968: 	include/sudo_plugin.h, plugins/sudoers/auth/sudo_auth.c,
13969: 	src/conversation.c, src/sudo.h, src/tgetpass.c:
13970: 	Add SUDO_CONV_PROMPT_MASK define which corresponds to the
13971: 	"pwfeedback" sudoers option. Do not disable echo if TGP_ECHO is set.
13972: 	[e0550590cabe]
13973: 
13974: 	* src/exec_pty.c:
13975: 	Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
13976: 	[762448182fe3]
13977: 
13978: 2010-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
13979: 
13980: 	* src/exec.c, src/exec_pty.c, src/selinux.c, src/sudo.c, src/sudo.h:
13981: 	Add selinux_enabled flag into struct command_details and set it in
13982: 	command_info_to_details(). Return an error from selinux_setup()
13983: 	instead of exiting. Call selinux_setup() from exec_setup().
13984: 	[011bea23a5a0]
13985: 
13986: 2010-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
13987: 
13988: 	* src/exec_pty.c:
13989: 	Remove commented out copy of old sudo_execve() function.
13990: 	[9c5e21380472]
13991: 
13992: 2010-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
13993: 
13994: 	* plugins/sudoers/sudoers.c:
13995: 	Fix setting selinux type on command line.
13996: 	[814b20a0b3be]
13997: 
13998: 	* plugins/sudoers/iolog.c:
13999: 	In sudoers_io_close(), skip NULL io_fds[] elements.
14000: 	[4011ff7d4daf]
14001: 
14002: 	* include/compat.h:
14003: 	No longer need NGROUPS_MAX define
14004: 	[cae4c49d7077]
14005: 
14006: 	* compat/nanosleep.c, config.h.in, configure, configure.in,
14007: 	include/compat.h, plugins/sudoers/check.c, plugins/sudoers/iolog.c,
14008: 	plugins/sudoers/visudo.c, src/sudo_edit.c:
14009: 	Replace timerfoo macros with timevalfoo since the timer macros are
14010: 	known to be busted on some systems.
14011: 	[4f97d79f2d41]
14012: 
14013: 	* src/exec_pty.c:
14014: 	Remove duplicate call to selinux_setup().
14015: 	[82bd52764e21]
14016: 
14017: 	* plugins/sudoers/auth/pam.c:
14018: 	If pam_open_session() fails, pass its status to pam_end.
14019: 	[1d8de4cf8ff3]
14020: 
14021: 	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
14022: 	If a file in a #includedir has improper permissions or owner just
14023: 	skip it. This prevents packages that incorrectly install a file into
14024: 	/etc/sudoers.d from breaking sudo so easily. Syntax errors in
14025: 	#includedir files still result in a parse error (for now).
14026: 	[ade99a4549a4]
14027: 
14028: 	* WHATSNEW, doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
14029: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
14030: 	plugins/sudoers/def_data.in, plugins/sudoers/iolog.c:
14031: 	Add use_pty sudoers option to force use of a pty even when not
14032: 	logging I/O.
14033: 	[b280a8972a79]
14034: 
14035: 	* plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
14036: 	Make env_init() void as it never fails.
14037: 	[d3890e55daa7]
14038: 
14039: 	* plugins/sudoers/env.c:
14040: 	No longer use _NSGetEnviron so don't need crt_externs.h
14041: 	[9b4e0e139881]
14042: 
14043: 	* plugins/sudoers/env.c:
14044: 	Remove unused VNULL define
14045: 	[a42cacb263e3]
14046: 
14047: 2010-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
14048: 
14049: 	* plugins/sudoers/iolog.c:
14050: 	Add #define for maximum session id
14051: 	[9e18c17a28c2]
14052: 
14053: 	* MANIFEST, src/Makefile.in, src/exec.c, src/exec_pty.c, src/sudo.h:
14054: 	Split exec.c into exec.c and exec_pty.c
14055: 	[d52376327332]
14056: 
14057: 	* MANIFEST:
14058: 	Sync with source file moves.
14059: 	[4a62c6c9e846]
14060: 
14061: 	* src/Makefile.in, src/get_pty.c, src/pty.c:
14062: 	Rename pty.c -> get_pty.c
14063: 	[5696a12bd29b]
14064: 
14065: 2010-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
14066: 
14067: 	* plugins/sudoers/iolog.c:
14068: 	Only use I/O input log file if def_log_input is set and output file
14069: 	if def_log_output is set.
14070: 	[d866992f1681]
14071: 
14072: 2010-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
14073: 
14074: 	* compat/strsignal.c:
14075: 	Update copyright year
14076: 	[a96f2593fd4e]
14077: 
14078: 	* src/pty.c:
14079: 	uid -> ttyuid
14080: 	[c3454d74ebcb]
14081: 
14082: 	* plugins/sudoers/sudoers.c:
14083: 	For sudoedit, make a local copy of editor string si become part of
14084: 	argv. If no editor environment variable, split def_editor on ':'
14085: 	since it may be a colon-delimited path.
14086: 	[2ee298506a6e]
14087: 
14088: 	* src/sudo_edit.c:
14089: 	Remove unneeded endpwent()/endgrent()
14090: 	[623f6743d101]
14091: 
14092: 	* doc/Makefile.in:
14093: 	Use value of nroff from configure
14094: 	[b2ce649125ab]
14095: 
14096: 	* src/exec.c:
14097: 	Add missing const to I/O log action function
14098: 	[d764a3955e04]
14099: 
14100: 	* plugins/sudoers/check.c:
14101: 	Update copyright year and fix whitespace
14102: 	[e648c35b16be]
14103: 
14104: 	* configure, configure.in:
14105: 	Fix typo
14106: 	[8e0bdfc47da4]
14107: 
14108: 	* plugins/sudoers/iolog.c:
14109: 	Remove redundant tty signal blocking in log function.
14110: 	[f17f575dabd4]
14111: 
14112: 2010-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
14113: 
14114: 	* plugins/sudoers/iolog.c:
14115: 	Place static keyword where it belongs
14116: 	[b01aec7c86b4]
14117: 
14118: 	* plugins/sudoers/logging.c:
14119: 	Always use a printf format string for send_mail()
14120: 	[13b1ada644c9]
14121: 
14122: 	* common/atobool.c, plugins/sudoers/ldap.c:
14123: 	Extend atobool() so we can use it in the LDAP code.
14124: 	[73f8e6807044]
14125: 
14126: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
14127: 	Sudo now stashes tty ctime for tty_tickets on Solaris too.
14128: 	[e82df13ad3fd]
14129: 
14130: 	* plugins/sudoers/boottime.c:
14131: 	Fix dummy version of get_boottime()
14132: 	[01d69c06013b]
14133: 
14134: 2010-06-02  Todd C. Miller  <Todd.Miller@courtesan.com>
14135: 
14136: 	* plugins/sudoers/check.c:
14137: 	Enable tty_is_devpts() support for Solaris with the "devices"
14138: 	filesystem.
14139: 	[237c6b25fa84]
14140: 
14141: 	* src/exec.c:
14142: 	Unbreak the non-io logging case.
14143: 	[4822b9f709fb]
14144: 
14145: 	* src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
14146: 	Fix symbol name conflict with sudo_printf.
14147: 	[0d44eab0a8f6]
14148: 
14149: 	* plugins/sudoers/auth/pam.c:
14150: 	Fix OpenPAM detection for newer versions.
14151: 	[1b2abed232d8]
14152: 
14153: 	* plugins/sudoers/vasgroups.c:
14154: 	Sync with Quest sudo git repo
14155: 	[f1d98b3cba02]
14156: 
14157: 	* aclocal.m4, configure, configure.in:
14158: 	HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
14159: 	Add missing template for ENV_DEBUG Adapted from Quest sudo
14160: 	[695dbd7b28f4]
14161: 
14162: 	* README.LDAP:
14163: 	Fix typos; from Quest Sudo
14164: 	[4eba9da33b8e]
14165: 
14166: 2010-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
14167: 
14168: 	* plugins/sudoers/Makefile.in:
14169: 	Add back -I$(top_srcdir); we need it for including compat/foo.h
14170: 	since we cannot rely on "foo.h" being found relative to the source
14171: 	file when the cwd is different.
14172: 	[bbf24695f325]
14173: 
14174: 	* src/exec.c:
14175: 	Fix a bug where we could treat EAGAIN as a permanent error. Also set
14176: 	cstat if perform_io() returns an error.
14177: 	[200475c4326f]
14178: 
14179: 	* common/alloc.c, plugins/sudoers/boottime.c,
14180: 	plugins/sudoers/sudoers.c:
14181: 	Add casts to quiet compiler warnings.
14182: 	[85eb1c336697]
14183: 
14184: 	* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
14185: 	plugins/sudoers/visudo.c:
14186: 	Fix typo in ternary operator usage.
14187: 	[6492ac1450e2]
14188: 
14189: 2010-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
14190: 
14191: 	* INSTALL, configure, configure.in:
14192: 	Add --enable-warnings and fix typo in SUDO_IO_LOGDIR
14193: 	[92121d693b30]
14194: 
14195: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod,
14196: 	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod:
14197: 	Update docs to match sudoers I/O logging changes
14198: 	[18d651989e49]
14199: 
14200: 	* INSTALL, WHATSNEW, aclocal.m4, configure, configure.in,
14201: 	pathnames.h.in, plugins/sudoers/def_data.c,
14202: 	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
14203: 	plugins/sudoers/defaults.c, plugins/sudoers/gram.c,
14204: 	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
14205: 	plugins/sudoers/iolog.c, plugins/sudoers/parse.c,
14206: 	plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
14207: 	plugins/sudoers/sudoreplay.c:
14208: 	Break sudoers transcript feature up into log_input and log_output.
14209: 	[db3c1248d2ad]
14210: 
14211: 	* plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
14212: 	plugins/sudoers/visudo.c:
14213: 	Use setprogname() as needed.
14214: 	[6beee63a4553]
14215: 
14216: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoreplay.c:
14217: 	Adapt sudoreplay to iolog changes.
14218: 	[581f52c05f0f]
14219: 
14220: 2010-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
14221: 
14222: 	* plugins/sudoers/iolog.c:
14223: 	Log all input and output into separate files and store a number on
14224: 	each timing file line to indicate which file the data is in.
14225: 	[fb460c5273dd]
14226: 
14227: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
14228: 	plugins/sudoers/sudoers.h:
14229: 	Make sudoers_io functions static to iolog.c
14230: 	[b2df3cc3eecb]
14231: 
14232: 2010-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
14233: 
14234: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, src/parse_args.c,
14235: 	src/sudo_usage.h.in:
14236: 	Completely remove the -L flag from the sudo front end.
14237: 	[3d220030b720]
14238: 
14239: 	* plugins/sudoers/sudoreplay.c:
14240: 	Fix EAGAIN handling when writing to stdout.
14241: 	[4766d77cea49]
14242: 
14243: 	* plugins/sudoers/sudoers.c:
14244: 	Eliminate unused variables
14245: 	[83bd711e79c4]
14246: 
14247: 	* plugins/sudoers/sudoers.c, src/exec.c, src/sudo.c:
14248: 	Re-enable cleanup functions in sudoers plugin and sudo driver for
14249: 	error()/errorx().
14250: 	[43093f937dd8]
14251: 
14252: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/defaults.c,
14253: 	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
14254: 	plugins/sudoers/parse.c, plugins/sudoers/sudoers.c,
14255: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
14256: 	Use sudo_printf to display verbose version information.
14257: 	[435cc9f8d4a2]
14258: 
14259: 	* common/Makefile.in, compat/Makefile.in, plugins/sample/Makefile.in,
14260: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14261: 	Minor Makefile cleanup: fix a typo, change the removal order in the
14262: 	clean targets, and remove a superfluous include path for the sudoers
14263: 	plugin.
14264: 	[6e3b2d6b4437]
14265: 
14266: 	* plugins/sudoers/env.c:
14267: 	Handle duplicate variables in the environment. For unsetenv(), keep
14268: 	looking even after remove the first instance. For sudo_putenv(),
14269: 	check for and remove dupes after we replace an existing value.
14270: 	[c1bbb88d0435]
14271: 
14272: 2010-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
14273: 
14274: 	* plugins/sudoers/Makefile.in:
14275: 	Use explicit path to source file instead of $< for files that live
14276: 	in devdir and top_srcdir.
14277: 	[358ab7f6cc64]
14278: 
14279: 	* plugins/sudoers/Makefile.in:
14280: 	Add explicit rules to compile gram.c and toke.c for HP-UX Pevent
14281: 	ending LIBSUDOERS_OBJS with a backslash
14282: 	[481a5c96d47e]
14283: 
14284: 	* plugins/sudoers/Makefile.in, src/Makefile.in:
14285: 	Link libcommon before libreplace since libcommon may use functions
14286: 	only present in libreplace.
14287: 	[1847c496ff5b]
14288: 
14289: 	* common/Makefile.in:
14290: 	Move code common to sudo and the sudoers plugin to a convenience
14291: 	library, libcommon. Removes the need to make links in the sudoers
14292: 	plugin dir and reduces re-compilation of duplicate object files.
14293: 	[4c8986352937]
14294: 
14295: 	* Makefile.in, common/alloc.c, common/atobool.c, common/fileops.c,
14296: 	common/fmt_string.c, common/gettime.c, common/lbuf.c, common/list.c,
14297: 	common/term.c, common/zero_bytes.c, configure, configure.in,
14298: 	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
14299: 	src/Makefile.in, src/alloc.c, src/atobool.c, src/fileops.c,
14300: 	src/fmt_string.c, src/gettime.c, src/lbuf.c, src/list.c, src/term.c,
14301: 	src/zero_bytes.c:
14302: 	Move code common to sudo and the sudoers plugin to a convenience
14303: 	library, libcommon. Removes the need to make links in the sudoers
14304: 	plugin dir and reduces re-compilation of duplicate object files.
14305: 	[1d1d98bd55b9]
14306: 
14307: 	* src/exec.c, src/sudo.c, src/sudo.h:
14308: 	Rename script_execve to sudo_execve and rename script_foo in exec.c
14309: 	[a35ec80de96a]
14310: 
14311: 	* MANIFEST, src/Makefile.in, src/exec.c, src/script.c:
14312: 	rename script.c exec.c and fix up the MANIFEST file
14313: 	[36bc3bff9578]
14314: 
14315: 	* src/script.c, src/sudo.c, src/sudo.h:
14316: 	Rename script_setup() to pty_setup() and call from script_execve()
14317: 	directly.
14318: 	[899b0fb2a14d]
14319: 
14320: 	* configure, configure.in:
14321: 	bump version to 1.8.0a2
14322: 	[0b1c1ca9d4e5]
14323: 
14324: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14325: 	Document init_session
14326: 	[b5324785a406]
14327: 
14328: 	* plugins/sudoers/auth/API, plugins/sudoers/auth/sudo_auth.c,
14329: 	plugins/sudoers/auth/sudo_auth.h:
14330: 	Clean up the sudoers auth API a bit and update the docs.
14331: 	[c40fd4cb6e68]
14332: 
14333: 	* include/sudo_plugin.h, plugins/sudoers/auth/pam.c,
14334: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
14335: 	plugins/sudoers/sudoers.h, src/script.c, src/sudo.c:
14336: 	Add init_session function to struct policy_plugin that gets called
14337: 	before the uid/gid/etc changes. A struct passwd pointer is passed
14338: 	in,which may be NULL if the user does not exist in the passwd
14339: 	database.The sudoers module uses init_session to open the pam
14340: 	session as needed.
14341: 	[d71723320ee8]
14342: 
14343: 2010-05-26  Todd C. Miller  <Todd.Miller@courtesan.com>
14344: 
14345: 	* plugins/sudoers/auth/pam.c, plugins/sudoers/auth/sudo_auth.c,
14346: 	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/set_perms.c,
14347: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
14348: 	Add open/close session to sudo auth, only used by PAM. This allows
14349: 	us to open (and close) the PAM session from sudoers.
14350: 	[2665e2920d0d]
14351: 
14352: 	* plugins/sudoers/Makefile.in:
14353: 	Add explicit rule to build getdate.o for HP-UX make.
14354: 	[7f049e989956]
14355: 
14356: 	* plugins/sudoers/Makefile.in:
14357: 	Back out most of change 45e406ebdea2. Create dummy .l.c and .y.c
14358: 	rules as an alternate way to prevent HP-UX make (and others) from
14359: 	trying to rebuild the parser in non-dev mode.
14360: 	[f84badad98c5]
14361: 
14362: 	* plugins/sudoers/sudoers.c:
14363: 	Re-enable PATH_MAX check for command
14364: 	[40d8a50da136]
14365: 
14366: 	* Makefile.in:
14367: 	For distclean, clean the main directory last since the subdirs need
14368: 	to be able to run libtool to clean things.
14369: 	[8949a9861634]
14370: 
14371: 	* compat/Makefile.in:
14372: 	Fix generation of mksiglist.h
14373: 	[b7cdc9b36650]
14374: 
14375: 	* src/script.c:
14376: 	Now that we defer sending cstat until the end of script_child() we
14377: 	cannot reuse cstat when reading command status from parent.
14378: 	[25c882643466]
14379: 
14380: 2010-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
14381: 
14382: 	* configure, configure.in, doc/sudo.man.in, doc/sudo.man.pl,
14383: 	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
14384: 	doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoreplay.cat,
14385: 	doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
14386: 	Use numeric registers to handle conditionals instead of trying to do
14387: 	it all with text processing.
14388: 	[478079c3fd4b]
14389: 
14390: 	* doc/sudoers.pod:
14391: 	Document per-command SELinux settings
14392: 	[13840d566805]
14393: 
14394: 	* plugins/sudoers/sudoers.c:
14395: 	Repair "sudo -l -U username"
14396: 	[10a0dcdf2ddf]
14397: 
14398: 	* plugins/sudoers/sudoers.c:
14399: 	Set selinux role and type in command details.
14400: 	[8ae6d35a126d]
14401: 
14402: 	* src/script.c, src/selinux.c, src/sudo.h:
14403: 	Rework SELinux support.
14404: 	[83279cc94bf2]
14405: 
14406: 2010-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
14407: 
14408: 	* src/script.c, src/selinux.c, src/sudo.h:
14409: 	Make SELinux support compile again. Needs more work to be complete.
14410: 	[3d3addebcf82]
14411: 
14412: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
14413: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
14414: 	src/parse_args.c, src/script.c, src/selinux.c, src/sudo.c,
14415: 	src/sudo.h:
14416: 	Bring back closefrom settings.
14417: 	[b1c6257d4bbb]
14418: 
14419: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c,
14420: 	plugins/sudoers/sudoers.h:
14421: 	If running a command or sudoedit in transcript mode, call
14422: 	io_nextid() before log_allowed() so the session id is logged.
14423: 	[c42f3ae40150]
14424: 
14425: 	* configure, configure.in:
14426: 	Use mandoc(1) if nroff(1) is not present.
14427: 	[daad4bbd04af]
14428: 
14429: 	* doc/Makefile.in:
14430: 	Use the --file argument to config.status instead of setting
14431: 	CONFIG_FILES in the environment.
14432: 	[c89411a8bf70]
14433: 
14434: 	* plugins/sudoers/Makefile.in:
14435: 	We cannot conditionally update gram.h or the dependency ordering
14436: 	gets messed up in devel mode.
14437: 	[c938953231d9]
14438: 
14439: 2010-05-21  Todd C. Miller  <Todd.Miller@courtesan.com>
14440: 
14441: 	* Makefile.in, compat/Makefile.in, configure, configure.in,
14442: 	doc/Makefile.in, include/Makefile.in, plugins/sample/Makefile.in,
14443: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14444: 	Substitute @SHELL@ into Makefiles
14445: 	[36aa6a095335]
14446: 
14447: 	* config.sub:
14448: 	Fix typo
14449: 	[16d294d26b58]
14450: 
14451: 	* config.guess, config.sub, configure, configure.in:
14452: 	Update to autoconf 2.65
14453: 	[4fa6ea8caea3]
14454: 
14455: 	* Makefile.in:
14456: 	Fix libtool target (space vs. tabs)
14457: 	[755cf3892618]
14458: 
14459: 	* config.h.in, plugins/sudoers/logging.h, plugins/sudoers/visudo.c:
14460: 	Remove use of RETSIGTYPE; all modern systems have signal handlers
14461: 	that return void.
14462: 	[42b4e3aee668]
14463: 
14464: 	* Makefile.in, aclocal.m4, acsite.m4, configure, configure.in,
14465: 	ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
14466: 	m4/ltversion.m4, m4/lt~obsolete.m4, plugins/sample/Makefile.in,
14467: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14468: 	Update to libtool-2.2.6b. I haven't made any local modifications
14469: 	this time, which should be OK since we install sudo_noexec.so by
14470: 	hand now.
14471: 	[6f79ced593bb]
14472: 
14473: 	* compat/Makefile.in, plugins/sample/Makefile.in,
14474: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14475: 	Use libtool to clean objects
14476: 	[1581057d6472]
14477: 
14478: 	* include/Makefile.in:
14479: 	Install sudo_plugin.h as part of "make install" and make other
14480: 	install targets callable from the top-level Makefile
14481: 	[aaaeb027d774]
14482: 
14483: 	* configure, configure.in:
14484: 	regen with autoupdate to eliminate AC_TRY_LINK
14485: 	[5d5541c230f5]
14486: 
14487: 	* Makefile.in, compat/Makefile.in, configure, configure.in,
14488: 	doc/Makefile.in, plugins/sample/Makefile.in,
14489: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14490: 	Install sudo_plugin.h as part of "make install" and make other
14491: 	install targets callable from the top-level Makefile
14492: 	[b258b8401b1c]
14493: 
14494: 	* plugins/sample/sample_plugin.c:
14495: 	The sample plugin doesn't support being run with no args so return a
14496: 	usage error in this case.
14497: 	[473b3cf965be]
14498: 
14499: 	* plugins/sudoers/iolog.c:
14500: 	Set close on exec flag for descriptors used for I/O logging so they
14501: 	are not present in the command being run.
14502: 	[2c7e8708df76]
14503: 
14504: 	* plugins/sudoers/tsgetgrpw.c:
14505: 	Set close on exec flag in private versions of setpwent() and
14506: 	setgrent().
14507: 	[64fef78cb833]
14508: 
14509: 	* src/script.c:
14510: 	Close the I/O pipes aftering dup2()ing them to std{in,out,err}.
14511: 	Fixes extra fds being present in the command when it is part of a
14512: 	pipeline.
14513: 	[060451617713]
14514: 
14515: 	* plugins/sudoers/sudoers.c:
14516: 	Set user_tty to "unknown" if there is no tty, like sudo 1.7 does (it
14517: 	is used when logging). Note that user_ttypath will still be NULL if
14518: 	there is no tty.
14519: 	[31b69a6ecda7]
14520: 
14521: 	* src/script.c, src/sudo.h:
14522: 	Cosmetic changes: add comments, remove orphaned prototype and make a
14523: 	global static.
14524: 	[f7851af0143e]
14525: 
14526: 2010-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
14527: 
14528: 	* src/script.c:
14529: 	Move check for maxfd == -1 to flush_output where it belongs.
14530: 	[b826a95b4491]
14531: 
14532: 	* src/script.c:
14533: 	Break out of select loop if all the fds we want to select on are -1.
14534: 	[f5b387024238]
14535: 
14536: 	* src/sudo.c:
14537: 	Avoid possible malloc(0) if plugin returns an empty groups list.
14538: 	[9765a8fe5ce7]
14539: 
14540: 	* src/sudo.c:
14541: 	Add debugging info when calling plugin close function
14542: 	[95a273c7ff66]
14543: 
14544: 	* src/script.c:
14545: 	Avoid closing stdin/stdout/stderr when we are piping output.
14546: 	[330e76423caf]
14547: 
14548: 	* src/script.c:
14549: 	When execve() of the command fails, it is possible to receive
14550: 	SIGCHLD before we've read the error status from the pipe. Re-order
14551: 	things such that we send the final status at the very end and prefer
14552: 	error status over wait status.
14553: 	[b0dcf825244f]
14554: 
14555: 2010-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
14556: 
14557: 	* plugins/sudoers/auth/sudo_auth.c:
14558: 	Fix compilation for non PAM/BSD auth/AIX auth
14559: 	[e382b39d2e4f]
14560: 
14561: 2010-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
14562: 
14563: 	* src/script.c:
14564: 	Additional checks to make sure we don't close /dev/tty by mistake.
14565: 	When flushing, sleep in select as long as we have buffers that need
14566: 	to be written out.
14567: 	[8139cbd3dd54]
14568: 
14569: 	* src/script.c:
14570: 	Now that we can use pipes for stdin/stdout/stderr there is no longer
14571: 	a need to error out when there is no tty. We just need to make sure
14572: 	we don't try to use the tty fd if it is -1.
14573: 	[666621635d26]
14574: 
14575: 2010-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
14576: 
14577: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
14578: 	include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14579: 	plugins/sudoers/iolog.c, plugins/sudoers/sudoers.h, src/sudo.c:
14580: 	Add argc and argv to I/O logger open function.
14581: 	[0d7faa007d27]
14582: 
14583: 	* doc/sudo_plugin.man.in, doc/sudo_plugin.pod, include/sudo_plugin.h,
14584: 	plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
14585: 	src/parse_args.c, src/sudo.c, src/sudo_edit.c:
14586: 	Remove check_sudoedit function pointer in struct sudo_policy.
14587: 	Instead, sudo will set sudoedit=true in the settings array. The
14588: 	plugin should check for this and modify argv_out as appropriate in
14589: 	check_policy.
14590: 	[c0328e3276b8]
14591: 
14592: 2010-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
14593: 
14594: 	* plugins/sample/sample_plugin.c, src/sudo.c, src/sudo.h,
14595: 	src/sudo_edit.c:
14596: 	If plugin sets "sudoedit=true" in the command info, enable sudoedit
14597: 	mode even if not invoked as sudoedit. This allows a plugin to enable
14598: 	sudoedit when the user runs an editor.
14599: 	[96d67b99e42e]
14600: 
14601: 2010-05-15  Todd C. Miller  <Todd.Miller@courtesan.com>
14602: 
14603: 	* plugins/sudoers/Makefile.in:
14604: 	gram.h must not depend on gram.y if we want to avoid unnecessary
14605: 	rebuilding of targets dependent on gram.h when gram.y changes.
14606: 	[9db4b767fdca]
14607: 
14608: 	* plugins/sample/sample_plugin.c:
14609: 	Refactor common bits of check_policy and check_edit
14610: 	[ac4d366a04cf]
14611: 
14612: 	* plugins/sample/sample_plugin.c:
14613: 	Add sudoedit support
14614: 	[a1a6cc4c0cef]
14615: 
14616: 2010-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
14617: 
14618: 	* plugins/sudoers/Makefile.in:
14619: 	Rely more on VPATH; fixes a dependency issue with the parser.
14620: 	[45e406ebdea2]
14621: 
14622: 	* include/compat.h:
14623: 	Fix typo introduced in last commit
14624: 	[3ccb0f853d11]
14625: 
14626: 	* include/compat.h:
14627: 	Emulate seteuid using setreuid() or setresuid() as needed. There are
14628: 	still a few places that call seteuid() directly.
14629: 	[36e8efa3a99d]
14630: 
14631: 	* src/parse_args.c, src/sudo_edit.c:
14632: 	Attempt to fix building on systems that only have setuid.
14633: 	[8e9ba4083318]
14634: 
14635: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14636: 	Clarify sudoedit a tad.
14637: 	[d39dfaa14ade]
14638: 
14639: 2010-05-13  Todd C. Miller  <Todd.Miller@courtesan.com>
14640: 
14641: 	* src/sudo_edit.c:
14642: 	Fix compilation on HP-UX
14643: 	[f6e47843d139]
14644: 
14645: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14646: 	Document sudoedit
14647: 	[4cbf5196d993]
14648: 
14649: 	* plugins/sudoers/sudoers.c, src/sudo.c, src/sudo.h, src/sudo_edit.c:
14650: 	Change how we handle the sudoedit argv. We now require that there be
14651: 	a "--" in argv to separate the editor and any command line arguments
14652: 	from the files to be edited.
14653: 	[20623d549a3c]
14654: 
14655: 	* include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14656: 	plugins/sudoers/Makefile.in, plugins/sudoers/gettime.c,
14657: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
14658: 	src/Makefile.in, src/gettime.c, src/parse_args.c, src/sudo.c,
14659: 	src/sudo.h, src/sudo_edit.c:
14660: 	Work in progress support for sudoedit. The actual interface used by
14661: 	the plugin for sudoedit is likely to change.
14662: 	[c31262a31997]
14663: 
14664: 	* plugins/sudoers/find_path.c, plugins/sudoers/sudoers.c,
14665: 	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
14666: 	Make find_path() a little more generic by not checking def_foo
14667: 	variables inside it. Instead, pass in ignore_dot as a function
14668: 	argument.
14669: 	[9c23101a094d]
14670: 
14671: 	* plugins/sudoers/env.c:
14672: 	Add version of getenv(3) that uses our own environ pointer.
14673: 	[0e3783e63534]
14674: 
14675: 2010-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
14676: 
14677: 	* src/script.c:
14678: 	Avoid a potential race condition if SIGCHLD is received immediately
14679: 	before we call select().
14680: 	[99adc5ea7f0a]
14681: 
14682: 	* plugins/sudoers/sudoers.c:
14683: 	Call env_init() before we open the sudoers sources as those may call
14684: 	our setenv() replacement.
14685: 	[5f82601f5ab0]
14686: 
14687: 	* plugins/sudoers/env.c:
14688: 	Initialize env_len in env_init()
14689: 	[7ae02b3029b5]
14690: 
14691: 2010-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
14692: 
14693: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
14694: 	Document time stamp shortcomings under SECURITY NOTES Use "time
14695: 	stamp" instead of timestamp.
14696: 	[2b86120815b2]
14697: 
14698: 	* doc/Makefile.in:
14699: 	Make sed substitution of mansectsu and mansectform global.
14700: 	[94588632dba0]
14701: 
14702: 	* plugins/sudoers/check.c:
14703: 	If the tty lives on a devpts filesystem, stash the ctime in the tty
14704: 	ticket file, as it is not updated when the tty is written to. This
14705: 	helps us determine when a tty has been reused without the user
14706: 	authenticating again with sudo.
14707: 	[0e62a31bceb0]
14708: 
14709: 	* src/tgetpass.c:
14710: 	Fix pasto in mulitple signal fix and use _NSIG not NSIG since that
14711: 	is what our compat checks set.
14712: 	[df50f0a040c9]
14713: 
14714: 	* configure, configure.in:
14715: 	Add check for whether sudo need to link with -ldl to get dlopen().
14716: 	This is a bit of a hack that will get reworked when libtool is
14717: 	updated.
14718: 	[63bdcf579533]
14719: 
14720: 	* plugins/sudoers/check.c:
14721: 	Fix timestamp removal with -k/-K
14722: 	[6b4639fef973]
14723: 
14724: 	* plugins/sudoers/Makefile.in:
14725: 	audit.c is now private to the sudoers plugin
14726: 	[1974f342ae0b]
14727: 
14728: 	* configure, configure.in:
14729: 	Link with -lpthread on HP-UX since a plugin may be linked with
14730: 	-lpthread and dlopen() will fail if the shared object has a
14731: 	dependency on -lpthread but the main program is not linked with it.
14732: 	[d42139391263]
14733: 
14734: 	* config.h.in, configure, configure.in, plugins/sudoers/set_perms.c:
14735: 	Add separate test for getresuid() since HP-UX has setresuid() but no
14736: 	getresuid().
14737: 	[910fe727a374]
14738: 
14739: 	* doc/Makefile.in:
14740: 	Remove errant backslash
14741: 	[dd5464257c69]
14742: 
14743: 	* src/script.c:
14744: 	Fix SIGPIPE handling. Now that we use may use pipes for stdin/stdout
14745: 	we need to pass any SIGPIPE we receive to the running command.
14746: 	[3f6b1991f4fd]
14747: 
14748: 	* src/script.c:
14749: 	Also start the command in the background if stdin is not a tty.
14750: 	[d93bc33a3740]
14751: 
14752: 2010-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
14753: 
14754: 	* plugins/sudoers/sudoreplay.c, src/script.c, src/sudo.h, src/term.c:
14755: 	No need to use pseudo-cbreak mode now that we use pipes when stdout
14756: 	is not a tty. Instead, check whether stdin is a tty and if not,
14757: 	delay setting the tty to raw mode until the command tries to access
14758: 	it itself (and receives SIGTTIN or SIGTTOU).
14759: 	[e68315cf8c6b]
14760: 
14761: 	* src/tgetpass.c:
14762: 	Use an array for signals received instead of a single variable so we
14763: 	don't lose any when there are multiple different signals.
14764: 	[2ac726dac864]
14765: 
14766: 	* src/tgetpass.c:
14767: 	Do signal setup after turning off echo, not before. If we are using
14768: 	a tty but are not the foreground pgrp this will generate SIGTTOU so
14769: 	we want the default action to be taken (suspend process).
14770: 	[bebb6209c795]
14771: 
14772: 2010-05-07  Todd C. Miller  <Todd.Miller@courtesan.com>
14773: 
14774: 	* src/script.c:
14775: 	Flush the iobufs on suspend or child exit using the same logic as
14776: 	the main event loop.
14777: 	[c627feee1035]
14778: 
14779: 	* src/script.c:
14780: 	Free memory after we are done with it.
14781: 	[8db9b611b45a]
14782: 
14783: 2010-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
14784: 
14785: 	* doc/HISTORY:
14786: 	Quest now sponsors Sudo development
14787: 	[6cc490083bc7]
14788: 
14789: 2010-05-05  Todd C. Miller  <Todd.Miller@courtesan.com>
14790: 
14791: 	* doc/Makefile.in:
14792: 	Install sudo_plugin man page.
14793: 	[c253729790b2]
14794: 
14795: 	* src/script.c:
14796: 	Go back to reseting io_buffer offset and length (and now also the
14797: 	EOF handling) in the loop we do the FD_SET, not after we drain the
14798: 	buffer after write() since we don't know what order reads and writes
14799: 	will occur in.
14800: 	[5f38bfa8497f]
14801: 
14802: 	* MANIFEST:
14803: 	audit files moved to sudoers plugin directory
14804: 	[b1ead182428e]
14805: 
14806: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
14807: 	Document plugin_printf and new logging functions.
14808: 	[fe9430b60ab5]
14809: 
14810: 	* src/script.c:
14811: 	Add support for logging stdin when it is not a tty. There is still a
14812: 	bug where "cat | sudo cat" has problems because both cat and sudo
14813: 	are trying to read from the tty.
14814: 	[04c9c59fcfba]
14815: 
14816: 	* include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14817: 	plugins/sudoers/sudoers.c, src/script.c:
14818: 	Add separate I/O logging functions for tty in/out and
14819: 	stdin/stdout/stderr. NOTE: stdin logging does not currently work and
14820: 	is disabled for now.
14821: 	[a36dfd4ca935]
14822: 
14823: 2010-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
14824: 
14825: 	* include/sudo_plugin.h, plugins/sample/sample_plugin.c,
14826: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
14827: 	plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
14828: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
14829: 	src/conversation.c, src/sudo.c, src/sudo_plugin_int.h:
14830: 	Add pointer to a printf like function to plugin open functon. This
14831: 	can be used instead of the conversation function to display info and
14832: 	error messages.
14833: 	[98734eea8ef1]
14834: 
14835: 	* Makefile.in:
14836: 	Stop if make in a subdir fails
14837: 	[228bb3ad2dbc]
14838: 
14839: 	* src/script.c:
14840: 	Only set user's tty to blocking mode when doing the final flush.
14841: 	Flush pipes as well as pty master when the process is done.
14842: 	[20ff67218666]
14843: 
14844: 2010-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
14845: 
14846: 	* plugins/sudoers/ldap.c:
14847: 	Use print_error() when displaying ldap config info in debugging
14848: 	mode.
14849: 	[d142e0cacb22]
14850: 
14851: 	* compat/Makefile.in, compat/strdup.c, compat/strndup.c:
14852: 	No longer need strdup() or strndup() replacements.
14853: 	[df53697174ec]
14854: 
14855: 	* plugins/sudoers/logging.c, plugins/sudoers/plugin_error.c,
14856: 	plugins/sudoers/sudoers.h:
14857: 	Add print_error() function that uses the conversation function to
14858: 	print a variable number of error strings and use it in log_error().
14859: 	[b1fa2861b575]
14860: 
14861: 	* src/script.c, src/sudo.h, src/term.c:
14862: 	Do not need the opost flag to term_copy() now that we use pipes for
14863: 	stdout/stderr when they are not a tty.
14864: 	[f42811f70a19]
14865: 
14866: 	* src/script.c:
14867: 	Use pipes to the sudo process if stdout or stderr is not a tty.
14868: 	Still needs some polishing and a decision as to whether it is
14869: 	desirable to add additonal entry points for logging
14870: 	stdout/stderr/stdin when they are not ttys. That would allow a
14871: 	replay program to keep things separate and to know whether the
14872: 	terminal needs to be in raw mode at replay time.
14873: 	[1a945e0ab2da]
14874: 
14875: 2010-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
14876: 
14877: 	* plugins/sudoers/Makefile.in, plugins/sudoers/audit.c,
14878: 	plugins/sudoers/bsm_audit.c, plugins/sudoers/bsm_audit.h,
14879: 	src/audit.c, src/bsm_audit.c, src/bsm_audit.h:
14880: 	Move audit sources into the sudoers plugin dir; the driver does not
14881: 	use them.
14882: 	[50ec36422cd0]
14883: 
14884: 	* compat/getline.c, compat/mksiglist.c, compat/nanosleep.c,
14885: 	compat/strdup.c, compat/strndup.c, plugins/sample/sample_plugin.c,
14886: 	plugins/sudoers/boottime.c, plugins/sudoers/getdate.c,
14887: 	plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
14888: 	plugins/sudoers/timestr.c, plugins/sudoers/vasgroups.c, src/alloc.c,
14889: 	src/atobool.c, src/audit.c, src/lbuf.c, src/list.c, src/sesh.c,
14890: 	src/term.c, src/ttysize.c:
14891: 	Use angle brackets when including headers that can only be found
14892: 	when an -I flag is specified. The files in the compat dir could get
14893: 	away with double quotes here but I've converted all the source files
14894: 	to use angle brackets for consistency.
14895: 	[9e30a8fc6d4b]
14896: 
14897: 	* plugins/sudoers/Makefile.in:
14898: 	Add missing -I$(top_srcdir) to CPPFLAGS so includes in the compat
14899: 	dir can be found when building outside the source tree.
14900: 	[1150934b79dd]
14901: 
14902: 	* plugins/sudoers/Makefile.in:
14903: 	Clean up links in distclean
14904: 	[78595028be8b]
14905: 
14906: 	* plugins/sudoers/Makefile.in:
14907: 	Hack around VPATH semantic differences by symlinking files we need
14908: 	from ../../src into the current directory and build those. A better
14909: 	fix would be to either make a .a or .la file with those files in it
14910: 	or simply use a single, flat, Makefile instead of per-subdirs
14911: 	Makefiles.
14912: 	[892c332d3f05]
14913: 
14914: 	* plugins/sudoers/Makefile.in, src/Makefile.in, src/fmt_string.c:
14915: 	fmt_string is used by the sudoers plugin too so do not include
14916: 	sudo.h (which is not really needed here anyway)
14917: 	[231c35e3941f]
14918: 
14919: 	* compat/Makefile.in, plugins/sample/Makefile.in,
14920: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14921: 	Fix building with non-BSD versions of make such as GNU make.
14922: 	Requires VPATH support, which should be in any non-neolithic make.
14923: 	[dc174f135919]
14924: 
14925: 	* configure, configure.in, plugins/sudoers/Makefile.in,
14926: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/sudoers.c,
14927: 	src/Makefile.in:
14928: 	Re-enable bsm audit. Currently auditing is done within the sudoers
14929: 	plugin itself. If possible, this should really be done in the main
14930: 	driver but we don't presently have the needed data to do that. This
14931: 	will be re-evaluated when Linux audit support is added.
14932: 	[1d05a3236bfe]
14933: 
14934: 	* compat/Makefile.in, plugins/sample/Makefile.in,
14935: 	plugins/sudoers/Makefile.in, src/Makefile.in:
14936: 	Remove extraneous $srcdir and use more .c.lo and .c.o rules instead
14937: 	of explicit rules in the dependency.
14938: 	[88f80efd25f0]
14939: 
14940: 	* plugins/sudoers/visudo.c:
14941: 	Fix mismerge; alias_remove_recursive() now returns int
14942: 	[6257a4849641]
14943: 
14944: 2010-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
14945: 
14946: 	* plugins/sudoers/visudo.c:
14947: 	Fix a crash when checking a sudoers file that has aliases that
14948: 	reference themselves. Based on a diff from David Wood.
14949: 	[545d194484a7]
14950: 
14951: 	* src/script.c:
14952: 	Print signal info after restoring the tty mode, not before.
14953: 	[a68618e67435]
14954: 
14955: 	* src/script.c:
14956: 	Defer call to alarm() until after we fork the child. Pass correct
14957: 	pid to terminate_child() If the command exits due to signal, set
14958: 	alive to false like we do when it exits normally. Add missing check
14959: 	for errpipe[0] != -1 before using it in FD_ISSET
14960: 	[22f0a1549391]
14961: 
14962: 2010-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
14963: 
14964: 	* plugins/sudoers/boottime.c:
14965: 	Use 1/0 instead of TRUE/FALSE so we don't need sudoers.h
14966: 	[0e627170c6e8]
14967: 
14968: 2010-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
14969: 
14970: 	* src/Makefile.in:
14971: 	Simplify dependencies by using .c.o and .c.lo rules.
14972: 	[6abcaef5d1ac]
14973: 
14974: 	* configure, configure.in, plugins/sudoers/Makefile.in,
14975: 	src/Makefile.in:
14976: 	Substitute in @PROGS@ into src/Makefile to add sesh
14977: 	[cc46d3b6208f]
14978: 
14979: 2010-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
14980: 
14981: 	* plugins/sudoers/sudoers.c:
14982: 	Add back calls to log_denial() if sudoers does not allow the
14983: 	command.
14984: 	[9783316207f0]
14985: 
14986: 	* plugins/sudoers/sudoers.c:
14987: 	Pass in correct pwflag for list and validate.
14988: 	[973dd56d4b81]
14989: 
14990: 	* plugins/sudoers/env.c:
14991: 	Add missing check for NULL in validate_env_vars
14992: 	[1d6eb6957824]
14993: 
14994: 	* src/Makefile.in:
14995: 	Add sudo_noexec.la to "all" target, otherwise it only gets built at
14996: 	install time.
14997: 	[644a9694d2ef]
14998: 
14999: 	* plugins/sudoers/sudoers.c:
15000: 	Only set sudo_user.env_vars if the env_add list is empty.
15001: 	[fccdf6f0e0e2]
15002: 
15003: 	* plugins/sudoers/sudoers.c:
15004: 	Set sudo_user.env_vars so that environment variables specified on
15005: 	the command line get logged correctly.
15006: 	[9b51012c491e]
15007: 
15008: 	* plugins/sudoers/env.c, plugins/sudoers/logging.c,
15009: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
15010: 	Re-enable environment files and setting environment variables on the
15011: 	command line.
15012: 	[5662d5645dbd]
15013: 
15014: 2010-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
15015: 
15016: 	* plugins/sudoers/check.c:
15017: 	Fix typo in last commit (ifndef vs ifdef) Make sure we pass ctime()
15018: 	a pointer to time_t as tv_sec in struct timeval may be long.
15019: 	[4de0c46e788e]
15020: 
15021: 	* plugins/sudoers/check.c:
15022: 	Don't stash ctime in on-disk tty ticket info for now; on many
15023: 	(most?) systems the ctime is updated when the tty is written to.
15024: 	Once I have a better idea of what systems do not update ctime on
15025: 	ttys (and have a way to test for this) the ctime stash will be
15026: 	conditionally re-enabled.
15027: 	[a90eeec0f648]
15028: 
15029: 2010-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
15030: 
15031: 	* MANIFEST, Makefile.in:
15032: 	Add back "dist" target, this time using a MANIFEST file
15033: 	[29277c05499f]
15034: 
15035: 	* Makefile.in:
15036: 	Remove Makefile in distclean target
15037: 	[83d695f4f450]
15038: 
15039: 	* Makefile.in, src/Makefile.in:
15040: 	Update clean and cleandir targets
15041: 	[ad7b2afeb9c1]
15042: 
15043: 	* include/fileops.h, plugins/sudoers/sudoers.h, src/fileops.c,
15044: 	src/sudo.h:
15045: 	Move fileops.c defines and prototypes to filesops.h
15046: 	[4545e9b6892d]
15047: 
15048: 	* plugins/sudoers/check.c:
15049: 	Lock the tty timestamp when writing. We shouldn't have to lock when
15050: 	reading since the file is updated via a single write system call.
15051: 	[0c7276f02696]
15052: 
15053: 2010-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
15054: 
15055: 	* plugins/sudoers/alias.c, plugins/sudoers/check.c,
15056: 	plugins/sudoers/defaults.c, plugins/sudoers/find_path.c,
15057: 	plugins/sudoers/getspwuid.c, plugins/sudoers/gettime.c,
15058: 	plugins/sudoers/goodpath.c, plugins/sudoers/interfaces.c,
15059: 	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
15060: 	plugins/sudoers/logging.c, plugins/sudoers/match.c,
15061: 	plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
15062: 	plugins/sudoers/pwutil.c, plugins/sudoers/redblack.c,
15063: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
15064: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
15065: 	plugins/sudoers/timestr.c, plugins/sudoers/tsgetgrpw.c,
15066: 	plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
15067: 	Convert to ANSI C function declarations
15068: 	[9c45def57cf7]
15069: 
15070: 	* plugins/sudoers/sudoers.h:
15071: 	Remove extraneous bits and classify by source file.
15072: 	[e8ea9f109ebb]
15073: 
15074: 	* include/compat.h:
15075: 	Add timercmp macro for systems without it
15076: 	[d3bf87b1d08e]
15077: 
15078: 	* plugins/sudoers/boottime.c, plugins/sudoers/check.c,
15079: 	plugins/sudoers/sudoers.h:
15080: 	get_boottime() now fills in a timeval struct
15081: 	[3573c3f44e11]
15082: 
15083: 	* plugins/sudoers/check.c:
15084: 	Store info from stat(2)ing the tty in the tty ticket when tty
15085: 	tickets are in use. On most systems, this closes the loophole
15086: 	whereby a user can log out of a tty, log back in and still have the
15087: 	timestamp be valid.
15088: 	[53380f9f5242]
15089: 
15090: 	* config.h.in, configure.in:
15091: 	Add timespec2timeval and use it when getting ctime/mtime
15092: 	[4cb7f7caec2c]
15093: 
15094: 2010-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
15095: 
15096: 	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/set_perms.c,
15097: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
15098: 	plugins/sudoers/testsudoers.c:
15099: 	Convert perm setting to push/pop model; still needs some work Use
15100: 	the stashed runas groups instead of using getgrouplist() Reset perms
15101: 	to the initial value on error
15102: 	[09c072ebde8b]
15103: 
15104: 	* config.h.in, configure.in:
15105: 	fix ctim_get and mtim_get macros
15106: 	[58773dc1e360]
15107: 
15108: 	* config.h.in, configure, configure.in, include/compat.h,
15109: 	plugins/sudoers/check.c, plugins/sudoers/gettime.c,
15110: 	plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c, src/fileops.c:
15111: 	Use timeval directly instead of converting to timespec when dealing
15112: 	with file times and time of day.
15113: 	[a0ce1ae00a67]
15114: 
15115: 	* plugins/sudoers/Makefile.in:
15116: 	Don't like sudoreplay with libsudoers.la due to a yacc symbol
15117: 	conflict.
15118: 	[f1a59cc63a15]
15119: 
15120: 2010-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
15121: 
15122: 	* configure, configure.in:
15123: 	Darwin >= 9.x has real setreuid(2)
15124: 	[7ec942a64275]
15125: 
15126: 2010-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
15127: 
15128: 	* plugins/sudoers/env.c, plugins/sudoers/sudoers.h:
15129: 	Ansify env.c
15130: 	[f58551bad10a]
15131: 
15132: 	* plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
15133: 	plugins/sudoers/sudoers.h:
15134: 	Remove remaining references to the environ pointer.
15135: 	[96faa530816a]
15136: 
15137: 2010-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
15138: 
15139: 	* config.h.in, configure, configure.in, plugins/sudoers/env.c:
15140: 	Don't change the environ directly in the sudoers plugin
15141: 	[6db48ed3f7e0]
15142: 
15143: 2010-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
15144: 
15145: 	* plugins/sudoers/sudoers.c:
15146: 	Fix typo
15147: 	[4aa452b07f8f]
15148: 
15149: 	* plugins/sudoers/alias.c:
15150: 	Fix use after free in error message when a duplicate alias exists.
15151: 	[ce1d2812ee34]
15152: 
15153: 2010-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
15154: 
15155: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
15156: 	src/parse_args.c:
15157: 	Add a "noninteractive" boolean to the settings passed in to the
15158: 	plugin's open function that is set when the user specifies the -n
15159: 	flag.
15160: 	[68f8d9d6d4d0]
15161: 
15162: 	* config.h.in, configure, configure.in, plugins/sudoers/env.c:
15163: 	Add workaround for the lack of the environ pointer on Mac OS X in
15164: 	dlopen()ed modules. Use of environ in the sudoers plugin should
15165: 	ultimately be removed but this will do for the moment.
15166: 	[80c61647434f]
15167: 
15168: 	* plugins/sudoers/visudo.c:
15169: 	Set errorfile to the sudoers path if we set parse_error manually.
15170: 	This prevents a NULL dereference in printf() when checking a sudoers
15171: 	file in strict mode when alias errors are present.
15172: 	[45e249ca99f7]
15173: 
15174: 	* plugins/sudoers/sudoers.c:
15175: 	Main sudo no longer print "unable to execute" on exec failure so do
15176: 	it here.
15177: 	[50aaf62b43b5]
15178: 
15179: 2010-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
15180: 
15181: 	* src/script.c:
15182: 	Use a pipe to pass back errno to the parent if execve() fails. If we
15183: 	get an error in script_child(), kill the command and exit.
15184: 	[dc3bf870f91b]
15185: 
15186: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
15187: 	src/parse_args.c, src/sudo.c:
15188: 	Handle plugin's open function returning -2 (usage error).
15189: 	[aadf900c1de8]
15190: 
15191: 	* src/script.c:
15192: 	If execve() fails, leave it to the plugin to print an error string.
15193: 	[e25748f2d5b9]
15194: 
15195: 	* src/script.c:
15196: 	If execve fails in logging mode, pass the errno directly to the
15197: 	grandparent on the backchannel and exit. The immediate parent will
15198: 	get SIGCHLD and try to report that status but its parent will no
15199: 	longer be listening. It would probably be cleaner to pass this over
15200: 	a pipe in script_child().
15201: 	[cb122acc81a8]
15202: 
15203: 	* plugins/sudoers/sudoers.c:
15204: 	Don't override rval with results of check_user() unless it failed.
15205: 	[46fb7e87ac7d]
15206: 
15207: 2010-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
15208: 
15209: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
15210: 	Fix typo
15211: 	[ccd0b693f3da]
15212: 
15213: 	* src/parse_args.c:
15214: 	NULL-terminate env_add
15215: 	[2c534368a0c3]
15216: 
15217: 2010-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
15218: 
15219: 	* src/sudo.c:
15220: 	Call the I/O log open function before the I/O version function.
15221: 	[e88bf898990b]
15222: 
15223: 	* plugins/sudoers/iolog.c:
15224: 	Remove io_conv and just use sudo_conv
15225: 	[a280052468eb]
15226: 
15227: 	* plugins/sudoers/set_perms.c:
15228: 	Fix set/restore perms for systems w/o setresuid
15229: 	[4160517f6666]
15230: 
15231: 2010-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
15232: 
15233: 	* plugins/sudoers/check.c, plugins/sudoers/logging.c,
15234: 	plugins/sudoers/parse.c, plugins/sudoers/set_perms.c,
15235: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
15236: 	Primitive set/restore permissions. Will be replaced by a push/pop
15237: 	model.
15238: 	[aae102290866]
15239: 
15240: 	* src/script.c:
15241: 	Only need to take action on SIGCHLD in parent if no I/O logger. If
15242: 	there is an I/O logger we will receive ECONNRESET or EPIPE when we
15243: 	try to read from the socketpair.
15244: 	[e1e4560401f6]
15245: 
15246: 2010-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
15247: 
15248: 	* compat/memrchr.c, doc/sudoers.cat, doc/sudoers.man.in,
15249: 	doc/sudoers.pod, plugins/sudoers/find_path.c:
15250: 	Merge fb4d571495fa from the 1.7 branch to trunk.
15251: 	[c8fb424ad4d2]
15252: 
15253: 2010-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
15254: 
15255: 	* src/script.c:
15256: 	Don't set SA_RESTART when registering SIGALRM handler. Do set
15257: 	SA_RESTART when registering SIGWINCH handler.
15258: 	[173472b76525]
15259: 
15260: 	* doc/Makefile.in:
15261: 	Add dev targets for *.man.in and *.cat that don't specfify the
15262: 	$(srcdir) prefix.
15263: 	[b62f425da2e4]
15264: 
15265: 	* src/script.c:
15266: 	If log_input or log_output returns false, terminate the command.
15267: 	[074f4c0c34a0]
15268: 
15269: 	* src/script.c:
15270: 	Better signal handling. Instead of using a single variable to store
15271: 	the received signal, use an array so we can't lose a signal when
15272: 	multiple are sent. Fix process termination by SIGALRM in non-I/O
15273: 	logger mode. Fix relaying terminal signals to the child in non-I/O
15274: 	logger mode.
15275: 	[7a4723aca99d]
15276: 
15277: 	* src/script.c:
15278: 	Fix a race between when we get the child pid in the parent and when
15279: 	the child process exits. The problem exhibited as a hang after a
15280: 	short-lived process, e.g. "sudo id" when no IO logger was enabled.
15281: 	[80bcc0aca70b]
15282: 
15283: 2010-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
15284: 
15285: 	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
15286: 	Add a note about the security implications of the fast_glob option.
15287: 	[c37a92ab7c93]
15288: 
15289: 2010-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
15290: 
15291: 	* config.h.in, configure, configure.in:
15292: 	Fix up some AC_DEFINE descriptions and regen config.h.in
15293: 	[f4655adc0db3]
15294: 
15295: 2010-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
15296: 
15297: 	* include/missing.h:
15298: 	No longer check for strdup or strndup for LIBOBJ replacement.
15299: 	[fdc764ee8109]
15300: 
15301: 	* src/script.c:
15302: 	Avoid installing signal handlers that are io-logger specific. Fixes
15303: 	job control when no io logger is enabled.
15304: 	[0853dd0906d4]
15305: 
15306: 	* doc/Makefile.in:
15307: 	Only regen man pages from pod when configured with --with-devel
15308: 	[ab1995f8103d]
15309: 
15310: 2010-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
15311: 
15312: 	* Makefile, Makefile.in, configure, configure.in:
15313: 	Top-level Makefile.in. Nothing is currently substituted but this is
15314: 	needed for separate build dirs.
15315: 	[e80873cbd201]
15316: 
15317: 	* compat/Makefile.in, doc/Makefile.in, plugins/sample/Makefile.in,
15318: 	plugins/sudoers/Makefile.in, src/Makefile.in:
15319: 	Fix out-of-tree builds
15320: 	[59a35bef07b8]
15321: 
15322: 	* Merge
15323: 	[386b848047e9]
15324: 
15325: 	* doc/Makefile.in:
15326: 	We always install sudoreplay in 1.8
15327: 	[ce52ba6617c9]
15328: 
15329: 2010-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
15330: 
15331: 	* compat/siglist.in:
15332: 	SIGPOLL is sometimes the same as SIGIO (like on HP-UX)
15333: 	[6d69e1b05faf]
15334: 
15335: 2010-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
15336: 
15337: 	* configure, configure.in:
15338: 	No need to provide strdup() or strndup(), sudo uses estrdup() and
15339: 	estrndup()
15340: 	[57ec23b72958]
15341: 
15342: 2010-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
15343: 
15344: 	* plugins/sudoers/iolog.c, plugins/sudoers/sudoers.c:
15345: 	Free str after using it in the version method. Use sudo_conv, not
15346: 	io_conv since we don't have the IO conversation function pointer in
15347: 	the I/O version method anymore now that io_open is delayed.
15348: 	[f2ed132adeb0]
15349: 
15350: 2010-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
15351: 
15352: 	* compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
15353: 	compat/siglist.in:
15354: 	Add license to mksiglist.c and note that the bits from pdksh are
15355: 	public domain
15356: 	[d8121a2467e8]
15357: 
15358: 	* compat/Makefile.in:
15359: 	Fix LIBOBJDIR vs. srcdir wrt the siglist bits
15360: 	[164160148421]
15361: 
15362: 	* plugins/sudoers/Makefile.in:
15363: 	Add sudoreplay testsudoers and visudo to clean target
15364: 	[138a17e51c0c]
15365: 
15366: 	* compat/Makefile.in, compat/mksiglist.c, compat/mksiglist.h,
15367: 	compat/siglist.in, compat/strsignal.c, configure, configure.in,
15368: 	include/missing.h, src/script.c:
15369: 	Create our own sys_siglist for systems without it for use by
15370: 	strsignal()
15371: 	[2e5da011ebc3]
15372: 
15373: 	* compat/Makefile.in:
15374: 	Remove duplicate $(LIBOBJDIR)
15375: 	[adf9abc9432f]
15376: 
15377: 2010-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
15378: 
15379: 	* plugins/sudoers/sudoers.c, src/sudo.c, src/sudo_edit.c:
15380: 	Main sudo should not block signals; the plugin should do this in
15381: 	check_policy.
15382: 	[3f3736a7c5ed]
15383: 
15384: 2010-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
15385: 
15386: 	* src/script.c:
15387: 	Fix a sizeof(ptr) vs. sizeof(*ptr)
15388: 	[aa1bcf5afcce]
15389: 
15390: 	* src/script.c:
15391: 	Unlike most operating systems, HP-UX select() is not interrupted by
15392: 	SIGCHLD when the signal is registered with SA_RESTART. If we clear
15393: 	SA_RESTART when calling sigaction() for SIGCHLD we get the expected
15394: 	behavior and the code in the select() loops already handles EINTR
15395: 	correctly.
15396: 	[9eba0115e35a]
15397: 
15398: 	* compat/getprogname.c:
15399: 	progname should be const
15400: 	[130228f062b7]
15401: 
15402: 	* plugins/sudoers/Makefile.in:
15403: 	Move --tag=disable-static to when we link sudoers.la, not when we
15404: 	install.
15405: 	[ceb5e6c3b78b]
15406: 
15407: 	* src/load_plugins.c:
15408: 	Load the sudoers I/O plugin by default too now that it is hooked up.
15409: 	[ea38befd0742]
15410: 
15411: 2010-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
15412: 
15413: 	* src/pty.c:
15414: 	It looks like AIX doesn't need to push STREAMS modules for ptys.
15415: 	[22da618ba0a1]
15416: 
15417: 2010-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
15418: 
15419: 	* src/parse_args.c, src/sudo.c:
15420: 	Delay calling the I/O plugin open function until the policy plugin
15421: 	returns success.
15422: 	[f3297c325b48]
15423: 
15424: 2010-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
15425: 
15426: 	* plugins/sudoers/Makefile.in, plugins/sudoers/iolog.c,
15427: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudoers.c,
15428: 	plugins/sudoers/sudoers.h:
15429: 	Add back io logging (transcript) support. Currently, the open
15430: 	function runs too early and it is not possible to use the io module
15431: 	independently of the policy module.
15432: 	[9bd932f66226]
15433: 
15434: 	* plugins/sudoers/set_perms.c:
15435: 	Comment out dead code; will be removed when set_perms is rewritten.
15436: 	[af7a995284f8]
15437: 
15438: 2010-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
15439: 
15440: 	* plugins/sudoers/sudoers.c:
15441: 	Fix off by one error when allocating user_groups.
15442: 	[6281fcf9c3bb]
15443: 
15444: 2010-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
15445: 
15446: 	* configure, configure.in, plugins/sudoers/Makefile.in:
15447: 	Add REPLAY_LIBS for sudoreplay and add -lrt to it on Solaris.
15448: 	[fbce3e9eda3a]
15449: 
15450: 	* plugins/sudoers/sudoers.c:
15451: 	Fix typo in preserve groups case
15452: 	[1fd72024fb5a]
15453: 
15454: 	* plugins/sudoers/sudoers.c:
15455: 	In command_info it is "runas_groups" not "groups".
15456: 	[5c64dce4f285]
15457: 
15458: 	* src/sudo.c:
15459: 	Fix iteration over runas_groups list.
15460: 	[b3c45a0cd643]
15461: 
15462: 	* configure, configure.in, plugins/sudoers/env.c,
15463: 	plugins/sudoers/match.c, src/script.c:
15464: 	Merge 5177a284b9ff 549f8f7c2463 88f3181692fe from 1.7 branch.
15465: 	[a8108a0776c2]
15466: 
15467: 	* compat/getgrouplist.c:
15468: 	getgrouplist(3) for those without it
15469: 	[4ab4d21e3b16]
15470: 
15471: 	* plugins/sudoers/sudoers.c:
15472: 	Set preserve_groups or groups list in command_info
15473: 	[1266119ad654]
15474: 
15475: 	* src/sudo.c:
15476: 	Fix setting of groups list
15477: 	[e75315e40bd4]
15478: 
15479: 	* config.h.in, configure, configure.in, include/compat.h,
15480: 	include/missing.h:
15481: 	Add checks for getgrset and getgrouplist and use replacement
15482: 	getgrouplist if the system doesn't support it.
15483: 	[a62b8ba50863]
15484: 
15485: 	* src/parse_args.c:
15486: 	Pass in preserve_groups when the -P flag is specified as per the
15487: 	design
15488: 	[7420c5d15474]
15489: 
15490: 	* plugins/sudoers/sudoers.c:
15491: 	Check preserve_groups and ignore_ticket args with atobool instead of
15492: 	assuming they are true if present.
15493: 	[71c905702697]
15494: 
15495: 2010-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
15496: 
15497: 	* plugins/sudoers/Makefile.in, plugins/sudoers/error.c,
15498: 	plugins/sudoers/plugin_error.c:
15499: 	Rename plugin-specific error.c to plugin_error.c Wire up visudo,
15500: 	sudoreplay and testsudoers in the build
15501: 	[9d581d5fa4d4]
15502: 
15503: 	* src/Makefile.in, src/term.c:
15504: 	term.c does not needto include sudo.h
15505: 	[f6683cdcd2dd]
15506: 
15507: 	* TODO, doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
15508: 	doc/sudo_plugin.pod:
15509: 	Document the -2 return in the check_policy section too
15510: 	[e9cb4c34bbcf]
15511: 
15512: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
15513: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
15514: 	src/parse_args.c, src/sudo.c, src/sudo.h:
15515: 	Fix the -s and -i flags and add support for the "implied_shell"
15516: 	option. If the user does not specify a command, sudo will now pass
15517: 	in the path to the user's shell and set impied_shell=true. The
15518: 	plugin can them either check the command normally or return -2 to
15519: 	cause sudo to print a usage message and exit.
15520: 	[bf889c38f229]
15521: 
15522: 2010-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
15523: 
15524: 	* config.h.in, configure, configure.in, src/load_plugins.c:
15525: 	Bring back SUDOERS_PLUGIN but add .dylib -> .so conversion for
15526: 	Darwin where libraries end in .dylib but modules end in .so
15527: 	[2c56aaa38e21]
15528: 
15529: 	* plugins/sudoers/parse.c:
15530: 	Better prefix determination now that we can't rely on len==0 to tell
15531: 	the beginning on an entry.
15532: 	[622bf18179e9]
15533: 
15534: 	* plugins/sudoers/ldap.c:
15535: 	display_bound_defaults() stub should return 0, not 1 since it is a
15536: 	count, not a boolean.
15537: 	[0327a6c3d55d]
15538: 
15539: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
15540: 	Document progname in settings
15541: 	[42031d56a2e3]
15542: 
15543: 	* compat/getprogname.c, include/compat.h,
15544: 	plugins/sample/sample_plugin.c, plugins/sudoers/sudoers.c,
15545: 	src/parse_args.c, src/sudo.c:
15546: 	Rewrite compat/getprogname.c and add setprogname(). The progname is
15547: 	now passed to the plugin via the settings array.
15548: 	[25d8663e6006]
15549: 
15550: 	* configure, configure.in, plugins/sudoers/Makefile.in:
15551: 	Fix --with-ldap
15552: 	[b64b633f426d]
15553: 
15554: 	* plugins/sudoers/sudo_nss.c:
15555: 	Add missing whitespace for Runas and Command-specific defaults
15556: 	[65f4ddf5545e]
15557: 
15558: 	* plugins/sudoers/ldap.c, plugins/sudoers/parse.c,
15559: 	plugins/sudoers/sudo_nss.c:
15560: 	Use embedded newlines in lbuf instead of multiple calls to
15561: 	lbuf_print.
15562: 	[eed3af9cc3e1]
15563: 
15564: 	* src/lbuf.c:
15565: 	Add support for embedded newlines.
15566: 	[e11f79b18deb]
15567: 
15568: 2010-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
15569: 
15570: 	* compat/getprogname.c:
15571: 	If system doesn't support getprogname or __programe and we are
15572: 	building a shared object don't bother with Argc/Argv, just return
15573: 	"sudo"
15574: 	[aebde9062be7]
15575: 
15576: 	* config.h.in, configure, configure.in, src/load_plugins.c:
15577: 	Hard-code sudoers.so instead of using SUDOERS_PLUGIN since libtool
15578: 	appears to always install a shared object with the .so suffix.
15579: 	[f9bbd0c0e9d3]
15580: 
15581: 	* compat/Makefile.in, configure, configure.in,
15582: 	plugins/sample/Makefile.in, plugins/sudoers/Makefile.in,
15583: 	src/Makefile.in:
15584: 	Play more nicely with libtool and let it build libreplace (was
15585: 	libmissing) for us.
15586: 	[a4c6ebb2495c]
15587: 
15588: 	* include/missing.h:
15589: 	Include stdarg.h for va_list rather than requiring all consumers of
15590: 	missing.h to include stdarg.h themselves.
15591: 	[37382df948de]
15592: 
15593: 	* include/lbuf.h, plugins/sudoers/auth/sudo_auth.c,
15594: 	plugins/sudoers/check.c, plugins/sudoers/sudo_nss.c,
15595: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
15596: 	src/parse_args.c:
15597: 	Pass in output function to lbuf_init() instead of writing to stdout.
15598: 	A side effect is that the usage info can now go to stderr as it
15599: 	should.
15600: 	[6d261261a072]
15601: 
15602: 2010-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
15603: 
15604: 	* include/lbuf.h, plugins/sudoers/sudo_nss.c,
15605: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h, src/lbuf.c,
15606: 	src/parse_args.c, src/sudo.c:
15607: 	Use number of tty columns that is passed in user_info instead of
15608: 	getting it directly in the lbuf code.
15609: 	[8a16635c2638]
15610: 
15611: 	* plugins/sudoers/alias.c, plugins/sudoers/auth/dce.c,
15612: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
15613: 	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.h,
15614: 	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
15615: 	plugins/sudoers/defaults.h, plugins/sudoers/env.c,
15616: 	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
15617: 	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
15618: 	plugins/sudoers/interfaces.h, plugins/sudoers/logging.c,
15619: 	plugins/sudoers/logging.h, plugins/sudoers/match.c,
15620: 	plugins/sudoers/mon_systrace.h, plugins/sudoers/parse.c,
15621: 	plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
15622: 	plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
15623: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.h,
15624: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
15625: 	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
15626: 	plugins/sudoers/timestr.c, plugins/sudoers/toke.c,
15627: 	plugins/sudoers/toke.l, plugins/sudoers/tsgetgrpw.c,
15628: 	plugins/sudoers/visudo.c:
15629: 	Kill __P in sudoers
15630: 	[63601e6cb171]
15631: 
15632: 	* config.h.in, configure, configure.in, src/load_plugins.c:
15633: 	Set the sudoers plugin name in configure so we get the extension
15634: 	right.
15635: 	[edad89924cd1]
15636: 
15637: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
15638: 	Document lines/cols in user_info
15639: 	[a808872394f3]
15640: 
15641: 	* src/Makefile.in, src/sudo.c, src/sudo.h, src/ttysize.c:
15642: 	Add tty size to user info
15643: 	[23f3d27e77a7]
15644: 
15645: 	* src/script.c:
15646: 	Use TIOCGSIZE/TIOCSSIZE instead of TIOCGWINSZ/TIOCSWINSZ
15647: 	[a2208dd09051]
15648: 
15649: 2010-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
15650: 
15651: 	* plugins/sudoers/sudoers.c:
15652: 	Kill dead code Add missing sigsetjmp in sudo_policy_invalidate Error
15653: 	out if we fail to lookup the user's name that is passed in
15654: 	[e4e3728ed482]
15655: 
15656: 	* plugins/sudoers/error.c:
15657: 	Pass the error value back via siglongjmp.
15658: 	[667b8ad575ce]
15659: 
15660: 	* plugins/sudoers/check.c:
15661: 	Use conversation function for lecture.
15662: 	[1ab4719f509b]
15663: 
15664: 	* plugins/sudoers/check.c:
15665: 	Don't update ticket file if verify_user returns FALSE.
15666: 	[2bbc46a39a2b]
15667: 
15668: 2010-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
15669: 
15670: 	* plugins/sudoers/sudoers.c, src/sudo.c:
15671: 	Wire up invalidate and validate methods for sudoers
15672: 	[c0630c7bca47]
15673: 
15674: 	* plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
15675: 	plugins/sudoers/sudoers.h:
15676: 	Add support for -k flag with a command.
15677: 	[edad239b098b]
15678: 
15679: 	* src/parse_args.c:
15680: 	Allow -k to be specified with a command.
15681: 	[43a45add9974]
15682: 
15683: 	* plugins/sudoers/sudoers.c:
15684: 	Wire up policy_list
15685: 	[27cc35699eca]
15686: 
15687: 	* plugins/sudoers/error.c:
15688: 	Add newline at the end of message and space after the colon in
15689: 	warning message
15690: 	[5a591aa8e744]
15691: 
15692: 	* plugins/sudoers/auth/sudo_auth.c:
15693: 	Add missing newline after pass password warning
15694: 	[337dba3870a7]
15695: 
15696: 	* plugins/sudoers/sudoers.c:
15697: 	Set user_groups and user_ngroups based on user_info
15698: 	[61bee85128c8]
15699: 
15700: 	* plugins/sudoers/error.c:
15701: 	Make this compile
15702: 	[7041c441e1c8]
15703: 
15704: 	* plugins/sudoers/error.c, plugins/sudoers/sudoers.c:
15705: 	Make _warning in error.c use the conversation function and remove
15706: 	commented out warning/warningx in sudoers.c.
15707: 	[7c9b09024b63]
15708: 
15709: 	* plugins/sudoers/logging.c:
15710: 	Use siglongjmp() in log_error for fatal errors
15711: 	[b50e26f1c73f]
15712: 
15713: 	* plugins/sample/Makefile.in, plugins/sudoers/Makefile.in:
15714: 	Quiet a libtool warning
15715: 	[b2331fb006bc]
15716: 
15717: 	* Makefile:
15718: 	Build sudoers plugin
15719: 	[5cdf06e66978]
15720: 
15721: 	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
15722: 	Use warningx in yyerror() so the conversation function gets used
15723: 	when built as part of sudoers.
15724: 	[85f964215eef]
15725: 
15726: 2010-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
15727: 
15728: 	* plugins/sudoers/auth/pam.c:
15729: 	Rename sudo_conv to conversation to avoid a namespace conflict.
15730: 	[1ad359d36be9]
15731: 
15732: 	* plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
15733: 	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
15734: 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
15735: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
15736: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
15737: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
15738: 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
15739: 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
15740: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
15741: 	plugins/sudoers/check.c, plugins/sudoers/defaults.c,
15742: 	plugins/sudoers/env.c, plugins/sudoers/error.c,
15743: 	plugins/sudoers/find_path.c, plugins/sudoers/getspwuid.c,
15744: 	plugins/sudoers/goodpath.c, plugins/sudoers/gram.c,
15745: 	plugins/sudoers/gram.y, plugins/sudoers/interfaces.c,
15746: 	plugins/sudoers/ldap.c, plugins/sudoers/logging.c,
15747: 	plugins/sudoers/match.c, plugins/sudoers/mon_systrace.c,
15748: 	plugins/sudoers/parse.c, plugins/sudoers/pwutil.c,
15749: 	plugins/sudoers/redblack.c, plugins/sudoers/set_perms.c,
15750: 	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c,
15751: 	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
15752: 	plugins/sudoers/toke.c, plugins/sudoers/tsgetgrpw.c,
15753: 	plugins/sudoers/vasgroups.c, plugins/sudoers/visudo.c:
15754: 	Initial bits of sudoers plugin; still needs work.
15755: 	[af2a2c59a952]
15756: 
15757: 	* config.h.in:
15758: 	Add HAVE_STRDUP and HAVE_STRNDUP
15759: 	[50a3c0dd510f]
15760: 
15761: 	* compat/Makefile.in, configure, configure.in:
15762: 	Build libmissing in two flavors (one PIC one non-PIC) and link with
15763: 	the appropriate one.
15764: 	[b62f411a4c18]
15765: 
15766: 	* Makefile, compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
15767: 	compat/utimes.c, plugins/sample/Makefile.in, src/Makefile.in:
15768: 	Build libmissing in two flavors (one PIC one non-PIC) and link with
15769: 	the appropriate one.
15770: 	[e1e04972b5fe]
15771: 
15772: 2010-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
15773: 
15774: 	* include/missing.h:
15775: 	Add strdup and strndup and fix strsignal
15776: 	[c159babe2896]
15777: 
15778: 2010-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
15779: 
15780: 	* compat/strdup.c, compat/strndup.c, configure, configure.in,
15781: 	plugins/sample/Makefile.in, src/Makefile.in:
15782: 	Add strdup and strndup to compat
15783: 	[25c9fd399a4d]
15784: 
15785: 	* plugins/sample/sample_plugin.c:
15786: 	Need to include compat.h before missing.h
15787: 	[c94f7aad380f]
15788: 
15789: 	* compat/strsignal.c:
15790: 	Must check HAVE_DECL_SYS_SIGLIST == 1 (not just if defined) since if
15791: 	it doesn't exist configure will set it to 0.
15792: 	[384580566389]
15793: 
15794: 	* compat/glob.c:
15795: 	Fix botched ANSI C coversion of globexp2()
15796: 	[4a344b8cbe49]
15797: 
15798: 	* configure, configure.in:
15799: 	Remove redundant getgroups check
15800: 	[0b16ec210c81]
15801: 
15802: 	* configure, configure.in, src/lbuf.c, src/script.c, src/term.c:
15803: 	Require either termios or termio, no more sgtty.
15804: 	[9b2fa2f17a1c]
15805: 
15806: 	* compat/strsignal.c, config.h.in, configure, configure.in:
15807: 	Change the sys_siglist check to use AC_CHECK_DECLS and also check
15808: 	for _sys_siglist and__sys_siglist
15809: 	[2e078fed2408]
15810: 
15811: 2010-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
15812: 
15813: 	* configure, configure.in, src/Makefile.in:
15814: 	Change SUDO_LDFLAGS to SUDOERS_LDFLAGS and add SUDOERS_OBJS. We now
15815: 	use SUDO_OBJS for the main driver as part of OBJS.
15816: 	[9ae4a80a5ade]
15817: 
15818: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
15819: 	Mention in the conversation function section that a newline is not
15820: 	implicit.
15821: 	[04a233b6c491]
15822: 
15823: 	* include/compat.h:
15824: 	Add definition of WCOREDUMP for systems without it. This is known to
15825: 	work on AIX and SunOS 4, but may be incorrect on other systems that
15826: 	lack WCOREDUMP.
15827: 	[c85b3ce6b77d]
15828: 
15829: 2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
15830: 
15831: 	* plugins/sample/sample_plugin.c, src/conversation.c:
15832: 	conversation function no longer puts a newline at the end of info or
15833: 	error messages.
15834: 	[c534cae1ac4a]
15835: 
15836: 2010-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
15837: 
15838: 	* src/script.c:
15839: 	Use parent process group id instead of parent process id when
15840: 	checking foreground status and suspending parent. Fixes an issue
15841: 	when running commands under /usr/bin/time and others.
15842: 	[564f528c3bb7]
15843: 
15844: 2010-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
15845: 
15846: 	* aclocal.m4:
15847: 	transcript option is now --with not --enable
15848: 	[0646fac4cf93]
15849: 
15850: 	* plugins/sample/sample_plugin.c:
15851: 	Add support to -u and -g flags Check fmt_string retval Add timeout
15852: 	for debugging purposes
15853: 	[cfefa4fa60b5]
15854: 
15855: 	* src/script.c, src/sudo.c:
15856: 	Wire up SIGALRM handler Set close on exec flag for child side of the
15857: 	socketpair Fix signal handling when not doing I/O logging
15858: 	[379581ec7272]
15859: 
15860: 	* src/sudo.c:
15861: 	g/c unused SIGCHLD handler
15862: 	[0afa03912dce]
15863: 
15864: 	* src/fmt_string.c, src/parse_args.c, src/sudo.c:
15865: 	Don't use emalloc() in fmt_string(); we want to be able to use it
15866: 	from a plugin.
15867: 	[ade64d368147]
15868: 
15869: 	* include/list.h:
15870: 	tq_remove not list_remove
15871: 	[0e0e1fd5c31c]
15872: 
15873: 	* configure, configure.in:
15874: 	AUTH_OBJS should contain .lo files not .o files.
15875: 	[c64c82c9d5a2]
15876: 
15877: 2010-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
15878: 
15879: 	* src/parse_args.c:
15880: 	Simplify conversion of command line args to name=value pairs.
15881: 	[75ab127c6a94]
15882: 
15883: 	* plugins/sample/sample_plugin.c:
15884: 	Handle NULL reply from conversation function
15885: 	[6ce09b6cb204]
15886: 
15887: 	* compat/getline.c:
15888: 	Don't depend on emalloc/erealloc
15889: 	[73df09e2109f]
15890: 
15891: 	* plugins/sample/Makefile.in:
15892: 	Use $(OBJS) instead of sample_plugin.lo
15893: 	[2d995db9aa99]
15894: 
15895: 	* plugins/sample/sample_plugin.c:
15896: 	runas_user is in settings not user_info
15897: 	[7ee12068bc57]
15898: 
15899: 	* src/parse_args.c:
15900: 	Fix a mismatch between sudo_settings and settings_pairs that causes
15901: 	some settings to get the wrong values.
15902: 	[b1bc6d81a65f]
15903: 
15904: 2010-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
15905: 
15906: 	* src/Makefile.in, src/aix.c, src/alloc.c, src/atobool.c, src/error.c,
15907: 	src/fileops.c, src/lbuf.c, src/list.c, src/pty.c, src/sesh.c,
15908: 	src/sudo.c, src/sudo_edit.c, src/term.c, src/zero_bytes.c:
15909: 	Convert to ANSI C
15910: 	[d03b6e4a3b75]
15911: 
15912: 	* src/load_plugins.c:
15913: 	Fix strlcpy() return value check.
15914: 	[7cd66999a374]
15915: 
15916: 	* INSTALL, configure, configure.in:
15917: 	No longer need to substitute in script.o and pty.o; I/O logging
15918: 	support is always built.
15919: 	[45250024c5dc]
15920: 
15921: 2010-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
15922: 
15923: 	* src/script.c:
15924: 	Add fallback to /bin/sh when execve() fails with ENOEXEC.
15925: 	[7684a15a1352]
15926: 
15927: 	* include/alloc.h, src/alloc.c:
15928: 	Add estrndup()
15929: 	[47621c83bed9]
15930: 
15931: 2010-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
15932: 
15933: 	* src/script.c, src/sudo.c:
15934: 	Refactor script_execve() a bit so that it can be used in non-script
15935: 	mode. Needs more cleanup.
15936: 	[f09e022d547c]
15937: 
15938: 	* src/sudo.c:
15939: 	Ignore empty entries in command_info list
15940: 	[1eea9a8de21c]
15941: 
15942: 	* include/list.h, src/list.c:
15943: 	Add tq_remove
15944: 	[40908a617cb2]
15945: 
15946: 	* src/conversation.c:
15947: 	Pass timeout to tgetpass()
15948: 	[9e66c918b771]
15949: 
15950: 	* Makefile:
15951: 	Add ChangeLog target
15952: 	[da4a39150838]
15953: 
15954: 	* README, WHATSNEW:
15955: 	Bump version and update things slightly for sudo 1.8.0
15956: 	[4b73cc45e2d4]
15957: 
15958: 	* configure, configure.in:
15959: 	Sudo now requires an ANSI/ISO C compiler
15960: 	[1e51f72e6964]
15961: 
15962: 	* src/alloc.c, src/audit.c, src/error.c, src/lbuf.c,
15963: 	src/sudo_noexec.c:
15964: 	Convert to ANSI C
15965: 	[5cbd315dbde8]
15966: 
15967: 	* include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
15968: 	include/list.h, include/missing.h:
15969: 	Convert to ANSI C
15970: 	[3f5016ff64f4]
15971: 
15972: 	* compat/charclass.h, compat/closefrom.c, compat/fnmatch.c,
15973: 	compat/fnmatch.h, compat/getcwd.c, compat/getline.c,
15974: 	compat/getprogname.c, compat/glob.c, compat/glob.h,
15975: 	compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
15976: 	compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
15977: 	compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
15978: 	compat/strlcpy.c, compat/strsignal.c, compat/utime.h,
15979: 	compat/utimes.c:
15980: 	Convert to ANSI C
15981: 	[0d635c85461c]
15982: 
15983: 2010-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
15984: 
15985: 	* src/sudo.c, src/tgetpass.c:
15986: 	Make user_details extern so tgetpass can get at the uid and gid. Set
15987: 	uid/gid to user before executing askpass program. Check environment
15988: 	for SUDO_ASKPASS and use that if set. TODO: a way for the policy to
15989: 	set the askpass program itself
15990: 	[d33606396176]
15991: 
15992: 	* src/sudo.c:
15993: 	No longer need sudo_usage.h in sudo.c
15994: 	[063e2946c382]
15995: 
15996: 	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod, doc/sudo_plugin.man.in,
15997: 	doc/sudo_plugin.pod, src/Makefile.in, src/parse_args.c,
15998: 	src/sudo_usage.h.in:
15999: 	Document -D level command line flag which maps to the debug_level
16000: 	setting.
16001: 	[61f1e2ab3ac1]
16002: 
16003: 	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
16004: 	Document debug_level in plugin doc. Still need to document the -D
16005: 	flag in sudo itself.
16006: 	[8c62daea3e9b]
16007: 
16008: 2010-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
16009: 
16010: 	* plugins/sample/sample_plugin.c:
16011: 	include missing,h for vasprintf
16012: 	[92503de49b39]
16013: 
16014: 	* doc/Makefile.in, doc/plugin.pod, doc/sudo_plugin.cat,
16015: 	doc/sudo_plugin.man.in, doc/sudo_plugin.pod:
16016: 	Rename plugin.pod -> sudo_plugin.pod and wire into Makefile
16017: 	[14cfb4775238]
16018: 
16019: 	* plugins/sample/sample_plugin.c:
16020: 	Need to include limits.h
16021: 	[bda7f74343d2]
16022: 
16023: 	* compat/glob.c:
16024: 	No more sudo_getpw*
16025: 	[232e52907634]
16026: 
16027: 	* plugins/sample/Makefile.in, src/Makefile.in:
16028: 	Add missing compat bits
16029: 	[4843dd000e08]
16030: 
16031: 	* compat/closefrom.c, compat/mkstemp.c, plugins/sample/Makefile.in:
16032: 	compat files should not include sudo.h wire up compat in sample
16033: 	plugin
16034: 	[a175b8185e0f]
16035: 
16036: 	* Makefile, configure, configure.in, doc/Makefile.in, src/Makefile.in:
16037: 	Fix up compat dependencies. Fix distclean target in doc/Makefile.in
16038: 	[57e49bc20857]
16039: 
16040: 	* configure, configure.in:
16041: 	Fix typo
16042: 	[333655e3d5fe]
16043: 
16044: 	* plugins/sample/sample_plugin.c:
16045: 	Log input and output to temp files for proof of concept.
16046: 	[ae1dfc34f7d6]
16047: 
16048: 	* Makefile, configure, configure.in, doc/Makefile.in:
16049: 	Add doc Makefile.in and wire it up
16050: 	[6a310443c87d]
16051: 
16052: 	* src/script.c:
16053: 	Handle SIGSTOP in addition to SIGTSTP. Fixes a problem with
16054: 	suspending a shell with the "suspend" builtint.
16055: 	[3d65f182819a]
16056: 
16057: 	* src/script.c:
16058: 	In child, handle parent side of the pipe going away.
16059: 	[a29c14d78cd9]
16060: 
16061: 	* src/script.c:
16062: 	No longer need to check for explicit death of the child (process #2)
16063: 	since if it dies we will get EPIPE from the socketpair. Fix a
16064: 	sizeof() that was causing a spurious error. Convert SCRIPT_DEBUG to
16065: 	sudo_debug.
16066: 	[24c55dd4ff60]
16067: 
16068: 	* src/sudo.c:
16069: 	Make sudo_debug do a single vfprintf() which will result in a single
16070: 	write call on most systems. Avoids problems with interleaved debug
16071: 	printf from different processes. Also remove an extraneous error
16072: 	case since recv() can't return a short read and add some more XXX.
16073: 	[b37a8533ef1e]
16074: 
16075: 2010-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
16076: 
16077: 	* src/script.c:
16078: 	Fix uninitialized variable.
16079: 	[e012a0a30890]
16080: 
16081: 	* src/Makefile.in:
16082: 	Fix sudo install target
16083: 	[1417fa4b4ab9]
16084: 
16085: 	* src/parse_args.c, src/sudo.c, src/sudo.h:
16086: 	Wire up debug_level
16087: 	[144fab289c73]
16088: 
16089: 	* src/Makefile.in:
16090: 	Fix dependencies
16091: 	[5170940af2ce]
16092: 
16093: 	* configure, configure.in:
16094: 	Fix setting of plugin dir
16095: 	[144eda170a72]
16096: 
16097: 	* Makefile:
16098: 	add clean targets
16099: 	[d53f6f6f5c3a]
16100: 
16101: 	* src/atobool.c:
16102: 	Add missing source for sudo front end
16103: 	[42487de9c489]
16104: 
16105: 	* plugins/sample/Makefile.in, plugins/sample/sample_plugin.c:
16106: 	Sample plugin demonstrating the sudo plugin API
16107: 	[f1fd62d7644f]
16108: 
16109: 	* Makefile, configure, configure.in, install-sh, pathnames.h.in,
16110: 	plugins/sudoers/install-sh, src/Makefile.in, src/conversation.c,
16111: 	src/fileops.c, src/fmt_string.c, src/load_plugins.c,
16112: 	src/parse_args.c, src/pty.c, src/script.c, src/sudo.c, src/sudo.h,
16113: 	src/sudo_plugin_int.h, src/sudo_usage.h.in, src/tgetpass.c,
16114: 	sudo_usage.h.in:
16115: 	Modular sudo front-end which loads policy and I/O plugins that do
16116: 	most the actual work. Currently relies on dynamic loading using
16117: 	dlopen(). See doc/plugin.pod for the plugin API.
16118: 	[924f6eb2fbba]
16119: 
16120: 	* doc/plugin.pod, include/sudo_plugin.h:
16121: 	Sudo plugin API
16122: 	[374ccbbd24ae]
16123: 
16124: 	* compat/fnmatch.c, compat/glob.c, compat/nanosleep.c,
16125: 	compat/utimes.c, plugins/sudoers/check.c, plugins/sudoers/gettime.c,
16126: 	plugins/sudoers/match.c, plugins/sudoers/sudoreplay.c,
16127: 	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
16128: 	src/fileops.c, src/sudo_edit.c:
16129: 	Replace emul/include.h with compat/include.h to match new source
16130: 	tree layout.
16131: 	[7eccd10449a1]
16132: 
16133: 	* src/lbuf.c:
16134: 	Include missing.h for memrchr() proto
16135: 	[03abd63a8a33]
16136: 
16137: 	* HISTORY, LICENSE, Makefile.binary.in, Makefile.in, PORTING,
16138: 	TROUBLESHOOTING, UPGRADE, aix.c, aixcrypt.exp, alias.c, alloc.c,
16139: 	alloc.h, audit.c, auth/API, auth/afs.c, auth/aix_auth.c,
16140: 	auth/bsdauth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c,
16141: 	auth/pam.c, auth/passwd.c, auth/rfc1938.c, auth/secureware.c,
16142: 	auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
16143: 	auth/sudo_auth.h, boottime.c, bsm_audit.c, bsm_audit.h, check.c,
16144: 	closefrom.c, compat.h, compat/charclass.h, compat/closefrom.c,
16145: 	compat/fnmatch.c, compat/fnmatch.h, compat/getcwd.c,
16146: 	compat/getline.c, compat/getprogname.c, compat/glob.c,
16147: 	compat/glob.h, compat/isblank.c, compat/memrchr.c, compat/mkstemp.c,
16148: 	compat/nanosleep.c, compat/sigaction.c, compat/snprintf.c,
16149: 	compat/strcasecmp.c, compat/strerror.c, compat/strlcat.c,
16150: 	compat/strlcpy.c, compat/strsignal.c, compat/timespec.h,
16151: 	compat/utime.h, compat/utimes.c, def_data.c, def_data.h,
16152: 	def_data.in, defaults.c, defaults.h, doc/HISTORY, doc/LICENSE,
16153: 	doc/PORTING, doc/TROUBLESHOOTING, doc/UPGRADE, doc/history.pod,
16154: 	doc/license.pod, doc/sample.pam, doc/sample.sudoers,
16155: 	doc/sample.syslog.conf, doc/schema.ActiveDirectory,
16156: 	doc/schema.OpenLDAP, doc/schema.iPlanet, doc/sudo.cat,
16157: 	doc/sudo.man.in, doc/sudo.man.pl, doc/sudo.pod, doc/sudoers.cat,
16158: 	doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in, doc/sudoers.ldap.pod,
16159: 	doc/sudoers.man.in, doc/sudoers.man.pl, doc/sudoers.pod,
16160: 	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
16161: 	doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod, emul/charclass.h,
16162: 	emul/fnmatch.h, emul/glob.h, emul/timespec.h, emul/utime.h, env.c,
16163: 	error.c, error.h, fileops.c, find_path.c, fnmatch.c, getcwd.c,
16164: 	getdate.c, getdate.y, getline.c, getprogname.c, getspwuid.c,
16165: 	gettime.c, glob.c, goodpath.c, gram.c, gram.h, gram.y, history.pod,
16166: 	include/alloc.h, include/compat.h, include/error.h, include/lbuf.h,
16167: 	include/list.h, include/missing.h, ins_2001.h, ins_classic.h,
16168: 	ins_csops.h, ins_goons.h, install-sh, insults.h, interfaces.c,
16169: 	interfaces.h, isblank.c, lbuf.c, lbuf.h, ldap.c, license.pod,
16170: 	list.c, list.h, logging.c, logging.h, match.c, memrchr.c, missing.h,
16171: 	mkdefaults, mkstemp.c, mon_systrace.c, mon_systrace.h, nanosleep.c,
16172: 	nonunix.h, parse.c, parse.h, plugins/sudoers/Makefile.binary.in,
16173: 	plugins/sudoers/Makefile.in, plugins/sudoers/aixcrypt.exp,
16174: 	plugins/sudoers/alias.c, plugins/sudoers/auth/API,
16175: 	plugins/sudoers/auth/afs.c, plugins/sudoers/auth/aix_auth.c,
16176: 	plugins/sudoers/auth/bsdauth.c, plugins/sudoers/auth/dce.c,
16177: 	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/kerb4.c,
16178: 	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
16179: 	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
16180: 	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid.c,
16181: 	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
16182: 	plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/auth/sudo_auth.h,
16183: 	plugins/sudoers/boottime.c, plugins/sudoers/check.c,
16184: 	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
16185: 	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
16186: 	plugins/sudoers/defaults.h, plugins/sudoers/env.c,
16187: 	plugins/sudoers/find_path.c, plugins/sudoers/getdate.c,
16188: 	plugins/sudoers/getdate.y, plugins/sudoers/getspwuid.c,
16189: 	plugins/sudoers/gettime.c, plugins/sudoers/goodpath.c,
16190: 	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
16191: 	plugins/sudoers/gram.y, plugins/sudoers/ins_2001.h,
16192: 	plugins/sudoers/ins_classic.h, plugins/sudoers/ins_csops.h,
16193: 	plugins/sudoers/ins_goons.h, plugins/sudoers/install-sh,
16194: 	plugins/sudoers/insults.h, plugins/sudoers/interfaces.c,
16195: 	plugins/sudoers/interfaces.h, plugins/sudoers/ldap.c,
16196: 	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
16197: 	plugins/sudoers/match.c, plugins/sudoers/mkdefaults,
16198: 	plugins/sudoers/mon_systrace.c, plugins/sudoers/mon_systrace.h,
16199: 	plugins/sudoers/nonunix.h, plugins/sudoers/parse.c,
16200: 	plugins/sudoers/parse.h, plugins/sudoers/pwutil.c,
16201: 	plugins/sudoers/redblack.c, plugins/sudoers/redblack.h,
16202: 	plugins/sudoers/set_perms.c, plugins/sudoers/sudo_nss.c,
16203: 	plugins/sudoers/sudo_nss.h, plugins/sudoers/sudoers,
16204: 	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
16205: 	plugins/sudoers/sudoers2ldif, plugins/sudoers/sudoreplay.c,
16206: 	plugins/sudoers/testsudoers.c, plugins/sudoers/timestr.c,
16207: 	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
16208: 	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/vasgroups.c,
16209: 	plugins/sudoers/visudo.c, pty.c, pwutil.c, redblack.c, redblack.h,
16210: 	sample.pam, sample.sudoers, sample.syslog.conf,
16211: 	schema.ActiveDirectory, schema.OpenLDAP, schema.iPlanet, script.c,
16212: 	selinux.c, sesh.c, set_perms.c, sigaction.c, snprintf.c, src/aix.c,
16213: 	src/alloc.c, src/audit.c, src/bsm_audit.c, src/bsm_audit.h,
16214: 	src/error.c, src/fileops.c, src/lbuf.c, src/list.c, src/pty.c,
16215: 	src/script.c, src/selinux.c, src/sesh.c, src/sudo_edit.c,
16216: 	src/sudo_noexec.c, src/term.c, src/tgetpass.c, src/zero_bytes.c,
16217: 	strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, strsignal.c, sudo.c,
16218: 	sudo.cat, sudo.h, sudo.man.in, sudo.man.pl, sudo.pod, sudo_edit.c,
16219: 	sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudoers, sudoers.cat,
16220: 	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
16221: 	sudoers.man.in, sudoers.man.pl, sudoers.pod, sudoers2ldif,
16222: 	sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod,
16223: 	term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
16224: 	tsgetgrpw.c, utimes.c, vasgroups.c, visudo.c, visudo.cat,
16225: 	visudo.man.in, visudo.pod, zero_bytes.c:
16226: 	Rework source layout in preparation for modular sudo.
16227: 	[7fc1978c6ad5]
16228: 
16229: 2010-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
16230: 
16231: 	* Avoid a duplicate fclose() of the sudoers file.
16232: 	[5dba851088c1]
16233: 
16234: 	* Fix size arg when realloc()ing include stack. From Daniel Kopecek
16235: 	[0a2935061e33]
16236: 
16237: 	* Use setrlimit64(), if available, instead of setrlimit() when setting
16238: 	AIX resource limits since rlim_t is 32bits.
16239: 	[353db89bac61]
16240: 
16241: 	* Fix use after free when sending error messages. From Timo Juhani
16242: 	Lindfors
16243: 	[e50dbd902382]
16244: 
16245: 	* ChangeLog, Makefile.in:
16246: 	Generate the ChangeLog as part of "make dist" instead of having it
16247: 	in the repo.
16248: 	[251b70964673]
16249: 
16250: 2010-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
16251: 
16252: 	* Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
16253: 	auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
16254: 	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
16255: 	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
16256: 	auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
16257: 	closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
16258: 	emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
16259: 	fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
16260: 	gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
16261: 	ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
16262: 	isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
16263: 	logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
16264: 	mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
16265: 	pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
16266: 	sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
16267: 	sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
16268: 	strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
16269: 	sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
16270: 	sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
16271: 	sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
16272: 	term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
16273: 	utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
16274: 	Remove CVS $Sudo$ tags.
16275: 	[de683a8b31f5]
16276: 
16277: 2010-01-18  convert-repo  <convert-repo>
16278: 
16279: 	* .hgtags:
16280: 	update tags
16281: 	[9b7aa44ae436]
16282: 
16283: 2009-12-26  Todd C. Miller  <Todd.Miller@courtesan.com>
16284: 
16285: 	* sudo_usage.h.in:
16286: 	make this match sudoers SYNOPSIS
16287: 	[c74ba66944c2]
16288: 
16289: 	* lbuf.c, parse.c:
16290: 	Print a newline between Runas and Command-specific defaults in sudo
16291: 	-l.
16292: 	[b5bdfcc9ce4b]
16293: 
16294: 	* term.c:
16295: 	Use SET and CLR macros in term_raw
16296: 	[50ca42609d6c]
16297: 
16298: 	* sudoreplay.c:
16299: 	Set stdin to non-blocking mode early instead of in check_input. Use
16300: 	term_raw instead of term_cbreak since the data we get has already
16301: 	been expanded via OPOST.
16302: 	[51c47e803d62]
16303: 
16304: 2009-12-23  Todd C. Miller  <Todd.Miller@courtesan.com>
16305: 
16306: 	* script.c, term.c:
16307: 	Enable/disable all postprocessing instead of just nl->crnl
16308: 	processing since things like tab expansion matter too. However, if
16309: 	stdout is a tty leave postprocessing on in the pty since we run into
16310: 	problems doing it only on the real stdout with .e.g nvi.
16311: 	[62666e309673]
16312: 
16313: 2009-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
16314: 
16315: 	* check.c:
16316: 	If tty_tickets is enabled and there is no tty, prompt for a
16317: 	password. Do not lecture user for "sudo -k command" if user has a
16318: 	timestamp.
16319: 	[5880200c5f6b]
16320: 
16321: 	* INSTALL:
16322: 	Document missing options: --with-efence and --with-bsm-audit
16323: 	[d83afcdf9ff3]
16324: 
16325: 	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
16326: 	sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
16327: 	sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
16328: 	visudo.man.in, visudo.pod:
16329: 	username -> user name groupname -> group name hostname -> host name
16330: 	[10c85646f45d]
16331: 
16332: 	* INSTALL, README.LDAP, sudoers.pod:
16333: 	filename -> file name like the rest of the docs
16334: 	[1ef8ab5a9018]
16335: 
16336: 2009-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
16337: 
16338: 	* parse.c:
16339: 	Fix printing of entries with multiple host entries on a single line.
16340: 	[226ceaf91d8d]
16341: 
16342: 2009-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
16343: 
16344: 	* sudoers.pod:
16345: 	Mention that targetpw affects the timestamp file name.
16346: 	[a26e22e4f72e]
16347: 
16348: 	* def_data.c, def_data.h, def_data.in, defaults.c, script.c,
16349: 	sudoers.pod:
16350: 	Add compress_transcript option.
16351: 	[6e94f8cb9dfb]
16352: 
16353: 2009-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
16354: 
16355: 	* configure, configure.in:
16356: 	bump to 1.7.3b2
16357: 	[906d7e347d15]
16358: 
16359: 	* pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
16360: 	Better split of membership vs. traditional group check in
16361: 	user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
16362: 	[6ebc55d4716b]
16363: 
16364: 2009-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
16365: 
16366: 	* pwutil.c:
16367: 	Fix pasto and add default return value.
16368: 	[7973b5e4599c]
16369: 
16370: 	* check.c, match.c, pwutil.c, sudo.h:
16371: 	refactor group member checking into user_in_group()
16372: 	[48ca8c2eddf8]
16373: 
16374: 	* check.c, config.h.in, configure, configure.in, match.c, sudo.c,
16375: 	sudo.h:
16376: 	Add support for mbr_check_membership() as present in darwin.
16377: 	[5501aed02b9f]
16378: 
16379: 2009-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
16380: 
16381: 	* match.c:
16382: 	Rename label to be accurate
16383: 	[3af17dd960f7]
16384: 
16385: 	* Makefile.in, boottime.c, check.c, config.h.in, configure,
16386: 	configure.in, sudo.h:
16387: 	Treat timestamp files from before we booted as old. Idea from and
16388: 	Apple patch.
16389: 	[5c96e484c05a]
16390: 
16391: 2009-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
16392: 
16393: 	* sudo.c, sudo.pod, sudo_usage.h.in:
16394: 	Allow the -u flag to be used in conjunction with the -v flag as per
16395: 	older versions of sudo.
16396: 	[591e9fc13c1a]
16397: 
16398: 	* logging.c:
16399: 	fix typo in last commit
16400: 	[4fd0c692dcf0]
16401: 
16402: 2009-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
16403: 
16404: 	* logging.c:
16405: 	Convert fmt_first and fmt_confd into macros.
16406: 	[32e870158b29]
16407: 
16408: 	* sudoers.pod:
16409: 	timeouts can be floats now
16410: 	[89de639a9679]
16411: 
16412: 	* WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
16413: 	defaults.h, mkdefaults:
16414: 	Add support for floating point timeout values (e.g. 2.5 minutes).
16415: 	[210ffa291733]
16416: 
16417: 2009-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
16418: 
16419: 	* sudo.pod:
16420: 	The -L flag will be removed in sudo 1.7.4
16421: 	[ffd026084333]
16422: 
16423: 2009-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
16424: 
16425: 	* sudoreplay.c:
16426: 	Fix a bug due to order of operators.
16427: 	[938d34464283]
16428: 
16429: 2009-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
16430: 
16431: 	* match.c:
16432: 	cmnd_matches() already deals with negation so _cmndlist_matches()
16433: 	does not need to do so itself. Fixes a bug with negated entries in a
16434: 	Cmnd_List.
16435: 	[71c845f6ce73]
16436: 
16437: 2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
16438: 
16439: 	* sudo.c:
16440: 	Don't exit() from open_sudoers, just return NULL for all errors.
16441: 	[8cfa832f972a]
16442: 
16443: 	* script.c:
16444: 	Can't rely on the shell sending us SIGCONT when transitioning from
16445: 	backgroup to foreground process.
16446: 	[3c6c5b6cb4b3]
16447: 
16448: 	* toke.c, toke.l:
16449: 	Add missing extern def for parse_error
16450: 	[45b7b59d03b7]
16451: 
16452: 2009-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
16453: 
16454: 	* toke.c, toke.l:
16455: 	Avoid a parse error when #includedir doesn't find any files. Closes
16456: 	bug #375
16457: 	[1ce1b850e9e6]
16458: 
16459: 	* Makefile.in:
16460: 	Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
16461: 	[6a22e32da108]
16462: 
16463: 2009-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
16464: 
16465: 	* script.c:
16466: 	Start command out in foreground mode if stdout is a tty. Works
16467: 	around issues with some curses-based programs that don't handle
16468: 	tcsetattr getting interrupted by a signal. Still allows us to avoid
16469: 	hogging the tty if the command is part of a pipeline.
16470: 	[1c32f2b94769]
16471: 
16472: 	* script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
16473: 	Use a socketpair to pass signals from parent to child. Child will
16474: 	now pass command status change info back via the socketpair. This
16475: 	allows the parent to distinguish between signals it has been sent
16476: 	directly and signals the command has received. It also means the
16477: 	parent can once again print the signal notifications to the tty so
16478: 	all writes to the pty master occur in the parent. The command is now
16479: 	always started in background mode with tty signals handled by the
16480: 	parent.
16481: 	[c6790b82986d]
16482: 
16483: 2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
16484: 
16485: 	* configure, configure.in:
16486: 	Fix a few typos in the descriptions; from Jeff Makey Only do the
16487: 	check for krb5_get_init_creds_opt_free() taking two arguments if we
16488: 	find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
16489: 	positive when using our own krb5_get_init_creds_opt_free which takes
16490: 	only a single argument.
16491: 	[845a9ff6f93d]
16492: 
16493: 2009-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
16494: 
16495: 	* configure, configure.in:
16496: 	Remove a spurious comma in the kerb5 bits.
16497: 	[3433eab083db]
16498: 
16499: 	* auth/kerb5.c:
16500: 	Call krb5_get_init_creds_opt_init() in our emulated
16501: 	krb5_get_init_creds_opt_alloc() for MIT kerberos.
16502: 	[7ffb40bf43e9]
16503: 
16504: 2009-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
16505: 
16506: 	* config.h.in:
16507: 	Add HAVE_ZLIB
16508: 	[9297bde61ecc]
16509: 
16510: 	* script.c:
16511: 	Need to ignore SIGTT{IN,OU} in child when running the command in the
16512: 	background. Also some minor cleanup.
16513: 	[dc208d982319]
16514: 
16515: 2009-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
16516: 
16517: 	* script.c:
16518: 	Instead of calling sigsuspend when waiting for SIGUSR[12] from
16519: 	parent, install the signal handlers w/o SA_RESTART and let them
16520: 	interrupt waitpid().
16521: 	[759c7d18203b]
16522: 
16523: 	* script.c:
16524: 	Pass along SIGHUP and SIGTERM from parent to child.
16525: 	[035b0e254568]
16526: 
16527: 	* script.c:
16528: 	Close unused bits of script_fds in processes that don't need them.
16529: 	Restore default SIGCONT handler in child.
16530: 	[e037378ab0c1]
16531: 
16532: 	* script.c:
16533: 	Update foreground/background status in SIGCONT handler in parent
16534: 	process.
16535: 	[3f7f91333264]
16536: 
16537: 2009-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
16538: 
16539: 	* script.c:
16540: 	Defer setting terminal into raw mode until just before we fork() and
16541: 	only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
16542: 	and sudo is already in the foreground be sure to set raw mode before
16543: 	continuing the child.
16544: 	[1102ef40832c]
16545: 
16546: 2009-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
16547: 
16548: 	* script.c:
16549: 	Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
16550: 	give the command the controlling tty if the main sudo process is the
16551: 	foreground process.
16552: 	[cf3a91cb5682]
16553: 
16554: 	* script.c:
16555: 	Don't bother with sudo_waitpid() here for now.
16556: 	[9086de480c2d]
16557: 
16558: 	* script.c:
16559: 	fix non-zlib case
16560: 	[a258bff0f9a6]
16561: 
16562: 2009-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
16563: 
16564: 	* script.c:
16565: 	Remove non-wroking code that crept into rev 1.55
16566: 	[2802dd55cff5]
16567: 
16568: 2009-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
16569: 
16570: 	* INSTALL, configure, configure.in, script.c, sudoreplay.c:
16571: 	First pass at zlib support for transcript data files
16572: 	[5d10260807da]
16573: 
16574: 	* Makefile.in:
16575: 	remove vestiges of ZLDFLAGS
16576: 	[1fa0caf1c0fb]
16577: 
16578: 	* script.c:
16579: 	Add missing variable declaration for when TIOCSCTTY is not defined.
16580: 	Need to include sys/termio.h for TIOCSCTTY on some systems.
16581: 	[ee7f41ac2709]
16582: 
16583: 	* script.c:
16584: 	when resuming command, send SIGCONT to its pgrp not just pid
16585: 	[5cd63c1d565b]
16586: 
16587: 	* selinux.c:
16588: 	remove unused variable
16589: 	[df67df4be228]
16590: 
16591: 	* script.c:
16592: 	include selinux.h for is_selinux_enabled() proto
16593: 	[85ebaa880cc1]
16594: 
16595: 	* script.c:
16596: 	Don't use log_error() in the child process.
16597: 	[def65fe2a433]
16598: 
16599: 	* script.c:
16600: 	Do I/O in parent instead of child since the parent can have both
16601: 	/dev/tty as well as the pty fds open. The child just sets things up
16602: 	and waits for its grandchild and writes the signal description to
16603: 	the pty master if the command was killed by a signal.
16604: 	[95e473208982]
16605: 
16606: 2009-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
16607: 
16608: 	* missing.h, sudo.h:
16609: 	Move two struct forward declarations from sudo.h to missing.h
16610: 	[90ad28294a8c]
16611: 
16612: 	* script.c:
16613: 	Make comment at the top of script_exec() match reality.
16614: 	[c5042d27dbe0]
16615: 
16616: 	* sudo.c:
16617: 	if neither stdin nor stdout is a tty, check stderr
16618: 	[c532ff20c8d8]
16619: 
16620: 	* Makefile.in:
16621: 	Add back dependecy of gram.h on gram.y
16622: 	[c58382b7fcca]
16623: 
16624: 	* script.c:
16625: 	Make transcript mode work as long as we can figure out our tty, even
16626: 	if it is not stdin. We'd like to use /dev/tty but that won't be
16627: 	valid after the setsid().
16628: 	[7b8bba8d99e7]
16629: 
16630: 2009-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
16631: 
16632: 	* config.h.in, configure, configure.in, pty.c:
16633: 	Add support for IRIX-style dynamic ptys
16634: 	[bedc9bac44c1]
16635: 
16636: 	* Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
16637: 	Move alloc.c protos into alloc.h
16638: 	[b6a90649617d]
16639: 
16640: 	* missing.h:
16641: 	Move prototypes for missing libc functions to missing.h
16642: 	[dda9ae1ccaf8]
16643: 
16644: 	* Makefile.in, sudo.h, sudoreplay.c:
16645: 	Move prototypes for missing libc functions to missing.h
16646: 	[7483166b577b]
16647: 
16648: 2009-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
16649: 
16650: 	* config.h.in, configure, configure.in:
16651: 	Disable transcript support if no tcsetpgrp until we support older
16652: 	BSD-style job control.
16653: 	[27ac1d8163df]
16654: 
16655: 	* configure, configure.in, pty.c, script.c:
16656: 	Break out pty code into pty.c
16657: 	[e85509b25d41]
16658: 
16659: 	* compat.h, config.h.in, configure, configure.in:
16660: 	add killpg macro if no killpg function
16661: 	[3a125f4a51f0]
16662: 
16663: 	* config.h.in, configure, configure.in, script.c:
16664: 	Push ptem and ldterm for STERAMS-based systems when allocating a
16665: 	pty.
16666: 	[36bb39b30ff2]
16667: 
16668: 2009-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
16669: 
16670: 	* script.c:
16671: 	Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
16672: 	[d94bd5c9bf4e]
16673: 
16674: 	* script.c:
16675: 	Call tcgetpgrp() in the parent, not the child and have the child
16676: 	spin until it is granted. Fixes a race on darwin.
16677: 	[6e8d435339ce]
16678: 
16679: 	* script.c:
16680: 	Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
16681: 	reopen slave.
16682: 	[0bdc63c019ca]
16683: 
16684: 2009-10-14  Todd C. Miller  <Todd.Miller@courtesan.com>
16685: 
16686: 	* script.c:
16687: 	In script mode, if the command is killed by a signal, print the
16688: 	signal description as well as a core dump notification like the
16689: 	shell does.
16690: 	[9df61738df07]
16691: 
16692: 	* Makefile.in, config.h.in, configure, configure.in, strsignal.c,
16693: 	sudo.h:
16694: 	Add check for strsignal() and a simple implementation if it is not
16695: 	there but sys_siglist is
16696: 	[61421a188ef4]
16697: 
16698: 	* script.c:
16699: 	Add missing WUNTRACED and store the signal that stopped the
16700: 	grandchild in suspended, not signo.
16701: 	[df65042b200e]
16702: 
16703: 	* script.c:
16704: 	g/c unused code
16705: 	[40d8cb5c9203]
16706: 
16707: 	* script.c:
16708: 	Associate the grandchild's pgrp with the tty instead of the child's
16709: 	and just get suspend notifications via SIGCHLD instead of directly.
16710: 	This fixes a hang with programs that try to set terminal attributes
16711: 	and is more consistent with how the shell handles things.
16712: 	[6865abff7e94]
16713: 
16714: 2009-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
16715: 
16716: 	* script.c:
16717: 	Move setpgid() of child into the parent side of the fork() where it
16718: 	belongs.
16719: 	[3defa782777c]
16720: 
16721: 2009-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
16722: 
16723: 	* script.c:
16724: 	fix typo
16725: 	[b6a612b3622c]
16726: 
16727: 	* script.c:
16728: 	Run command in its own pgrp (like the shell does) for easier
16729: 	signalling. No need to relay SIGINT or SIGQUIT to parent, just send
16730: 	to grandchild. Don't want grandchild stopped events in the child
16731: 	(only termination). Flush output after suspending grandchild before
16732: 	signalling parent.
16733: 	[db556bf2176f]
16734: 
16735: 	* script.c:
16736: 	Back out revision 1.34; the problem lies elsewhere.
16737: 	[85f590a03275]
16738: 
16739: 	* script.c:
16740: 	Don't set stdout to blocking mode when flushing remaining output. It
16741: 	can cause us to hang when trying to exit. Need to investigate why.
16742: 	[6f803a3e33ca]
16743: 
16744: 	* script.c:
16745: 	Handle SIGTTOU and remove some debugging.
16746: 	[52d17279053e]
16747: 
16748: 	* term.c:
16749: 	Back out revision 1.10 as the signal that interrupts us may be
16750: 	SIGTTOU or SIGTTIN which the caller must handle.
16751: 	[7e2fa9107975]
16752: 
16753: 	* script.c:
16754: 	Apparently we need to send SIGSTOP to the command as well as ourself
16755: 	when we get SIGTSTP, the kernel doesn't automatically stop the
16756: 	process for us.
16757: 	[1a936e9309c4]
16758: 
16759: 	* script.c:
16760: 	Use an extra process to act as the glue bewteen the sessions
16761: 	associated with the user's controlling tty (what the shell uses) and
16762: 	the tty that sudo is using to do its logging. Basically, this means
16763: 	that if we get, e.g. SIGTSTP from the process sudo is running, we
16764: 	relay the signal to the parent so it's shell can do the job control.
16765: 	[6dd296988060]
16766: 
16767: 	* term.c:
16768: 	Handle getting/setting terminal attributes when the fd is in non-
16769: 	blocking mode.
16770: 	[ae5ae535ea7b]
16771: 
16772: 2009-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
16773: 
16774: 	* sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
16775: 	Add support for pausing and changing the speed in interactive mode.
16776: 	[72a2063780a7]
16777: 
16778: 	* script.c:
16779: 	Already define O_NOCTTY in compat.h, don't need it here
16780: 	[b5d80ed3e5ce]
16781: 
16782: 2009-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
16783: 
16784: 	* sudoreplay.c:
16785: 	Add missing protos
16786: 	[c4cb4e7f4d8a]
16787: 
16788: 2009-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>
16789: 
16790: 	* sudo_edit.c:
16791: 	Always update the stashed mtime of the temp file instead of using
16792: 	what we have for the original because the time resolution of the
16793: 	filesystem the temporary is on may not match that of the filesystem
16794: 	that holds the original. Should fix bz #371 found by Philippe Levan.
16795: 	[c86ca4bec60c]
16796: 
16797: 	* sudoreplay.c:
16798: 	Use cbreak mode instead of raw mode and add signal handlers to
16799: 	restore the tty on interrupt.
16800: 	[84dd283da41c]
16801: 
16802: 	* script.c, sudo.h, term.c:
16803: 	Retain NL to NLCR conversion on the real tty and skip it on the pty
16804: 	we allocate. That way, if stdout is not a pty there are no extra
16805: 	carriage returns.
16806: 	[32e4f570414e]
16807: 
16808: 	* script.c:
16809: 	Fix log_output(); just pass in a string and a length.
16810: 	[ca980cc0a3fb]
16811: 
16812: 2009-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
16813: 
16814: 	* script.c:
16815: 	do not use errno when complaining out lack of a tty
16816: 	[8f9b8c55ab8e]
16817: 
16818: 2009-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
16819: 
16820: 	* Makefile.in, sudoreplay.c, term.c:
16821: 	Instead of messing with line endings, just set terminal to raw mode
16822: 	in sudoreplay.
16823: 	[90943fa87acb]
16824: 
16825: 	* term.c:
16826: 	When copying the terminal attributes to the pty, be sure not to set
16827: 	ONLCR. This prevents extra carriage returns from ending up in the
16828: 	script output file.
16829: 	[e6b5475ac2aa]
16830: 
16831: 	* script.c:
16832: 	Convert a do {} while into a while
16833: 	[e461310d2c77]
16834: 
16835: 	* Makefile.in:
16836: 	Use if then instead of test && when installing binaries that may not
16837: 	exist.
16838: 	[ad4f9490d971]
16839: 
16840: 	* script.c:
16841: 	Add O_NOCTTY when opening a tty device. Explicitly disconnect from
16842: 	old tty before associatng with new one.
16843: 	[0e0ca634b80c]
16844: 
16845: 	* script.c, selinux.c, sudo.c, sudo.h:
16846: 	First cut at refactoring some of the selinux code so it can be used
16847: 	in conjunction with sudo's transcript support.
16848: 	[779b0d8f9d29]
16849: 
16850: 2009-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
16851: 
16852: 	* aclocal.m4, configure, configure.in:
16853: 	Fix default case of transcript_enabled being unset.
16854: 	[f8aa96186e6b]
16855: 
16856: 	* script.c, sudoreplay.c:
16857: 	Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
16858: 	[2844a7a851fa]
16859: 
16860: 	* INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
16861: 	Hook up --disable-transcript and --enable-transcript=DIR
16862: 	[b3fa7e6b2480]
16863: 
16864: 2009-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
16865: 
16866: 	* aclocal.m4, configure, configure.in, pathnames.h.in:
16867: 	_PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
16868: 	transcript=DIR option to specify the directory
16869: 	[b0bb76d43cda]
16870: 
16871: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
16872: 	regen
16873: 	[c7a8a0a9027c]
16874: 
16875: 	* configure, configure.in, sudoers.man.pl, sudoers.pod:
16876: 	Substitute in default value for secure_path
16877: 	[c8f9ac6dbf93]
16878: 
16879: 	* sudo.pod:
16880: 	Mention that the password must be followed by a newline with the -S
16881: 	option.
16882: 	[2fc589a3ee7e]
16883: 
16884: 2009-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
16885: 
16886: 	* script.c:
16887: 	Go back to dropping out of the select() loop when the process dies;
16888: 	Linux ptys apparently don't behave the same as BSD in regards to
16889: 	select(). No need to flush remaining output to the transcript, only
16890: 	to stdout. Add back code to check the master pty for additional data
16891: 	when we exit the main select loop.
16892: 	[abed9a9cbc6b]
16893: 
16894: 2009-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
16895: 
16896: 	* Makefile.in:
16897: 	Add getline.o to COMMON_OBJS
16898: 	[04ef7643cbc2]
16899: 
16900: 	* Makefile.in:
16901: 	sudoreplay depends on libsudo.a
16902: 	[142bd0472631]
16903: 
16904: 	* Makefile.in:
16905: 	More pwutil.o into COMMON_OBJS
16906: 	[4a016b933629]
16907: 
16908: 	* pwutil.c, testsudoers.c, tsgetgrpw.c:
16909: 	Remove my_* redirection in pwutil.c for testsudoers and just use the
16910: 	normal libc get{pw,gr}* names.
16911: 	[9b76d637d86b]
16912: 
16913: 	* sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
16914: 	More time and date examples
16915: 	[c6ee0175ec56]
16916: 
16917: 	* Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
16918: 	Move nanosleep() emulation into its own file Check librt.a for
16919: 	nanosleep if we don't find it in libc
16920: 	[4da0cc26aad7]
16921: 
16922: 	* Makefile.in, configure, configure.in:
16923: 	Build libsudo with the common bits and link things against that.
16924: 	[2b53bc0b081a]
16925: 
16926: 	* script.c:
16927: 	Fix final flush.
16928: 	[6da287d833da]
16929: 
16930: 	* script.c:
16931: 	Keep reading from the pty master -> log file until read returns <=
16932: 	0. Do our best to write everything to stdout when flushing any
16933: 	remaining bits.
16934: 	[2a45d4ae280c]
16935: 
16936: 	* sudoreplay.c:
16937: 	Use unbuffered I/O when writing to stdout and make sure we write the
16938: 	entire buffer.
16939: 	[f39ef9844a47]
16940: 
16941: 2009-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
16942: 
16943: 	* sudoreplay.c:
16944: 	Only use max_wait if it is non-zero
16945: 	[f6c10604d2e8]
16946: 
16947: 	* getdate.c, getdate.y, getline.c:
16948: 	Need compat.h here
16949: 	[5d6722e225a0]
16950: 
16951: 	* sudoreplay.c:
16952: 	Fix nanosleep emulation
16953: 	[34e5e5d72a76]
16954: 
16955: 	* script.c:
16956: 	Fix comment after #endif
16957: 	[bd1347718b25]
16958: 
16959: 	* sudoreplay.c:
16960: 	Add protos for missing libc bits
16961: 	[644f496427a2]
16962: 
16963: 	* configure, configure.in:
16964: 	add missing line continuation char
16965: 	[db13c0d402cd]
16966: 
16967: 	* config.h.in, configure, configure.in, getline.c:
16968: 	Implement getline() in terms of fgetln() if we have it.
16969: 	[3ab786eaadc5]
16970: 
16971: 	* sudoreplay.c:
16972: 	Print year when formatting log line
16973: 	[90be669e3443]
16974: 
16975: 	* sudoreplay.pod:
16976: 	Document cwd, attempt to document time/date formats.
16977: 	[6290fb9b65c6]
16978: 
16979: 	* sudoreplay.c:
16980: 	Fix getline return value check.
16981: 	[d696d6657261]
16982: 
16983: 	* Makefile.in, config.h.in, configure, configure.in, getline.c,
16984: 	sudoreplay.c:
16985: 	Use getline() if the system has it, else use provide our own for
16986: 	sudoreplay.
16987: 	[afca1d6fbe5e]
16988: 
16989: 	* script.c:
16990: 	Refactor code to update output and timing files.
16991: 	[361491332b1a]
16992: 
16993: 2009-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
16994: 
16995: 	* sudoreplay.c:
16996: 	Make sudo_getln() behave more like glibc getline.
16997: 	[40c9f2ea29e6]
16998: 
16999: 	* script.c:
17000: 	When flushing remaining output, also update timing file.
17001: 	[5a9a5a627549]
17002: 
17003: 	* sudoreplay.c:
17004: 	Use get_timestr() and make the -l output look like the regular sudo
17005: 	log.
17006: 	[452ba9d436c9]
17007: 
17008: 	* logging.c, sudo.h, timestr.c:
17009: 	Make get_timestr() take a time_t so we can use it properly in
17010: 	sudoreplay.
17011: 	[82e67cc53c9c]
17012: 
17013: 	* script.c:
17014: 	Create session dir earlier now that we update the seq number early.
17015: 	[797fe8d6dc61]
17016: 
17017: 2009-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
17018: 
17019: 	* sudoreplay.c:
17020: 	Use fromdate and todate as the keywords instead of from and to; the
17021: 	short forms will still be accepted.
17022: 	[d14d9b116df4]
17023: 
17024: 	* sudoreplay.c:
17025: 	Fix reading long liensin sudo_getln()
17026: 	[58dadd74118c]
17027: 
17028: 	* script.c, sudoreplay.c:
17029: 	Log the cwd in the script log file. Add sudo_getln() to read
17030: 	arbitrarily long lines.
17031: 	[faceb802ab8f]
17032: 
17033: 	* Makefile.in, logging.c, sudo.h, timestr.c:
17034: 	Move get_timestr() into its own source file so sudoreplay can use
17035: 	it.
17036: 	[99b054bfa20a]
17037: 
17038: 2009-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
17039: 
17040: 	* sudoreplay.c:
17041: 	Add to and from perdicates (date ranges); needs documentation
17042: 	[1d629174dcf4]
17043: 
17044: 2009-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
17045: 
17046: 	* Makefile.in, getdate.c, getdate.y:
17047: 	Fix warning and add generated getdate.c
17048: 	[b877a86b5a03]
17049: 
17050: 	* Makefile.in, getdate.y:
17051: 	Add getdate.y to be used for sudoreplay date parsing.
17052: 	[b8e26fbb7a40]
17053: 
17054: 2009-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
17055: 
17056: 	* sudoreplay.c:
17057: 	Check more than just the first character of a predicate
17058: 	[4fe53728adb1]
17059: 
17060: 	* sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
17061: 	Add examples, sort predicates
17062: 	[70f8075cbccc]
17063: 
17064: 	* Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
17065: 	sudoreplay.pod:
17066: 	Implement search expressions in sudoreplay similar in concept to
17067: 	what find or tcpdump uses. TODO: date ranges
17068: 	[f7ce4fb4cf3a]
17069: 
17070: 2009-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
17071: 
17072: 	* script.c:
17073: 	Remove vhangup as it was hanging up the wrong tty. Should really
17074: 	vhangup in the child after it as set its tty.
17075: 	[2eed9df73010]
17076: 
17077: 	* sudoers.pod:
17078: 	Fix cut at documenting transcript support.
17079: 	[e6c533a5568a]
17080: 
17081: 	* logging.c:
17082: 	ID= -> TSID= for transcript ID
17083: 	[1bf755a35333]
17084: 
17085: 2009-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
17086: 
17087: 	* sudoers.pod:
17088: 	Move fast_glob description to where it belongs in sorted order
17089: 	[5901cfb0d25f]
17090: 
17091: 	* def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
17092: 	parse.c, parse.h, sudo.c:
17093: 	Rename script -> transcript
17094: 	[e06cf823122c]
17095: 
17096: 2009-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
17097: 
17098: 	* compat.h:
17099: 	Add timeradd and timersub for those without them
17100: 	[929f8aa06c2b]
17101: 
17102: 	* script.c:
17103: 	Sanity check sessid before using it.
17104: 	[aa8ca5211d43]
17105: 
17106: 	* sudo.c:
17107: 	Only set the session id if we are running a command or editing a
17108: 	file.
17109: 	[7205d717c098]
17110: 
17111: 	* script.c:
17112: 	Actually. qsort is fine since most versions fal back to a cheaper
17113: 	sort when the number of elements to sort is small (like in our
17114: 	case).
17115: 	[d11c7cd352fe]
17116: 
17117: 	* config.h.in, configure, configure.in, script.c:
17118: 	Check for dup2 and use dup instead if we don't have it.
17119: 	[98bd89830f8a]
17120: 
17121: 	* script.c, sudo.c, sudo.h:
17122: 	Move the code to dup2 the script fds to low numbered descriptors
17123: 	into script_duplow() and fix the fd sorting.
17124: 	[9453fdc5fba6]
17125: 
17126: 	* script.c, sudo.c, sudo.h:
17127: 	Move script_setup() back to immediately before we drop privs and
17128: 	call the new script_nextid() in its place, which will set
17129: 	sudo_user.sessid for the logging functions.
17130: 	[8434d0c8ff08]
17131: 
17132: 2009-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
17133: 
17134: 	* Makefile.in:
17135: 	Install sudoreplay
17136: 	[6acf2cdb4d3f]
17137: 
17138: 	* sudoreplay.c:
17139: 	remove unused variable
17140: 	[2316360bb992]
17141: 
17142: 2009-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
17143: 
17144: 	* logging.c, script.c, sudo.c, sudo.h:
17145: 	Log the session ID, if there is one. Currently logs ID=XXXXXX,
17146: 	perhaps should be SESSIONID or SESSID.
17147: 	[53976905b0a6]
17148: 
17149: 	* Makefile.in, configure, configure.in, sudoreplay.cat,
17150: 	sudoreplay.man.in, sudoreplay.pod:
17151: 	Add sudoreplay docs
17152: 	[da4f14f0e64c]
17153: 
17154: 	* sudoreplay.c:
17155: 	add -V (version) flag
17156: 	[b5e743639ee3]
17157: 
17158: 	* sudoreplay.c:
17159: 	Hook up max_wait.
17160: 	[2ec5697a92ba]
17161: 
17162: 	* script.c, sudoreplay.c:
17163: 	Use base36 number for the ID and store script files with paths like
17164: 	/var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
17165: 	(2,176,782,336) unique IDs.
17166: 	[6aab019d07aa]
17167: 
17168: 2009-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
17169: 
17170: 	* config.h.in, configure.in:
17171: 	Add check for regcomp
17172: 	[44c3ebd7ff34]
17173: 
17174: 	* sudoreplay.c:
17175: 	Add support for selecting by pattern and tty when listing.
17176: 	[66189f840c52]
17177: 
17178: 2009-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
17179: 
17180: 	* sudoreplay.c:
17181: 	The beginnings of a list mode.
17182: 	[8d0150b4a52c]
17183: 
17184: 2009-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
17185: 
17186: 	* Makefile.in:
17187: 	fix pasto
17188: 	[616b4640b8a8]
17189: 
17190: 	* Makefile.in, config.h.in, configure.in:
17191: 	Add scaffolding for building sudoreplay
17192: 	[a32958505dbe]
17193: 
17194: 	* sudoreplay.c:
17195: 	include error.h first arg to nanotime is const
17196: 	[fe5a7bb31bc5]
17197: 
17198: 	* sudoreplay.c:
17199: 	Initial cut at sudoreplay; replay a sudo session.
17200: 	[f149fba372bd]
17201: 
17202: 2009-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
17203: 
17204: 	* script.c:
17205: 	Fix wait() usage and use correct wait status.
17206: 	[f4745ed7ad05]
17207: 
17208: 	* sudo.c, sudo.h, tgetpass.c:
17209: 	Add protos for term_* to sudo.h
17210: 	[14fe1abd7e7b]
17211: 
17212: 	* script.c:
17213: 	Fix detection of the child process exiting. Since the child is in
17214: 	its own session we should only ever get SIGCHLD for that process but
17215: 	better safe than sorry.
17216: 	[7edfdadd8505]
17217: 
17218: 	* config.h.in:
17219: 	Add UNIX98 pty support.
17220: 	[82f4b53a0e8f]
17221: 
17222: 	* configure, configure.in, script.c:
17223: 	Add UNIX98 pty support.
17224: 	[795b8bb0a3a1]
17225: 
17226: 2009-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
17227: 
17228: 	* term.c:
17229: 	For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
17230: 	if it is defined.
17231: 	[40f8b83baf69]
17232: 
17233: 	* auth/pam.c:
17234: 	Set PAM_RUSER and PAM_RHOST early so they can be used during
17235: 	authentication. Based on a patch from Jamie Beverly.
17236: 	[3d567b453a6a]
17237: 
17238: 	* match.c:
17239: 	Close dir before returning if strlcpy() reports overflow. From
17240: 	Martynas Venckus.
17241: 	[6a82f96473e5]
17242: 
17243: 	* config.h.in, configure, configure.in, script.c:
17244: 	On Linux, the openpty proto libes in pty.h
17245: 	[98643a018d1c]
17246: 
17247: 	* script.c:
17248: 	Call vhangup on exit if the system has it Use setpgrp() if no
17249: 	setsid()
17250: 	[3a9e13149829]
17251: 
17252: 2009-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
17253: 
17254: 	* config.h.in, configure, configure.in:
17255: 	Add checks for revoke and vhangup if we don't have openpty
17256: 	[fcb04572e994]
17257: 
17258: 	* script.c:
17259: 	Session logging guts that got forgotten in the previous commit.
17260: 	[c2af08a63ea9]
17261: 
17262: 	* Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
17263: 	configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
17264: 	gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
17265: 	tgetpass.c:
17266: 	First cut at session logging for sudo. Still need to write get_pty()
17267: 	for Unix 98 and old-style BSD ptys. Also needs documentation and
17268: 	general cleanup.
17269: 	[77e3f5e25738]
17270: 
17271: 2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
17272: 
17273: 	* sudo.c, sudo_edit.c:
17274: 	Fix a bug introduced with def_closefrom. The value of def_closefrom
17275: 	already includes the +1.
17276: 	[7291c136300d]
17277: 
17278: 2009-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
17279: 
17280: 	* Makefile.in:
17281: 	Generate sudo distributions with pax in ustar mode. No longer need
17282: 	to use a temp file or have the source dir name match the version.
17283: 	[9778177a8272]
17284: 
17285: 2009-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
17286: 
17287: 	* toke.c, toke.l:
17288: 	Fix expansion of %h in #include names. Fixes bugzilla 363
17289: 	[6e346879ba24]
17290: 
17291: 2009-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
17292: 
17293: 	* mkdefaults:
17294: 	If no arg assume def_data.in
17295: 	[c1dd28c0e675]
17296: 
17297: 	* README, WHATSNEW:
17298: 	Update for 1.7.2
17299: 	[f5ad45f69f05] [SUDO_1_7_2]
17300: 
17301: 	* ChangeLog:
17302: 	sync
17303: 	[6283549396ff]
17304: 
17305: 2009-06-30  Todd C. Miller  <Todd.Miller@courtesan.com>
17306: 
17307: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
17308: 	Add missing single quotes around a colon in Runas_Spec definition.
17309: 	From Elias Benali.
17310: 	[ccc6ee4fca83]
17311: 
17312: 2009-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
17313: 
17314: 	* sudo.man.in, sudoers.man.in:
17315: 	regen
17316: 	[546e75304ebf]
17317: 
17318: 	* redblack.c:
17319: 	In rbrepair, re-color the root or the first non-block node we find
17320: 	to be black. Re-coloring the root is probably not needed but won't
17321: 	hurt.
17322: 	[34d01ebe241b]
17323: 
17324: 	* sudo.cat, sudoers.cat:
17325: 	regen
17326: 	[bebf5a39f54f]
17327: 
17328: 2009-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
17329: 
17330: 	* redblack.c:
17331: 	When repairing the tree, don't touch the root node.
17332: 	[9841f0d5d789]
17333: 
17334: 2009-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
17335: 
17336: 	* set_perms.c:
17337: 	Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
17338: 	Reported by Josef Schmid.
17339: 	[ed044b1eb879]
17340: 
17341: 2009-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
17342: 
17343: 	* sudoers.pod:
17344: 	Document that we accept env_pam-style environment files
17345: 	[e3b545456352]
17346: 
17347: 	* env.c:
17348: 	Adapt to accept pam_env-style /etc/environment which allows shell-
17349: 	style lines such as: export EDITOR="/usr/bin/vi"
17350: 	[752eb75bf007]
17351: 
17352: 	* sudoers.pod:
17353: 	Make it clear that env_delete only works when !env_reset. From Lo??c
17354: 	Minier
17355: 	[3bd3f8e351ba]
17356: 
17357: 2009-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
17358: 
17359: 	* sudo.pod, sudoers.pod:
17360: 	Add non-unix group bits, adapted from Quest
17361: 	[8ce427de8dea]
17362: 
17363: 	* Makefile.in:
17364: 	build the .cat page in the current working dir, not the src dir
17365: 	[00e87a307674]
17366: 
17367: 	* env.c:
17368: 	Return EINVAL in setenv() if var is NULL or the empty string to
17369: 	match glibc behavior.
17370: 	[23fd7c247142]
17371: 
17372: 2009-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
17373: 
17374: 	* configure, configure.in:
17375: 	Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
17376: 	[fedd4a3e2a85]
17377: 
17378: 2009-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
17379: 
17380: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
17381: 	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
17382: 	regen
17383: 	[7b9f461a40b3]
17384: 
17385: 2009-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
17386: 
17387: 	* INSTALL:
17388: 	Document --with-libvas and --with-libvas-rpath
17389: 	[a071e6d96c89]
17390: 
17391: 2009-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
17392: 
17393: 	* ldap.c, sudoers.ldap.pod:
17394: 	For netscape-derived LDAP SDKs the cert and key paths may be a
17395: 	directory or a file. However, version 5.0 of the SDK only seems to
17396: 	support using a directory. If ldapssl_clientauth_init fails and the
17397: 	cert or key paths look like they could be files, strip off the last
17398: 	path element and try again.
17399: 	[ac4e49d83043]
17400: 
17401: 	* Makefile.in:
17402: 	Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
17403: 	[4547cc1a335f]
17404: 
17405: 2009-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
17406: 
17407: 	* configure, configure.in, match.c, sudo.c, vasgroups.c:
17408: 	Update non-Unix group support from Quest, as reworked by me.
17409: 	[1abafce29dc6]
17410: 
17411: 	* toke.c:
17412: 	regen
17413: 	[01bfca9148b7]
17414: 
17415: 	* toke.l:
17416: 	Add support for escaped hex chars in names, e.g. \x20 for space.
17417: 	[3c7be8e58a39]
17418: 
17419: 2009-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
17420: 
17421: 	* LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
17422: 	auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
17423: 	fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
17424: 	logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
17425: 	set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
17426: 	sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
17427: 	tgetpass.c, toke.l, visudo.c:
17428: 	Update copyright years.
17429: 	[e615f676c764]
17430: 
17431: 2009-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
17432: 
17433: 	* interfaces.c, lbuf.c:
17434: 	Minor fixes for Minix-3
17435: 	[898c510d23f9]
17436: 
17437: 2009-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
17438: 
17439: 	* set_perms.c:
17440: 	Handle getgroups() returning 0. Also add missing check for
17441: 	HAVE_GETGROUPS.
17442: 	[d73b958f9ffd]
17443: 
17444: 2009-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
17445: 
17446: 	* Makefile.in, config.h.in, configure, configure.in, sudo.c,
17447: 	version.h, visudo.c:
17448: 	Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
17449: 	[5050579a264d]
17450: 
17451: 2009-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
17452: 
17453: 	* set_perms.c:
17454: 	Remove group setting code in setusercontext case, we will do it
17455: 	ourselves later on in runas_setup. Set the gid after
17456: 	initgroups/setgroups is called, since on Mac OS X it seems to change
17457: 	the egid.
17458: 	[09dc21d8b42d]
17459: 
17460: 2009-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
17461: 
17462: 	* LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
17463: 	vasgroups.c:
17464: 	Initial bits of non-unix group support using Quest Authentication
17465: 	Services
17466: 	[1eecab0ff27e]
17467: 
17468: 	* toke.c, toke.l:
17469: 	Accept %:foo as a non-Unix group
17470: 	[4c4b5dd899a6]
17471: 
17472: 	* toke.c, toke.l:
17473: 	Allow user/group to be double quoted in the case of non-Unix groups
17474: 	which contain spaces.
17475: 	[47a3d568b7e8]
17476: 
17477: 2009-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
17478: 
17479: 	* match.c:
17480: 	Don't allow the user to specify the default runas user if their
17481: 	sudoers entry only allows them to run as a group.
17482: 	[4d726177227c]
17483: 
17484: 2009-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
17485: 
17486: 	* sudo.c:
17487: 	Must call audit_success before we change uids.
17488: 	[04a9e6ce6e55]
17489: 
17490: 	* logging.c, set_perms.c, sudo.h, testsudoers.c:
17491: 	Add option for set_perm to not exit on failure and use this in the
17492: 	logging routines.
17493: 	[833dce7b7f42]
17494: 
17495: 	* parse.c:
17496: 	In -l mode, if the user is only allowed to run as a group, display
17497: 	the user's name, not root's before the allowed group.
17498: 	[ef92ff99d265]
17499: 
17500: 	* sudo.c:
17501: 	Fix -g mode, broken by rev 1.503 which had the side effect of
17502: 	setting the runas user to root unilaterally.
17503: 	[50a2f7df4385]
17504: 
17505: 2009-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
17506: 
17507: 	* fileops.c:
17508: 	When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
17509: 	[30fbe832dcf3]
17510: 
17511: 	* pwutil.c:
17512: 	Only cache by the method we fetched for pwd and grp lookups.
17513: 	Previously we cached both by namd and id but this can cause problems
17514: 	for entries that share the same id. Also add more info in the error
17515: 	message in case the insert fails (which should now be impossible).
17516: 	[ef95a4f0bab5]
17517: 
17518: 2009-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
17519: 
17520: 	* sudoers.pod:
17521: 	Add a clarification from Nick Sieger
17522: 	[1eadad329561]
17523: 
17524: 2009-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
17525: 
17526: 	* env.c:
17527: 	Inline the setting of the environment string.
17528: 	[9515d11c6295]
17529: 
17530: 2009-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
17531: 
17532: 	* env.c:
17533: 	setenv(3) in Linux treats a NUL value as the empty string setenv(3)
17534: 	in BSD doesn't return an error if the name has '=' in it, it just
17535: 	treats the '=' as end of string.
17536: 	[941260bf94d2]
17537: 
17538: 2009-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
17539: 
17540: 	* toke.c, toke.l:
17541: 	Not all systems have d_namlen
17542: 	[e377b18d8e2d]
17543: 
17544: 2009-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
17545: 
17546: 	* sudoers.pod:
17547: 	Fix up some pod2html issues.
17548: 	[823a1f10ab60]
17549: 
17550: 2009-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
17551: 
17552: 	* interfaces.c:
17553: 	Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
17554: 	Quest Software.
17555: 	[73de36653131]
17556: 
17557: 	* sudoers.pod:
17558: 	Ignore files ending in '~' in sudo.d (emacs backup files)
17559: 	[7871fad702db]
17560: 
17561: 	* toke.c, toke.l:
17562: 	Ignore files ending in '~' in sudo.d (emacs backup files)
17563: 	[53fded2a469f]
17564: 
17565: 2009-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
17566: 
17567: 	* sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
17568: 	For #includedir, ignore any file containing a dot
17569: 	[a7daa1bce6c2]
17570: 
17571: 	* Makefile.in, version.h:
17572: 	Bump version
17573: 	[ef60f14ffc44]
17574: 
17575: 	* gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
17576: 	sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
17577: 	visudo.c:
17578: 	Implement #includedir directive. Files in an includedir are not
17579: 	edited by visudo unless they contain a syntax error.
17580: 	[3923d85a6c79]
17581: 
17582: 	* ChangeLog:
17583: 	sync
17584: 	[8741ed61a78b] [SUDO_1_7_1]
17585: 
17586: 	* WHATSNEW:
17587: 	Forgot umask_override
17588: 	[7c86a21a5504]
17589: 
17590: 	* ChangeLog, TODO:
17591: 	sync
17592: 	[57339ca6bccf]
17593: 
17594: 2009-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
17595: 
17596: 	* visudo.c:
17597: 	Rewind stream if we fdopen sudoers since it may not be at the
17598: 	beginning. Set the keepopen flag on already-open files too so the
17599: 	lexer doesn't close them out from under us.
17600: 	[61292d819aff]
17601: 
17602: 	* visudo.c:
17603: 	Print the proper file name when there is a parse error in an include
17604: 	file.
17605: 	[b0e85d4aedde]
17606: 
17607: 2009-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
17608: 
17609: 	* WHATSNEW:
17610: 	Sync
17611: 	[997e5d485ea3]
17612: 
17613: 2009-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
17614: 
17615: 	* configure, configure.in:
17616: 	Fix a warning when --without-ldap is specified.
17617: 	[d91fd9481b30]
17618: 
17619: 2009-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
17620: 
17621: 	* alias.c, parse.h, visudo.c:
17622: 	Store aliases that we remove during check_aliases in a freelist and
17623: 	free them at the end so we don't leak memory.
17624: 	[805e2272f6a3]
17625: 
17626: 2009-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
17627: 
17628: 	* visudo.c:
17629: 	Check aliases in -c mode too.
17630: 	[9199e188d9f2]
17631: 
17632: 	* alias.c, parse.h, visudo.c:
17633: 	Make alias_remove return the alias struct instead of freeing it
17634: 	directly. Fixes a use after free in alias_remove_recursive, the only
17635: 	consumer.
17636: 	[a04b61804800]
17637: 
17638: 	* alias.c, match.c, parse.c, parse.h, visudo.c:
17639: 	Rename find_alias -> alias_find for consistency.
17640: 	[48b0a82924f3]
17641: 
17642: 2009-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
17643: 
17644: 	* visudo.c:
17645: 	When checking for unused aliases, recurse if the alias points to
17646: 	another alias.
17647: 	[2d4d1a7f3a41]
17648: 
17649: 2009-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
17650: 
17651: 	* ldap.c:
17652: 	Back out rev 1.105 for now. Real ldapux_client.conf support will be
17653: 	done later after some refactoring.
17654: 	[8ad72e69b277]
17655: 
17656: 2009-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
17657: 
17658: 	* ldap.c:
17659: 	Treat ldap_hostport the same as "host" for ldapux.
17660: 	[3281dcc66da8]
17661: 
17662: 	* configure, configure.in:
17663: 	Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
17664: 	Fixes compilation with ldapux.
17665: 	[ca1ed585ef0e]
17666: 
17667: 2009-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
17668: 
17669: 	* fileops.c:
17670: 	fix char subscript
17671: 	[41e51f080d00]
17672: 
17673: 2009-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
17674: 
17675: 	* Makefile.in:
17676: 	remove errant carriage returns
17677: 	[e9e258a31c7b]
17678: 
17679: 	* audit.c, env.c:
17680: 	fix K&R compilation
17681: 	[d182e8920f13]
17682: 
17683: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
17684: 	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
17685: 	regen
17686: 	[791a5cbf04e5]
17687: 
17688: 2009-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
17689: 
17690: 	* config.h.in:
17691: 	Add missing HAVE_BSM_AUDIT
17692: 	[49ad1bb96f04]
17693: 
17694: 	* WHATSNEW:
17695: 	Add 1.7.1 features
17696: 	[f107f1604c61]
17697: 
17698: 	* INSTALL:
17699: 	Mention --with-netsvc
17700: 	[d1e90d147795]
17701: 
17702: 	* sudoers.ldap.pod:
17703: 	Document netsvc.conf support
17704: 	[e78f8abce6af]
17705: 
17706: 	* configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
17707: 	sudo_nss.h:
17708: 	Add support for AIX netsvc.conf (like nsswitch.conf).
17709: 	[1df56a84dee5]
17710: 
17711: 2009-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
17712: 
17713: 	* config.h.in, configure, configure.in, env.c:
17714: 	Add --enable-env-debug flag to enable environment sanity checks.
17715: 	[128cdd8832e7]
17716: 
17717: 	* sudoers.ldap.pod, sudoers.pod:
17718: 	Work around some pod2html issue.
17719: 	[e733b9609bd2]
17720: 
17721: 2009-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
17722: 
17723: 	* env.c:
17724: 	Only sync environ for putenv, setenv, and unsetenv. We need to make
17725: 	sure that sudo_putenv and sudo_setenv only modify env.envp, not
17726: 	environ.
17727: 	[be3ac732243c]
17728: 
17729: 2009-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
17730: 
17731: 	* env.c:
17732: 	Really fix UNSETENV_VOID
17733: 	[08ab7e882507]
17734: 
17735: 	* env.c:
17736: 	Fix unsetenv when UNSETENV_VOID
17737: 	[d3038b3f2f15]
17738: 
17739: 	* aclocal.m4, configure:
17740: 	Fix SUDO_FUNC_PUTENV_CONST
17741: 	[de35569c572b]
17742: 
17743: 	* ldap.c:
17744: 	tivoli-based ldap does not have ldapssl_err2string
17745: 	[c63fd90d5e99]
17746: 
17747: 	* configure:
17748: 	regen
17749: 	[f38f1ee828ad]
17750: 
17751: 2009-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
17752: 
17753: 	* config.h.in, configure, configure.in, ldap.c:
17754: 	Add support for Tivoli-based LDAP start TLS as seen in AIX.
17755: 	Untested.
17756: 	[8f8771829f85]
17757: 
17758: 	* env.c:
17759: 	Add sanity checks for setenv/unsetenv
17760: 	[adbd1d95856b]
17761: 
17762: 	* Makefile.in:
17763: 	Include bsm_audit.h in the tarball
17764: 	[4a4aa02b2c32]
17765: 
17766: 	* Makefile.in, version.h:
17767: 	bump version for sudo 1.7.1
17768: 	[362c71d21595]
17769: 
17770: 	* aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
17771: 	env.c, ldap.c, sudo.h:
17772: 	Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
17773: 	provide our own setenv/unsetenv/putenv that operates on own env
17774: 	pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
17775: 	[276edcd23032]
17776: 
17777: 2009-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
17778: 
17779: 	* sudo.c:
17780: 	Make "sudoedit -h" work as expected
17781: 	[2bcbbb45d389]
17782: 
17783: 	* auth/pam.c:
17784: 	Make sure def_prompt is always defined. This is a workaround for pam
17785: 	configs that prompt for a password in the session but don't have an
17786: 	auth line. A better fix is to expand the sudo prompt earlier and set
17787: 	def_prompt to that when initializing.
17788: 	[ee073c04aec3]
17789: 
17790: 	* sudo.pod:
17791: 	Mention that the helper for -A may be graphical.
17792: 	[b64a940c4082]
17793: 
17794: 	* TROUBLESHOOTING:
17795: 	Document what happens if there is no tty.
17796: 	[313d58a856a5]
17797: 
17798: 	* sudo.c:
17799: 	cosmetic changes
17800: 	[894f5e3b0c3e]
17801: 
17802: 	* term.c:
17803: 	Fix term_restore
17804: 	[6c6315ff14bc]
17805: 
17806: 	* sudo.c:
17807: 	Fix "sudo -k" with no other args
17808: 	[59e94dc419c6]
17809: 
17810: 2009-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
17811: 
17812: 	* check.c, sudo.c, sudo.pod, sudo_usage.h.in:
17813: 	Allow the -k flag to be specified in conjunction with a command or
17814: 	another option that may require authentication.
17815: 	[5960ff20355d]
17816: 
17817: 2009-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
17818: 
17819: 	* configure, configure.in:
17820: 	Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
17821: 	[e86ab69c4a57]
17822: 
17823: 	* Makefile.in:
17824: 	Parallel make fix. From Diego E. 'Flameeyes'
17825: 	[1289d7ee27db]
17826: 
17827: 2009-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
17828: 
17829: 	* def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
17830: 	Implement umask_override
17831: 	[8b87a3f7c5aa]
17832: 
17833: 	* toke.c:
17834: 	regen
17835: 	[79d7ca9ac873]
17836: 
17837: 	* sudoers.pod, toke.l, visudo.c:
17838: 	Implement %h escape in sudoers include filenames.
17839: 	[a7f288dd64f0]
17840: 
17841: 	* audit.c:
17842: 	Need to include compat.h
17843: 	[c0dc07ce2f70]
17844: 
17845: 	* Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
17846: 	Make audit_success and audit_failure generic functions in
17847: 	preparation for integrating linux audit support.
17848: 	[7df020a8fd6f]
17849: 
17850: 	* term.c:
17851: 	remove duplicate include
17852: 	[1dfcd01a7e46]
17853: 
17854: 2009-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
17855: 
17856: 	* bsm_audit.c:
17857: 	Add missing include
17858: 	[fb56e08c37ee]
17859: 
17860: 	* sudo.c:
17861: 	May need to update the runas user after parsing command-based
17862: 	defaults.
17863: 	[246f130d7802]
17864: 
17865: 2009-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
17866: 
17867: 	* glob.c:
17868: 	Add missing pair of braces introduced with character class support.
17869: 	[0e2afa2e03e9]
17870: 
17871: 2009-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
17872: 
17873: 	* def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
17874: 	Rename pwstars to pwfeedback
17875: 	[a9f85a57ebac]
17876: 
17877: 2009-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
17878: 
17879: 	* bsm_audit.c, bsm_audit.h:
17880: 	Add const to make MacOS happy.
17881: 	[4274432d6627]
17882: 
17883: 	* Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
17884: 	configure.in, sudo.c:
17885: 	Add bsm audit support from Christian S.J. Peron
17886: 	[bef61cd8693d]
17887: 
17888: 	* term.c:
17889: 	This is new code, no DARPA notice.
17890: 	[ec6ad09b9c23]
17891: 
17892: 2009-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
17893: 
17894: 	* def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
17895: 	Rename simple_glob -> fast_glob
17896: 	[68d9ed803cc1]
17897: 
17898: 	* match.c:
17899: 	g/c unused var
17900: 	[693fa0464eb6]
17901: 
17902: 	* def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
17903: 	Add simple_glob option to use fnmatch() instead of glob(). This is
17904: 	useful when you need to specify patterns that reference network file
17905: 	systems.
17906: 	[77ba634f6949]
17907: 
17908: 	* tgetpass.c:
17909: 	add term_* proto
17910: 	[520f5149d073]
17911: 
17912: 	* sudoers.pod:
17913: 	mention glob()
17914: 	[ddaab8e03c52]
17915: 
17916: 2009-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
17917: 
17918: 	* tgetpass.c:
17919: 	Delete any pwstars we wrote after the user hits return. That way
17920: 	there is no record on screen as to the user's password length.
17921: 	[fae25cda762b]
17922: 
17923: 2009-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
17924: 
17925: 	* term.c:
17926: 	Move terminal setting bits from tgetpass.c to term.c
17927: 	[03d43325ee99]
17928: 
17929: 	* Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
17930: 	tgetpass.c:
17931: 	Add pwstars sudoers option that causes sudo to print a star every
17932: 	time the user presses a key.
17933: 	[7aab417e184d]
17934: 
17935: 2009-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
17936: 
17937: 	* Makefile.in:
17938: 	Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
17939: 	[64f70e879816]
17940: 
17941: 2009-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
17942: 
17943: 	* ldap.c:
17944: 	For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
17945: 	indicate no limit. From Mark Janssen.
17946: 	[e2c5732d54f5]
17947: 
17948: 2009-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
17949: 
17950: 	* toke.c, toke.l:
17951: 	Comments that begin with #- should not be parsed as uids.
17952: 	[a72a50f12f41]
17953: 
17954: 2009-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
17955: 
17956: 	* sudo.c:
17957: 	Do not try to set the close on exec flag if we didn't actually open
17958: 	sudoers.
17959: 	[ece3ca256904]
17960: 
17961: 2008-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
17962: 
17963: 	* ChangeLog:
17964: 	regen
17965: 	[e11f0e4c1bdd] [SUDO_1_7_0]
17966: 
17967: 2008-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
17968: 
17969: 	* TODO:
17970: 	sync
17971: 	[5b8954462bb3]
17972: 
17973: 2008-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
17974: 
17975: 	* auth/pam.c:
17976: 	Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
17977: 	password prompt.
17978: 	[8563601cb3de]
17979: 
17980: 	* configure, configure.in:
17981: 	Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
17982: 	as it cannot generate shared objects.
17983: 	[6d4262ef9669]
17984: 
17985: 	* emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
17986: 	K&R compilation fixes
17987: 	[77921678d17c]
17988: 
17989: 	* parse.c:
17990: 	Use tq_foreach_fwd when checking pseudo-commands to make it clear
17991: 	that we are not short-circuiting on last match. When pwcheck is
17992: 	'all', initialize nopass to TRUE and override it with the first non-
17993: 	TRUE entry.
17994: 	[96b209f4778f]
17995: 
17996: 2008-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
17997: 
17998: 	* parse.c:
17999: 	Do not short circuit pseudo commands when we get a match since,
18000: 	depending on the settings, we may need to examine all commands for
18001: 	tags.
18002: 	[fdbaf89d6f35]
18003: 
18004: 2008-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
18005: 
18006: 	* sudoers.cat, sudoers.man.in:
18007: 	regen
18008: 	[1ecce7c1b841]
18009: 
18010: 	* sudoers.pod:
18011: 	hostnames may also contain wildcards
18012: 	[82b76695601c]
18013: 
18014: 	* Makefile.in:
18015: 	remove stamp-* files and linux core files in clean target
18016: 	[22003f091467]
18017: 
18018: 2008-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
18019: 
18020: 	* auth/sudo_auth.h, config.h.in, configure, configure.in:
18021: 	Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
18022: 	[6905bede8410]
18023: 
18024: 2008-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
18025: 
18026: 	* configure, configure.in:
18027: 	correctly enable SIA on Digital UNIX
18028: 	[a51881d13995]
18029: 
18030: 	* TODO:
18031: 	checkpoint
18032: 	[af0fe8d94d42]
18033: 
18034: 	* ChangeLog:
18035: 	sync
18036: 	[831f623cf99c]
18037: 
18038: 2008-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
18039: 
18040: 	* check.c, sudo.h, tgetpass.c:
18041: 	Even if neither stdin nor stdout are ttys we may still have /dev/tty
18042: 	available to us.
18043: 	[20f306ba883b]
18044: 
18045: 2008-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
18046: 
18047: 	* sudoers.cat, sudoers.man.in:
18048: 	regen
18049: 	[76d97c4c318f]
18050: 
18051: 	* sudoers.pod:
18052: 	fix typos; Markus Lude
18053: 	[bff8bc1e2066]
18054: 
18055: 	* ChangeLog:
18056: 	sync
18057: 	[f108552531cd]
18058: 
18059: 	* toke.c:
18060: 	regen
18061: 	[de828413c67e]
18062: 
18063: 	* toke.l:
18064: 	Fix matching of a line that only consists of a comment char
18065: 	[09c953d8d5ca]
18066: 
18067: 2008-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
18068: 
18069: 	* auth/pam.c:
18070: 	MacOS pam will retry conversation function if it fails so just treat
18071: 	^C as an empty password.
18072: 	[d056058930bc]
18073: 
18074: 	* visudo.c:
18075: 	When checking for alias use, also check defaults bindings.
18076: 	[2647f82c7dbd]
18077: 
18078: 	* redblack.c:
18079: 	unused var
18080: 	[b7ff71c17c18]
18081: 
18082: 	* redblack.c:
18083: 	Replace my rbdelete with Emin's version (which actually works ;-)
18084: 	[21b133dd0c72]
18085: 
18086: 2008-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
18087: 
18088: 	* testsudoers.c:
18089: 	malloc debugging
18090: 	[0fb446fa3279]
18091: 
18092: 	* visudo.c:
18093: 	malloc options in devel mode for visudo too
18094: 	[98d06c6afeef]
18095: 
18096: 2008-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
18097: 
18098: 	* sudo.c:
18099: 	fix compilation on non-C99; from Theo
18100: 	[7c304e16c536]
18101: 
18102: 	* visudo.c:
18103: 	fix check_aliases
18104: 	[83f30a3b1765]
18105: 
18106: 	* alias.c:
18107: 	when destroying an alias, free the correct data pointer
18108: 	[6e1a8bd86c01]
18109: 
18110: 	* auth/sudo_auth.h:
18111: 	add proto for aixauth_cleanup; from Dale King
18112: 	[eba94ffc8f63]
18113: 
18114: 2008-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
18115: 
18116: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
18117: 	visudo.man.in:
18118: 	regen
18119: 	[409fa57fff83]
18120: 
18121: 	* sudo.pod, sudoers.pod, visudo.pod:
18122: 	standardize on the term 'option' for command line options (not flag)
18123: 	[228caefc2e36]
18124: 
18125: 2008-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
18126: 
18127: 	* INSTALL:
18128: 	Add note on configuring HP-UX pam
18129: 	[f7674a581baf]
18130: 
18131: 2008-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
18132: 
18133: 	* check.c, sudo.c:
18134: 	Move tty checks into check_user() so we only do them if we actually
18135: 	need a password.
18136: 	[7d997d7106d6]
18137: 
18138: 	* sudo.c:
18139: 	Don't error out if no tty or askpass unless we actually need to
18140: 	authenticate.
18141: 	[9f23b83ed66c]
18142: 
18143: 2008-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
18144: 
18145: 	* ChangeLog:
18146: 	regen
18147: 	[23f9aef32da6]
18148: 
18149: 	* pathnames.h.in, sudo.c:
18150: 	s/overriden/overridden/; from Tobias Stoeckmann
18151: 	[9f7459a8fac5]
18152: 
18153: 2008-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
18154: 
18155: 	* WHATSNEW, visudo.c:
18156: 	check sudoers owner and mode in strict mode
18157: 	[a3468c5ac1c4]
18158: 
18159: 	* gram.c, toke.c:
18160: 	regen
18161: 	[7d6b515a5443]
18162: 
18163: 	* sudo.man.in, sudoers.man.in, visudo.man.in:
18164: 	Update copyright years.
18165: 	[52d340cb8cba]
18166: 
18167: 	* LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
18168: 	auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
18169: 	auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
18170: 	closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
18171: 	gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
18172: 	interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
18173: 	parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
18174: 	sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
18175: 	testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
18176: 	visudo.pod, zero_bytes.c:
18177: 	Update copyright years.
18178: 	[b4e6bf2beafa]
18179: 
18180: 	* emul/charclass.h, fnmatch.c, glob.c:
18181: 	add my copyright
18182: 	[28681385014a]
18183: 
18184: 2008-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
18185: 
18186: 	* toke.c, toke.l:
18187: 	The loop in fill_cmnd() was going one byte too far past the end,
18188: 	resulting in a NUL being written immediately after the buffer end.
18189: 	[a5a49d603cd7]
18190: 
18191: 	* UPGRADE, WHATSNEW:
18192: 	add sections on tgetpass changes
18193: 	[2e6929b6a102]
18194: 
18195: 	* tgetpass.c:
18196: 	Treat EOF w/o newline as an error.
18197: 	[aa02b1db9240]
18198: 
18199: 2008-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
18200: 
18201: 	* parse.c:
18202: 	Fix "sudo -v" when NOPASSWD is set.
18203: 	[f4914711ea80]
18204: 
18205: 	* auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
18206: 	auth/sudo_auth.h:
18207: 	No longer treat an empty password at the prompt as special. To quit
18208: 	out of sudo you now need to hit ^C at the password prompt.
18209: 	[980f760ad419]
18210: 
18211: 	* sudoers.cat, sudoers.man.in:
18212: 	regen
18213: 	[6ca21a2cd869]
18214: 
18215: 	* def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
18216: 	Sudo will now refuse to run if no tty is present unless the new
18217: 	visiblepw sudoers flag is set.
18218: 	[0cc56943252e]
18219: 
18220: 2008-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
18221: 
18222: 	* aix.c:
18223: 	just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
18224: 	defined
18225: 	[24fc6f712d5c]
18226: 
18227: 	* aix.c:
18228: 	fix fallback value for RLIM_SAVED_MAX
18229: 	[e09e04e1af89]
18230: 
18231: 	* auth/aix_auth.c, auth/sudo_auth.h:
18232: 	Move clearing of AUTHSTATE into aixauth_cleanup.
18233: 	[e14ae7bd259c]
18234: 
18235: 	* auth/aix_auth.c, env.c:
18236: 	Unset AUTHSTATE after calling authenticate() as it may not be
18237: 	correct for the user we are running the command as.
18238: 	[d14f68f1b0ab]
18239: 
18240: 	* isblank.c:
18241: 	Add isblank() function for systems without it. Needed for POSIX
18242: 	character class matching in fnmatch.c and glob.c.
18243: 	[16cba30b283f]
18244: 
18245: 2008-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
18246: 
18247: 	* TROUBLESHOOTING:
18248: 	expound on sudo and cd
18249: 	[8e0fa9033637]
18250: 
18251: 2008-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
18252: 
18253: 	* ChangeLog:
18254: 	regen
18255: 	[40cf320a10fc]
18256: 
18257: 	* sudoers.cat, sudoers.man.in:
18258: 	regen
18259: 	[7cac761ae2c6]
18260: 
18261: 	* sudoers.pod:
18262: 	mention defauts parse order
18263: 	[4e2ce86d1394]
18264: 
18265: 2008-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
18266: 
18267: 	* Makefile.in, aclocal.m4, compat.h, configure:
18268: 	Add isblank() function for systems without it. Needed for POSIX
18269: 	character class matching in fnmatch.c and glob.c.
18270: 	[a1ab55da8424]
18271: 
18272: 	* Makefile.in:
18273: 	add emul/charclass.h to HDRS
18274: 	[7e8a019dcaa4]
18275: 
18276: 2008-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
18277: 
18278: 	* TODO:
18279: 	checkpoint
18280: 	[afeb9bc1baed]
18281: 
18282: 	* defaults.c, parse.c, testsudoers.c, visudo.c:
18283: 	Move update_defaults into defaults.c and call it properly from
18284: 	visudo and testsudoers.
18285: 	[f4dbb369461f]
18286: 
18287: 	* defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
18288: 	tsgetgrpw.c:
18289: 	use zero_bytes() instead of memset() for consistency
18290: 	[4cee0465f4a8]
18291: 
18292: 	* logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
18293: 	visudo.c:
18294: 	Zero out sigaction_t before use in case it has non-standard entries.
18295: 	[120092225459]
18296: 
18297: 	* match.c:
18298: 	quiet gcc
18299: 	[098a1df49b23]
18300: 
18301: 	* match.c:
18302: 	Short circuit glob() checks if basename(pattern) !=
18303: 	basename(command). Refactor code that checks for a command in a
18304: 	directory and use it in the glob case if the resolved pattern ends
18305: 	in a '/'.
18306: 	[3c46fd317acb]
18307: 
18308: 2008-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
18309: 
18310: 	* defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
18311: 	Defer setting runas defaults until after runaspw/gr is setup.
18312: 	[12e75ee49c0c]
18313: 
18314: 2008-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
18315: 
18316: 	* match.c, sudo.c, testsudoers.c:
18317: 	Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
18318: 	systems do not include space for the NUL in the size. Also manually
18319: 	NUL-terminate buffer from gethostname() since POSIX is wishy-washy
18320: 	on this.
18321: 	[7266ab3296a3]
18322: 
18323: 2008-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
18324: 
18325: 	* sudo.c, sudoers.pod:
18326: 	When setting the umask, use the union of the user's umask and the
18327: 	default value set in sudoers so that we never lower the user's umask
18328: 	when running a command.
18329: 	[4e804b004e38]
18330: 
18331: 	* sudo.c:
18332: 	Don't try to read from a zero-length sudoers file. Remove the bogus
18333: 	Solaris work-around for EAGAIN. Since we now use fgetc() it should
18334: 	not be a problem.
18335: 	[bb8e5f68d944]
18336: 
18337: 2008-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
18338: 
18339: 	* parse.c:
18340: 	In update_defaults() check the return value of user*_matches against
18341: 	ALLOW so we don't inadvertantly match on UNSPEC.
18342: 	[4e422fa1527e]
18343: 
18344: 2008-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
18345: 
18346: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
18347: 	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
18348: 	regen man pages; no more hyphenation
18349: 	[15de4fe2fe01]
18350: 
18351: 	* sudo.c:
18352: 	Don't error out on a zero-length sudoers file. With the advent of
18353: 	#include the user could create a situation where sudo is unusable.
18354: 	[6eb461319fa5]
18355: 
18356: 2008-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
18357: 
18358: 	* auth/kerb5.c, config.h.in, configure, configure.in:
18359: 	Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
18360: 	krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
18361: 	all. Add configure tests to handle all the cases.
18362: 	[4b554a98470d]
18363: 
18364: 2008-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
18365: 
18366: 	* sudo.pod:
18367: 	resort ENVIRONMENT
18368: 	[f4f20f40653e]
18369: 
18370: 	* sudoers.pod:
18371: 	document sudoers_locale
18372: 	[0bffd2dbe806]
18373: 
18374: 	* sudo.pod, sudo_edit.c:
18375: 	add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
18376: 	or EDITOR
18377: 	[0ef8cb248cee]
18378: 
18379: 	* toke.c, toke.l:
18380: 	In fill_cmnd(), collapse any escaped sudo-specific characters.
18381: 	Allows character classes to be used in pathnames.
18382: 	[5685244c8e44]
18383: 
18384: 2008-10-03  Todd C. Miller  <Todd.Miller@courtesan.com>
18385: 
18386: 	* lbuf.c:
18387: 	fix typo in non-C89 function declaration
18388: 	[99a7113b3a05]
18389: 
18390: 	* sudoers.pod:
18391: 	Mention POSIX characters classes now that out fnmatch() and glob()
18392: 	support them.
18393: 	[9c916f1230c3]
18394: 
18395: 	* sample.sudoers, sudoers.pod:
18396: 	Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
18397: 	locale agnostic.
18398: 	[a60a62bec244]
18399: 
18400: 	* parse.h:
18401: 	use __signed char if we are going to assign a negative value since
18402: 	on Power, char is unsigned by default
18403: 	[2877b319df17]
18404: 
18405: 	* config.h.in, configure, configure.in:
18406: 	Add tests for __signed char and signed char.
18407: 	[5eb874fdf1d4]
18408: 
18409: 	* aix.c:
18410: 	Fix AIX limit setting. getuserattr() returns values in disk blocks
18411: 	rather than bytes. The default hard stack size in newer AIX is
18412: 	RLIM_SAVED_MAX. From Dale King.
18413: 	[3db67415ecc3]
18414: 
18415: 2008-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
18416: 
18417: 	* emul/charclass.h, fnmatch.c, glob.c:
18418: 	Add character class support to included glob(3) and fnmatch(3).
18419: 	[6b5b4ad77899]
18420: 
18421: 2008-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
18422: 
18423: 	* emul/fnmatch.h:
18424: 	Remove UCB advertising clause and some compatibility defines.
18425: 	[2ade7bee74e1]
18426: 
18427: 2008-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
18428: 
18429: 	* sudo_edit.c:
18430: 	Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
18431: 	or sudo. This allows one to set EDITOR to sudoedit without getting
18432: 	into an infinite loop of sudoedit running itself until the path gets
18433: 	too big.
18434: 	[aa49ab68f82d]
18435: 
18436: 	* def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
18437: 	Add sudoers_locale Defaults option to override the default sudoers
18438: 	locale of "C".
18439: 	[0639886a35bf]
18440: 
18441: 2008-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
18442: 
18443: 	* sudo.c:
18444: 	Set locale to system default except for during sudoers parse.
18445: 	[016dd2736728]
18446: 
18447: 2008-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
18448: 
18449: 	* match.c:
18450: 	Redo change in 1.34 to use pointer arithmetic.
18451: 	[f9e7b63bb450]
18452: 
18453: 2008-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
18454: 
18455: 	* match.c:
18456: 	Fix a dereference (read) of a freed pointer. Reported by Patrick
18457: 	Williams.
18458: 	[69877b633753]
18459: 
18460: 2008-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
18461: 
18462: 	* sudo.c:
18463: 	Set locale to "C" to avoid interpretation issues with character
18464: 	ranges in sudoers. May want to make the locale a sudoers option in
18465: 	the future.
18466: 	[098a95de1746]
18467: 
18468: 2008-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
18469: 
18470: 	* config.h.in:
18471: 	we no longer use setproctitle
18472: 	[c7f20fb747ea]
18473: 
18474: 	* sudo.h:
18475: 	remove #if 1
18476: 	[a368ee6816c6]
18477: 
18478: 	* LICENSE, mkstemp.c:
18479: 	Use my replacement mkstemp() from the mktemp package.
18480: 	[d07c2beb0f9e]
18481: 
18482: 2008-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
18483: 
18484: 	* gram.c:
18485: 	regen with yacc skeleton bug fixed
18486: 	[24784571cbb8]
18487: 
18488: 	* sudoers.pod:
18489: 	Remove duplicate "as root". From Martin Toft.
18490: 	[97241acfee5e]
18491: 
18492: 2008-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
18493: 
18494: 	* pwutil.c, sudo.c, sudo.h, testsudoers.c:
18495: 	Flesh out the fake passwd entry used for running commands as a uid
18496: 	not listed in the passwd database. Fixes an issue with some PAM
18497: 	modules.
18498: 	[a6648227f3f2]
18499: 
18500: 2008-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
18501: 
18502: 	* sudo.c:
18503: 	Error out in -i mode if the user has no shell. This can happen when
18504: 	running commands as a uid with no password entry.
18505: 	[0c174bef36ff]
18506: 
18507: 2008-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
18508: 
18509: 	* toke.c, toke.l:
18510: 	Better fix for line continuation inside double quotes. Now accepts
18511: 	whitespace between the backslash and the newline like the main
18512: 	lexer.
18513: 	[64efcdf86d31]
18514: 
18515: 2008-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
18516: 
18517: 	* toke.c, toke.l:
18518: 	Fix line continuation in strings. It was only being honored if
18519: 	preceded by whitespace.
18520: 	[96c21271a3e4]
18521: 
18522: 2008-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
18523: 
18524: 	* config.h.in, configure, configure.in, logging.c:
18525: 	Replace the double fork with a fork + daemonize.
18526: 	[328505441e67]
18527: 
18528: 2008-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
18529: 
18530: 	* env.c, sudo.c:
18531: 	The -i flag should imply env_reset. This got broken in sudo 1.6.9.
18532: 	[3caedfeaec87]
18533: 
18534: 	* logging.c, sudo.c, sudo_edit.c, visudo.c:
18535: 	Change how the mailer is waited for. Instead of having a SIGCHLD
18536: 	handler, use the double fork trick to orphan the child that opens
18537: 	the pipe to sendmail. Fixes a problem running su on some Linux
18538: 	distros.
18539: 	[b59ce60a393d]
18540: 
18541: 2008-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
18542: 
18543: 	* configure, configure.in:
18544: 	Fix configure test for dirfd() on Linux where DIR is opaque.
18545: 	[b8f729cdfecc]
18546: 
18547: 2008-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
18548: 
18549: 	* tgetpass.c:
18550: 	Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
18551: 	this problem we'll need to revisit this again.
18552: 	[c17fee8ad530]
18553: 
18554: 2008-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
18555: 
18556: 	* logging.c:
18557: 	Ignore SIGPIPE instead of blocking it when piping to the mailer. If
18558: 	we only block the signal it may be delivered later when we unblock.
18559: 	Also, there is no need to block SIGCHLD since we no longer do the
18560: 	double fork. The normal SIGCHLD handler is sufficient.
18561: 	[e94a49e992e5]
18562: 
18563: 2008-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
18564: 
18565: 	* configure, configure.in:
18566: 	Add description for NO_PAM_SESSION, from a redhat patch.
18567: 	[b9e4c939ec09]
18568: 
18569: 2008-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
18570: 
18571: 	* sudo.cat, sudo.man.in, sudo.pod:
18572: 	Fix typos in -i usage
18573: 	[2d7ce5de0235]
18574: 
18575: 2008-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
18576: 
18577: 	* configure, configure.in:
18578: 	Redo the test for dgettext() in a way that hopefully will work
18579: 	around the libintl_dgettext() undefined problem.
18580: 	[d27beb0cf85e]
18581: 
18582: 2008-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
18583: 
18584: 	* schema.ActiveDirectory:
18585: 	change filename in comment
18586: 	[733da4ee9ac5]
18587: 
18588: 2008-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
18589: 
18590: 	* Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
18591: 	sudoers.ldap.pod:
18592: 	Reference schema.ActiveDirectory
18593: 	[d6aec537800e]
18594: 
18595: 2008-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
18596: 
18597: 	* schema.OpenLDAP, schema.iPlanet:
18598: 	Mark sudoRunAs as deprecated.
18599: 	[00c50df807af]
18600: 
18601: 	* schema.ActiveDirectory:
18602: 	add sudoRunAsUser and sudoRunAsGroup
18603: 	[19bcce6f72fb]
18604: 
18605: 	* schema.ActiveDirectory:
18606: 	Active Directory schema by Chantal Paradis and Eric Paquet
18607: 	[06a09c92c6a5]
18608: 
18609: 2008-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
18610: 
18611: 	* parse.c:
18612: 	remove an XXX that was fixed
18613: 	[b88038062fa2]
18614: 
18615: 	* ChangeLog:
18616: 	sync
18617: 	[8fc27c17270e]
18618: 
18619: 	* parse.c:
18620: 	Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
18621: 	fixes a problem where the tag value printed was influenced by
18622: 	defaults set in the first pass through the parser.
18623: 	[588ccd630367]
18624: 
18625: 2008-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
18626: 
18627: 	* Makefile.in, sudo.psf:
18628: 	No point in packaging the TODO file
18629: 	[9590248fffe1]
18630: 
18631: 	* ChangeLog:
18632: 	sync
18633: 	[152acf4c6813]
18634: 
18635: 2008-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
18636: 
18637: 	* WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
18638: 	sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
18639: 	Add env_file Defaults option that is similar to /etc/environment on
18640: 	some systems.
18641: 	[1daf53d51e18]
18642: 
18643: 2008-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
18644: 
18645: 	* Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
18646: 	sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
18647: 	version.h, visudo.cat, visudo.man.in:
18648: 	change version to 1.7.0
18649: 	[d41d126b9bd8]
18650: 
18651: 	* UPGRADE:
18652: 	initial valgrind pass done
18653: 	[c59c3876d8ca]
18654: 
18655: 2008-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
18656: 
18657: 	* ldap.c:
18658: 	Fix typo/think in sudo_ldap_read_secret() when storing the secret.
18659: 	[830d246c09b0]
18660: 
18661: 2008-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
18662: 
18663: 	* ldap.c:
18664: 	define LDAPS_PORT if the system headers do not
18665: 	[247b12325701]
18666: 
18667: 2008-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
18668: 
18669: 	* gram.c, gram.y:
18670: 	Fix another memory leak in init_parser().
18671: 	[7bba47deba11]
18672: 
18673: 	* configure, configure.in:
18674: 	There was a missing space before the ldap libs in SUDO_LIBS for some
18675: 	configurations.
18676: 	[7524cfc93759]
18677: 
18678: 	* alias.c, gram.c, gram.y, toke.c, toke.l:
18679: 	Clean up some memory leaks pointed out by valgrind.
18680: 	[a965866ece1a]
18681: 
18682: 2008-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
18683: 
18684: 	* sudo.c:
18685: 	fix "sudo -s" broken by mode/flags breakout
18686: 	[acffe984d408]
18687: 
18688: 	* configure, configure.in:
18689: 	remove duplicate check for dgettext
18690: 	[58145529133c]
18691: 
18692: 2008-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
18693: 
18694: 	* aix.c:
18695: 	Fall back to default stanza if no user-specific limit is found.
18696: 	[7b8cb29123ee]
18697: 
18698: 2008-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
18699: 
18700: 	* snprintf.c:
18701: 	include stdint.h if present
18702: 	[f0ec38529306]
18703: 
18704: 	* snprintf.c:
18705: 	Use LLONG_MAX, not the old QUAD_MAX
18706: 	[01041ce508fb]
18707: 
18708: 2008-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
18709: 
18710: 	* sudoers.ldap.pod:
18711: 	fix cut and pasto
18712: 	[34240fdef5ab]
18713: 
18714: 2008-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
18715: 
18716: 	* pwutil.c:
18717: 	Add #ifdef PURITY
18718: 	[ce1b571ad526]
18719: 
18720: 2008-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
18721: 
18722: 	* auth/bsdauth.c:
18723: 	remove useless cast
18724: 	[494f8a862e1d]
18725: 
18726: 2008-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
18727: 
18728: 	* ChangeLog:
18729: 	sync
18730: 	[f5c97ffaabcc]
18731: 
18732: 	* TODO:
18733: 	sync
18734: 	[96ff1c44c182]
18735: 
18736: 	* sudo.h:
18737: 	Split MODE_* defines into primary and flags.
18738: 	[c02ee3027cb9]
18739: 
18740: 2008-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
18741: 
18742: 	* aix.c:
18743: 	It turns out the logic for getting AIX limits is more convoluted
18744: 	than I realized and differs depending on whether the soft and/or
18745: 	hard limits are defined.
18746: 	[cf8d3f85d395]
18747: 
18748: 2008-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
18749: 
18750: 	* Makefile.in, configure, configure.in:
18751: 	Back out AIX-specific change to set the sudo_noexec path to the .a
18752: 	file, we do really want to use the .so file. Since libtool doesn't
18753: 	do that correctly, just install the .so file ourselves in the
18754: 	Makefile.
18755: 	[05c6f33177d9]
18756: 
18757: 	* install-sh:
18758: 	If the file given to install is a path, only use the basename of the
18759: 	file when building the destination path.
18760: 	[695ba4e429ce]
18761: 
18762: 2008-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
18763: 
18764: 	* sudo.c:
18765: 	parse_args() cleanup: Sort command line options in the getopt()
18766: 	switch The -U option requires a parameter Normalize a few ISSET
18767: 	calls Split mode into mode and flags and retire the now-obsolete
18768: 	excl variable
18769: 	[0d156835f861]
18770: 
18771: 	* WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
18772: 	sudo_usage.h.in:
18773: 	Add -n (non-interactive) flag.
18774: 	[e3e50400d32d]
18775: 
18776: 	* sudo.c:
18777: 	Move version printing, etc. into a separate function.
18778: 	[18c91b476e2c]
18779: 
18780: 	* sudo.c:
18781: 	Don't try to cleanup nsswitch if it has not been initialized.
18782: 	[aeb1ca1b399d]
18783: 
18784: 2008-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
18785: 
18786: 	* logging.c:
18787: 	Block SIGPIPE in send_mail() so sudo is not killed by a problem
18788: 	executing the mailer.
18789: 	[f130e7924cca]
18790: 
18791: 2008-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
18792: 
18793: 	* configure, configure.in:
18794: 	AIX shared libs end in .a, not .so.
18795: 	[a5deb07020d8]
18796: 
18797: 2008-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
18798: 
18799: 	* env.c:
18800: 	Preserve HOME by default too. Matches documentation and previous
18801: 	behavior.
18802: 	[c16f17f1047c]
18803: 
18804: 2008-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
18805: 
18806: 	* sudo.c:
18807: 	Use getopt() to parse the command line. We need to be able to
18808: 	intersperse env variables and options yet still honor "--"" which
18809: 	complicates things slightly.
18810: 	[60f271ce5c16]
18811: 
18812: 2008-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
18813: 
18814: 	* ChangeLog:
18815: 	sync
18816: 	[685e67964eda]
18817: 
18818: 	* acsite.m4, configure, ltmain.sh:
18819: 	update to libtool-1.5.26
18820: 	[4c9a8c3d3b40]
18821: 
18822: 	* config.guess, config.sub:
18823: 	update from libtool-1.5.26 distribution
18824: 	[c6641aef2527]
18825: 
18826: 	* aix.c, sudo.h:
18827: 	attempt to fix compilation errors on AIX
18828: 	[edb13e5b2184]
18829: 
18830: 	* Makefile.in:
18831: 	fix typo in last commit
18832: 	[25ba7f7ceae4]
18833: 
18834: 	* Makefile.in:
18835: 	Add WHATSNEW file to the distribution
18836: 	[213f4115de8f]
18837: 
18838: 	* visudo.c:
18839: 	use warningx instead of fprintf(stderr, ...)
18840: 	[a3494b8ccb19]
18841: 
18842: 	* list.c:
18843: 	add DEBUG to list2tq
18844: 	[115d24a3000c]
18845: 
18846: 	* ChangeLog, TODO:
18847: 	sync
18848: 	[60e6f4d1fac0]
18849: 
18850: 	* WHATSNEW:
18851: 	mention mailfrom
18852: 	[e2498f9e18d6]
18853: 
18854: 	* Makefile.in, aix.c, config.h.in, configure, configure.in,
18855: 	set_perms.c, sudo.h:
18856: 	Add aix_setlimits() to set resource limits on AIX using a
18857: 	combination of getuserattr() and setrlimit(). Currently untested.
18858: 	[9b1441fd89ca]
18859: 
18860: 2008-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
18861: 
18862: 	* def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
18863: 	sudoers.man.in, sudoers.pod:
18864: 	Add mailfrom Defaults option that sets the value of the From: field
18865: 	in the warning/error mail. If unset the login name of the invoking
18866: 	user is used.
18867: 	[029b9f05d3d9]
18868: 
18869: 	* defaults.c:
18870: 	store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
18871: 	[a90e407d5e00]
18872: 
18873: 	* gram.c, gram.y:
18874: 	When adding a default, only call list2tq() once to do the list to tq
18875: 	conversion. It is not legal to call list2tq multiple times on the
18876: 	same list since list2tq consumes and modifies the list argument.
18877: 	[fbc25d245c4a]
18878: 
18879: 	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
18880: 	comment out XXXs for now
18881: 	[595a1d43309d]
18882: 
18883: 	* WHATSNEW:
18884: 	mention askpass
18885: 	[b993e0837c22]
18886: 
18887: 2008-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
18888: 
18889: 	* sudo.c:
18890: 	Error out if both -A and -S are specified Error out if -A is
18891: 	specified but no askpass is configured
18892: 	[24f1df2638f6]
18893: 
18894: 	* configure, configure.in:
18895: 	we are not going to ship a sudo-specific askpass
18896: 	[61949e7a3943]
18897: 
18898: 2008-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
18899: 
18900: 	* sudo.h:
18901: 	fix definition of TGP_ASKPASS
18902: 	[0447c57ba4c3]
18903: 
18904: 	* def_data.c, def_data.in:
18905: 	make askpass boolean-capable
18906: 	[e0885893a325]
18907: 
18908: 	* INSTALL:
18909: 	document --with-askpass
18910: 	[c76e15ba97cf]
18911: 
18912: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
18913: 	sudoers.man.in, visudo.cat:
18914: 	regen
18915: 	[8d16242980b7]
18916: 
18917: 2008-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
18918: 
18919: 	* sudo.pod, sudo_usage.h.in, sudoers.pod:
18920: 	document -A and askpass
18921: 	[02c07505a78c]
18922: 
18923: 	* auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
18924: 	def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
18925: 	sudo_usage.h.in, tgetpass.c:
18926: 	Add support for running a helper program to read the password when
18927: 	no tty is present (or when specified with the -A flag). TODO: docs.
18928: 	[05780f5f71fd]
18929: 
18930: 	* def_data.c, def_data.in:
18931: 	add missing printf format to SELinux role and type strings
18932: 	[2b32774715e7]
18933: 
18934: 2008-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
18935: 
18936: 	* INSTALL, configure, configure.in:
18937: 	Disable use of gss_krb5_ccache_name() by default and add
18938: 	--enable-gss-krb5-ccache-name configure option to enable it. It seems
18939: 	that gss_krb5_ccache_name() doesn't work properly with some
18940: 	combinations of Heimdal and OpenLDAP.
18941: 	[f61ebd3b19bd]
18942: 
18943: 2008-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
18944: 
18945: 	* selinux.c:
18946: 	Ignore setexeccon() failing in permissive mode. Also add a call to
18947: 	setkeycreatecon() (though this is probably insufficient). From Dan
18948: 	Walsh.
18949: 	[52564fc1c069]
18950: 
18951: 	* auth/pam.c:
18952: 	Only set std_prompt for the PAM_PROMPT_* cases. The conversation
18953: 	function may be called for non-password reading purposes so we must
18954: 	be careful not to use def_prompt in cases where it may not be set.
18955: 	[29d88ca575ba]
18956: 
18957: 2008-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
18958: 
18959: 	* selinux.c:
18960: 	Don't free the new tty context, we need to keep it around when we
18961: 	restore the tty context after the command completes
18962: 	[5b4bd39b6ea8]
18963: 
18964: 2008-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
18965: 
18966: 	* selinux.c:
18967: 	s/newrole/sudo/
18968: 	[21b8a96ff8df]
18969: 
18970: 	* sudo.man.pl, sudo.pod:
18971: 	Only put login_cap(3) in SEE ALSO section if we have login.conf
18972: 	support
18973: 	[05250ddff2c0]
18974: 
18975: 2008-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
18976: 
18977: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
18978: 	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
18979: 	regen
18980: 	[301e5c5ccdbe]
18981: 
18982: 	* sudoers.pod:
18983: 	Substitute in comment characters for lines partaining to login.conf,
18984: 	BSD auth and SELinux and only enable them if pertinent.
18985: 	[c1c98fa163ce]
18986: 
18987: 	* sudoers.man.pl:
18988: 	Substitute in comment characters for lines partaining to login.conf,
18989: 	BSD auth and SELinux and only enable them if pertinent.
18990: 	[6c88f30b878a]
18991: 
18992: 	* sudo.pod:
18993: 	Substitute in comment characters for lines partaining to login.conf,
18994: 	BSD auth and SELinux and only enable them if pertinent.
18995: 	[acdbdfd24e1d]
18996: 
18997: 	* sudo.man.pl:
18998: 	Substitute in comment characters for lines partaining to login.conf,
18999: 	BSD auth and SELinux and only enable them if pertinent.
19000: 	[0c56d4750ac3]
19001: 
19002: 	* Makefile.in, configure, configure.in:
19003: 	Substitute in comment characters for lines partaining to login.conf,
19004: 	BSD auth and SELinux and only enable them if pertinent.
19005: 	[9a02bd6a6658]
19006: 
19007: 	* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
19008: 	Remove the =cut on the first line (above the copyright notice) to
19009: 	quiet pod2man. Also remove the hackery in the FILES section and just
19010: 	deal with the fact that there will a newline between each pathname.
19011: 	[2ac1ab191835]
19012: 
19013: 2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
19014: 
19015: 	* Makefile.in:
19016: 	run sudo.man.pl when generating sudo.man.in
19017: 	[859727369168]
19018: 
19019: 	* configure, configure.in, sudo.man.pl:
19020: 	comment out SELinux manual bits unless --with-selinux was specified
19021: 	[97ff4212b649]
19022: 
19023: 	* sudoers.pod:
19024: 	document role and type defaults for SELinux
19025: 	[870f303366b3]
19026: 
19027: 	* sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
19028: 	Document "sudo -ll" and make "sudo -l -l" be equivalent.
19029: 	[3ce6dc429ea3]
19030: 
19031: 2008-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
19032: 
19033: 	* configure, configure.in:
19034: 	Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
19035: 	Debian GNU/kFreeBSD.
19036: 	[c4efa567a328]
19037: 
19038: 2008-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
19039: 
19040: 	* auth/kerb5.c:
19041: 	Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
19042: 	verify_krb_v5_tgt()
19043: 	[f80538e5a6fa]
19044: 
19045: 	* logging.c, logging.h, sudo.c:
19046: 	Remove dependence on VALIDATE_NOT_OK in logging functions. Split
19047: 	log_auth() into log_allowed() and log_denial() Replace mail_auth()
19048: 	with should_mail() and a call to send_mail()
19049: 	[58aac9997557]
19050: 
19051: 2008-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
19052: 
19053: 	* ldap.c:
19054: 	Add debugging so we can tell if the krb5 ccache is accessible
19055: 	[c679322527bb]
19056: 
19057: 	* INSTALL:
19058: 	mention --with-selinux
19059: 	[9efbe0b52194]
19060: 
19061: 2008-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
19062: 
19063: 	* configure:
19064: 	regen
19065: 	[467a834f867c]
19066: 
19067: 	* selinux.c:
19068: 	add Sudo tag
19069: 	[d004ee669bed]
19070: 
19071: 	* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
19072: 	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
19073: 	testsudoers.c, toke.c, toke.l:
19074: 	Add support for SELinux RBAC. Sudoers entries may specify a role and
19075: 	type. There are also role and type defaults that may be used. To
19076: 	make sure a transition occurs, when using RBAC commands are executed
19077: 	via the new sesh binary. Based on initial changes from Dan Walsh.
19078: 	[1d4abfe2c004]
19079: 
19080: 	* sesh.c:
19081: 	Add support for SELinux RBAC. Sudoers entries may specify a role and
19082: 	type. There are also role and type defaults that may be used. To
19083: 	make sure a transition occurs, when using RBAC commands are executed
19084: 	via the new sesh binary. Based on initial changes from Dan Walsh.
19085: 	[1e3b395ce049]
19086: 
19087: 	* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
19088: 	def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
19089: 	pathnames.h.in, selinux.c:
19090: 	Add support for SELinux RBAC. Sudoers entries may specify a role and
19091: 	type. There are also role and type defaults that may be used. To
19092: 	make sure a transition occurs, when using RBAC commands are executed
19093: 	via the new sesh binary. Based on initial changes from Dan Walsh.
19094: 	[6b421948286e]
19095: 
19096: 2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
19097: 
19098: 	* lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
19099: 	Add long list (sudo -ll) support for printing verbose LDAP and
19100: 	sudoers file entries. Still need to update manual.
19101: 	[2875be37935c]
19102: 
19103: 2008-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
19104: 
19105: 	* ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
19106: 	Unify the -l output for file and ldap based sudoers and use lbufs
19107: 	for both. The ldap output does not currently include options that
19108: 	cannot be represented as tags. This will be remedied in a long list
19109: 	output mode to come.
19110: 	[b2e429456596]
19111: 
19112: 2008-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
19113: 
19114: 	* set_perms.c:
19115: 	Use a specific error message for errno == EAGAIN when setuid() et al
19116: 	fails. On Linux systems setuid() will fail with errno set to EAGAIN
19117: 	if changing to the new uid would result in a resource limit
19118: 	violation.
19119: 	[08d0aecd9f03]
19120: 
19121: 	* sudo.c:
19122: 	Unlimit nproc on Linux systems where calling the setuid() family of
19123: 	syscalls causes the nroc resource limit to be checked. The limits
19124: 	will be reset by pam_limits.so when PAM is used. In the non-PAM case
19125: 	the nproc limit will remain unlimited but there doesn't seem to be a
19126: 	way around that other than having sudo parse
19127: 	/etc/security/limits.conf directly.
19128: 	[df024b415a8d]
19129: 
19130: 	* env.c, sudo.c, sudo.pod:
19131: 	Only read /etc/environment on Linux and AIX
19132: 	[90669e2aefdb]
19133: 
19134: 2008-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
19135: 
19136: 	* configure, configure.in:
19137: 	Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
19138: 	ldap.conf and ldap.secret paths from going into config.h. Avoid
19139: 	single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
19140: 	since in some versions of bash they will end up literally in the
19141: 	resulting define.
19142: 	[25390f3ef10a]
19143: 
19144: 2008-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
19145: 
19146: 	* README.LDAP:
19147: 	mention --with-nsswitch=no
19148: 	[c509df927263]
19149: 
19150: 	* configure, configure.in:
19151: 	ldap_ssl.h depends on ldap.h being included first
19152: 	[d96d90e9b21f]
19153: 
19154: 	* config.h.in, configure, configure.in, ldap.c:
19155: 	Include ldap_ssl.h if we can find it. Needed for the
19156: 	ldapssl_set_strength defines on HP-UX at least.
19157: 	[9e530470948a]
19158: 
19159: 	* sudoers.ldap.pod:
19160: 	sync
19161: 	[b9d101f4673a]
19162: 
19163: 	* TODO:
19164: 	sync
19165: 	[2ce951b2ecd0]
19166: 
19167: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
19168: 	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
19169: 	regen
19170: 	[b61d793987e0]
19171: 
19172: 	* Makefile.in:
19173: 	Use 78n line length when formatting cat pages.
19174: 	[761bee9d5759]
19175: 
19176: 	* README.LDAP:
19177: 	Remove redundant info that is now in sudoers.ldap.pod
19178: 	[01828dcce59e]
19179: 
19180: 2008-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
19181: 
19182: 	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
19183: 	Reorganize the first section a bit. Substitute the proper path for
19184: 	/etc/sudoers.
19185: 	[11ae165e065d]
19186: 
19187: 	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
19188: 	Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
19189: 	schema into EXAMPLES
19190: 	[ab6509d1dde7]
19191: 
19192: 	* configure, configure.in:
19193: 	Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
19194: 	sudoers.ldap.man.
19195: 	[6e689972f465]
19196: 
19197: 	* configure, configure.in:
19198: 	substitute for sudoers.ldap.man
19199: 	[5a4a25766dee]
19200: 
19201: 	* Makefile.in:
19202: 	Fix cut & pasto introduced when adding sudoers.ldap man page.
19203: 	[a7b069af8894]
19204: 
19205: 	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
19206: 	Fill in some of the missing pieces. Still needs some reorganization
19207: 	and editing.
19208: 	[5e7331722166]
19209: 
19210: 2008-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
19211: 
19212: 	* Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
19213: 	sudoers.ldap.pod:
19214: 	Beginnings of a sudoers.ldap man page. Currently, much of the
19215: 	information is adapted from README.LDAP.
19216: 	[aad28c8a922d]
19217: 
19218: 2008-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
19219: 
19220: 	* pwutil.c:
19221: 	When copying gr_mem we must guarantee that the storage space for
19222: 	gr_mem is properly aligned. The simplest way to do this is to simply
19223: 	store gr_mem directly after struct group. This is not a problem for
19224: 	gr_passwd or gr_name as they are simple strings.
19225: 	[af58fc76f1ed]
19226: 
19227: 	* ldap.c:
19228: 	Fix a typo/thinko in one of the calls to
19229: 	sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
19230: 	[70b2eb8097f5]
19231: 
19232: 2008-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
19233: 
19234: 	* config.h.in, configure, configure.in, ldap.c:
19235: 	include <mps/ldap_ssl.h> in ldap.c if available
19236: 	[34346206ef16]
19237: 
19238: 2008-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
19239: 
19240: 	* gram.c, gram.y:
19241: 	Make sure we define SIZE_MAX for yacc's skeleton.c
19242: 	[d8a45c7a3c42]
19243: 
19244: 	* tgetpass.c:
19245: 	Use TCSAFLUSH when restoring terminal settings (and echo) to
19246: 	guarantee that any pending output is discarded
19247: 	[549a184479e5]
19248: 
19249: 2008-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
19250: 
19251: 	* sudoers:
19252: 	no longer need to specify SETENV when user has sudo ALL
19253: 	[3051b41f8032]
19254: 
19255: 	* testsudoers.c:
19256: 	sync user_args size calculation with sudo.c Add -g group option,
19257: 	renaming old -g to -G Add set_runasgr() and set_runaspw() and use
19258: 	them
19259: 	[0850325180f0]
19260: 
19261: 	* sudo.c, sudo.h:
19262: 	Make set_runaspw static void
19263: 	[5d44d7a340ce]
19264: 
19265: 	* testsudoers.c, visudo.c:
19266: 	g/c set_runaspw stub
19267: 	[79ebb5e2cc38]
19268: 
19269: 	* configure, configure.in:
19270: 	Don't add -llber twice.
19271: 	[4356d302eef4]
19272: 
19273: 2008-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
19274: 
19275: 	* ldap.c:
19276: 	fix typo
19277: 	[249cecc557e9]
19278: 
19279: 2008-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
19280: 
19281: 	* gram.c:
19282: 	regen
19283: 	[2f94ea375b67]
19284: 
19285: 	* configure, configure.in:
19286: 	Fix check that determines whether -llber is required.
19287: 	[6afa99523379]
19288: 
19289: 	* README.LDAP, config.h.in, configure, configure.in, ldap.c:
19290: 	For netscape-based LDAP, use ldapssl_set_strength() to implement the
19291: 	checkpeer ldap.conf option.
19292: 	[16ae24d73795]
19293: 
19294: 	* auth/kerb5.c:
19295: 	Delay krb5_cc_initialize() until we actually need to use the cred
19296: 	cache, which is what krb5_verify_user() does. Better cleanup on
19297: 	failure.
19298: 	[d12e5f1695b8]
19299: 
19300: 2008-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
19301: 
19302: 	* auth/kerb5.c:
19303: 	Rewrite verify_krb_v5_tgt() based on what heimdal's
19304: 	krb5_verify_user() does.
19305: 	[05b5815f86c9]
19306: 
19307: 2008-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
19308: 
19309: 	* gram.c:
19310: 	The U suffix on constants is an ANSI feature
19311: 	[c6dfce3167f1]
19312: 
19313: 	* configure, configure.in:
19314: 	Add check for ber_set_option() in -llber
19315: 	[43d0c0566074]
19316: 
19317: 2008-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
19318: 
19319: 	* README.LDAP:
19320: 	default if no nsswitch.conf is files only
19321: 	[c13001d9c998]
19322: 
19323: 2008-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
19324: 
19325: 	* README.LDAP:
19326: 	don't tell people to mail aaron about LDAP stuff
19327: 	[8165ec1ef0c6]
19328: 
19329: 	* README.LDAP:
19330: 	timelimit and bind_timelimit
19331: 	[44f74cbed167]
19332: 
19333: 	* ChangeLog:
19334: 	sync
19335: 	[aba1a0ab02bd]
19336: 
19337: 	* ldap.c:
19338: 	Move ldap.secret reading into a separate function.
19339: 	[1948acc9f7a4]
19340: 
19341: 	* check.c:
19342: 	user_runas -> runas_pw
19343: 	[334490fc2bae]
19344: 
19345: 2008-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
19346: 
19347: 	* TODO:
19348: 	sync
19349: 	[c7b165cc47c6]
19350: 
19351: 	* check.c, sudo.pod, sudoers.pod:
19352: 	Add and document the %p escape in the password prompt. Based on a
19353: 	patch from Patrick Schoenfeld.
19354: 	[3972d4f31ffa]
19355: 
19356: 	* ldap.c:
19357: 	Check strlcpy() return values.
19358: 	[9b42f3ae8ff1]
19359: 
19360: 	* ldap.c:
19361: 	refactor ldap binding code into sudo_ldap_bind_s()
19362: 	[cb0c66a4d955]
19363: 
19364: 	* README.LDAP:
19365: 	Make it clear that host and uri can take multiple parameters. URI is
19366: 	now supported for more than just openldap nsswitch.conf does't
19367: 	accept "compat"
19368: 	[f610dea656d6]
19369: 
19370: 	* sudo.c:
19371: 	comment cleanup and update (c) year
19372: 	[6cd69c810ca5]
19373: 
19374: 	* parse.c, sudo_nss.c:
19375: 	Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
19376: 	This should make it possible to build an LDAP-only sudo binary.
19377: 	[61c3f27066a0]
19378: 
19379: 	* ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
19380: 	Improve chaining of multiple sudoers sources by passing in the
19381: 	previous return value to the next in the chain
19382: 	[2c0b722b1b2d]
19383: 
19384: 	* gram.y:
19385: 	Free up parser data structures in sudo_file_close().
19386: 	[2251531d4519]
19387: 
19388: 	* gram.c, parse.c:
19389: 	Free up parser data structures in sudo_file_close().
19390: 	[8371f130f401]
19391: 
19392: 	* ldap.c:
19393: 	Parse uri ourself if no ldap_initialize() is present Use
19394: 	ldap_create() instead of deprecated ldap_init() Use
19395: 	ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
19396: 	[85d3825b1953]
19397: 
19398: 	* config.h.in, configure, configure.in:
19399: 	Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
19400: 	CFLAGS
19401: 	[240524512bc5]
19402: 
19403: 2008-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
19404: 
19405: 	* config.h.in, configure, configure.in:
19406: 	add check for ldap_create
19407: 	[3089badd73b8]
19408: 
19409: 2008-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
19410: 
19411: 	* config.h.in, configure, configure.in, ldap.c:
19412: 	Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
19413: 	dn using the mechanism appropriate for the LDAP SDK in use. Use
19414: 	ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
19415: 	ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
19416: 	[6deeca3d00cc]
19417: 
19418: 	* lbuf.c:
19419: 	include unistd.h
19420: 	[8419ed0bae7f]
19421: 
19422: 	* config.h.in, configure.in:
19423: 	fix typo in mtim_getnsec
19424: 	[2d5f21230a60]
19425: 
19426: 2008-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
19427: 
19428: 	* config.h.in, configure, configure.in:
19429: 	add check for st__tim in struct stat as used by SCO
19430: 	[587060ea2a89]
19431: 
19432: 	* ldap.c:
19433: 	use ldap_search_ext_s instead of deprecated ldap_search_s
19434: 	[5fc44fe3b44c]
19435: 
19436: 	* Makefile.in, TODO, sudo.cat, sudo.man.in:
19437: 	add sudo_nss.h to HDRS
19438: 	[86f01a70ff29]
19439: 
19440: 	* ldap.c:
19441: 	Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
19442: 	ldap_rdn2str().
19443: 	[aa217002cfae]
19444: 
19445: 2008-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
19446: 
19447: 	* ldap.c:
19448: 	Use ldap_get_values_len()/ldap_value_free_len() instead of the
19449: 	deprecated ldap_get_values()/ldap_value_free().
19450: 	[e22dceb85e57]
19451: 
19452: 	* ChangeLog:
19453: 	sync
19454: 	[adad27b36107]
19455: 
19456: 	* TODO:
19457: 	sync
19458: 	[c449eb47e0ef]
19459: 
19460: 	* gettime.c, sudo.c:
19461: 	Remove some already fixed XXXs
19462: 	[532788d0e6da]
19463: 
19464: 	* ldap.c:
19465: 	Same return value as non-existent sudoers if LDAP was unable to
19466: 	connect.
19467: 	[5819810e8e4e]
19468: 
19469: 	* sudo.pod:
19470: 	mention /etc/environment
19471: 	[ea8e6102f853]
19472: 
19473: 	* README.LDAP, UPGRADE, WHATSNEW:
19474: 	Update to reflect recent developments.
19475: 	[ed1fb026fe77]
19476: 
19477: 	* sudo.c:
19478: 	Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
19479: 	[55b68a58260d]
19480: 
19481: 	* ldap.c:
19482: 	When building up a query don't list groups in the aux group vector
19483: 	that are the same as the passwd file group. On most systems the
19484: 	first gid in the group vector is the same as the passwd entry gid.
19485: 	[4bb51e297e0d]
19486: 
19487: 	* env.c, ldap.c:
19488: 	Define LDAPNOINIT before calling ldap_init(), etc. to disable user
19489: 	ldaprc and system defaults that could affect how LDAP works.
19490: 	[ce5036440db2]
19491: 
19492: 	* INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
19493: 	sudo_nss.c, sudo_nss.h:
19494: 	Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
19495: 	to specify nsswitch.conf path or disable it. If --with-nsswitch=no
19496: 	but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
19497: 	file and --with-ldap-secret-file
19498: 	[ea5d7704381f]
19499: 
19500: 	* parse.c:
19501: 	Honor def_ignore_local_sudoers
19502: 	[f38e1121fae1]
19503: 
19504: 2007-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
19505: 
19506: 	* ldap.c:
19507: 	no longer need to check def_ignore_local_sudoers here
19508: 	[fce2a72f96fb]
19509: 
19510: 	* parse.c:
19511: 	Refactor group vector resetting into a function and also call it
19512: 	from display_cmnd. Stop after the first sucessful match in
19513: 	display_cmnd. Print a newline between each display_privs method.
19514: 	[981b37b5adff]
19515: 
19516: 	* parse.c:
19517: 	fix double free introduced in rev 1.218
19518: 	[c574b02d8747]
19519: 
19520: 	* ldap.c:
19521: 	belt and suspenders; zero out result after freeing it
19522: 	[7732988d4620]
19523: 
19524: 	* env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
19525: 	Refactor line reading into a separate function, sudo_parseln(),
19526: 	which removes comments, leading/trailing whitespace and newlines.
19527: 	May want to rethink the use of sudo_parseln() for /etc/ldap.secret
19528: 	[61d9068f0645]
19529: 
19530: 	* parse.c, sudo.c:
19531: 	Make the inability to read the sudoers file a non-fatal error if
19532: 	there are other sudoers sources available. sudoers_file_lookup now
19533: 	returns "not OK" if sudoers was not present
19534: 	[643babf597a8]
19535: 
19536: 	* ldap.c:
19537: 	make it clear that the global options are from LDAP
19538: 	[9ff950349463]
19539: 
19540: 	* logging.c:
19541: 	allocate proper amount of space for error string
19542: 	[8bebb7d46d19]
19543: 
19544: 	* sudo_nss.c, sudo_nss.h:
19545: 	actual sudo nss code
19546: 	[5bd7d52d7738]
19547: 
19548: 	* ldap.c, parse.c, sudo.c, sudo.h:
19549: 	nss-ify display_privs and display_cmnd.
19550: 	[cccfdd3253f2]
19551: 
19552: 	* defaults.c, parse.c, testsudoers.c, visudo.c:
19553: 	move update_defaults() to parse.c
19554: 	[ace144b958a9]
19555: 
19556: 	* Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
19557: 	Use nsswitch to hide some sudoers vs. ldap implementation details
19558: 	and reduce the number of #ifdef LDAP TODO: fix display routines and
19559: 	error handling
19560: 	[6225edde89a6]
19561: 
19562: 2007-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
19563: 
19564: 	* Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
19565: 	First cut at nsswitch.conf support. Further reorganizaton and
19566: 	related changes are forthcoming.
19567: 	[717f59d0790b]
19568: 
19569: 2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
19570: 
19571: 	* env.c, pathnames.h.in, sudo.c, sudo.h:
19572: 	Add support for reading and /etc/environment file. Still needs to be
19573: 	documented and should probably only applies to OSes that have it
19574: 	(AIX and Linux, maybe others).
19575: 	[15d3edae27e4]
19576: 
19577: 	* ldap.c:
19578: 	include limits.h
19579: 	[e19875ef0f82]
19580: 
19581: 2007-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
19582: 
19583: 	* WHATSNEW:
19584: 	reword LDAP SASL
19585: 	[7ec3c4ec31b5]
19586: 
19587: 2007-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
19588: 
19589: 	* TODO:
19590: 	sync
19591: 	[87c5a7aea7bf]
19592: 
19593: 	* README.LDAP:
19594: 	Add an example sudoRole, clarify netscape vs. openldap a bit more
19595: 	[6f96c0ca8107]
19596: 
19597: 	* README.LDAP:
19598: 	Be clear on what is OpenLDAP vs. Netscape-derived
19599: 	[a33c8314dec5]
19600: 
19601: 	* config.h.in, configure, configure.in, ldap.c:
19602: 	Use ldapssl_init() for ldaps support instead of trying to do it
19603: 	manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
19604: 	and tls_key for cert7.db and key3.db respectively. Don't print
19605: 	debugging info for options that are not set. Add warning if
19606: 	start_tls specified when not supported.
19607: 	[abb62dc7e4a3]
19608: 
19609: 	* ldap.c:
19610: 	fix compilation on solaris
19611: 	[03d449684e80]
19612: 
19613: 	* Makefile.in:
19614: 	add missing .h and .c files for missing lib objs
19615: 	[8b37825bdfc7]
19616: 
19617: 2007-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
19618: 
19619: 	* ldap.c:
19620: 	fix LDAP_OPT_NETWORK_TIMEOUT setting
19621: 	[226eba89c0ad]
19622: 
19623: 	* ldap.c:
19624: 	fix compilation on Solaris
19625: 	[917d47639eb6]
19626: 
19627: 2007-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
19628: 
19629: 	* configure, configure.in:
19630: 	fix typo
19631: 	[009d5c81b225]
19632: 
19633: 	* README.LDAP:
19634: 	try to clear up which variables are for OpenLDAP and which are for
19635: 	netscape-derived SDKs
19636: 	[f8d9823ee73c]
19637: 
19638: 	* config.h.in, configure, configure.in, ldap.c:
19639: 	Add support for "ssl on" in both netscape and openldap flavors. Only
19640: 	the OpenLDAP flavor has been tested.
19641: 	[952745829ec5]
19642: 
19643: 	* logging.c, sudo.c, sudo.h:
19644: 	Call cleanup() before exit in log_error() instead of calling
19645: 	sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
19646: 	[da02d1b67a2c]
19647: 
19648: 	* sudo.c:
19649: 	ld -> ldap_conn
19650: 	[01afa6d927cc]
19651: 
19652: 2007-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
19653: 
19654: 	* logging.c, sudo.c, sudo.h:
19655: 	Better ldap cleanup.
19656: 	[25b9abe2d617]
19657: 
19658: 	* ldap.c:
19659: 	Distinguish between LDAP conf settings that are connection-specific
19660: 	(which take an ld pointer) and those that are default settings
19661: 	(which do not).
19662: 	[d48dc6c9c3b4]
19663: 
19664: 2007-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
19665: 
19666: 	* ldap.c:
19667: 	Improved warnings on error.
19668: 	[c8dce7b4feb4]
19669: 
19670: 	* ldap.c:
19671: 	Make ldap config table driven and set the config *after* we open the
19672: 	connection.
19673: 	[d9698b5a2681]
19674: 
19675: 2007-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
19676: 
19677: 	* ldap.c:
19678: 	fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
19679: 	[598c6df06660]
19680: 
19681: 	* configure, configure.in:
19682: 	some operating systems need to link with -lkrb5support when using
19683: 	krb5
19684: 	[8896365dde9e]
19685: 
19686: 2007-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
19687: 
19688: 	* WHATSNEW:
19689: 	minor update
19690: 	[acfeeb7f4886]
19691: 
19692: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
19693: 	regen
19694: 	[a3c6699674f9]
19695: 
19696: 2007-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
19697: 
19698: 	* ChangeLog, TODO:
19699: 	sync
19700: 	[138e99b925ee]
19701: 
19702: 	* ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
19703: 	add -g support for LDAP
19704: 	[8fc27dbe9287]
19705: 
19706: 2007-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
19707: 
19708: 	* WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
19709: 	The -i and -s flags can now take an optional command.
19710: 	[6afec104ee77]
19711: 
19712: 2007-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
19713: 
19714: 	* auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
19715: 	sudoers.pod:
19716: 	Add passprompt_override flag to sudoers that will cause the prompt
19717: 	to be overridden in all cases. This flag is also set when the user
19718: 	specifies the -p flag.
19719: 	[e4c5402131a6]
19720: 
19721: 	* sudo.c:
19722: 	Move setting of login class until after sudoers has been parsed. Set
19723: 	NewArgv[0] for -i after runas_pw has been set.
19724: 	[62a48c8c56fa]
19725: 
19726: 	* configure, configure.in:
19727: 	Move the dgettext check.
19728: 	[5fd8a4712d1c]
19729: 
19730: 2007-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
19731: 
19732: 	* auth/pam.c, config.h.in, configure, configure.in:
19733: 	Add basic support for looking up the string "Password: " in the PAM
19734: 	localized text db. This allows us to determine whether the PAM
19735: 	prompt is the default "Password: " one even if it has been
19736: 	localized.
19737: 
19738: 	TODO: concatenate non-std PAM prompts and user-specified sudo
19739: 	prompts.
19740: 	[81c25a415d41]
19741: 
19742: 2007-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
19743: 
19744: 	* Makefile.in, config.h.in, configure, configure.in, parse.c,
19745: 	set_perms.c, sudo.c, sudo.h:
19746: 	Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
19747: 	insufficient.
19748: 	[1cce6ec1a91e]
19749: 
19750: 	* acsite.m4, configure, interfaces.c, memrchr.c:
19751: 	Fix typos; Martynas Venckus
19752: 	[be1233cca11a]
19753: 
19754: 2007-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
19755: 
19756: 	* set_perms.c:
19757: 	Don't assume runas_pw is set; it may not be in the -g case.
19758: 	[aa11bd2193ac]
19759: 
19760: 2007-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
19761: 
19762: 	* logging.c, set_perms.c:
19763: 	Set aux group vector for PERM_RUNAS and restore group vector for
19764: 	PERM_ROOT if we previously changed it. Stash the runas group vector
19765: 	so we don't have to call initgroups more than once. Also add no-op
19766: 	check to check_perms.
19767: 	[53837fc755f7]
19768: 
19769: 2007-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
19770: 
19771: 	* WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
19772: 	ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
19773: 	pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
19774: 	sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
19775: 	testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
19776: 	Add support for runas groups. This allows the user to run a command
19777: 	with a different effective group. If the -g option is specified
19778: 	without -u the command will be run as the current user (only the
19779: 	group will change). the -g and -u options may be used together.
19780: 	TODO: implement runas group for ldap improve runas group
19781: 	documentation add testsudoers support
19782: 	[9019309df6d0]
19783: 
19784: 	* configure, configure.in:
19785: 	fix setting of mandir
19786: 	[2c60f269399f]
19787: 
19788: 	* sudo.pod, sudoers.pod:
19789: 	document that ALL implies SETENV
19790: 	[bcc8e5b703b9]
19791: 
19792: 	* ldap.c:
19793: 	s/setenv_ok/setenv_implied/g
19794: 	[f005df2c2eea]
19795: 
19796: 	* ldap.c:
19797: 	hostname_matches() returns TRUE on match in sudo 1.7.
19798: 	[c3d4377b6e8b]
19799: 
19800: 	* ldap.c:
19801: 	use strcmp, not strcasecmp when comparing ALL
19802: 	[e486024574a1]
19803: 
19804: 	* ldap.c:
19805: 	Make sudo ALL imply setenv. Note that unlike with file-based sudoers
19806: 	this does affect all the commands in the sudoRole.
19807: 	[bc12f54321d1]
19808: 
19809: 	* gram.c, gram.y, parse.c, parse.h:
19810: 	sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
19811: 	it is not passed on to other commands in the list.
19812: 	[026e2cb40680]
19813: 
19814: 	* visudo.c:
19815: 	Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
19816: 	sudo_getpwuid() instead of getpwuid().
19817: 	[86f30a8fbd49]
19818: 
19819: 2007-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
19820: 
19821: 	* sudoers:
19822: 	Expand on the dangers of not using visudo to edit sudoers.
19823: 	[e434e8057d02]
19824: 
19825: 2007-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
19826: 
19827: 	* parse.c:
19828: 	Don't quote *?[]! on output since the lexer does not strip off the
19829: 	backslash when reading those in.
19830: 	[561da4a13afa]
19831: 
19832: 2007-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
19833: 
19834: 	* glob.c:
19835: 	expand "u_foo" types to "unsigned foo" to avoid compatibility
19836: 	issues.
19837: 	[b0d7c64d78c3]
19838: 
19839: 2007-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
19840: 
19841: 	* logging.c:
19842: 	Refactor log line generation in to new_logline().
19843: 	[6a9b9730615d]
19844: 
19845: 2007-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
19846: 
19847: 	* TROUBLESHOOTING:
19848: 	fix typo
19849: 	[9e19d4f86e47]
19850: 
19851: 2007-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
19852: 
19853: 	* config.h.in, configure, configure.in, interfaces.c, interfaces.h,
19854: 	match.c:
19855: 	Add configure check for struct in6_addr instead of relying on
19856: 	AF_INET6 since some systems define AF_INET6 but do not include IPv6
19857: 	support.
19858: 	[e24082c416bd]
19859: 
19860: 2007-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
19861: 
19862: 	* configure, configure.in:
19863: 	Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
19864: 	use.
19865: 	[76a9df4a63be]
19866: 
19867: 2007-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
19868: 
19869: 	* configure, configure.in:
19870: 	POSIX states that struct timespec be declared in time.h so check
19871: 	there regardless of the value of TIME_WITH_SYS_TIME.
19872: 	[e42c55ec9daf]
19873: 
19874: 2007-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
19875: 
19876: 	* tgetpass.c:
19877: 	Instead of defining a macro to call the appropriate method for
19878: 	turning on/off echo, just define tc[gs]etattr() and the related
19879: 	defines that use the correct terminal ioctls if needed. Also go back
19880: 	to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
19881: 	[5dfb2379d995]
19882: 
19883: 2007-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
19884: 
19885: 	* Makefile.in:
19886: 	g/c @ALLOCA@
19887: 	[e6946c2e3820]
19888: 
19889: 	* configure:
19890: 	regen
19891: 	[9bac7159a138]
19892: 
19893: 	* INSTALL, auth/pam.c, config.h.in, configure.in:
19894: 	Add --disable-pam-session configure option to disable calling
19895: 	pam_{open,close}_session. May work around bugs in some PAM
19896: 	implementations.
19897: 	[273d0fdb4a9d]
19898: 
19899: 2007-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
19900: 
19901: 	* tgetpass.c:
19902: 	quiet gcc warnings
19903: 	[325565c5a579]
19904: 
19905: 	* tgetpass.c:
19906: 	Avoid printing the prompt if we are already backgrounded. E.g. if
19907: 	the user runs "sudo foo &" from the shell. In this case, the call to
19908: 	tcsetattr() will cause SIGTTOU to be delivered.
19909: 	[db2139a8d8b8]
19910: 
19911: 2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
19912: 
19913: 	* def_data.c, def_data.h, def_data.in:
19914: 	Reorder things such that the definition of env_reset come right
19915: 	before the env variable lists.
19916: 	[e0d8e22a581a]
19917: 
19918: 	* parse.h:
19919: 	Shrink type and seqno in struct alias from int to u_short
19920: 	[9425263dd565]
19921: 
19922: 	* alias.c, match.c, parse.c, parse.h:
19923: 	Add a sequence number in the aliases for loop detection. If we find
19924: 	an alias with the seqno already set to the current (global) value we
19925: 	know we've visited it before so ignore it.
19926: 	[301a0548ffff]
19927: 
19928: 2007-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
19929: 
19930: 	* TODO, auth/pam.c, sudo.c, sudo.h:
19931: 	PAM wants the full tty path so add user_ttypath which holds the full
19932: 	path to the tty or is NULL if no tty was present.
19933: 	[c7c1dd4b36c8]
19934: 
19935: 	* auth/pam.c:
19936: 	Set PAM_RHOST to work around a bug in Solaris 7 and lower that
19937: 	results in a segv.
19938: 	[3a8865b3a357]
19939: 
19940: 2007-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
19941: 
19942: 	* gram.c:
19943: 	regen
19944: 	[5647be127950]
19945: 
19946: 	* alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
19947: 	parse.h, testsudoers.c, visudo.c:
19948: 	rename lh_ -> tq_
19949: 	[8f500c542c4a]
19950: 
19951: 2007-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
19952: 
19953: 	* alloc.c:
19954: 	remove some useless casts
19955: 	[409a448b23f5]
19956: 
19957: 	* alloc.c:
19958: 	pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
19959: 	predates the final C99 spec and the standard specifies that it shall
19960: 	include stdint.h anyway
19961: 	[ae478fdef61a]
19962: 
19963: 2007-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
19964: 
19965: 	* Makefile.in, alloca.c, configure.in:
19966: 	Since we ship with a pre-generated parser there is no need to ship a
19967: 	bogus alloca implementation.
19968: 	[3f611a7cc0e5]
19969: 
19970: 	* configure:
19971: 	regen
19972: 	[771eccf5269c]
19973: 
19974: 	* configure.in:
19975: 	remove initial setting of CHECKSIA, we require that it be unset if
19976: 	not used
19977: 	[a2e91adc5aa2]
19978: 
19979: 	* Makefile.in:
19980: 	add list.c to SRCS
19981: 	[7db0e56cf5b9]
19982: 
19983: 	* configure:
19984: 	regen
19985: 	[3716ec30172e]
19986: 
19987: 	* configure.in:
19988: 	only do SIA checks on Digital Unix
19989: 	[6a96e1af2597]
19990: 
19991: 2007-09-05  Todd C. Miller  <Todd.Miller@courtesan.com>
19992: 
19993: 	* sudoers.cat, sudoers.man.in:
19994: 	regen
19995: 	[ac1dc29de72b]
19996: 
19997: 	* ChangeLog, TODO:
19998: 	sync
19999: 	[781effce0a2d]
20000: 
20001: 	* auth/kerb5.c:
20002: 	Remove call to krb5_cc_register() as it is not needed for modern
20003: 	kerb5.
20004: 	[351b8b764f16]
20005: 
20006: 	* configure:
20007: 	regen
20008: 	[ac21dbcc9c2c]
20009: 
20010: 	* aclocal.m4, configure.in:
20011: 	New method for setting the default authentication type and avoiding
20012: 	conflicts in auth types.
20013: 	[5fb15be11f78]
20014: 
20015: 	* match.c, parse.c, testsudoers.c:
20016: 	Each entry in a cmndlist now has an associated runaslist so no need
20017: 	to keep track of the most recent non-NULL one.
20018: 	[582e015786b0]
20019: 
20020: 2007-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
20021: 
20022: 	* ldap.c:
20023: 	back out partial ldaps support mistakenly committed
20024: 	[357703e94b2d]
20025: 
20026: 	* ldap.c:
20027: 	Add support for unix groups and netgroups in sudoRunas
20028: 	[2f04eb91c6d0]
20029: 
20030: 2007-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
20031: 
20032: 	* sudo_edit.c:
20033: 	Fix sudoedit of a non-existent file. From Tilo Stritzky.
20034: 	[a5488a03bddd]
20035: 
20036: 2007-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
20037: 
20038: 	* configure:
20039: 	regen
20040: 	[541177376ee1]
20041: 
20042: 	* INSTALL:
20043: 	update --passprompt escape info
20044: 	[6d57db4cd538]
20045: 
20046: 	* configure.in:
20047: 	remove now-bogus comment and update copyright date
20048: 	[6a4af45fa331]
20049: 
20050: 	* configure.in:
20051: 	Fix up use of with_passwd
20052: 	[7c79d8640f77]
20053: 
20054: 	* acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
20055: 	Update to autoconf-2.61 andf libtool-1.5.24
20056: 	[045259b0b439]
20057: 
20058: 	* Makefile.in:
20059: 	"cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
20060: 	[f5b6a7afb817]
20061: 
20062: 2007-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
20063: 
20064: 	* gram.c:
20065: 	regen
20066: 	[b5b78e71d2cb]
20067: 
20068: 	* gram.y:
20069: 	move tags and runaslist propagation to be earlier
20070: 	[94f7805f4489]
20071: 
20072: 	* visudo.c:
20073: 	If -f flag given use the permissions of the original file as a
20074: 	template
20075: 	[9303d22bddb0]
20076: 
20077: 	* gram.y:
20078: 	prevent a double free() when re-initing the parser
20079: 	[5b3907c4de5a]
20080: 
20081: 2007-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
20082: 
20083: 	* configure:
20084: 	regen
20085: 	[49a90b19a17d]
20086: 
20087: 	* aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
20088: 	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
20089: 	auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
20090: 	configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
20091: 	parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
20092: 	sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
20093: 	Remove support for compilers that don't support void *
20094: 	[35e1d01ae197]
20095: 
20096: 	* gram.c:
20097: 	regen
20098: 	[70ce412a458a]
20099: 
20100: 	* Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
20101: 	parse.c, parse.h, testsudoers.c, visudo.c:
20102: 	Move list manipulation macros to list.h and create C versions of the
20103: 	more complex ones in list.c. The names have been down-cased so they
20104: 	appear more like normal functions.
20105: 	[9cea0e281148]
20106: 
20107: 	* Makefile.in:
20108: 	Fix cmp command when regenerating parser. Make gram.o the first
20109: 	dependency for all programs so gram.h will be generated before
20110: 	anything that needs it.
20111: 	[429ea065abf1]
20112: 
20113: 	* gram.y, parse.h:
20114: 	Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
20115: 	[2f3433833589]
20116: 
20117: 	* match.c, parse.c, testsudoers.c:
20118: 	Use LH_FOREACH_REV when checking permission and short-circuit on the
20119: 	first non-UNSPEC hit we get for the command. This means that instead
20120: 	of cycling through the all the parsed sudoers entries we start at
20121: 	the end and work backwards and quit after the first positive or
20122: 	negative match.
20123: 	[881474532f3e]
20124: 
20125: 	* gram.c:
20126: 	regen
20127: 	[9152a19d4188]
20128: 
20129: 	* defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
20130: 	Change list head macros to take a pointer, not a struct.
20131: 	[054f1dcce4cc]
20132: 
20133: 	* gram.c:
20134: 	regen
20135: 	[be154aae6235]
20136: 
20137: 	* gram.y:
20138: 	Propagate the runasspec from one command to the next in a cmndspec.
20139: 	[4957b1cb03a3]
20140: 
20141: 2007-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
20142: 
20143: 	* match.c:
20144: 	Replace has_meta() with a macro that calls strpbrk().
20145: 	[a2e58846a542]
20146: 
20147: 	* regen
20148: 	[5a932a5c9451]
20149: 
20150: 	* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
20151: 	testsudoers.c, visudo.c:
20152: 	Use a list head struct when storing the semi-circular lists and
20153: 	convert to tail queues in the process. This will allow us to reverse
20154: 	foreach loops more easily and it makes it clearer which functions
20155: 	expect a list as opposed to a single member.
20156: 
20157: 	Add macros for manipulating lists. Some of these should become
20158: 	functions.
20159: 
20160: 	When freeing up a list, just pop off the last item in the queue
20161: 	instead of going from head to tail. This is simpler since we don't
20162: 	have to stash a pointer to the next member, we always just use the
20163: 	last one in the queue until the queue is empty.
20164: 
20165: 	Rename match functions that take a list to have list in the name.
20166: 	Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
20167: 	[7c37b271607a]
20168: 
20169: 	* parse.c:
20170: 	Fix pasto, append "!" not negated (which is an int) for sudo -l
20171: 	output.
20172: 	[93a444c3997f]
20173: 
20174: 	* Makefile.in:
20175: 	Remove the dependency of gram .h on gram.y, the .c dependency is
20176: 	enough. Only move y.tab.h to gram.h if it is different; avoids
20177: 	needless rebuilding.
20178: 	[67bf4ea2a2e5]
20179: 
20180: 2007-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
20181: 
20182: 	* sudoers.pod:
20183: 	Defaults lines may be associated with lists of users, hosts,
20184: 	commands and runas users, not just single entries.
20185: 	[795effacb6be]
20186: 
20187: 2007-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
20188: 
20189: 	* Makefile.in:
20190: 	Revert the "cmp" portion of the last diff, it doesn't make sense.
20191: 	[26f34bf4e2e3]
20192: 
20193: 	* Makefile.in:
20194: 	Remove *.lo for clean: When generating the parser, only move the
20195: 	generated files into place if they differ from the existing ones.
20196: 	[84673fea371b]
20197: 
20198: 2007-08-25  Todd C. Miller  <Todd.Miller@courtesan.com>
20199: 
20200: 	* toke.c, toke.l:
20201: 	Replace IPV6 regexp with a much simpler (readable) one and add an
20202: 	extra check when it matches to make sure we have a valid address.
20203: 	[592e9f690556]
20204: 
20205: 	* match.c:
20206: 	Fix thinko introduced when merging IPV6 support.
20207: 	[da38cd5eb8c7]
20208: 
20209: 2007-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
20210: 
20211: 	* HISTORY, LICENSE:
20212: 	regen
20213: 	[0d7b27b90634]
20214: 
20215: 	* license.pod:
20216: 	add 2007
20217: 	[510e5048ae1a]
20218: 
20219: 	* UPGRADE:
20220: 	mention #uid vs. comment pitfall
20221: 	[4d2861898bcc]
20222: 
20223: 	* acsite.m4:
20224: 	Merge in a patch from the libtool cvs that fixes a problem with the
20225: 	latest autoconf. From Stepan Kasal.
20226: 	[0c279ae7df3e]
20227: 
20228: 	* parse.h:
20229: 	Back out he XOR swap trick, it is slower than a temp variable on
20230: 	modern CPUs.
20231: 	[91c4b024e317]
20232: 
20233: 	* gram.c:
20234: 	regen
20235: 	[cb6d4106fb74]
20236: 
20237: 	* gram.y, parse.h:
20238: 	Convert the tail queue to a semi-circle queue and use the XOR swap
20239: 	trick to swap the prev pointers during append.
20240: 	[8bf4d9fbee58]
20241: 
20242: 2007-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
20243: 
20244: 	* parse.h:
20245: 	remove useless statement
20246: 	[421ec1dd73e6]
20247: 
20248: 	* toke.c, toke.l:
20249: 	Refactor #include parsing into a separate function and return
20250: 	unparsed chars (such as newline or comment) back to the lexer.
20251: 	[64166917aa3d]
20252: 
20253: 2007-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
20254: 
20255: 	* WHATSNEW:
20256: 	mention better uid support
20257: 	[56f510e7f2ec]
20258: 
20259: 	* sudoers.pod:
20260: 	Users may now consist of a uid.
20261: 	[5fd31b2c55ed]
20262: 
20263: 	* gram.c, gram.h, toke.c:
20264: 	regen
20265: 	[599e58af6dc1]
20266: 
20267: 	* parse.c:
20268: 	Use lbuf_append_quoted() for sudo -l output to quote characters that
20269: 	would require quoting in sudoers.
20270: 	[3132d05c990a]
20271: 
20272: 	* lbuf.c, lbuf.h:
20273: 	Add lbuf_append_quoted() which takes a set of characters which
20274: 	should be quoted with a backslash when displayed.
20275: 	[ab09bebb1d65]
20276: 
20277: 	* toke.l:
20278: 	Require that the first character after a comment not be a digit or a
20279: 	dash. This allows us to remove the GOTRUNAS state and treat uid/gids
20280: 	similar to other words. It also means that we can now specify uids
20281: 	in User_Lists and a User_Spec may now contain a uid.
20282: 	[461fe01f8392]
20283: 
20284: 	* gram.y, toke.l:
20285: 	Replace RUNAS token with '(' and ')' tokens to make the runas
20286: 	portion of the grammar more natural.
20287: 	[e0c383b4684d]
20288: 
20289: 	* BUGS:
20290: 	The BUGS file is history
20291: 	[4d9a809585c7]
20292: 
20293: 	* Makefile.in, README:
20294: 	The BUGS file is history
20295: 	[d9500e261172]
20296: 
20297: 2007-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
20298: 
20299: 	* toke.c, toke.l:
20300: 	Allow comments after a RunasAlias as long as the character after the
20301: 	pound sign isn't a digit or a dash.
20302: 	[d7f3bd94eeda]
20303: 
20304: 	* WHATSNEW:
20305: 	Glob support was back-ported to 1.6.9
20306: 	[d1d5cfd46228]
20307: 
20308: 2007-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
20309: 
20310: 	* Makefile.in:
20311: 	remove sudo_usage.h in distclean
20312: 	[df05ce9c4127]
20313: 
20314: 	* parse.c:
20315: 	If a Defaults value contains a blank, double-quote the string.
20316: 	[9057a910daad]
20317: 
20318: 	* toke.c, toke.l:
20319: 	Properly deal with Defaults double-quoted strings that span multiple
20320: 	lines using the line continuation char. Previously, the entire
20321: 	thing, including the continuation char, newline, and spaces was
20322: 	stored as-is.
20323: 	[4a4e8eacefe6]
20324: 
20325: 	* sudo.c:
20326: 	Be consistent when using single quotes and backticks.
20327: 	[d010b83a0fa1]
20328: 
20329: 2007-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
20330: 
20331: 	* Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
20332: 	sudo.c, sudo_usage.h.in:
20333: 	Add new linebuf code to do appends of dynamically allocated strings
20334: 	and word-wrapped output. Currently used for sudo's usage() and sudo
20335: 	-l output. Sudo usage strings are now in sudo_usage.h which is
20336: 	generated at configure time.
20337: 	[4dfd0ee8d961]
20338: 
20339: 2007-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
20340: 
20341: 	* parse.c, sudo.c, sudo.h:
20342: 	Fix line wrapping in usage() and use the actual tty width instead of
20343: 	assuming 80.
20344: 	[700eab37c5a6]
20345: 
20346: 2007-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
20347: 
20348: 	* history.pod:
20349: 	some more info
20350: 	[8140112a8ae1]
20351: 
20352: 	* history.pod:
20353: 	Mentioned Chris Jepeway's parser and also the new one that is in
20354: 	sudo 1.7.
20355: 	[2132d00f0597]
20356: 
20357: 2007-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
20358: 
20359: 	* sudo.pod, visudo.pod:
20360: 	For the options list, add flag args where appropriate and increase
20361: 	the indent level so there is room for them.
20362: 	[2b60fb572e12]
20363: 
20364: 2007-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
20365: 
20366: 	* parse.c:
20367: 	Fix some spacing in "sudo -l" and add a comment about some bogosity
20368: 	in the line wrapping.
20369: 	[b59b056f5ee2]
20370: 
20371: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20372: 	visudo.man.in:
20373: 	regen
20374: 	[5fb719f18ebc]
20375: 
20376: 	* INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
20377: 	def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
20378: 	parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
20379: 	testsudoers.c, toke.c, toke.l:
20380: 	Remove monitor support until there is a versino of systrace that
20381: 	uses a lookaside buffer (or we have a better mechanism to use).
20382: 	[61ff76878e4a]
20383: 
20384: 	* config.h.in, configure, configure.in, sudo.c:
20385: 	use getaddrinfo() instead of gethostbyname() if it is available
20386: 	[cc33c136aa6a]
20387: 
20388: 2007-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
20389: 
20390: 	* parse.c, sudo.c:
20391: 	Deal with OSes where sizeof(gid_t) < sizeof(int).
20392: 	[130a89cbdfba]
20393: 
20394: 	* interfaces.c:
20395: 	repair non-getifaddrs() code after ipv6 integration
20396: 	[7ae7a89e2236]
20397: 
20398: 	* sudo.c:
20399: 	If we can open sudoers but fail to read the first byte, close the
20400: 	file stream before trying again.
20401: 	[6f31272fae7b]
20402: 
20403: 2007-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
20404: 
20405: 	* toke.c:
20406: 	regen
20407: 	[4d7afe0aa6fa]
20408: 
20409: 	* gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
20410: 	Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
20411: 	[4e6ff2965a42]
20412: 
20413: 	* sudo.pod, sudoers.pod, visudo.pod:
20414: 	Add some missing markup Update copyright
20415: 	[7e6d3c686b5e]
20416: 
20417: 2007-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
20418: 
20419: 	* configure, configure.in:
20420: 	fix sudo_noexec extension which got broken in the libtool update
20421: 	[3a5b447df861]
20422: 
20423: 2007-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
20424: 
20425: 	* Makefile.in:
20426: 	explicitly specify -Tascii to nroff
20427: 	[45c8da4cbefe]
20428: 
20429: 2007-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
20430: 
20431: 	* logging.c:
20432: 	remove an ANSI-ism that crept in
20433: 	[29086f87b2ca]
20434: 
20435: 2007-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
20436: 
20437: 	* sudo.pod:
20438: 	Adjust list indents Prevent -- from being turned into an em dash Use
20439: 	a list for the environment instead of a literal paragraph
20440: 	[c3abcd8f76f4]
20441: 
20442: 	* visudo.pod:
20443: 	Use a list for the environment instead of an indented literal
20444: 	paragraph.
20445: 	[0ffcfcb7349f]
20446: 
20447: 	* sudoers.pod:
20448: 	Adjust list indentation
20449: 	[615c89e3123a]
20450: 
20451: 	* license.pod:
20452: 	add =head3
20453: 	[8b2e0d38c0bd]
20454: 
20455: 2007-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
20456: 
20457: 	* sudo.pod:
20458: 	mention that when specifying a uid for the -u option the shell may
20459: 	require that the # be escaped
20460: 	[3e3a17bff150]
20461: 
20462: 2007-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
20463: 
20464: 	* match.c:
20465: 	Fix off by one in group matching.
20466: 	[b529602b7fba]
20467: 
20468: 2007-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
20469: 
20470: 	* env.c:
20471: 	Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
20472: 	[ffbf8907c6e7]
20473: 
20474: 2007-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
20475: 
20476: 	* configure, configure.in:
20477: 	Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
20478: 	-lgssapi_krb5 case.
20479: 	[2b85a89c2252]
20480: 
20481: 	* aclocal.m4, configure, configure.in:
20482: 	Fix link tests such that new gcc doesn't optimize away the test.
20483: 	[83484ec95cba]
20484: 
20485: 2007-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
20486: 
20487: 	* sudo.pod, sudoers.pod, visudo.pod:
20488: 	add missing over/back
20489: 	[251a12c89b91]
20490: 
20491: 	* sudo.pod, sudoers.pod, visudo.pod:
20492: 	Change FILES section to use =item
20493: 	[60b9efc3a0b2]
20494: 
20495: 	* env.c:
20496: 	Add back allocation of the env struct in rebuild_env but save a copy
20497: 	of the old pointer and free it before returning.
20498: 	[1100cd4fa997]
20499: 
20500: 	* env.c:
20501: 	Don't init the private environment in rebuild_env() since it may
20502: 	have already been done implicitly sudo_setenv/sudo_unsetenv.
20503: 
20504: 	Multiply length by sizeof(char *) in memcpy/memmove when copying the
20505: 	environment so we copy the full thing.
20506: 
20507: 	Add missing set of parens so we deref the right pointer in
20508: 	sudo_unsetenv when searching for a matching variable.
20509: 	[9086a8f756b1]
20510: 
20511: 2007-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
20512: 
20513: 	* sudo.pod, sudoers.pod, visudo.pod:
20514: 	Use file markup for paths in the FILES section
20515: 	[940d99f731f2]
20516: 
20517: 	* sudo.pod, sudoers.pod, visudo.pod:
20518: 	Don't capitalize sudo/visudo
20519: 	[f067a455d44b]
20520: 
20521: 	* sudoers.pod:
20522: 	Sort sudoers options; based on a diff from Igor Sobrado.
20523: 	[a9b9befe85ac]
20524: 
20525: 2007-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
20526: 
20527: 	* sudo.pod, sudoers.pod, visudo.pod:
20528: 	Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
20529: 	latter confuses pod2man. The Makefile rules for the .man.in file
20530: 	will add @mansectsu@ and @mansectform@ back in after pod2man is done
20531: 	anyway.
20532: 	[b50ea0db727c]
20533: 
20534: 2007-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
20535: 
20536: 	* LICENSE, Makefile.in, license.pod:
20537: 	Move license info to pod format
20538: 	[25bdd82e592b]
20539: 
20540: 	* configure, configure.in, sudoers.pod:
20541: 	Substitute value of path_info into sudoers man page.
20542: 	[9ba661a82798]
20543: 
20544: 	* WHATSNEW:
20545: 	remove features that were back-ported to 1.6.9
20546: 	[e76d756cbe65]
20547: 
20548: 	* sudo.c, sudo.pod, visudo.c, visudo.pod:
20549: 	Sort SYNOPSIS and sync usage. From Igor Sobrado.
20550: 	[4970386c9e54]
20551: 
20552: 	* env.c:
20553: 	Only need sudo_setenv/sudo_unsetenv if we are going to use
20554: 	ldap_sasl_interactive_bind_s() but don't have
20555: 	gss_krb5_ccache_name().
20556: 	[f1a73d8b35c5]
20557: 
20558: 	* ChangeLog:
20559: 	rebuild without branch info
20560: 	[5d5a33494677]
20561: 
20562: 	* Makefile.in:
20563: 	Add ChangeLog target
20564: 	[a702034fdd89]
20565: 
20566: 	* auth/pam.c:
20567: 	Run cleanup code if the user hits ^C at the password prompt.
20568: 	[9cf87768e921]
20569: 
20570: 	* auth/pam.c:
20571: 	Some versions of pam_lastlog have a bug that will cause a crash if
20572: 	PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
20573: 	string.
20574: 	[5b63f6c88866]
20575: 
20576: 2007-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
20577: 
20578: 	* Makefile.in:
20579: 	ChageLog not Changelog
20580: 	[1243d8473ceb]
20581: 
20582: 	* ChangeLog:
20583: 	sync
20584: 	[d887df98c6b0]
20585: 
20586: 	* Makefile.in:
20587: 	CHANGE -> Changelog
20588: 	[917738df30dd]
20589: 
20590: 	* TODO:
20591: 	sync
20592: 	[cd382f7d1948]
20593: 
20594: 2007-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
20595: 
20596: 	* config.h.in, configure, configure.in, ldap.c:
20597: 	Add configure hooks for gss_krb5_ccache_name() and the gssapi
20598: 	headers.
20599: 	[139606209991]
20600: 
20601: 2007-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
20602: 
20603: 	* env.c, sudo.c:
20604: 	rebuild_env() and insert_env_vars() no longer return environment
20605: 	pointer, they set environ directly.
20606: 
20607: 	No longer need to pass around an envp pointer since we just operate
20608: 	on environ now.
20609: 
20610: 	Add dosync argument to insert_env() that indicates whether it should
20611: 	reset environ when realloc()ing env.envp.
20612: 
20613: 	Use an initial size of 128 for the environment.
20614: 	[4735fd5fddb8]
20615: 
20616: 	* env.c:
20617: 	Split sudo_setenv() into an external version and a version only for
20618: 	use by rebuild_env().
20619: 	[fda7d655adb1]
20620: 
20621: 2007-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
20622: 
20623: 	* ldap.c:
20624: 	Add support for using gss_krb5_ccache_name() instead of setting
20625: 	KRB5CCNAME. Also use sudo_unsetenv() in the non-
20626: 	gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
20627: 	original environment. TODO: configure setup for
20628: 	gss_krb5_ccache_name()
20629: 	[fcafa5a49caf]
20630: 
20631: 	* README.LDAP:
20632: 	add krb5_ccname
20633: 	[fceb8f883886]
20634: 
20635: 	* README.LDAP, ldap.c:
20636: 	Add support for sasl_secprops in ldap.conf
20637: 	[1f06f4bf7347]
20638: 
20639: 	* env.c, sudo.h:
20640: 	Add sudo_unsetenv() and refactor private env syncing code into
20641: 	sync_env().
20642: 	[045ecb3fd22b]
20643: 
20644: 	* README.LDAP, ldap.c:
20645: 	The ldap.conf variable is sasl_auth_id not sasl_authid.
20646: 	[a5f98491311b]
20647: 
20648: 2007-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
20649: 
20650: 	* ldap.c, sudo.c, sudo.h:
20651: 	Add support for krb5_ccname in ldap.conf. If specified, it will
20652: 	override the default value of KRB5CCNAME in the environment for the
20653: 	duration of the call to ldap_sasl_interactive_bind_s().
20654: 	[b08a10c3045b]
20655: 
20656: 	* env.c, sudo.h:
20657: 	Remove format_env() Add sudo_setenv() to replace most format_env() +
20658: 	insert_env() combinations. insert_env() no longer takes a struct
20659: 	environment *
20660: 	[131da52f43f3]
20661: 
20662: 	* ldap.c:
20663: 	Fix use_sasl vs. rootuse_sasl logic.
20664: 	[0c0417b6918c]
20665: 
20666: 	* README.LDAP, config.h.in, configure, configure.in, ldap.c:
20667: 	Add support for SASL auth when connecting to an LDAP server. Adapted
20668: 	from a diff by Tom McLaughlin.
20669: 	[a6285f1356ea]
20670: 
20671: 2007-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
20672: 
20673: 	* configure, configure.in:
20674: 	Only enable AIX or BSD auth if no other exclusive auth method has
20675: 	been chosen. Allows people to e.g., use PAM on AIX without adding
20676: 	--without-aixauth. A better solution is needed to deal with default
20677: 	authentication since if a non-exclusive method is chosen we will
20678: 	still get an error.
20679: 	[83f7afdc0ec3]
20680: 
20681: 2007-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
20682: 
20683: 	* HISTORY, Makefile.in, history.pod:
20684: 	Generate HISTORY from history.pod (which is also used for web pages)
20685: 	[60bcd5164931]
20686: 
20687: 2007-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
20688: 
20689: 	* sudo.man.in, sudoers.man.in:
20690: 	regen
20691: 	[63956a366191]
20692: 
20693: 	* sudo.pod:
20694: 	Better explanation of environment handling in the sudo man page.
20695: 	[6c247742f7ee]
20696: 
20697: 	* env.c, sudo.c:
20698: 	Defer setting user-specified env vars until after authentication.
20699: 	[4750b79323ee]
20700: 
20701: 	* env.c:
20702: 	honor def_default_path for PATH set on the command line
20703: 	[6db31d9b6d65]
20704: 
20705: 	* env.c, sudo.c, sudo.pod, sudoers.pod:
20706: 	Allow user to set environment variables on the command line as long
20707: 	as they are allowed by env_keep and env_check. Ie: apply the same
20708: 	restrictions as normal environment variables. TODO: deal with
20709: 	secure_path
20710: 	[26c0da3840cf]
20711: 
20712: 2007-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
20713: 
20714: 	* sudo.c, sudo_edit.c:
20715: 	Call rebuild_env() in call cases. Pass original envp to sudo_edit().
20716: 	Don't allow -E or env var setting in sudoedit mode. More accurate
20717: 	usage() when called as sudoedit.
20718: 	[a4af20658361]
20719: 
20720: 	* ldap.c:
20721: 	warn -> warning
20722: 	[d87d1192b048]
20723: 
20724: 	* sudo.pod:
20725: 	add -c option to sudoedit synopsis
20726: 	[15b596a7e2db]
20727: 
20728: 	* TODO:
20729: 	udpate to reality
20730: 	[e2f8fde89db1]
20731: 
20732: 	* parse.c:
20733: 	Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
20734: 	value from {user,host,runas,cmnd}_matches(). Rename *matches
20735: 	variables -> *match. Purely cosmetic.
20736: 	[e54a44c00a88]
20737: 
20738: 	* parse.c:
20739: 	Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
20740: 	in behavior.
20741: 	[c6272b4f2127]
20742: 
20743: 	* sudoers:
20744: 	add SETENV tag
20745: 	[3a3066bb6788]
20746: 
20747: 2007-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
20748: 
20749: 	* parse.c:
20750: 	Make pwcheck local to the pwflag block. Use pwcheck even if user
20751: 	didn't match since Defaults options may still apply.
20752: 	[45da9efbbafd]
20753: 
20754: 	* check.c, sudo.c:
20755: 	Do not update timestamp if user not validated by sudoers.
20756: 	[a4a9d4364827]
20757: 
20758: 	* set_perms.c:
20759: 	for PERM_RUNAS, set the egid to the runas user's gid and restore to
20760: 	the user's original in PERM_ROOT
20761: 	[1514bfb32847]
20762: 
20763: 	* logging.c, mon_systrace.c, set_perms.c, sudo.h:
20764: 	PERM_FULL_ROOT is now no different than PERM_ROOT so remove
20765: 	PERM_FULL_ROOT
20766: 	[b9d047a3178c]
20767: 
20768: 	* check.c:
20769: 	don't check timestamp mtime if we are just going to remove it
20770: 	[5d2470bc6cbd]
20771: 
20772: 	* sudoers.pod:
20773: 	Move sudoers defaults parameters into their own section.
20774: 	[54701fbc0ff3]
20775: 
20776: 	* testsudoers.c:
20777: 	Reduce a level of indent by a few placed continue statements.
20778: 	[5d5a9838c8ef]
20779: 
20780: 	* parse.c:
20781: 	Make matching but negated commands/hosts/runas entries override a
20782: 	previous match as expected. Also reduce some levels of indent by a
20783: 	few placed continue statements.
20784: 	[dd59fa4b91a1]
20785: 
20786: 2007-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
20787: 
20788: 	* parse.c:
20789: 	Print default runas in "sudo -l" if sudoers don't specify one.
20790: 	[07d408c400bd]
20791: 
20792: 	* match.c:
20793: 	Less hacky way of testing whether the domain was set.
20794: 	[a537059776e5]
20795: 
20796: 2007-07-04  Todd C. Miller  <Todd.Miller@courtesan.com>
20797: 
20798: 	* INSTALL:
20799: 	Mention pam-devel and openldap-devel for Linux
20800: 	[9e708c54ecc3]
20801: 
20802: 2007-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>
20803: 
20804: 	* README.LDAP:
20805: 	or vs. are
20806: 	[abe8c0f3a410]
20807: 
20808: 2007-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
20809: 
20810: 	* sudo.c:
20811: 	fix typo in Solaris project support
20812: 	[2ffeb2d80959]
20813: 
20814: 	* HISTORY:
20815: 	update
20816: 	[df162b36f120]
20817: 
20818: 	* sudo.c:
20819: 	Make -- on the command line match the manual page. The implied shell
20820: 	case has been simplified as a result.
20821: 	[cd217a1f6694]
20822: 
20823: 2007-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
20824: 
20825: 	* sudoers2ldif:
20826: 	add simplistic support for sudoRunas; note that if a sudoers entry
20827: 	contains multiple Runas users, all will apply to the sudoRole
20828: 	[65b11421f5c8]
20829: 
20830: 	* sudoers2ldif:
20831: 	honor SETENV and NOSETENV tags
20832: 	[2c0d5ba7a09b]
20833: 
20834: 2007-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
20835: 
20836: 	* mon_systrace.c:
20837: 	Redo setting of user_args. We now build up a private copy of argv
20838: 	first and then replace the NULs?with spaces.
20839: 	[ccbba72ea112]
20840: 
20841: 	* mon_systrace.c:
20842: 	getcwd() returns NULL on failure, not 0 on success
20843: 	[88cd9e66e530]
20844: 
20845: 	* mon_systrace.c:
20846: 	allow chunksiz to reach 1 before erroring out
20847: 	[619d68f14964]
20848: 
20849: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
20850: 	visudo.man.in:
20851: 	regen
20852: 	[8db512d3caf0]
20853: 
20854: 2007-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
20855: 
20856: 	* def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
20857: 	logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
20858: 	toke.c, toke.l:
20859: 	Add support for setting environment variables on the command line.
20860: 	This is only allowed if the setenv sudoers options is enabled or if
20861: 	the command is prefixed with the SETENV tag.
20862: 	[5744caebd969]
20863: 
20864: 	* README.LDAP:
20865: 	replace Aaron's email address with the sudo-workers list
20866: 	[2ffce5f9afc0]
20867: 
20868: 	* configure:
20869: 	regen
20870: 	[8013dff82c0c]
20871: 
20872: 2007-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
20873: 
20874: 	* schema.OpenLDAP, schema.iPlanet:
20875: 	Break schema out into separate files.
20876: 	[15e598e4c60b]
20877: 
20878: 	* Makefile.in, README.LDAP:
20879: 	Break schema out into separate files.
20880: 	[1a53966ca1fa]
20881: 
20882: 2007-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
20883: 
20884: 	* auth/aix_auth.c:
20885: 	free message if set by authenticate()
20886: 	[849c220c1236]
20887: 
20888: 	* match.c:
20889: 	deal with NULL gr_mem
20890: 	[49e4d74f0bbe]
20891: 
20892: 2007-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
20893: 
20894: 	* config.h.in:
20895: 	regen
20896: 	[fead999ad3e9]
20897: 
20898: 	* configure.in:
20899: 	add template for HAVE_PROJECT_H
20900: 	[e6c42c2eaad1]
20901: 
20902: 	* closefrom.c:
20903: 	include fcntl.h
20904: 	[54d98b382f03]
20905: 
20906: 2007-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
20907: 
20908: 	* INSTALL:
20909: 	mention --with-project
20910: 	[d3ea3baad7c5]
20911: 
20912: 	* config.h.in, configure.in, sudo.c:
20913: 	Add Solaris 10 "project" support. From Michael Brantley.
20914: 	[f14f3c8c6554]
20915: 
20916: 	* sudoers.pod:
20917: 	fix typo
20918: 	[50db81a19787]
20919: 
20920: 	* configure:
20921: 	regen
20922: 	[ea71afd3e564]
20923: 
20924: 	* configure.in:
20925: 	Fix preservation of LDFLAGS in the LDAP case.
20926: 	[40a3a47e8059]
20927: 
20928: 	* memrchr.c:
20929: 	Remove dependecy on NULL
20930: 	[c957ae5e1733]
20931: 
20932: 	* configure:
20933: 	regen
20934: 	[4955ce0c6912]
20935: 
20936: 	* aclocal.m4, configure.in:
20937: 	Can't use the regular autoconf fnmatch() check since we need
20938: 	FNM_CASEFOLD so go back to our custom one.
20939: 	[f10d76237486]
20940: 
20941: 	* env.c:
20942: 	Fix preserving of variables in env_keep.
20943: 	[d040049d6b84]
20944: 
20945: 	* env.c:
20946: 	add XAUTHORIZATION
20947: 	[0d589a5fe015]
20948: 
20949: 	* UPGRADE:
20950: 	expand upon env resetting and mention that it began in 1.6.9 not
20951: 	1.7.
20952: 	[dba251655c76]
20953: 
20954: 	* sudoers.pod:
20955: 	Update descriptions of env_keep and env_check to match current
20956: 	reality.
20957: 	[dba77357954b]
20958: 
20959: 2007-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
20960: 
20961: 	* env.c:
20962: 	Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
20963: 	LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
20964: 	[eec4632bd190]
20965: 
20966: 	* env.c, logging.c:
20967: 	Treat USERNAME environemnt variable like LOGNAME/USER
20968: 	[09f52dcfd70c]
20969: 
20970: 	* env.c:
20971: 	Don't need to populate keepenv table with the contents of the
20972: 	checkenv table.
20973: 	[527a14afd973]
20974: 
20975: 	* sudo.c:
20976: 	Don't force sudo into the C locale.
20977: 	[8a5bd301ef96]
20978: 
20979: 	* env.c:
20980: 	Make env_check apply when env_reset it true. Environment variables
20981: 	are passed through unless they contain '/' or '%'. There is no need
20982: 	to have a variable in both env_check and env_keep.
20983: 	[840c802721e4]
20984: 
20985: 2007-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
20986: 
20987: 	* visudo.c:
20988: 	Remove an duplicate lock_file() call and add a comment.
20989: 	[5af9dcdf0eb6]
20990: 
20991: 	* UPGRADE:
20992: 	Add sudo 1.6.9 upgrade note.
20993: 	[1585149f2914]
20994: 
20995: 2007-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
20996: 
20997: 	* interfaces.c:
20998: 	Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
20999: 	small. From Klaus Wagner.
21000: 	[d6899fc44f77]
21001: 
21002: 	* logging.c, sudo.h:
21003: 	Redo the long syslog line splitting based on a patch from Eygene
21004: 	Ryabinkin. Include memrchr() for systems without it.
21005: 	[66a50e8d553a]
21006: 
21007: 	* memrchr.c:
21008: 	Redo the long syslog line splitting based on a patch from Eygene
21009: 	Ryabinkin. Include memrchr() for systems without it.
21010: 	[2f6702b7d41b]
21011: 
21012: 	* Makefile.in, config.h.in, configure, configure.in:
21013: 	Redo the long syslog line splitting based on a patch from Eygene
21014: 	Ryabinkin. Include memrchr() for systems without it.
21015: 	[407a46190921]
21016: 
21017: 	* configure.in:
21018: 	Since we need to be able to convert timespec to timeval for utimes()
21019: 	the last 3 digits in the tv_nsec are not significant. This makes the
21020: 	sudoedit file date comparison work again.
21021: 	[9d0258849fa9]
21022: 
21023: 2007-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
21024: 
21025: 	* aclocal.m4, configure, configure.in:
21026: 	Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
21027: 	This deals with exclusive authentication methods in a simple way.
21028: 	[7d70072c0f35]
21029: 
21030: 2007-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
21031: 
21032: 	* LICENSE:
21033: 	mkstemp.c is BSD code too.
21034: 	[29e236d98162]
21035: 
21036: 	* sudo.pod, sudoers.pod, visudo.pod:
21037: 	No commercial support for now.
21038: 	[7c76b3e192dd]
21039: 
21040: 2007-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21041: 
21042: 	* sudo.c:
21043: 	cleanenv() is no more.
21044: 	[518080514408]
21045: 
21046: 2007-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
21047: 
21048: 	* ChangeLog:
21049: 	Display branch info in Changelog
21050: 	[44e3b27427c7]
21051: 
21052: 	* utimes.c:
21053: 	Include config.h early so we have it for TIME_WITH_SYS_TIME
21054: 	[4bf1a00d0703]
21055: 
21056: 	* ChangeLog:
21057: 	Fix Changelog generation and update.
21058: 	[6e960dbcbece]
21059: 
21060: 2007-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
21061: 
21062: 	* closefrom.c:
21063: 	Use /proc/self/fd instead of /proc/$$/fd
21064: 
21065: 	Move old-style fd closing into closefrom_fallback() and call that if
21066: 	/proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
21067: 	[faa7e4810758]
21068: 
21069: 	* auth/kerb5.c, config.h.in, configure.in:
21070: 	o use krb5_verify_user() if available instead of doing it by hand o
21071: 	use krb5_init_secure_context() if we have it o pass an encryption
21072: 	type of 0 to krb5_kt_read_service_key() instead of
21073: 	ENCTYPE_DES_CBC_MD5 to let kerberos choose.
21074: 	[df7acf72bd7c]
21075: 
21076: 	* env.c:
21077: 	Check TERM and COLORTERM for '%' and '/' characters. From Debian.
21078: 	[f92d05197e40]
21079: 
21080: 	* configure.in:
21081: 	Fix closefrom() substitution in the Makefile
21082: 	[b642b13fcc5c]
21083: 
21084: 	* TROUBLESHOOTING:
21085: 	Mention alternate sudo pronunciation.
21086: 	[7c71dc73409f]
21087: 
21088: 2007-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
21089: 
21090: 	* env.c:
21091: 	Remove KRB5_KTNAME from environment. Allow COLORTERM.
21092: 	[70f35a79f780]
21093: 
21094: 	* auth/kerb5.c:
21095: 	If we cannot get a valid service key using the default keytab it is
21096: 	a fatal error. Fixes a bug where sudo could be tricked into allowing
21097: 	access when it should not by a fake KDC. From Thor Lancelot Simon.
21098: 	[a3ae6a47cb23]
21099: 
21100: 2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
21101: 
21102: 	* aclocal.m4, configure, configure.in:
21103: 	Update long long checks to use AC_CHECK_TYPES and to cache values.
21104: 	[047318eaaeb2]
21105: 
21106: 	* aclocal.m4, configure.in:
21107: 	Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
21108: 	use AC_REPLACE_FNMATCH since that assumes replacing with GNU
21109: 	fnmatch.
21110: 	[80513a1003ea]
21111: 
21112: 2007-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21113: 
21114: 	* configure, configure.in:
21115: 	Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
21116: 	need it for visudo now too.
21117: 	[50837c7c2b5e]
21118: 
21119: 2007-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
21120: 
21121: 	* sudoers.pod:
21122: 	Attempt to clarify the bit talking about network numbers w/o
21123: 	netmasks.
21124: 	[211e68c1d034]
21125: 
21126: 	* sudo.pod:
21127: 	Clarify timestamp dir ownership sentence.
21128: 	[9178f132c7f7]
21129: 
21130: 2007-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
21131: 
21132: 	* auth/pam.c:
21133: 	Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
21134: 	Dmitry V. Levin.
21135: 	[81fce91667bc]
21136: 
21137: 2007-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
21138: 
21139: 	* sudo.c:
21140: 	-i is also one of the mutually exclusive options to list it in the
21141: 	warning message. Noted by Chris Pepper.
21142: 	[7da73fb248e9]
21143: 
21144: 2007-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
21145: 
21146: 	* visudo.pod:
21147: 	The sudoers variable is env_editor, not enveditor. From Jean-
21148: 	Francois Saucier.
21149: 	[2a86ec09a6db]
21150: 
21151: 2007-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
21152: 
21153: 	* redblack.c:
21154: 	I tracked down the original author so credit him and include his
21155: 	license info.
21156: 	[3733553a1bba]
21157: 
21158: 2007-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
21159: 
21160: 	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
21161: 	sudoers.pod:
21162: 	Fix typos; from Jason McIntyre.
21163: 	[1ee4ce2512f2]
21164: 
21165: 	* logging.c:
21166: 	Restore signal mask before calling reapchild(). Fixes a possible
21167: 	race condition that could prevent sudo from properly waiting for the
21168: 	child.
21169: 	[9ee4192385dc]
21170: 
21171: 2007-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
21172: 
21173: 	* pwutil.c:
21174: 	Don't declare pw_free() if we are not going to use it.
21175: 	[adb79a4289ca]
21176: 
21177: 	* env.c:
21178: 	Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
21179: 	LDR_PRELOAD64. The 64-bit version is not currently supported. Remove
21180: 	zero_env() prototype as it no longer exists.
21181: 	[b4fe65027fb6]
21182: 
21183: 2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21184: 
21185: 	* logging.c:
21186: 	Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
21187: 	[78002ad90f7b]
21188: 
21189: 2006-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
21190: 
21191: 	* auth/pam.c:
21192: 	If the user enters ^C at the password prompt, abort instead of
21193: 	trying to authenticate with an empty password (which causes an
21194: 	annoying delay).
21195: 	[da3f27b747c7]
21196: 
21197: 2006-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
21198: 
21199: 	* closefrom.c, config.h.in, configure, configure.in:
21200: 	Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
21201: 	Darren Tucker.
21202: 	[0331b7780759]
21203: 
21204: 	* pwutil.c:
21205: 	pw_free() is only used by sudo_freepwcache() so ifdef it out too.
21206: 	[0014c0d9eeba]
21207: 
21208: 2006-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
21209: 
21210: 	* config.guess, config.sub:
21211: 	Update to latest versions from cvs.savannah.gnu.org
21212: 	[aa0143101c20]
21213: 
21214: 2006-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
21215: 
21216: 	* pwutil.c, sudo_edit.c:
21217: 	Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
21218: 	we can close the passwd/group files early.
21219: 	[559074bd7eb7]
21220: 
21221: 	* config.h.in, configure, configure.in, set_perms.c:
21222: 	Add seteuid() flavor of set_perms() for systems without setreuid()
21223: 	or setresuid() that have a working seteuid(). Tested on Darwin.
21224: 	[508d8da99189]
21225: 
21226: 2006-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
21227: 
21228: 	* mon_systrace.c:
21229: 	systrace_read() returns ssize_t
21230: 	[9f97d1d1a59d]
21231: 
21232: 	* configure, configure.in:
21233: 	Fix typo, -lldap vs. -ldap; from Tim Knox.
21234: 	[a8cc43c3bb2a]
21235: 
21236: 2006-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
21237: 
21238: 	* HISTORY:
21239: 	Fix typo; Matt Ackeret
21240: 	[86964ee3dfbd]
21241: 
21242: 2006-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
21243: 
21244: 	* sudo.c:
21245: 	Print sudoers path in -V mode for root.
21246: 	[dc43f2d75bd9]
21247: 
21248: 2006-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
21249: 
21250: 	* ldap.c:
21251: 	Do a sub tree search instead of a base search (one level in the tree
21252: 	only) for sudo right objects. This allows system administrators to
21253: 	categorize the rights in a tree to make them easier to manage.
21254: 	[6d2d9abf996e]
21255: 
21256: 2005-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
21257: 
21258: 	* sudo.pod:
21259: 	fix typo
21260: 	[1473413bcbda]
21261: 
21262: 2005-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
21263: 
21264: 	* ldap.c:
21265: 	Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
21266: 	bind_timelimit support; adapted from gentoo.
21267: 	[afc816093026]
21268: 
21269: 2005-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
21270: 
21271: 	* ldap.c:
21272: 	Support comments that start in the middle of a line
21273: 	[c25df6ee3db8]
21274: 
21275: 	* configure, configure.in:
21276: 	Define LDAP_DEPRECATED until we start using ldap_get_values_len()
21277: 	[ee249bfe230a]
21278: 
21279: 2005-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
21280: 
21281: 	* closefrom.c:
21282: 	Silence gcc -Wsign-compare; djm@openbsd.org
21283: 	[28769ce6418d]
21284: 
21285: 	* error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
21286: 	cleanup() now takes an int as an arg so it can be used as a signal
21287: 	handler too.
21288: 	[2bb0df34d09c]
21289: 
21290: 	* sudo.c:
21291: 	Make a copy of the shell field in the passwd struct for NewArgv to
21292: 	avoid a use after free situation after sudo_endpwent() is called.
21293: 	[5dcc9ffd362e]
21294: 
21295: 2005-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
21296: 
21297: 	* config.h.in, configure, configure.in:
21298: 	Add mkstemp() for those poor souls without it.
21299: 	[5fdd02e863e0]
21300: 
21301: 	* mkstemp.c:
21302: 	Add mkstemp() for those poor souls without it.
21303: 	[c99401207860]
21304: 
21305: 	* Makefile.in:
21306: 	Add mkstemp() for those poor souls without it.
21307: 	[9c1cf2678f24]
21308: 
21309: 2005-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
21310: 
21311: 	* env.c:
21312: 	Add PERL5DB to list of environment variables to remove.
21313: 	[7375c27ecf75]
21314: 
21315: 2005-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
21316: 
21317: 	* mon_systrace.c, mon_systrace.h:
21318: 	Instead of calling the check function twice with a state cookie use
21319: 	separate check/log functions.
21320: 
21321: 	Check more ioctl() calls for failure.
21322: 
21323: 	systrace_{read,write} now return the number of bytes read/written or
21324: 	-1 on error.
21325: 	[3dc8946d90e9]
21326: 
21327: 	* env.c:
21328: 	Add more environment variables to remove; from gentoo linux Add some
21329: 	comments about what bad env variables go to what (more to do)
21330: 	[6918110a6b82]
21331: 
21332: 2005-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21333: 
21334: 	* sudo.c, sudo_edit.c:
21335: 	Move sudo_end{gr,pw}ent() until just before the exec since they free
21336: 	up our cached copy of the passwd structs, including sudo_user and
21337: 	sudo_runas. Fixes a use-after-free bug.
21338: 	[54de3778bad0]
21339: 
21340: 	* visudo.c:
21341: 	Close all fd's before executing editor.
21342: 	[4fcc05e1bec8]
21343: 
21344: 	* sudo.c:
21345: 	Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
21346: 	[ef0e8ffa5c9f]
21347: 
21348: 	* check.c:
21349: 	Fix fd leak when lecture file option is enabled. From Jerry Brown
21350: 	[ce97f9207cd8]
21351: 
21352: 2005-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
21353: 
21354: 	* env.c:
21355: 	Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
21356: 	environment variables to remove. From Charles Morris
21357: 	[c96e1367d1c1]
21358: 
21359: 2005-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
21360: 
21361: 	* env.c:
21362: 	add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
21363: 	[72a6a1571226]
21364: 
21365: 2005-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
21366: 
21367: 	* env.c:
21368: 	add PS4 and SHELLOPTS to initial_badenv_table for bash
21369: 	[89dfb3f318f3]
21370: 
21371: 2005-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
21372: 
21373: 	* sudoers.pod:
21374: 	Fix typo; Toby Peterson
21375: 	[b7a3222b23f4]
21376: 
21377: 2005-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
21378: 
21379: 	* tsgetgrpw.c:
21380: 	Make return buffers static so they don't get clobbered
21381: 	[13323a39b9f5]
21382: 
21383: 2005-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
21384: 
21385: 	* auth/securid5.c:
21386: 	Fix securid5 authentication, was not checking for ACM_OK. Also add
21387: 	default cases for the two switch()es. Problem noted by ccon at
21388: 	worldbank
21389: 	[14091e418333]
21390: 
21391: 2005-06-27  Todd C. Miller  <Todd.Miller@courtesan.com>
21392: 
21393: 	* ldap.c:
21394: 	Remove ncat() in favor of just counting bytes and pre-allocating
21395: 	what is needed.
21396: 	[25b8712adb61]
21397: 
21398: 2005-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
21399: 
21400: 	* ldap.c:
21401: 	Fix up some comments Add missing fclose() for the rootbinddn case
21402: 	[ae95c8a89711]
21403: 
21404: 	* ldap.c:
21405: 	align struct ldap_config
21406: 	[35d0d64c76f8]
21407: 
21408: 	* ldap.c:
21409: 	use LINE_MAX for max conf file line size
21410: 	[da116cb8853d]
21411: 
21412: 	* pathnames.h.in:
21413: 	add _PATH_LDAP_SECRET
21414: 	[128b04ecfab7]
21415: 
21416: 	* README.LDAP:
21417: 	Mention rootbinddn Give example ou=SUDOers container
21418: 	[852edc69bd1c]
21419: 
21420: 2005-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
21421: 
21422: 	* INSTALL, configure, configure.in, ldap.c:
21423: 	Support rootbinddn in ldap.conf
21424: 	[1615c91522a1]
21425: 
21426: 	* env.c, sudo.pod, sudoers.pod:
21427: 	Preserve DISPLAY environment variable by default.
21428: 	[05f503d5f438]
21429: 
21430: 	* acsite.m4, configure:
21431: 	set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
21432: 	[18a04dea8d05]
21433: 
21434: 	* acsite.m4, configure:
21435: 	set need_version=no for all cases; this is safe for LD_PRELOAD
21436: 	[b542560e1a73]
21437: 
21438: 	* aclocal.m4:
21439: 	typo
21440: 	[c040df0fcd5a]
21441: 
21442: 	* configure, configure.in:
21443: 	Add dragonfly
21444: 	[f13794618636]
21445: 
21446: 	* auth/pam.c:
21447: 	Fix call to pam_end() when pam_open_session() fails.
21448: 	[0be47cdfdef1]
21449: 
21450: 	* configure:
21451: 	regen
21452: 	[7f5c13b4b800]
21453: 
21454: 	* acsite.m4:
21455: 	rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
21456: 	ltsugar.m4 ltversion.m4
21457: 	[a7ba9fd1a2ab]
21458: 
21459: 	* config.guess, config.sub, ltmain.sh:
21460: 	merge in local changes: config.guess: o better openbsd support
21461: 	config.sub: o hiuxmpp support ltmain.sh o remove requirement that
21462: 	libs must begin with "lib" o don't print a bunch of crap about
21463: 	library installs o don't run ldconfig
21464: 	[f4149f2c720f]
21465: 
21466: 	* config.guess, config.sub, ltmain.sh:
21467: 	libtool 1.9f
21468: 	[82a534e7121f]
21469: 
21470: 	* configure.in:
21471: 	Update with autoupdate and make minor changes for libtool 1.9f
21472: 	[11b5ae5c1428]
21473: 
21474: 2005-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
21475: 
21476: 	* parse.c:
21477: 	don't call sudo_ldap_display_cmnd if ldap not setup
21478: 	[8bcf6c094ffe]
21479: 
21480: 	* sudo_edit.c, visudo.c:
21481: 	Move declatation of struct timespec to its own include files for
21482: 	systems without it since it needs time_t defined.
21483: 	[b95c333299a0]
21484: 
21485: 	* gettime.c:
21486: 	Move declatation of struct timespec to its own include files for
21487: 	systems without it since it needs time_t defined.
21488: 	[021b4569cc0c]
21489: 
21490: 	* fileops.c:
21491: 	Move declatation of struct timespec to its own include files for
21492: 	systems without it since it needs time_t defined.
21493: 	[dd8573b2ee7d]
21494: 
21495: 	* emul/timespec.h:
21496: 	Move declatation of struct timespec to its own include files for
21497: 	systems without it since it needs time_t defined.
21498: 	[f95137771564]
21499: 
21500: 	* check.c, compat.h:
21501: 	Move declatation of struct timespec to its own include files for
21502: 	systems without it since it needs time_t defined.
21503: 	[2ef2ace8fe85]
21504: 
21505: 	* ldap.c:
21506: 	Don't set safe_cmnd for the "sudo ALL" case.
21507: 	[ad7fa9e07da0]
21508: 
21509: 2005-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
21510: 
21511: 	* auth/pam.c:
21512: 	Call pam_open_session() and pam_close_session() to give pam_limits a
21513: 	chance to run. Idea from Karel Zak.
21514: 	[fed46d471350]
21515: 
21516: 2005-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
21517: 
21518: 	* check.c, sudo.c:
21519: 	Add explicit cast from mode_t -> u_int in printf to silence warnings
21520: 	on Solaris
21521: 	[17bb961fe22d]
21522: 
21523: 	* parse.c:
21524: 	include grp.h to silence a warning on Solaris
21525: 	[14386fbab640]
21526: 
21527: 2005-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
21528: 
21529: 	* parse.c:
21530: 	Fix printing of += and -= defaults.
21531: 	[a667604c56cd]
21532: 
21533: 2005-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
21534: 
21535: 	* mon_systrace.c:
21536: 	Sanity check number of syscall args with argsize. Not really needed
21537: 	but a little paranoia never hurts.
21538: 	[6bb455a2c2d6]
21539: 
21540: 	* mon_systrace.c, mon_systrace.h:
21541: 	Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
21542: 	for systrace lengths (since it uses int)
21543: 	[3cafccffcffd]
21544: 
21545: 2005-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
21546: 
21547: 	* mon_systrace.c:
21548: 	Add some memsets for paranoia Fix namespace collsion w/ error Check
21549: 	rval of decode_args() and update_env() Remove improper setting of
21550: 	validated variable
21551: 	[3d385158354d]
21552: 
21553: 2005-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
21554: 
21555: 	* parse.c, sudo.c, sudo.h:
21556: 	In -l mode, only check local sudoers file if def_ignore_sudoers is
21557: 	not set and call LDAP versions from display_privs() and
21558: 	display_cmnd() instead of directly from main(). Because of this we
21559: 	need to defer closing the ldap connection until after -l processing
21560: 	has ocurred and we must pass in the ldap pointer to display_privs()
21561: 	and display_cmnd().
21562: 	[1dfc2e8c9f2b]
21563: 
21564: 	* ldap.c:
21565: 	Reorganize LDAP code to better match normal sudoers parsing. Instead
21566: 	of storing strings for later printing in -l mode we do another query
21567: 	since the authenticating user and the user being listed may not be
21568: 	the same (the new -U flag). Also add support for "sudo -l command".
21569: 
21570: 	There is still a fair bit if duplicated code that can probably be
21571: 	refactored.
21572: 	[e9568f19bde5]
21573: 
21574: 2005-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21575: 
21576: 	* ldap.c:
21577: 	Replace pass variable with do_netgr for better readability.
21578: 	[1bba841b6e79]
21579: 
21580: 	* ldap.c:
21581: 	use DPRINTF macro
21582: 	[02b159b66bb5]
21583: 
21584: 	* ldap.c:
21585: 	estrdup, not strdup
21586: 	[22cdee7973c1]
21587: 
21588: 2005-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
21589: 
21590: 	* parse.c:
21591: 	Add macro to test if the tag changed to improve readability.
21592: 	[4e11b4819556]
21593: 
21594: 	* parse.c:
21595: 	Avoid printing defaults header if there are no defaults to print...
21596: 	[41a28627df03]
21597: 
21598: 	* glob.c:
21599: 	Fix a warning on systems without strlcpy().
21600: 	[6814e0f0e4f4]
21601: 
21602: 	* pwutil.c:
21603: 	Use macros where possible for sudo_grdup() like sudo_pwdup().
21604: 	[30f201ff35cd]
21605: 
21606: 2005-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
21607: 
21608: 	* utimes.c:
21609: 	It is possible for tv_usec to hold >= 1000000 usecs so add in
21610: 	tv_usec / 1000000.
21611: 	[794ac4d53a65]
21612: 
21613: 2005-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
21614: 
21615: 	* auth/kerb5.c:
21616: 	The component in krb5_principal_get_comp_string() should be 1, not 0
21617: 	for Heimdal. From Alex Plotnick.
21618: 	[fefa351c5044]
21619: 
21620: 2005-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
21621: 
21622: 	* alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
21623: 	interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
21624: 	redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
21625: 	Add efree() for consistency with emalloc() et al. Allows us to rely
21626: 	on C89 behavior (free(NULL) is valid) even on K&R.
21627: 	[7876bb80d87c]
21628: 
21629: 	* parse.c, sudo.c:
21630: 	Move initgroups() for -U option into display_privs() so group
21631: 	matching in sudoers works correctly.
21632: 	[b074428ad2ca]
21633: 
21634: 2005-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
21635: 
21636: 	* ldap.c:
21637: 	Removed duplicate call to ldap_unbind_s introduced along with
21638: 	sudo_ldap_close.
21639: 	[19acc1c20f7c]
21640: 
21641: 	* parse.c:
21642: 	Add missing space in Defaults printing
21643: 	[95d2935bf6d4]
21644: 
21645: 2005-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
21646: 
21647: 	* pwutil.c:
21648: 	Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
21649: 	and string copies.
21650: 	[6b6b241495e5]
21651: 
21652: 2005-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
21653: 
21654: 	* pwutil.c:
21655: 	Zero old pw_passwd before replacing with version from shadow file.
21656: 	[3251b349dfe1]
21657: 
21658: 	* configure, configure.in:
21659: 	Only attempt shadow password detection if PAM is not being used Add
21660: 	shadow_* variables to make shadow password detection more generic.
21661: 	[d498a3423ac9]
21662: 
21663: 	* configure.in:
21664: 	Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
21665: 	[04d55bbd5e35]
21666: 
21667: 2005-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
21668: 
21669: 	* sudoers.pod:
21670: 	use a non-breaking space to avoid a double space after e.g.
21671: 	[11cdb54bdf7b]
21672: 
21673: 	* sudo.pod:
21674: 	commna, not colon after e.g.
21675: 	[8d5875ff72e0]
21676: 
21677: 2005-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
21678: 
21679: 	* sudo_noexec.c:
21680: 	Add __ variants of the exec functions. GNU libc at least uses
21681: 	__execve() internally.
21682: 	[d1880473d790]
21683: 
21684: 	* indent.pro:
21685: 	Match reality a bit more.
21686: 	[633e3fa875a7]
21687: 
21688: 	* pwutil.c:
21689: 	Missed piece from rev. 1.6, fix sudo_getpwnam() too.
21690: 	[128f7b21c2ee]
21691: 
21692: 	* pwutil.c:
21693: 	Store shadow password after making a local copy of struct passwd in
21694: 	case normal and shadow routines use the same internal buffer in
21695: 	libc.
21696: 	[f806052a6ffc]
21697: 
21698: 2005-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21699: 
21700: 	* alloc.c, logging.c:
21701: 	Make varargs usage consistent with the rest of the code.
21702: 	[3d45affc9851]
21703: 
21704: 2005-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
21705: 
21706: 	* sudo_noexec.c:
21707: 	Wrap more of the exec family since on Linux the others do not appear
21708: 	to go through the normal execve() path.
21709: 	[8167769b4e19]
21710: 
21711: 	* visudo.c:
21712: 	make print_unused static like proto says
21713: 	[ecf10e1bae55]
21714: 
21715: 	* glob.c:
21716: 	silence a warning on K&R systems
21717: 	[2e00425f1a5c]
21718: 
21719: 	* alias.c, error.c:
21720: 	make this build in K&R land
21721: 	[156f65f8525a]
21722: 
21723: 	* parse.c:
21724: 	make this build in K&R land
21725: 	[6fc9276889cb]
21726: 
21727: 2005-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
21728: 
21729: 	* toke.c:
21730: 	regen
21731: 	[3b349748cd21]
21732: 
21733: 2005-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
21734: 
21735: 	* ldap.c:
21736: 	return(foo) not return foo optimize _atobool() slightly
21737: 	[11d09d154ed5]
21738: 
21739: 	* ldap.c:
21740: 	Use TRUE/FALSE
21741: 	[53999320d98f]
21742: 
21743: 	* ldap.c:
21744: 	Reformat to match the rest of sudo's code.
21745: 	[1bd0f2afa0e7]
21746: 
21747: 	* sudo.pod:
21748: 	I am the primary author
21749: 	[5d311ecd85c6]
21750: 
21751: 2005-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
21752: 
21753: 	* Makefile.in, README, RUNSON:
21754: 	The RUNSON file is toast--it confused too many people and really
21755: 	isn't needed in a configure-oriented world.
21756: 	[96a6ef7bbc08]
21757: 
21758: 	* INSTALL:
21759: 	alternate -> alternative
21760: 	[b65015c5d0a2]
21761: 
21762: 	* tgetpass.c:
21763: 	Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
21764: 	TCSAFLUSH.
21765: 	[c66b4763ffdc]
21766: 
21767: 	* toke.l:
21768: 	Allow leading blanks before Defaults and Foo_Alias definitions
21769: 	[2add513d9277]
21770: 
21771: 	* Makefile.in:
21772: 	fix rules to build toke.o and gram.o in devel mode
21773: 	[96cbb414ebd3]
21774: 
21775: 2005-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
21776: 
21777: 	* sudoers.pod:
21778: 	env_keep overrides set_logname
21779: 	[401877193a15]
21780: 
21781: 	* env.c:
21782: 	Fix disabling set_logname and make env_keep override set_logname.
21783: 	[0906e7a5ed93]
21784: 
21785: 	* compat.h, config.h.in, configure, configure.in:
21786: 	No longer need memmove()
21787: 	[43bdb6efe3f2]
21788: 
21789: 	* env.c, sudo.c:
21790: 	Just clean the environment once. This assumes that any further
21791: 	setenv/putenv will be able to handle the fact that we replaced
21792: 	environ with our own malloc'd copy but all the implementations I've
21793: 	checked do.
21794: 	[11658fe92ba2]
21795: 
21796: 2005-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
21797: 
21798: 	* env.c, sudo.c:
21799: 	In -i mode, base the value of insert_env()'s dupcheck flag on
21800: 	DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
21801: 	[8365b0bd0c71]
21802: 
21803: 2005-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
21804: 
21805: 	* env.c, sudo.c:
21806: 	Move setting of user_path, user_shell, user_prompt and prev_user
21807: 	into init_vars() since user_shell at least is needed there.
21808: 	[37e22dce66e9]
21809: 
21810: 2005-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
21811: 
21812: 	* Makefile.in:
21813: 	fix devel builds
21814: 	[9fbb15ef164c]
21815: 
21816: 	* sudo.c:
21817: 	Fix some printf format mismatches on error.
21818: 	[ffc1c3f11740]
21819: 
21820: 	* check.c:
21821: 	Fix some printf format mismatches on error.
21822: 	[7b3b508adf50]
21823: 
21824: 	* configure, gram.c, toke.c:
21825: 	regen
21826: 	[aa76f9d8b02a]
21827: 
21828: 	* Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
21829: 	auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
21830: 	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
21831: 	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
21832: 	auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
21833: 	closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
21834: 	emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
21835: 	getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
21836: 	interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
21837: 	parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
21838: 	snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
21839: 	sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
21840: 	testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
21841: 	visudo.pod, zero_bytes.c:
21842: 	Update copyright years.
21843: 	[0610c3654739]
21844: 
21845: 	* Makefile.binary.in:
21846: 	Update copyright years.
21847: 	[d78ffc9f2e2b]
21848: 
21849: 	* LICENSE:
21850: 	Update copyright years.
21851: 	[f60473bca4b1]
21852: 
21853: 	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
21854: 	version 1.7
21855: 	[aa977a544ca1]
21856: 
21857: 	* WHATSNEW:
21858: 	What's new in sudo 1.7, based on the 1.7 CHANGES entries.
21859: 	[ecfcf7269c14]
21860: 
21861: 2005-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
21862: 
21863: 	* compat.h, logging.h, sudo.h:
21864: 	Add __printflike and use it with gcc to warn about printf-like
21865: 	format mismatches
21866: 	[b192ad4a0548]
21867: 
21868: 2005-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
21869: 
21870: 	* CHANGES, ChangeLog:
21871: 	Replaced CHANGES file with ChangeLog generated from cvs logs
21872: 	[d9ace9dab98f]
21873: 
21874: 	* set_perms.c:
21875: 	Use warning/error instead of perror/fatal.
21876: 	[e33259df7738]
21877: 
21878: 	* config.guess:
21879: 	Update OpenBSD section
21880: 	[9d2c23de6801]
21881: 
21882: 	* UPGRADE:
21883: 	Add upgrading noted for 1.7
21884: 	[1fb6b6d6df07]
21885: 
21886: 	* env.c, sudo.c, sudoers.pod:
21887: 	Instead of zeroing out the environment, just prune out entries based
21888: 	on the env_delete and env_check lists. Base building up the new
21889: 	environment on the current environment and the variables we removed
21890: 	initially.
21891: 	[fc192df8fd15]
21892: 
21893: 	* config.h.in, configure, configure.in, sudo.c:
21894: 	Set locale to "C" if locales are supported, just to be safe.
21895: 	[91fbaa98f02e]
21896: 
21897: 	* toke.c, toke.l:
21898: 	Cast?argument to ctype functions to unsigned char.
21899: 	[e096b4d65796]
21900: 
21901: 2005-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
21902: 
21903: 	* env.c:
21904: 	correct value for DID_USER
21905: 	[b5b05d36ec15]
21906: 
21907: 	* error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
21908: 	#include <compat.h> not "compat.h"
21909: 	[7a0ad9a0ccd7]
21910: 
21911: 	* defaults.c:
21912: 	Reset the environment by default.
21913: 	[4ecc6423e0f0]
21914: 
21915: 	* sudo.c:
21916: 	Alloc an extra slot in NewArgv. Removes the need to malloc an new
21917: 	vector if execve() fails.
21918: 	[83dfb6f584a7]
21919: 
21920: 2005-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
21921: 
21922: 	* INSTALL, config.h.in, configure, configure.in, sudo.c:
21923: 	Use execve(2) and wrap the command in sh if we get ENOEXEC.
21924: 	[c0c6af4e2a21]
21925: 
21926: 2005-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
21927: 
21928: 	* sudo_noexec.c:
21929: 	Only include time.h on systems that lack struct timespec which gets
21930: 	defind in compat.h (using time_t).
21931: 	[e373e518b4cb]
21932: 
21933: 	* sudo_noexec.c:
21934: 	Include time.h for time_t in compat.h for systems w/o struct
21935: 	timespec.
21936: 	[a34b5637e458]
21937: 
21938: 	* compat.h, config.h.in, configure, configure.in:
21939: 	use bcopy on systems w/o memmove
21940: 	[f835eafd78c6]
21941: 
21942: 	* compat.h:
21943: 	__attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
21944: 	use to gcc >= 2.8.
21945: 	[1cb9a4e58566]
21946: 
21947: 	* Makefile.in:
21948: 	Add explicit rule to build sudo_noexec.lo
21949: 	[df1dfcf8dd77]
21950: 
21951: 2005-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
21952: 
21953: 	* INSTALL.configure, Makefile.in:
21954: 	No longer depend on VPATH; pointed out a bunch of missed
21955: 	dependencies.
21956: 	[601a45d4af6b]
21957: 
21958: 	* TROUBLESHOOTING:
21959: 	Help for PAM when account section is missing
21960: 	[9b8221256756]
21961: 
21962: 	* auth/pam.c:
21963: 	Give user a clue when there is a missing "account" section in the
21964: 	PAM config.
21965: 	[2529625c0495]
21966: 
21967: 	* auth/pam.c:
21968: 	Better error handling.
21969: 	[518c9bda23d8]
21970: 
21971: 	* config.h.in, configure, configure.in:
21972: 	Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
21973: 	possible. Silences a warning about isblank() on linux.
21974: 	[19c94d7ecdc8]
21975: 
21976: 	* auth/pam.c:
21977: 	Fix typo (missing comma) that caused an incorrect number of args to
21978: 	be passed to log_error().
21979: 	[0099dfec560f]
21980: 
21981: 2005-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
21982: 
21983: 	* pwutil.c:
21984: 	Don't try to destroy a tree we didn't create.
21985: 	[d43c4fe03aa4]
21986: 
21987: 2005-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
21988: 
21989: 	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
21990: 	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
21991: 	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
21992: 	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
21993: 	compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
21994: 	fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
21995: 	goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
21996: 	match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
21997: 	sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
21998: 	strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
21999: 	tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
22000: 	Add __unused to rcsids
22001: 	[ad6b4ac45705]
22002: 
22003: 2005-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
22004: 
22005: 	* configure, configure.in:
22006: 	Fix error message when mixing invalid auth types
22007: 	[68069b3ff5bc]
22008: 
22009: 	* INSTALL:
22010: 	PAM, AIX auth, BSD auth and login_cap are now on by default if the
22011: 	OS supports them.
22012: 	[4e44e9098cf0]
22013: 
22014: 	* auth/sudo_auth.h, config.h.in:
22015: 	s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
22016: 	[2d569b43b23e]
22017: 
22018: 	* configure.in:
22019: 	Better checking for conflicting authentication methods Display the
22020: 	authentication methods used at the end of configure Rename --with-
22021: 	authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
22022: 	--with-pam, --with-logincap by default on systems that support them
22023: 	unless disabled. Add OSMAJOR variable that replaces old OSREV; now
22024: 	OSREV has full version number
22025: 	[a21115b6fe9f]
22026: 
22027: 2005-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
22028: 
22029: 	* def_data.c, def_data.in, sudo.c, sudoers.pod:
22030: 	s/-O/-C/
22031: 	[ee73f1b81923]
22032: 
22033: 2005-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
22034: 
22035: 	* configure.in:
22036: 	Replace: test -n "$FOO" || FOO="bar"
22037: 
22038: 	With: : ${FOO='bar'}
22039: 	[37552d9054fc]
22040: 
22041: 2005-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
22042: 
22043: 	* pwutil.c, testsudoers.c, tsgetgrpw.c:
22044: 	Use function pointers to only call private passwd/group routines
22045: 	when using a nonstandard passwd/group file.
22046: 	[215908681dfb]
22047: 
22048: 2005-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
22049: 
22050: 	* CHANGES:
22051: 	sync
22052: 	[2e55c03f5790]
22053: 
22054: 	* tsgetgrpw.c:
22055: 	Can't use strtok() since it doesn't handle empty fields so add
22056: 	getpwent()/getgrent() functions and call those.
22057: 	[bdaa5b0db70e]
22058: 
22059: 2005-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
22060: 
22061: 	* Makefile.in:
22062: 	Fix dummied out toke.c and gram.c dependencies.
22063: 	[4b909c8b2ebe]
22064: 
22065: 	* Makefile.in:
22066: 	Rename PARSESRCS -> GENERATED since it is only used in the clean
22067: 	target Add devdir variable and use it to specify the path to parser
22068: 	sources
22069: 	[f27b3f41ca23]
22070: 
22071: 	* configure:
22072: 	regen
22073: 	[22c6435dbd46]
22074: 
22075: 	* configure.in:
22076: 	Add a devdir variables that defaults to $(srcdir) and is set to . if
22077: 	--devel was specified. Allows for proper dependecies building the
22078: 	parser.
22079: 	[a36d694c6d21]
22080: 
22081: 	* testsudoers.c:
22082: 	Add support for custom passwd/group files.
22083: 	[296549ff4b87]
22084: 
22085: 	* Makefile.in:
22086: 	Build private copy of pwutil.o for testsudoers with MYPW defined so
22087: 	it uses our own passwd/group routines.
22088: 	[bafa54ec78ca]
22089: 
22090: 	* visudo.c:
22091: 	Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
22092: 	stubs instead. We can now just use the caching sudo_*{pw,gr}*
22093: 	functions in pwutil.c Add comment about wanting to call
22094: 	sudo_endpwent/sudo_endgrent in cleanup()
22095: 	[7e59d6b5510d]
22096: 
22097: 	* tsgetgrpw.c:
22098: 	Remove caching; we will just use what is in pwutil.c Use global
22099: 	buffers for passwd/group structs Rename functions from sudo_* to
22100: 	my_*
22101: 	[8c1e068f574c]
22102: 
22103: 	* logging.c, sudo.c:
22104: 	g/c pwcache_init/pwcache_destroy
22105: 	[60a24909b947]
22106: 
22107: 	* sudo.h:
22108: 	Undo last commit and add sudo_setspent and sudo_endspent instead.
22109: 	[bac80db08296]
22110: 
22111: 	* getspwuid.c, pwutil.c:
22112: 	Move all but the shadow stuff from getspwuid.c to pwutil.c and
22113: 	pwcache_get and pwcache_put as they are no longer needed. Also add
22114: 	preprocessor magic to use private versions of the passwd and group
22115: 	routines if MYPW is defined (for use by testsudoers).
22116: 	[a16b8678a426]
22117: 
22118: 	* tsgetgrpw.c:
22119: 	zero out struct passwd/group before filling it in so if there are
22120: 	fields we don't handle they end up as 0.
22121: 	[274cb6a93301]
22122: 
22123: 	* logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
22124: 	Adapt to pwutil.c
22125: 	[43ebd04c8b82]
22126: 
22127: 	* Makefile.in:
22128: 	Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
22129: 	readability.
22130: 	[7f88c6061e2d]
22131: 
22132: 	* tsgetgrpw.c:
22133: 	Passwd and group lookup routines for testsudoers that support
22134: 	alternate passwd and group files.
22135: 	[d7803101d34e]
22136: 
22137: 	* getspwuid.c, pwutil.c:
22138: 	Split off pw/gr cache and dup code into its own file. This allows
22139: 	visudo and testsudoers to use the pw/gr cache too.
22140: 	[ef333d3ffedf]
22141: 
22142: 2005-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
22143: 
22144: 	* parse.c:
22145: 	Print Defaults info in "sudo -l" output and wrap lines based on the
22146: 	terminal width.
22147: 	[e559eae4250e]
22148: 
22149: 2005-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
22150: 
22151: 	* match.c, testsudoers.c, visudo.c:
22152: 	Only check group vector in usergr_matches() if we are matching the
22153: 	invoking or list user. Always check the group members, even if there
22154: 	was a group vector.
22155: 	[d0c7ceb2a041]
22156: 
22157: 2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
22158: 
22159: 	* LICENSE, Makefile.in, fnmatch.3:
22160: 	No longer bundle fnmatch.3
22161: 	[72db4a4ff4e1]
22162: 
22163: 	* CHANGES, TODO:
22164: 	checkpoint
22165: 	[e92781bfd99c]
22166: 
22167: 2004-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
22168: 
22169: 	* sudo.c:
22170: 	sort usage
22171: 	[15e3b876ec2c]
22172: 
22173: 	* sudo.pod:
22174: 	Sort command line options
22175: 	[c1fa56584bc4]
22176: 
22177: 	* def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
22178: 	sudo.pod, sudoers.pod:
22179: 	Add closefrom sudoers option to start closing at a point other than
22180: 	3. Add closefrom_override sudoers option and -C sudo flag to allow
22181: 	the user to specify a different closefrom starting point.
22182: 	[370652b099d1]
22183: 
22184: 	* pathnames.h.in:
22185: 	Add _PATH_DEVNULL for those without it.
22186: 	[0c4c3e0ceb8b]
22187: 
22188: 	* LICENSE:
22189: 	no more UCB strcasecmp
22190: 	[397a6298e07f]
22191: 
22192: 	* strcasecmp.c:
22193: 	replace BSD licensed one with version derived from pdksh
22194: 	[d7cfda8c57a2]
22195: 
22196: 2004-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
22197: 
22198: 	* sudo.c:
22199: 	Fix last commit.
22200: 	[7afb9a180532]
22201: 
22202: 	* sudo.c:
22203: 	Make sure stdin, stdout and stderr are open and dup them to
22204: 	/dev/null if not.
22205: 	[590f387068bd]
22206: 
22207: 2004-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
22208: 
22209: 	* ldap.c, mon_systrace.c, sudo.c, sudo.h:
22210: 	add sudo_ldap_close
22211: 	[4273a36765a7]
22212: 
22213: 	* fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
22214: 	Use TIME_WITH_SYS_TIME
22215: 	[c32b59bf15fb]
22216: 
22217: 	* config.h.in, configure, configure.in:
22218: 	Add TIME_WITH_SYS_TIME_H
22219: 	[57cb146f451d]
22220: 
22221: 2004-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
22222: 
22223: 	* env.c:
22224: 	Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
22225: 	unconditionally on darwin. From Toby Peterson.
22226: 	[d69959681c87]
22227: 
22228: 	* getspwuid.c:
22229: 	Check rbinsert() return value. In the case of faked up entries there
22230: 	is usually a negative response cached that we need to overwrite.
22231: 
22232: 	In pwfree() don't try to zero out a NULL pw_passwd pointer.
22233: 	[00b32d1a48c1]
22234: 
22235: 	* mon_systrace.c:
22236: 	Use the double fork trick to avoid the monitor process being waited
22237: 	for by the main program run through sudo.
22238: 	[e0ce556712ff]
22239: 
22240: 2004-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
22241: 
22242: 	* sudo.c:
22243: 	Call initgroups() in -U mode so group matches work normally.
22244: 	[2235bea15283]
22245: 
22246: 	* def_data.h, mkdefaults:
22247: 	Don't print a trailing comma for the last entry in enum def_tupple
22248: 	[c43a96bb31df]
22249: 
22250: 2004-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
22251: 
22252: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
22253: 	Mention values when lecture, listpw and verifypw are used in boolean
22254: 	context.
22255: 	[a0b5c0abaccf]
22256: 
22257: 	* def_data.c, def_data.in:
22258: 	verifypw when used in a boolean TRUE context should be "all", not
22259: 	"any".
22260: 	[2eb076ddd5e2]
22261: 
22262: 2004-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
22263: 
22264: 	* def_data.in, defaults.c:
22265: 	Allow tuples that can be used as booleans to be used as boolean
22266: 	TRUE. In this case the 2nd possible value of the tuple is used for
22267: 	TRUE.
22268: 	[bd99aa77e88b]
22269: 
22270: 2004-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
22271: 
22272: 	* configure, configure.in:
22273: 	Correct the test for 2-parameter timespecsub
22274: 	[d41c9cb26b97]
22275: 
22276: 	* sudo.h:
22277: 	Add strub struct definitions for passwd, timeval and timespec
22278: 	[c4ce5c43d8c5]
22279: 
22280: 	* config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
22281: 	Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
22282: 	and fix a typo in the gettimeofday check.
22283: 	[8ac9893057ce]
22284: 
22285: 2004-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
22286: 
22287: 	* match.c, testsudoers.c:
22288: 	Deal with user_stat being NULL as it is for visudo and testsudoers.
22289: 	[3605a6ff64d0]
22290: 
22291: 	* parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
22292: 	Add -U option to use in conjunction with -l instead of -u. Add
22293: 	support for "sudo -l command" to test a specific command.
22294: 	[99638789d415]
22295: 
22296: 	* gram.c, gram.y, sudo.c:
22297: 	Set safe_cmnd after sudoers_lookup() if it has not been set.
22298: 	Previously it was set by sudo "ALL" in the parser but at that point
22299: 	the fully-qualified pathname has not yet been found.
22300: 	[ac30d98f8225]
22301: 
22302: 2004-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
22303: 
22304: 	* parse.c, testsudoers.c:
22305: 	Correctly handle multiple privileges per userspec and runas
22306: 	inheritence.
22307: 	[a98a965181af]
22308: 
22309: 2004-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
22310: 
22311: 	* defaults.c:
22312: 	Zero out sd_un for each entry in sudo_defs_table in init_defaults.
22313: 	[031d3cd4a848]
22314: 
22315: 2004-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
22316: 
22317: 	* toke.c, toke.l:
22318: 	make per-command defaults work with sudoedit
22319: 	[e56fe33db916]
22320: 
22321: 	* ldap.c, parse.c, sudo.c, sudo.h:
22322: 	Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags. Instead,
22323: 	we just set the approriate defaults variable.
22324: 	[756eeecc1d86]
22325: 
22326: 	* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
22327: 	Document per-command Defaults.
22328: 	[92a0f84b91c1]
22329: 
22330: 	* defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
22331: 	sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
22332: 	Add support for command-specific Defaults entries. E.g.
22333: 	Defaults!/usr/bin/vi noexec
22334: 	[be3d52bf01cf]
22335: 
22336: 	* defaults.c, match.c, parse.c, parse.h, testsudoers.c:
22337: 	Change an occurence of user_matches() -> runas_matches() missed
22338: 	previously runas_matches(), host_matches() and cmnd_matches() only
22339: 	really need to pass in a list of members. user_matches() still needs
22340: 	to pass in a passwd struct because of "sudo -l"
22341: 	[833b22fc6fa0]
22342: 
22343: 	* parse.c:
22344: 	Check def_authenticate, def_noexec and def_monitor when setting
22345: 	return flags. XXX May be better to just set the defaults directly
22346: 	and get rid of those flags.
22347: 	[b6db22b59d69]
22348: 
22349: 	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
22350: 	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
22351: 	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
22352: 	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
22353: 	defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
22354: 	getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
22355: 	gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
22356: 	mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
22357: 	strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
22358: 	sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
22359: 	visudo.c, zero_bytes.c:
22360: 	Use: #include <config.h> Not: #include "config.h" That way we get
22361: 	the correct config.h when build dir != src dir
22362: 	[97e5670a442b]
22363: 
22364: 	* Makefile.in:
22365: 	Back out part of rev 1.263; fix -I order
22366: 	[197ea01cad5d]
22367: 
22368: 	* toke.c, toke.l:
22369: 	More robust parsing if #include; could be much better still.
22370: 	[31bc3cd8f045]
22371: 
22372: 	* sudo_edit.c, visudo.c:
22373: 	Make arg splitting in visudo and sudoedit consistent.
22374: 	[7bc74485f246]
22375: 
22376: 	* Makefile.in, alias.c, gram.c, gram.y, parse.h:
22377: 	Split alias routines out into their own file.
22378: 	[d90f633cf9ae]
22379: 
22380: 	* error.h:
22381: 	__attribute__ is already defined in compat.h
22382: 	[676ed3fe9203]
22383: 
22384: 	* visudo.c:
22385: 	quit() should not be __noreturn__ as it is non-void on some
22386: 	platforms.
22387: 	[e528c2b6ba10]
22388: 
22389: 	* auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
22390: 	Add local error/warning functions like err/warn but that call an
22391: 	additional cleanup routine in the error case. This means we no
22392: 	longer need to compile a special version of alloc.o for visudo.
22393: 	[e78e8aae882e]
22394: 
22395: 	* parse.h:
22396: 	Clarify comments about the data structures
22397: 	[ae894e266701]
22398: 
22399: 2004-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
22400: 
22401: 	* visudo.c:
22402: 	Add support for VISUAL and EDITOR containing command line args. If
22403: 	env_editor is not set any args in VISUAL and EDITOR are ignored.
22404: 	Arguments are also now supported in def_editor.
22405: 	[ff7303b8e298]
22406: 
22407: 2004-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
22408: 
22409: 	* parse.h:
22410: 	alias_matches() is no more
22411: 	[b59825e28084]
22412: 
22413: 	* CHANGES, TODO:
22414: 	sync
22415: 	[2b8f5f63c1de]
22416: 
22417: 	* Makefile.in:
22418: 	When regenerating the parser, don't replace gram.h unless it has
22419: 	changed.
22420: 	[819949668018]
22421: 
22422: 	* Makefile.in:
22423: 	remove Makefile.binary for distclean
22424: 	[351eec8d00b2]
22425: 
22426: 	* env.c:
22427: 	Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
22428: 	sure we can't overflow new_env.
22429: 	[3284d17b9c6d]
22430: 
22431: 	* sudo_edit.c:
22432: 	paranoia when stripping trailing slashes from tempdir.
22433: 	[012f1aa2b81f]
22434: 
22435: 	* sudo.c:
22436: 	Set user_ngroups to 0 if getgroups() returns an error.
22437: 	[c46d43e9449a]
22438: 
22439: 2004-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
22440: 
22441: 	* config.h.in, configure, configure.in, sudo.c:
22442: 	Add configure check for getgroups()
22443: 	[5d8a214e2cef]
22444: 
22445: 	* ldap.c:
22446: 	Use supplementary group vector in struct sudo_user.
22447: 	[3d0c463c034d]
22448: 
22449: 	* match.c:
22450: 	Only do string comparisons on the group members if there is no
22451: 	supplemental group list.
22452: 	[be1c8362f7ef]
22453: 
22454: 	* CHANGES, TODO:
22455: 	sync
22456: 	[db188bc5b975]
22457: 
22458: 	* sudo_edit.c:
22459: 	On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
22460: 	chop off any trailing slashes we see and add an explicit one.
22461: 	[e1b477dafee1]
22462: 
22463: 	* match.c:
22464: 	remove bogus XXX comment
22465: 	[8aecb8a28d40]
22466: 
22467: 	* match.c:
22468: 	Get rid of alias_matches and correctly fall through to the non-alias
22469: 	cases when there is no alias with the specified name.
22470: 	[2cd555246f09]
22471: 
22472: 	* getspwuid.c:
22473: 	Cache non-existent passwd/group entries too.
22474: 	[8de9a467d271]
22475: 
22476: 	* gram.c:
22477: 	regen
22478: 	[9ece18c58f36]
22479: 
22480: 	* getspwuid.c:
22481: 	fix typo
22482: 	[9a7ae371eac1]
22483: 
22484: 	* check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
22485: 	mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
22486: 	Implement group caching and use the passwd and group caches
22487: 	throughout.
22488: 	[f1d8c5015169]
22489: 
22490: 2004-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
22491: 
22492: 	* match.c:
22493: 	Properly negate the return value of alias_matches() when
22494: 	appropriate.
22495: 	[ce59c4ce77ad]
22496: 
22497: 	* match.c:
22498: 	Make hostname_matches() return TRUE for a match, else FALSE like the
22499: 	caller expects.
22500: 	[1dc03902d3a2]
22501: 
22502: 	* Makefile.in:
22503: 	Add missing dependencies on gram.h
22504: 	[4f94bbb1d50c]
22505: 
22506: 	* match.c:
22507: 	Use runas_matches in alias_matches() now that we have it.
22508: 	[284d22e91178]
22509: 
22510: 	* parse.c, parse.h:
22511: 	Expand aliases in "sudo -l" mode
22512: 	[f67a38b79c44]
22513: 
22514: 	* gram.y, match.c:
22515: 	Use ALIAS for the member type when storing an alias instead of
22516: 	HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
22517: 	more generic type. Expand runas_matches instead of calling
22518: 	user_matches() inside of it since user_matches() looks up
22519: 	USERALIASes, not RUNASALIASes.
22520: 	[52004d75232b]
22521: 
22522: 	* CHANGES, getspwuid.c:
22523: 	Paranoia; zero out pw_passwd before freeing passwd entry.
22524: 	[bd1b22638f00]
22525: 
22526: 	* LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
22527: 	configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
22528: 	error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
22529: 	sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
22530: 	Add local error/warning functions like err/warn but that call an
22531: 	additional cleanup routine in the error case. This means we no
22532: 	longer need to compile a special version of alloc.o for visudo.
22533: 	[25000b676cfe]
22534: 
22535: 	* match.c:
22536: 	Use userpw_matches() to compare usernames, not strcmp(), since the
22537: 	latter checks for "#uid".
22538: 	[fcbe4b859f66]
22539: 
22540: 	* getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
22541: 	Cache passwd db entries in 2 reb-black trees; one indexed by uid,
22542: 	the other by user name. The data returned from the cache should be
22543: 	considered read-only and is destroyed by sudo_endpwent().
22544: 	[ee2418ff3f86]
22545: 
22546: 	* match.c:
22547: 	add cast to uid_t
22548: 	[eb6415302d84]
22549: 
22550: 	* gram.y:
22551: 	missing free in alias_destroy
22552: 	[572ecb680ad8]
22553: 
22554: 	* redblack.c:
22555: 	Can't use rbapply() for rbdestroy since the destructor is passed a
22556: 	data pointer, not a node pointer.
22557: 	[11ce713830c0]
22558: 
22559: 	* getspwuid.c, logging.c, sudo.c, sudo.h:
22560: 	Create and use private versions of setpwent() and endpwent() that
22561: 	set/end the shadow password file too.
22562: 	[616bc76d23bf]
22563: 
22564: 	* gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
22565: 	Store aliases in a red-black tree.
22566: 	[ce017d540416]
22567: 
22568: 	* Makefile.in, redblack.c, redblack.h:
22569: 	red-black tree implementation
22570: 	[cd5586e8f48b]
22571: 
22572: 	* visudo.c:
22573: 	Edit all sudoers file if there were unused or undefined aliases and
22574: 	we are in strict mode.
22575: 	[b6d5f5bb7262]
22576: 
22577: 2004-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
22578: 
22579: 	* CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
22580: 	find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
22581: 	Bring back the "secure_path" Defaults option now that Defaults take
22582: 	effect before the path is searched.
22583: 	[2e52c0e27606]
22584: 
22585: 2004-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
22586: 
22587: 	* logging.c, parse.c:
22588: 	A user can always list their own entries, even with -u. Better error
22589: 	message when failing to list another user's entries.
22590: 	[e2e24deb0071]
22591: 
22592: 	* parse.c, sudo.c, sudo.h:
22593: 	The syntax to list another user's entries is now "-u otheruser -l".
22594: 	Only root or users with sudo "ALL" may list other user's entries.
22595: 	[3c0657e8f5fe]
22596: 
22597: 	* sudo.cat, sudo.man.in, sudo.pod:
22598: 	Update env variable info in SECURITY NOTES
22599: 	[299716071024]
22600: 
22601: 	* env.c:
22602: 	strip CDPATH too
22603: 	[9b97643b26f9]
22604: 
22605: 	* env.c:
22606: 	strip exported bash functions from the environment.
22607: 	[9e5090c8284f]
22608: 
22609: 2004-10-27  Todd C. Miller  <Todd.Miller@courtesan.com>
22610: 
22611: 	* sudo.c:
22612: 	Only reset sudo_user.pw based on SUDO_USER environment variables for
22613: 	real commands and sudoedit. This avoids a confusing message when a
22614: 	user tries "sudo -l" or "sudo -v" and is denied.
22615: 	[3ea6d0053274]
22616: 
22617: 	* gram.c, gram.y, parse.h:
22618: 	Extend LIST_APPEND to deal with appending lists too
22619: 	[d963e42f622f]
22620: 
22621: 2004-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
22622: 
22623: 	* logging.c:
22624: 	Convert some bitwise AND to ISSET
22625: 	[130dc40d268e]
22626: 
22627: 	* lex.yy.c, toke.c:
22628: 	toke.c replaces lex.yy.c
22629: 	[048858df79e7]
22630: 
22631: 	* CHANGES, TODO:
22632: 	sync
22633: 	[d19e7abf251c]
22634: 
22635: 	* BUGS:
22636: 	new parser fixes most of the outstanding bugs
22637: 	[0891f66e3758]
22638: 
22639: 	* configure:
22640: 	regen
22641: 	[1a3358cc7283]
22642: 
22643: 	* visudo.c:
22644: 	Rework for the new parser. Now checks for unused aliases in sudoers.
22645: 	[ad462ede3094]
22646: 
22647: 	* testsudoers.c:
22648: 	Rewrite for the new parser. Now supports a -d flag (dump) and adds a
22649: 	-h flag (host). It now defaults to the local hostname unless
22650: 	otherwise specified.
22651: 	[1b69685cc601]
22652: 
22653: 	* sudo.h:
22654: 	Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
22655: 	[2e4fb3abfef0]
22656: 
22657: 	* sudo.c:
22658: 	Update for new parse. We now call find_path() *after* we have
22659: 	updated the global defaults based on sudoers. Also adds support for
22660: 	listing other user's privs if you are root.
22661: 	[cf3db9fc3024]
22662: 
22663: 	* mon_systrace.c:
22664: 	Working LDAP support; also remove a now-unneeded rewind().
22665: 	[649ecf1baf6b]
22666: 
22667: 	* logging.c, logging.h:
22668: 	Add NO_STDERR flag.
22669: 	[6cb935af94e0]
22670: 
22671: 	* ldap.c:
22672: 	Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
22673: 	udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
22674: 	connecto to LDAP, apply the default options, find the command in the
22675: 	user's path, and then check whether the user is allowed to run it.
22676: 	The important thing here is that the default runas user may be
22677: 	specified as a default option and that needs to be set before we
22678: 	search for the command.
22679: 	[fc0426abc6f1]
22680: 
22681: 	* ldap.c:
22682: 	Add casts to unsigned char for isspace() to quiet a gcc warning.
22683: 	[e5358e3df439]
22684: 
22685: 	* defaults.h:
22686: 	Add prototype for update_defaults()
22687: 	[564dac3db74e]
22688: 
22689: 	* defaults.c:
22690: 	Don't warn about line numbers now that we operate on a set of data
22691: 	structures (or LDAP) and not a file.
22692: 	[bcd9ffb9b67c]
22693: 
22694: 	* config.h.in:
22695: 	No long use lsearch()
22696: 	[9d048c587319]
22697: 
22698: 	* Makefile.in:
22699: 	Update for new and changed file names.
22700: 	[6f424a7c4515]
22701: 
22702: 	* LICENSE:
22703: 	no more BSD lsearch.c
22704: 	[463a96d89026]
22705: 
22706: 	* match.c:
22707: 	foo_matches() routines now live in match.c Added user_matches(),
22708: 	runas_matches(), host_matches(), cmnd_matches() and alias_matches()
22709: 	that operate on the parsed sudoers file.
22710: 	[b14da8a0567e]
22711: 
22712: 	* parse.lex, toke.l:
22713: 	Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
22714: 	WORD no longer needs to exclude '@' kill yywrap()
22715: 	[a922294eb7b7]
22716: 
22717: 	* gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
22718: 	sudo.tab.h:
22719: 	Rewritten parser that converts sudoers into a set of data
22720: 	structures. This eliminates ordering issues and makes it possible to
22721: 	apply sudoers Defaults entries before searching for the command.
22722: 	[30d2ec4d203c]
22723: 
22724: 	* configure.in, emul/search.h, lsearch.c:
22725: 	We won't be using lsearch() any longer.
22726: 	[29c4d54bfac0]
22727: 
22728: 	* ldap.c:
22729: 	sudo should not send mail if someone who runs 'sudo -l' has no
22730: 	entry.
22731: 	[6fc27a69fd9c]
22732: 
22733: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22734: 	visudo.man.in:
22735: 	regen
22736: 	[8166347917f3]
22737: 
22738: 	* visudo.pod:
22739: 	Update warnings to match new visudo
22740: 	[004c0766798f]
22741: 
22742: 	* sudoers.pod:
22743: 	The new parser doesn't have the old ordering constraints.
22744: 	[ffd43bd08661]
22745: 
22746: 	* sudo.pod:
22747: 	Document that -l now takes an optional username argument
22748: 	[278f9557de8b]
22749: 
22750: 2004-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
22751: 
22752: 	* RUNSON:
22753: 	AIX 5.2.0.0 works
22754: 	[523acd29d858]
22755: 
22756: 	* ldap.c:
22757: 	If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
22758: 	a compilation problem with Solaris 9's native LDAP.
22759: 
22760: 	Set FLAG_MONITOR when needed.
22761: 	[35824ade672d]
22762: 
22763: 2004-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
22764: 
22765: 	* mon_systrace.c:
22766: 	Call sudo_goodpath() *after* changing the cwd to match the traced
22767: 	process. Fixes relative paths.
22768: 	[12ee111d0ad7]
22769: 
22770: 2004-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
22771: 
22772: 	* testsudoers.c:
22773: 	Kill set_perms() stub--it is no longer needed.
22774: 	[116ed702935d]
22775: 
22776: 2004-10-13  Todd C. Miller  <Todd.Miller@courtesan.com>
22777: 
22778: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
22779: 	stay_setuid now requires set_reuid() or setresuid()
22780: 	[8511f67e25d5]
22781: 
22782: 	* INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
22783: 	configure.in, set_perms.c, sudo.c, sudo.h:
22784: 	Kill use of POSIX saved uids; they aren't worth bothering with.
22785: 	[b3b1f19f18c1]
22786: 
22787: 2004-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
22788: 
22789: 	* glob.c:
22790: 	remove call to issetugid()
22791: 	[63f2e492c08f]
22792: 
22793: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
22794: 	Remove warning about wildcards. Now that we use glob() the bug is
22795: 	fixed.
22796: 	[b15729d32266]
22797: 
22798: 	* parse.c:
22799: 	Use glob(3) instead of fnmatch(3) for matching pathnames and stat
22800: 	each result that matches the basename of the user's command. This
22801: 	makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
22802: 	/usr/bin/blah. Fixes bug #143.
22803: 	[e31eb6310340]
22804: 
22805: 	* config.h.in, configure, configure.in:
22806: 	Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
22807: 	GLOB_BRACE)
22808: 	[677ed6661e17]
22809: 
22810: 	* config.h.in, configure, configure.in:
22811: 	Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
22812: 	[aaa2329dd266]
22813: 
22814: 	* LICENSE:
22815: 	reference glob
22816: 	[bedc9a923423]
22817: 
22818: 	* glob.c:
22819: 	4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
22820: 	removed.
22821: 	[81799451473c]
22822: 
22823: 	* emul/glob.h:
22824: 	4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
22825: 	removed.
22826: 	[0335cf31fb1e]
22827: 
22828: 2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
22829: 
22830: 	* mon_systrace.c:
22831: 	Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably means
22832: 	we are out of space in the stack gap...
22833: 	[5b02b702021e]
22834: 
22835: 	* CHANGES:
22836: 	sync
22837: 	[be3826273e56]
22838: 
22839: 	* mon_systrace.c:
22840: 	Take a stab at ldap sudoers support here.
22841: 	[9d023695b0de]
22842: 
22843: 	* mon_systrace.c, mon_systrace.h:
22844: 	Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
22845: 	doesn't cause reboot to inadvertanly kill itself.
22846: 	[d4aab2365610]
22847: 
22848: 	* mon_systrace.c:
22849: 	put "monitor" in the proctitle, not "systrace"
22850: 	[9a9025767d86]
22851: 
22852: 	* mon_systrace.c:
22853: 	When modifying the environment, don't replace envp when we can get
22854: 	away with just rewriting pointers in the traced process.
22855: 	[c03622f7a2e2]
22856: 
22857: 	* mon_systrace.c, mon_systrace.h:
22858: 	Add environment updating via STRIOCINJECT (if available).
22859: 	[037291016870]
22860: 
22861: 	* sudoers.cat, sudoers.man.in:
22862: 	regen
22863: 	[869acc511046]
22864: 
22865: 2004-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
22866: 
22867: 	* lex.yy.c:
22868: 	regen
22869: 	[4e61a9bd3c97]
22870: 
22871: 	* parse.lex:
22872: 	Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
22873: 	[b70d7bd6e147]
22874: 
22875: 	* mon_systrace.c:
22876: 	Include file is now mon_systrace.h
22877: 	[ead4e36d92ae]
22878: 
22879: 	* Makefile.in, configure, configure.in, def_data.c, def_data.h,
22880: 	def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
22881: 	sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
22882: 	No longer call it tracing, it is now "monitoring" which should be
22883: 	more a obvious name to non-hackers.
22884: 	[aa811ded0789]
22885: 
22886: 2004-10-01  Todd C. Miller  <Todd.Miller@courtesan.com>
22887: 
22888: 	* mon_systrace.c, mon_systrace.h:
22889: 	Fix some XXX
22890: 	[a271072dacc6]
22891: 
22892: 	* mon_systrace.c, mon_systrace.h:
22893: 	No need to include syscall.h, use 1024 as the max # of entries (the
22894: 	max that systrace(4) allows).
22895: 
22896: 	Only need to use SYSTR_POLICY_ASSIGN once
22897: 
22898: 	Change check_syscall() -> find_handler() and have it return the
22899: 	handler instead of just running it. We need this since handler now
22900: 	have two parts: one part that generates and answer and another that
22901: 	gets called after the answer is accepted (to do logging).
22902: 
22903: 	Add some missing check_exec for emul execv
22904: 	[a89d243f0525]
22905: 
22906: 	* sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
22907: 	Add $Sudo$ tags.
22908: 	[6f3fedb0daba]
22909: 
22910: 	* config.h.in:
22911: 	Add missing HAVE_LINUX_SYSTRACE_H
22912: 	[ff75ab7bfc53]
22913: 
22914: 	* Makefile.in:
22915: 	add trace_systrace.o dependency
22916: 	[88a408668ab2]
22917: 
22918: 2004-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>
22919: 
22920: 	* configure, configure.in:
22921: 	Also look for systrace.h in /usr/include/linux
22922: 	[98b98b436cf3]
22923: 
22924: 	* mon_systrace.c, mon_systrace.h:
22925: 	Move all struct defs and prototypes into trace_systrace.h and mark
22926: 	all but systace_attach() static.
22927: 	[85511253b570]
22928: 
22929: 	* mon_systrace.c, mon_systrace.h:
22930: 	Add support for tracing emulations. At the moment, all emulations
22931: 	are compiled in. It might make sense to #ifdef them in the future,
22932: 	though this impeeds readability.
22933: 	[87bb50abf277]
22934: 
22935: 	* Makefile.in, configure, configure.in:
22936: 	rename systrace.c -> trace_systrace.c
22937: 	[31cfa4407d93]
22938: 
22939: 	* parse.yacc, sudo.tab.c:
22940: 	Allow this to build with a K&R compiler again
22941: 	[32876af5bb98]
22942: 
22943: 	* TODO:
22944: 	sync
22945: 	[46865bd70f7c]
22946: 
22947: 	* compat.h, sudo.c, visudo.c:
22948: 	Use __attribute__((__noreturn__))
22949: 	[65bbad71fe89]
22950: 
22951: 	* visudo.c:
22952: 	Exit() takes a negative value to indicate it was not called via
22953: 	signal.
22954: 	[b93032ed7b60]
22955: 
22956: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
22957: 	visudo.man.in:
22958: 	regen
22959: 	[45bcf4661558]
22960: 
22961: 	* Makefile.in, visudo.c:
22962: 	Define Err() and Errx() that are like err() and errx() but call
22963: 	Exit() instead of exit(). Build private copy of alloc.o for visudo
22964: 	that calls Err() and Errx().
22965: 	[c6d02bf42edd]
22966: 
22967: 2004-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
22968: 
22969: 	* lex.yy.c, sudo.tab.c:
22970: 	regen
22971: 	[39de7e7c59da]
22972: 
22973: 	* CHANGES:
22974: 	sync
22975: 	[ba481d9ed1aa]
22976: 
22977: 	* visudo.c:
22978: 	Overhaul visudo for editing multiple files: o visudo has been broken
22979: 	out into functions (more work needed here) o each file is now edited
22980: 	before sudoers is re-parsed o if a #include line is added that file
22981: 	will be edited too
22982: 
22983: 	TODO: o cleanup temp files when exiting via err() or errx() o
22984: 	continue breaking things out into separate functions
22985: 	[80c35cf534eb]
22986: 
22987: 	* parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
22988: 	Add keepopen arg to open_sudoers that open_sudoers can use to
22989: 	indicate to the caller that the fd should not be closed when it is
22990: 	done with it. To be used by visudo to keep locked fds from being
22991: 	closed prematurely (and thus losing the lock).
22992: 	[f330fe632470]
22993: 
22994: 	* parse.yacc, sudo.c:
22995: 	Add errorfile global that contains the name of the file that caused
22996: 	the error.
22997: 	[98079c7a37ed]
22998: 
22999: 	* parse.lex:
23000: 	return COMMENT to yacc grammar for a #include line
23001: 	[2024a8de4fa8]
23002: 
23003: 	* parse.lex:
23004: 	Remove us of unput() in favor of yyless() which is cheaper.
23005: 	[c61291902beb]
23006: 
23007: 	* parse.yacc:
23008: 	Allow an empty sudoers file.
23009: 	[62fb111db2e7]
23010: 
23011: 2004-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
23012: 
23013: 	* mon_systrace.c:
23014: 	Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
23015: 	[9e15869ef597]
23016: 
23017: 	* lex.yy.c, sudo.tab.c:
23018: 	regen
23019: 	[c29bdd43bfad]
23020: 
23021: 	* visudo.c:
23022: 	Do signal setup before calling edit_sudoers(). Don't shadow the
23023: 	"quiet" global.
23024: 	[74252efd09ff]
23025: 
23026: 	* visudo.c:
23027: 	If a sudoers file includes other files, edit those too. Does not yes
23028: 	deal with creating the new includes files itself.
23029: 	[06af7b9c173f]
23030: 
23031: 	* testsudoers.c:
23032: 	init_parser now takes a path
23033: 	[b5ee186eb192]
23034: 
23035: 	* parse.c, parse.h, parse.lex, parse.yacc:
23036: 	More scaffolding for dealing with multiple sudoers files: o
23037: 	init_parser() now takes a path used to populate the sudoers global o
23038: 	the sudoers global is used to print the correct file in yyerror() o
23039: 	when switching to a new sudoers file, perserve old file name and
23040: 	line number
23041: 	[d9be4970b8bd]
23042: 
23043: 	* Makefile.in, pathnames.h.in:
23044: 	Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
23045: 	multiple sudoers files.
23046: 	[6ccc4e921c43]
23047: 
23048: 	* parse.c, sudo.c:
23049: 	Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
23050: 	we start at the right file position when reading include files.
23051: 	[91fcb961e7a4]
23052: 
23053: 	* sudoers.pod:
23054: 	document #include
23055: 	[fbb92a25a726]
23056: 
23057: 	* lex.yy.c:
23058: 	regen
23059: 	[50cd7a4c9dff]
23060: 
23061: 	* parse.lex:
23062: 	Add max depth of 128 for the include stack to avoid loops.
23063: 
23064: 	Since yyerror() doesn't stop parsing, pass return values back to
23065: 	yylex and call yyterminate() on error.
23066: 	[e79dbffb729d]
23067: 
23068: 2004-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
23069: 
23070: 	* sudoers.pod:
23071: 	document tracing
23072: 	[165a467eadd8]
23073: 
23074: 	* sudo.pod:
23075: 	Mention PREVENTING SHELL ESCAPES section of sudoers man page
23076: 	[3217ccecd834]
23077: 
23078: 	* lex.yy.c, sudo.tab.c:
23079: 	regen
23080: 	[fbd58d1d3a76]
23081: 
23082: 	* parse.lex:
23083: 	Add support for #include in sudoers (visudo support TBD)
23084: 	[a78015ca81af]
23085: 
23086: 	* parse.yacc:
23087: 	make yyerror()'s argument const
23088: 	[7d8e168c019a]
23089: 
23090: 	* testsudoers.c, visudo.c:
23091: 	Add open_sudoers() stubs.
23092: 	[087466787198]
23093: 
23094: 	* sudo.c, sudo.h:
23095: 	Rename check_sudoers() open_sudoers() and make it return a FILE *
23096: 	[142fc511fc65]
23097: 
23098: 2004-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
23099: 
23100: 	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
23101: 	version.h:
23102: 	Crank version
23103: 	[1adc3f839480]
23104: 
23105: 	* Makefile.in, sudo.psf:
23106: 	Better HP-UX depot construction
23107: 	[2d952b000e63]
23108: 
23109: 2004-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
23110: 
23111: 	* mon_systrace.c:
23112: 	o Made children global so check_exec() can lookup a child. o
23113: 	Replaced uid in struct childinfo with struct passwd * (for runas) o
23114: 	new_child() now takes a parent pid so the runas info can be
23115: 	inherited o Added find_child() to lookup a child by its pid o
23116: 	update_child() now fills in a struct passwd o Converted the big
23117: 	if/else mess in set_policy to a switch o Syscalls that change uid
23118: 	are now "ask" so we get SYSTR_MSG_UGID events
23119: 	[29b9ea3f09a3]
23120: 
23121: 	* getspwuid.c:
23122: 	Add flag to sudo_pwdup that indicates whether or not to lookup the
23123: 	shadow password. Will be used to a struct passwd that has the shadow
23124: 	password already filled in.
23125: 	[e19d43dd7238]
23126: 
23127: 	* mon_systrace.c:
23128: 	add missing increment of addr in read_string()
23129: 	[f9eb0f060cb6]
23130: 
23131: 	* mon_systrace.c:
23132: 	Remove bogus call to update_child() and some cosmetic fixes
23133: 	[701ab0b97fef]
23134: 
23135: 	* mon_systrace.c:
23136: 	Don't leak /dev/systrace fd to tracee Make initialized global for
23137: 	simplicity If STRIOCATTACH returns EBUSY we are already being traced
23138: 	Check for user_args == NULL in setproctitle() call Add missing calls
23139: 	to STRIOCANSWER
23140: 	[1956edf9bc3a]
23141: 
23142: 	* sudo.c:
23143: 	g/c sudo_pwdup proto
23144: 	[b7c4d6249ecb]
23145: 
23146: 	* Makefile.in, sudo.psf:
23147: 	Add target for building a depot file
23148: 	[357019efd99b]
23149: 
23150: 	* mon_systrace.c:
23151: 	trim includes
23152: 	[501534428471]
23153: 
23154: 2004-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
23155: 
23156: 	* lex.yy.c, sudo.tab.c, sudo.tab.h:
23157: 	regen
23158: 	[52fd250c6986]
23159: 
23160: 	* INSTALL:
23161: 	document --with-systrace
23162: 	[79623927c94e]
23163: 
23164: 	* config.h.in, configure, configure.in:
23165: 	Add check for setproctitle
23166: 	[1730cf1c26ed]
23167: 
23168: 	* mon_systrace.c:
23169: 	pass struct str_msg_ask in to syscall checker so it can set the
23170: 	error code
23171: 	[1703fd2fdef6]
23172: 
23173: 	* mon_systrace.c:
23174: 	systrace(4) support for sudo. On systems with the systrace(4) kernel
23175: 	facility (OpenBSD, NetBSD, Linux w/ patches) sudo can intercept exec
23176: 	calls and check the exec args against the sudoers file. In other
23177: 	words, sudo can now control subcommands and shell escapes.
23178: 	[928c9217c386]
23179: 
23180: 	* sudo.c, sudo.h:
23181: 	Call systrace_attach() if FLAG_TRACE is set.
23182: 	[014ba9402fa5]
23183: 
23184: 	* parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
23185: 	Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
23186: 	[a99904db5e56]
23187: 
23188: 	* parse.c, sudo.c:
23189: 	Don't close sudoers_fp, keep it open and set close on exec flag
23190: 	instead.
23191: 	[43a9fec60bee]
23192: 
23193: 	* def_data.c, def_data.h, def_data.in:
23194: 	Add trace option
23195: 	[5b643b86730a]
23196: 
23197: 	* Makefile.in:
23198: 	Add systrace
23199: 	[47a0519c427c]
23200: 
23201: 	* INSTALL:
23202: 	SunOS /bin/sh blows up with configure
23203: 	[005a23cc5615]
23204: 
23205: 	* configure, configure.in:
23206: 	Include sys/param.h before systrace.h
23207: 	[9345bc8efecf]
23208: 
23209: 	* configure:
23210: 	regen
23211: 	[a8f53fcbb254]
23212: 
23213: 	* pathnames.h.in:
23214: 	_PATH_DEV_SYSTRACE
23215: 	[d2ad1e492a00]
23216: 
23217: 	* configure.in:
23218: 	line up options in --help
23219: 	[fa51f2821d09]
23220: 
23221: 	* config.h.in, configure.in:
23222: 	Add --with-systrace
23223: 	[a264d54bc413]
23224: 
23225: 2004-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
23226: 
23227: 	* configure:
23228: 	regen
23229: 	[a4dad0bcc523]
23230: 
23231: 	* aclocal.m4, configure.in:
23232: 	make this work with autoconf-2.59
23233: 	[c4a92b6a684a]
23234: 
23235: 2004-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
23236: 
23237: 	* sudo_edit.c:
23238: 	Simplify logic around open & stat of files and do sanity on edited
23239: 	file even if we lack fstat (still racable but worth doing).
23240: 	[adda65ade70c]
23241: 
23242: 2004-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
23243: 
23244: 	* HISTORY:
23245: 	Add support url
23246: 	[bf6590fbde9f]
23247: 
23248: 	* Makefile.in:
23249: 	versino 1.6.8p1
23250: 	[b84ebfaf1552] [SUDO_1_6_8p1]
23251: 
23252: 	* CHANGES:
23253: 	more changes for 1.6.8p1
23254: 	[e23a9c0393b6]
23255: 
23256: 	* version.h:
23257: 	1.6.8p1
23258: 	[872f14504b5f]
23259: 
23260: 	* CHANGES, sudo_edit.c:
23261: 	Add sanity check so we don't try to edit something other than a
23262: 	regular file.
23263: 	[350134ec6d4e]
23264: 
23265: 2004-09-15  Aaron Spangler  <aaron777@gmail.com>
23266: 
23267: 	* CHANGES:
23268: 	sync
23269: 	[3091ca9eae00]
23270: 
23271: 	* INSTALL:
23272: 	document --with-ldap-conf-file
23273: 	[0e2cd6b896f1]
23274: 
23275: 2004-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
23276: 
23277: 	* CHANGES, ins_csops.h:
23278: 	political correctness strikes again
23279: 	[428e8bc77f55]
23280: 
23281: 	* RUNSON:
23282: 	sync
23283: 	[27f44bd423dc]
23284: 
23285: 2004-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
23286: 
23287: 	* Makefile.binary.in, Makefile.in:
23288: 	Install sudoedit man link
23289: 	[19a55234fc1f]
23290: 
23291: 	* INSTALL:
23292: 	Update PAM note and mention where HP-UX users can download gcc
23293: 	binaries.
23294: 	[d37cdbbabfd4]
23295: 
23296: 	* Makefile.in:
23297: 	libtool wants to install stuff from .libs so fake one up for binary
23298: 	installations.
23299: 	[a681bc6fcfba]
23300: 
23301: 	* Makefile.binary.in:
23302: 	rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
23303: 	[3e0c4b3372cc]
23304: 
23305: 	* Makefile.in:
23306: 	Deal with "uname -m" having slashes in it rm -f old sudoedit link
23307: 	instead of using ln -f
23308: 	[cff33fb97e5b]
23309: 
23310: 	* Makefile.binary, Makefile.binary.in:
23311: 	Makefile.binary -> Makefile.binary.in for config.status substitution
23312: 	Add support for installing noexec bits
23313: 	[37d8bb3483c6]
23314: 
23315: 	* Makefile.in:
23316: 	Copy noexec bits into binary dists too No longer use my old arch
23317: 	script for making binary dists
23318: 	[e7058bab9e33]
23319: 
23320: 	* Makefile.binary:
23321: 	Install sudoedit link.
23322: 	[417d1e101711]
23323: 
23324: 2004-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
23325: 
23326: 	* emul/utime.h:
23327: 	avoid __P so there is no need for compat.h to be included
23328: 	[6d8d1f1abf7d]
23329: 
23330: 	* utimes.c:
23331: 	Don't use HAVE_UTIME_H before including config.h.
23332: 	[013b7bb61181]
23333: 
23334: 2004-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
23335: 
23336: 	* compat.h:
23337: 	Fix Solatis futimes macro
23338: 	[d4eda2ca0d29]
23339: 
23340: 2004-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
23341: 
23342: 	* sudo_edit.c:
23343: 	Rename ots -> omtim for improved readability.
23344: 	[127ca5bb297c]
23345: 
23346: 2004-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
23347: 
23348: 	* sudo_edit.c:
23349: 	Redo changes in revision 1.7. Don't really need to keep the temp
23350: 	file open; re-opening it with the invoking user's euid is
23351: 	sufficient.
23352: 	[55a883165a95]
23353: 
23354: 	* CHANGES:
23355: 	sync
23356: 	[9015b291170d]
23357: 
23358: 	* sudo.cat, sudo.man.in:
23359: 	regen
23360: 	[c0313f6ed783]
23361: 
23362: 	* sudo.pod:
23363: 	back out revision 1.70; it is no long applicable
23364: 	[b641d503aff6]
23365: 
23366: 	* env.c:
23367: 	Let the loader initialize nep
23368: 	[bec192139b02]
23369: 
23370: 	* config.h.in, configure, configure.in:
23371: 	Removed unneed check for fchown Add check for gettimeofday Move
23372: 	autoheader template stuff into separate AH_TEMPLATE lines
23373: 	[bfc0edbd43f2]
23374: 
23375: 	* check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
23376: 	Use timespec throughout.
23377: 	[1a178a23b69b]
23378: 
23379: 	* Makefile.in:
23380: 	gettime.[co]
23381: 	[6aeb48a7ab7f]
23382: 
23383: 	* gettime.c:
23384: 	function to return the current time in a struct timespec
23385: 	[bf8eb12cb63f]
23386: 
23387: 	* utimes.c:
23388: 	Not a darpa-sponsored file.
23389: 	[121ce5e2036c]
23390: 
23391: 2004-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
23392: 
23393: 	* compat.h, config.h.in, configure, configure.in:
23394: 	Add a check for struct timespec and provide it for those without.
23395: 	[42124055030d]
23396: 
23397: 	* config.h.in, configure, configure.in, sudo_edit.c:
23398: 	Add checks for st_mtim and st_mtimespec and add macros for pulling
23399: 	the mtime sec and nsec out of struct stat. These are used in
23400: 	sudo_edit() to better tell whether or not the file has changed.
23401: 	[23debfbb3fab]
23402: 
23403: 	* check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
23404: 	Add an extra param to touch() for nsec
23405: 	[56f7a4ba8ddb]
23406: 
23407: 	* sudo_edit.c:
23408: 	Call mkstemp() as the in invoking user so we don't have to chown the
23409: 	file later. Only touch() the temp file if we can do it via the file
23410: 	descriptor. Don't check for modification of the temp file if we lack
23411: 	fstat(). Catch errors read()ing the temp file.
23412: 	[665f52c70836]
23413: 
23414: 	* fileops.c:
23415: 	If path is NULL and fd == -1 return -1.
23416: 	[757a518a824c]
23417: 
23418: 	* sudo_edit.c:
23419: 	closefrom() is overkill, the only extra fds are the ones we opened
23420: 	so just close those in the child.
23421: 	[f361c9d2a1f4]
23422: 
23423: 	* Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
23424: 	configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
23425: 	visudo.c:
23426: 	Use utimes() and futimes() instead of utime() in touch(), emulating
23427: 	as needed. Not all systems are able to support setting the times of
23428: 	an fd so touch() takes both an fd and a file name as arguments.
23429: 	[3d9276f29717]
23430: 
23431: 2004-09-07  Aaron Spangler  <aaron777@gmail.com>
23432: 
23433: 	* env.c:
23434: 	Rare SEGV
23435: 	[8995f828782d]
23436: 
23437: 2004-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
23438: 
23439: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
23440: 	visudo.man.in:
23441: 	regen
23442: 	[b8e9406711c5]
23443: 
23444: 	* sudo.pod, sudoers.pod, visudo.pod:
23445: 	Add SUPPORT section and re-order some of the sections to match the
23446: 	order we use in OpenBSD.
23447: 	[fa37bd917e2c]
23448: 
23449: 2004-09-06  Aaron Spangler  <aaron777@gmail.com>
23450: 
23451: 	* env.c:
23452: 	Openldap ~/.ldaprc fix
23453: 	[1a37afe6850f]
23454: 
23455: 2004-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
23456: 
23457: 	* sudo.pod:
23458: 	Talk about how the editor must write its changes to the original
23459: 	file and not just use rename(2).
23460: 	[c55ed91c5ee9]
23461: 
23462: 	* CHANGES:
23463: 	sync
23464: 	[62af26bd37a2]
23465: 
23466: 	* sudo_edit.c:
23467: 	Keep the temp file open instead of re-opening after the editor has
23468: 	exited.
23469: 	[de41eeb6dcf2]
23470: 
23471: 	* sample.pam:
23472: 	Update for current redhat/fedora core.
23473: 	[8cf083077333]
23474: 
23475: 2004-09-03  Aaron Spangler  <aaron777@gmail.com>
23476: 
23477: 	* README.LDAP:
23478: 	tls_ examples
23479: 	[ba783d88a034]
23480: 
23481: 2004-09-02  Aaron Spangler  <aaron777@gmail.com>
23482: 
23483: 	* ldap.c:
23484: 	config tls_* options
23485: 	[0b0e0797b3b9]
23486: 
23487: 2004-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
23488: 
23489: 	* configure, configure.in:
23490: 	No need for -lcrypt when using pam.
23491: 	[41fff3a53e68]
23492: 
23493: 2004-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
23494: 
23495: 	* configure:
23496: 	regen
23497: 	[75820aecce2c]
23498: 
23499: 2004-08-27  Aaron Spangler  <aaron777@gmail.com>
23500: 
23501: 	* configure.in, ldap.c, pathnames.h.in:
23502: 	Allow --with-ldap-conf-file option to override LDAP_CONF
23503: 	[c9909bc484a5]
23504: 
23505: 	* ldap.c:
23506: 	cleanup debug message
23507: 	[1f6ca4824d8d]
23508: 
23509: 2004-08-26  Aaron Spangler  <aaron777@gmail.com>
23510: 
23511: 	* README.LDAP:
23512: 	more config info
23513: 	[f2e7147fd507]
23514: 
23515: 2004-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
23516: 
23517: 	* TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
23518: 	Add cmnd_base to struct sudo_user and set it in init_vars(). Add
23519: 	cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
23520: 	longer use gross statics in command_matches(). Also rename some
23521: 	variables for improved clarity.
23522: 	[7169a6c7bea4]
23523: 
23524: 2004-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
23525: 
23526: 	* INSTALL:
23527: 	document HP's crippled compiler deficiency.
23528: 	[c405ea5a8d4c]
23529: 
23530: 	* INSTALL:
23531: 	Fix some thinkos in --with-editor and --with-env-editor
23532: 	descriptions. Noticed by Norihiko Murase.
23533: 	[dd781de1c985]
23534: 
23535: 	* configure, configure.in:
23536: 	--with-noexec takes an optional PATH argument.
23537: 	[8f6ab77f22cc]
23538: 
23539: 	* INSTALL:
23540: 	document --with-noexec
23541: 	[50cb1fc627ce]
23542: 
23543: 2004-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
23544: 
23545: 	* RUNSON, TODO:
23546: 	sync
23547: 	[f2503bd13373] [SUDO_1_6_8]
23548: 
23549: 	* sudo_edit.c:
23550: 	Better warning message when sudoedit is unable to write to the
23551: 	destination file.
23552: 	[f78c18f2ffa8]
23553: 
23554: 	* sudo.cat, sudo.man.in:
23555: 	regen
23556: 	[7e2bf63d6d9a]
23557: 
23558: 	* sudo.pod:
23559: 	Don't italicize the string "sudoedit"
23560: 	[c691643bd269]
23561: 
23562: 2004-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
23563: 
23564: 	* HISTORY:
23565: 	Mention GratiSoft.
23566: 	[dc53de581b2d]
23567: 
23568: 2004-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
23569: 
23570: 	* sudo.tab.c:
23571: 	regen
23572: 	[8ae0484dfc38]
23573: 
23574: 	* parse.yacc:
23575: 	Reset used_runas to FALSE when re-intializing the parser.
23576: 	[b7403f353a02]
23577: 
23578: 2004-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
23579: 
23580: 	* config.guess:
23581: 	Correct OpenBSD mips support
23582: 	[314fc7afc165]
23583: 
23584: 	* config.guess:
23585: 	Add OpenBSD/mips
23586: 	[ac87d0a773ef]
23587: 
23588: 2004-08-07  Aaron Spangler  <aaron777@gmail.com>
23589: 
23590: 	* README.LDAP:
23591: 	More behavior notes
23592: 	[13be1d212b47]
23593: 
23594: 	* README.LDAP:
23595: 	Updates on current behavior
23596: 	[d498a8866d6f]
23597: 
23598: 2004-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
23599: 
23600: 	* sudoers.pod:
23601: 	=back does not take an indentlevel (makes no difference to formatted
23602: 	files).
23603: 	[9c8523bb382a]
23604: 
23605: 	* sudo.pod:
23606: 	=back does not take an indentlevel (makes no difference to formatted
23607: 	files).
23608: 	[e5f479e24fa8]
23609: 
23610: 	* CHANGES:
23611: 	new
23612: 	[2dbd9aba8b33]
23613: 
23614: 	* sudo.c:
23615: 	Consistency. Use same error for bad -u #uid when targetpw is set as
23616: 	we do when a bad -u username is specified.
23617: 	[922961c4a9d6]
23618: 
23619: 	* TODO:
23620: 	Add checksum idea from Steve Mancini
23621: 	[e6ece1b766ba]
23622: 
23623: 	* sudoers.cat, sudoers.man.in:
23624: 	regen
23625: 	[370d2317829f]
23626: 
23627: 	* sudo.cat, sudo.man.in:
23628: 	regen
23629: 	[f93d41fc38b1]
23630: 
23631: 	* sudo.pod, sudoers.pod:
23632: 	Document the restriction on uids specified via -u when targetpw is
23633: 	set.
23634: 	[878fedb455db]
23635: 
23636: 	* sudo.c:
23637: 	Error out when targetpw is enabled and sudo is run with -u #uid but
23638: 	#uid does not exist in the passwd database. We can't do target
23639: 	authentication when the target is not in passwd!
23640: 	[27c5888c86eb]
23641: 
23642: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
23643: 	regen
23644: 	[ceb65711050c]
23645: 
23646: 	* TODO:
23647: 	Some more todo for the next release.
23648: 	[7b7417be7601]
23649: 
23650: 	* INSTALL:
23651: 	Make it clear that PAM should be used for DCE support when possible.
23652: 	[7502029fd385]
23653: 
23654: 	* sudoers.pod:
23655: 	o Document problems with wildcards and relative paths. o Make the
23656: 	order requirements more prominent. o Change a "set" to "reset" for
23657: 	clarity.
23658: 	[bacdd181b33f]
23659: 
23660: 2004-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
23661: 
23662: 	* sudo.pod:
23663: 	Mention --with-secure-path, not SECURE_PATH.
23664: 	[41283ddde5e1]
23665: 
23666: 2004-08-03  Aaron Spangler  <aaron777@gmail.com>
23667: 
23668: 	* ldap.c:
23669: 	reflect changes to parse.c
23670: 	[8880fe9b724d]
23671: 
23672: 2004-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
23673: 
23674: 	* sudo.tab.c:
23675: 	regen
23676: 	[a57658ca9177]
23677: 
23678: 	* parse.c, parse.h, testsudoers.c, visudo.c:
23679: 	Don't pass user_cmnd and user_args to command_matches(), just use
23680: 	the globals there. Since we keep state with statics anyway it is
23681: 	misleading to pretend that passing in different cmnd and cmnd_args
23682: 	will work.
23683: 	[0a2544991fd6]
23684: 
23685: 	* parse.yacc:
23686: 	Don't pass user_cmnd and user_args to command_matches(), just use
23687: 	the globals there. Since we keep state with statics anyway it is
23688: 	misleading to pretend that passing in different cmnd and cmnd_args
23689: 	will work.
23690: 	[a4910bf6032b]
23691: 
23692: 	* parse.c:
23693: 	Fix a bug introduced in rev. 1.149. When checking for pseudo-
23694: 	commands check for a '/' anywhere in cmnd, not just the first
23695: 	character.
23696: 	[ce98142f03ca]
23697: 
23698: 2004-07-31  Aaron Spangler  <aaron777@gmail.com>
23699: 
23700: 	* sudo.man.in, sudo.pod:
23701: 	Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
23702: 	[a91800e094b1]
23703: 
23704: 	* sudoers.man.in, sudoers.pod:
23705: 	Add ignore_local_sudoers
23706: 	[741ddcbf7083]
23707: 
23708: 	* README.LDAP:
23709: 	Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
23710: 	janth@moldung.no
23711: 	[742c02e07cd9]
23712: 
23713: 2004-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
23714: 
23715: 	* CHANGES:
23716: 	typo
23717: 	[e7cdefbd7a9a]
23718: 
23719: 2004-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
23720: 
23721: 	* CHANGES:
23722: 	sync
23723: 	[734dafc4a85e]
23724: 
23725: 	* parse.c:
23726: 	Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
23727: 	PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
23728: 	[151b7f593568]
23729: 
23730: 2004-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
23731: 
23732: 	* CHANGES:
23733: 	PAM change
23734: 	[d8fb6d6a22d0]
23735: 
23736: 2004-07-08  Aaron Spangler  <aaron777@gmail.com>
23737: 
23738: 	* ldap.c:
23739: 	Better debugging of ALL command
23740: 	[9db3e84029dc]
23741: 
23742: 2004-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
23743: 
23744: 	* parse.c:
23745: 	When matching for "sudoedit" in sudoers check both the command the
23746: 	user typed *and* the command that is listed in the sudoers entry.
23747: 	[f36ca1f94095]
23748: 
23749: 2004-07-04  Aaron Spangler  <aaron777@gmail.com>
23750: 
23751: 	* ldap.c:
23752: 	Added !command feature
23753: 	[ed539574611b]
23754: 
23755: 2004-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
23756: 
23757: 	* auth/pam.c:
23758: 	Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
23759: 	[2be8e0e8813a]
23760: 
23761: 2004-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
23762: 
23763: 	* LICENSE:
23764: 	License is ISC-style, not BSD-style
23765: 	[ac0589e1dd5d]
23766: 
23767: 	* CHANGES:
23768: 	sync
23769: 	[16058a30f404]
23770: 
23771: 2004-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
23772: 
23773: 	* sudo.cat, sudo.man.in:
23774: 	regen
23775: 	[8820eb9c809b]
23776: 
23777: 	* sudo.pod:
23778: 	o Update some out of date bits to reality o Change the shell promt
23779: 	in examples to bourne-shell style o Clarify some details o Add a
23780: 	CAVEAT about "sudo cd /foo"
23781: 	[b0af373214b6]
23782: 
23783: 	* check.c:
23784: 	Don't ask for a password if invoking user == target user.
23785: 	[dd5c96141132]
23786: 
23787: 	* sudo.c:
23788: 	typo in comment
23789: 	[278d20f9b249]
23790: 
23791: 2004-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
23792: 
23793: 	* sudoers.cat, sudoers.man.in:
23794: 	regen
23795: 	[9036c6f39eff]
23796: 
23797: 	* sudoers.pod:
23798: 	Expand on NOEXEC a little.
23799: 	[9a13756aebe4]
23800: 
23801: 	* TODO:
23802: 	sync
23803: 	[8d2c1af48de8]
23804: 
23805: 	* visudo.cat, visudo.man.in:
23806: 	regen
23807: 	[3921f01607c8]
23808: 
23809: 	* sudo.tab.c:
23810: 	regen
23811: 	[9338c3d68250]
23812: 
23813: 	* visudo.pod:
23814: 	Add a check in visudo for runas_default being set after it has
23815: 	already been used.
23816: 	[6700358d7ad8]
23817: 
23818: 	* CHANGES, parse.yacc, visudo.c:
23819: 	Add a check in visudo for runas_default being set after it has
23820: 	already been used.
23821: 	[803560986a8a]
23822: 
23823: 	* sudo.tab.c:
23824: 	regen
23825: 	[b60636e2cf63]
23826: 
23827: 	* parse.yacc:
23828: 	Add a MATCHED macro for testing whether foo_matches has been set to
23829: 	TRUE or FALSE. This is more readable than checking for >=0 or < 0.
23830: 	Doesn't change the actual code generated.
23831: 	[f376da8ccdc8]
23832: 
23833: 2004-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
23834: 
23835: 	* sudoers.cat:
23836: 	regen
23837: 	[6cceb6d6c9bd]
23838: 
23839: 	* sudoers.man.in:
23840: 	regen
23841: 	[5acd12b730b3]
23842: 
23843: 	* sudoers.pod:
23844: 	Correct description of where Defaults specs should go.
23845: 	[6b11ff53d7ad]
23846: 
23847: 	* sudoers:
23848: 	Correct description of where Defaults specs should go.
23849: 	[868db857630d]
23850: 
23851: 	* testsudoers.c, visudo.c:
23852: 	update (c) year
23853: 	[272c8a53604c]
23854: 
23855: 	* logging.h:
23856: 	update (c) year
23857: 	[3cec76d400ce]
23858: 
23859: 	* ldap.c:
23860: 	update (c) year
23861: 	[f264632488a0]
23862: 
23863: 	* find_path.c:
23864: 	update (c) year
23865: 	[40c227af9227]
23866: 
23867: 	* auth/pam.c:
23868: 	update (c) year
23869: 	[87149e0eed50]
23870: 
23871: 	* auth/bsdauth.c, auth/kerb5.c:
23872: 	update (c) year
23873: 	[d72eb434c068]
23874: 
23875: 2004-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
23876: 
23877: 	* sudo.tab.c:
23878: 	regen
23879: 	[83408d9e9d2e]
23880: 
23881: 	* auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
23882: 	Remove trailing spaces, no actual code changes.
23883: 	[4c3bf2819293]
23884: 
23885: 	* tgetpass.c:
23886: 	Remove trailing spaces, no actual code changes.
23887: 	[96f6e0a24c26]
23888: 
23889: 	* ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
23890: 	Remove trailing spaces, no actual code changes.
23891: 	[c7075d1cbed5]
23892: 
23893: 	* getcwd.c:
23894: 	Remove trailing spaces, no actual code changes.
23895: 	[776cc0374547]
23896: 
23897: 	* find_path.c:
23898: 	Remove trailing spaces, no actual code changes.
23899: 	[7ed7099f3c71]
23900: 
23901: 	* compat.h, defaults.c, env.c:
23902: 	Remove trailing spaces, no actual code changes.
23903: 	[893e83c33795]
23904: 
23905: 	* check.c:
23906: 	Remove trailing spaces, no actual code changes.
23907: 	[f77750f8803b]
23908: 
23909: 	* sudo.tab.c:
23910: 	regen
23911: 	[62e0ed883b31]
23912: 
23913: 	* parse.yacc:
23914: 	Fix a >=0 that should be <0 that was improperly converted when
23915: 	UNSPEC was added.
23916: 	[ad1531a55a49]
23917: 
23918: 	* parse.yacc:
23919: 	Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
23920: 	NOMATCH when resetting it.
23921: 	[ae017a12870a]
23922: 
23923: 	* parse.yacc:
23924: 	Fix pastos introduced in SETNMATCH addition.
23925: 	[6ea1c9d80681]
23926: 
23927: 2004-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
23928: 
23929: 	* README.LDAP:
23930: 	Update for configure changes
23931: 	[637a635da287]
23932: 
23933: 	* sudo.tab.c:
23934: 	regen
23935: 	[4753c2788713]
23936: 
23937: 	* sudo.h:
23938: 	Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
23939: 	these in parse.yacc. Also in parse.yacc initialize the *_matches
23940: 	vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
23941: 	when setting *_matches to a value that may be
23942: 	NOMATCH/UNSPEC/TRUE/FALSE.
23943: 	[2ba622e15a4d]
23944: 
23945: 	* parse.yacc:
23946: 	Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
23947: 	these in parse.yacc. Also in parse.yacc initialize the *_matches
23948: 	vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
23949: 	when setting *_matches to a value that may be
23950: 	NOMATCH/UNSPEC/TRUE/FALSE.
23951: 	[746b519e41a6]
23952: 
23953: 	* parse.yacc:
23954: 	Initialize runas to -2, not -1 since we need to be able to
23955: 	distinguish between the initialized value and the value of a non-
23956: 	match when passing along the runas value to multiple commands.
23957: 
23958: 	The result of this is that an unmatched runas is now set to -1, not
23959: 	0. This is required now that parse.c treats a FALSE value for runas
23960: 	as being explicitly denied.
23961: 	[7791ed3621f6]
23962: 
23963: 2004-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
23964: 
23965: 	* sudo.c, visudo.c:
23966: 	Error out if argc < 1.
23967: 	[ce6b2a9eda3c]
23968: 
23969: 	* getprogname.c:
23970: 	Error out if argc < 1.
23971: 	[c566cce8dc78]
23972: 
23973: 	* configure, configure.in:
23974: 	Add tests for what libs we need to link with for ldap and for
23975: 	whether or not lber.h needs to be explicitly included.
23976: 	[b2e9729cc4e7]
23977: 
23978: 2004-06-03  Aaron Spangler  <aaron777@gmail.com>
23979: 
23980: 	* ldap.c:
23981: 	Solaris native LDAP build fix
23982: 	[39929e40eb11]
23983: 
23984: 2004-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
23985: 
23986: 	* ldap.c:
23987: 	Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
23988: 	unset variable.
23989: 	[6a4c20a66f98]
23990: 
23991: 	* sudo.h:
23992: 	Add prototype for sudo_ldap_list_matches
23993: 	[443b007a8dab]
23994: 
23995: 	* configure, configure.in:
23996: 	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
23997: 	version too. Added check for dd_fd in `DIR' if no dirfd is found;
23998: 	this is now used to confitionally define the dirfd macro in
23999: 	compat.h.
24000: 	[567656978f7e]
24001: 
24002: 	* config.h.in:
24003: 	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
24004: 	version too. Added check for dd_fd in `DIR' if no dirfd is found;
24005: 	this is now used to confitionally define the dirfd macro in
24006: 	compat.h.
24007: 	[34eace4faec8]
24008: 
24009: 	* compat.h:
24010: 	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
24011: 	version too. Added check for dd_fd in `DIR' if no dirfd is found;
24012: 	this is now used to confitionally define the dirfd macro in
24013: 	compat.h.
24014: 	[8d50ff1bbf2a]
24015: 
24016: 	* closefrom.c:
24017: 	Only check /proc/$$/fd if we have the dirfd function/macro.
24018: 	[15e3ccce7553]
24019: 
24020: 	* compat.h, config.h.in, configure, configure.in:
24021: 	Add a check for a dirfd() function (like Linux) and add a dirfd
24022: 	macro in compat.h if there is no dirfd() function or macro.
24023: 	[1e95756edb50]
24024: 
24025: 	* closefrom.c, getcwd.c:
24026: 	dirfd() is now defined in compat.h as needed.
24027: 	[bb1d79271188]
24028: 
24029: 	* CHANGES:
24030: 	Clarify closefrom() note.
24031: 	[f4e4a5508dda]
24032: 
24033: 	* parse.c:
24034: 	When checking for a command in the directory, only copy the base dir
24035: 	once.
24036: 	[7a3276808b87]
24037: 
24038: 	* closefrom.c:
24039: 	If there is a /proc/$$/fd directory, behave like the Solaris
24040: 	closefrom() and only close the descriptors listed therein.
24041: 	[19de23779e84]
24042: 
24043: 	* alloc.c:
24044: 	compat.h guarantees INT_MAX is defined.
24045: 	[1bf0c79d4606]
24046: 
24047: 	* compat.h:
24048: 	Add definitions of OPEN_MAX and INT_MAX for those without it and
24049: 	remove definition of RLIM_INFINITY (now unused).
24050: 	[f827d1ebf96e]
24051: 
24052: 	* CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
24053: 	sudo.c, sudo.h, visudo.c:
24054: 	Use PATH_MAX, not MAXPATHLEN since the former is standardized.
24055: 	[59788f211c24]
24056: 
24057: 2004-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
24058: 
24059: 	* CHANGES:
24060: 	sync
24061: 	[d32fa124f1ad]
24062: 
24063: 	* RUNSON:
24064: 	Add some entries that were mailed in a while ago
24065: 	[ff8d5bfec54e]
24066: 
24067: 	* closefrom.c:
24068: 	o sysconf returns a long, not an int. o check for negative return
24069: 	value from sysconf/getdtablesize and use OPEN_MAX in this case. o
24070: 	define OPEN_MAX to 256 for those without it (a fair guess...)
24071: 	[ccf81ae6deb2]
24072: 
24073: 2004-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
24074: 
24075: 	* UPGRADE:
24076: 	Mention change in parse order for RunAs entries.
24077: 	[dc73b0bca617]
24078: 
24079: 	* configure:
24080: 	regen
24081: 	[07cce8e0534e]
24082: 
24083: 2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
24084: 
24085: 	* INSTALL, README.LDAP, config.h.in, configure.in:
24086: 	o --with-ldap now takes an optional dir as a parameter o added check
24087: 	for ldap_initialize() and start_tls_s()
24088: 	[2b846c7974c6]
24089: 
24090: 	* README.LDAP:
24091: 	Fix some typos, word choice and formatting issues.
24092: 	[00dc8ca84b10]
24093: 
24094: 2004-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
24095: 
24096: 	* tgetpass.c:
24097: 	Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
24098: 	read/write as it is simpler.
24099: 	[30f5446ee8b0]
24100: 
24101: 	* configure, configure.in:
24102: 	Remove hack overriding cross-compiler check. It should no longer be
24103: 	needed.
24104: 	[22a6cbd88608]
24105: 
24106: 	* compat.h:
24107: 	Remove select() compat bits since we no longer use select().
24108: 	[d7bbf7cd36f5]
24109: 
24110: 	* CHANGES, tgetpass.c:
24111: 	Use alarm() instead of select() for the timeout for systems that
24112: 	don't fully/properly implement select().
24113: 	[d7cc60f15800]
24114: 
24115: 2004-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
24116: 
24117: 	* CHANGES:
24118: 	synbc
24119: 	[132a39788e07]
24120: 
24121: 	* RUNSON:
24122: 	update
24123: 	[61ef508380c6]
24124: 
24125: 	* set_perms.c:
24126: 	Deal with systems that have no way of setting the effective uid such
24127: 	as nsr-tandem-nsk.
24128: 	[306e00e9b5a4]
24129: 
24130: 	* configure, configure.in:
24131: 	Define NO_SAVED_IDS if we don't find seteuid()
24132: 	[8588f18345cf]
24133: 
24134: 	* config.h.in, configure, configure.in:
24135: 	Add back check for setreuid() since NSK doesn't have it.
24136: 	[43127bd703d1]
24137: 
24138: 	* sudoers.cat, sudoers.man.in:
24139: 	regen
24140: 	[af4f4b20e422]
24141: 
24142: 	* CHANGES:
24143: 	sync
24144: 	[29ca3b699c24]
24145: 
24146: 	* BUGS:
24147: 	sync
24148: 	[3593f17f72ed]
24149: 
24150: 	* parse.c:
24151: 	In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
24152: 	explicitly denied and the command matched. This fixes a long-
24153: 	standing bug and makes: foo machine = (ALL) /usr/bin/blah foo
24154: 	machine = (!bar) /usr/bin/blah
24155: 
24156: 	equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
24157: 	[2f5ee244985a]
24158: 
24159: 	* sudoers.pod:
24160: 	Clarify mail_noperm
24161: 	[3238b2d41989]
24162: 
24163: 2004-05-20  Aaron Spangler  <aaron777@gmail.com>
24164: 
24165: 	* Makefile.in:
24166: 	Missing DESTDIR in make install for sudo_noexec.la
24167: 	[91431e821525]
24168: 
24169: 2004-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
24170: 
24171: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
24172: 	visudo.man.in:
24173: 	regen
24174: 	[cdfde0dcb556]
24175: 
24176: 	* TODO:
24177: 	sync
24178: 	[4799b7d8b62c]
24179: 
24180: 	* sudoers.pod:
24181: 	Remove fastboot/fasthalt (who still remembers these?) and add a
24182: 	minimal sudoedit example.
24183: 	[19d299f233cd]
24184: 
24185: 	* sample.sudoers:
24186: 	Remove fastboot/fasthalt (who still remembers these?) and add a
24187: 	minimal sudoedit example.
24188: 	[b1bca73d6250]
24189: 
24190: 	* UPGRADE, sudo.c, visudo.c:
24191: 	filesystem -> file system
24192: 	[1e1afaf30469]
24193: 
24194: 	* TROUBLESHOOTING:
24195: 	filesystem -> file system
24196: 	[39fb594e9338]
24197: 
24198: 	* CHANGES, INSTALL:
24199: 	filesystem -> file system
24200: 	[85948b608ffe]
24201: 
24202: 	* sudo.pod, sudoers.pod:
24203: 	Fix some minor typos and formatting goofs
24204: 	[e94d243a0b90]
24205: 
24206: 	* lex.yy.c:
24207: 	regen
24208: 	[2eed0ab1f4c4]
24209: 
24210: 	* visudo.pod:
24211: 	remove my email addr
24212: 	[b63262c0389b]
24213: 
24214: 	* sudo.pod, sudoers.pod, visudo.pod:
24215: 	Use @mansectform@ and @mansectsu@ everywhere Make man page
24216: 	references links with L<>
24217: 	[f459f4b9ddb9]
24218: 
24219: 	* parse.lex:
24220: 	Accept quoted globbing characters and pass them verbatim for
24221: 	fnmatch()
24222: 	[8248b86e9380]
24223: 
24224: 	* UPGRADE:
24225: 	Document that /tmp/.odus is gone.
24226: 	[3667b66af5bb]
24227: 
24228: 	* pathnames.h.in:
24229: 	No longer use /tmp/.odus as a possible timestamp dir unless
24230: 	specifically configured to do so. Instead, if no /var/run exists,
24231: 	use /var/adm/sudo or /usr/adm/sudo.
24232: 	[48d94c9f9ad4]
24233: 
24234: 	* configure:
24235: 	No longer use /tmp/.odus as a possible timestamp dir unless
24236: 	specifically configured to do so. Instead, if no /var/run exists,
24237: 	use /var/adm/sudo or /usr/adm/sudo.
24238: 	[058d7b8cf07b]
24239: 
24240: 	* aclocal.m4:
24241: 	No longer use /tmp/.odus as a possible timestamp dir unless
24242: 	specifically configured to do so. Instead, if no /var/run exists,
24243: 	use /var/adm/sudo or /usr/adm/sudo.
24244: 	[cf52c4c2803f]
24245: 
24246: 	* CHANGES:
24247: 	No longer use /tmp/.odus as a possible timestamp dir unless
24248: 	specifically configured to do so. Instead, if no /var/run exists,
24249: 	use /var/adm/sudo or /usr/adm/sudo.
24250: 	[6058c4cefcec]
24251: 
24252: 	* set_perms.c, sudo.c, tgetpass.c, visudo.c:
24253: 	Preliminary changes to support nsr-tandem-nsk. Based on patches from
24254: 	Tom Bates.
24255: 	[2e5f81834383]
24256: 
24257: 	* logging.c:
24258: 	Preliminary changes to support nsr-tandem-nsk. Based on patches from
24259: 	Tom Bates.
24260: 	[934bbe6872b6]
24261: 
24262: 	* check.c, compat.h:
24263: 	Preliminary changes to support nsr-tandem-nsk. Based on patches from
24264: 	Tom Bates.
24265: 	[390b698b5924]
24266: 
24267: 2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
24268: 
24269: 	* CHANGES:
24270: 	There was no 1.6.7p6.
24271: 	[8013d2e6b062]
24272: 
24273: 	* BUGS, CHANGES:
24274: 	sync
24275: 	[c38b41f32857]
24276: 
24277: 	* Makefile.in:
24278: 	add missing files to DISTFILES
24279: 	[e6a80ad03039]
24280: 
24281: 	* sudo.cat, sudoers.cat, visudo.cat:
24282: 	regen
24283: 	[027bc9746dd5]
24284: 
24285: 	* sudoers.man.in:
24286: 	regen
24287: 	[f5e85ef686cf]
24288: 
24289: 	* Makefile.in:
24290: 	Fix some line wrap and update (c) year
24291: 	[bad1f46aa1ca]
24292: 
24293: 2004-04-28  Aaron Spangler  <aaron777@gmail.com>
24294: 
24295: 	* README.LDAP:
24296: 	Build Note
24297: 	[7a061248249b]
24298: 
24299: 2004-04-07  Aaron Spangler  <aaron777@gmail.com>
24300: 
24301: 	* Makefile.in:
24302: 	Fix install-dirs
24303: 	[be0726dd92e7]
24304: 
24305: 2004-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
24306: 
24307: 	* sudo.tab.c:
24308: 	regen
24309: 	[3f4f0d1ab8b9]
24310: 
24311: 	* visudo.c:
24312: 	In Exit() when used as a signal handler, emsg is a pointer so
24313: 	sizeof() is wrong so make it a #define instead. Also avoid using a
24314: 	negative exit value. Found by Aaron Campbell
24315: 	[78716a3a3fdc]
24316: 
24317: 2004-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
24318: 
24319: 	* sudoers.pod:
24320: 	Remove bogus sentence about uids in a User_List. Document usernames
24321: 	vs. uid parsing in a Runas_List.
24322: 	[7ca510b5031c]
24323: 
24324: 	* parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
24325: 	If the user specified a uid with the -u flag and the uid exists in
24326: 	the passwd file, set runas_user to the name, not the uid.
24327: 
24328: 	When comparing usernames in sudoers, if a name is really a uid
24329: 	(starts with '#') compare it numerically to pw_uid.
24330: 	[8d6935d04673]
24331: 
24332: 2004-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
24333: 
24334: 	* auth/kerb5.c:
24335: 	krb5_mcc_ops should be const; Johnny C. Lam
24336: 	[aa8c753e426e]
24337: 
24338: 2004-02-28  Aaron Spangler  <aaron777@gmail.com>
24339: 
24340: 	* CHANGES, config.h.in, ldap.c:
24341: 	Added start_tls support
24342: 	[7ef864c15b69]
24343: 
24344: 2004-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
24345: 
24346: 	* Makefile.in:
24347: 	Clean up libtool stuff for 'make distclean' and add def_data.c,
24348: 	def_data.h to PARSESRCS.
24349: 	[bf9bb6bb06ab]
24350: 
24351: 2004-02-14  Aaron Spangler  <aaron777@gmail.com>
24352: 
24353: 	* strlcat.c, strlcpy.c:
24354: 	Un-Fix last license munge
24355: 	[42654b77ac71]
24356: 
24357: 2004-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
24358: 
24359: 	* configure:
24360: 	regen
24361: 	[e4de6b23a4dc]
24362: 
24363: 	* CHANGES, RUNSON, TODO:
24364: 	checkpoint
24365: 	[94e1ace84d5c]
24366: 
24367: 	* lex.yy.c, sudo.tab.c:
24368: 	regen
24369: 	[8ce784505643]
24370: 
24371: 	* auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
24372: 	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
24373: 	emul/search.h, emul/utime.h:
24374: 	More to a less restrictive, ISC-style license.
24375: 	[a31b20e48003]
24376: 
24377: 	* auth/kerb5.c, auth/pam.c:
24378: 	More to a less restrictive, ISC-style license.
24379: 	[e41f92b41216]
24380: 
24381: 	* auth/dce.c, auth/fwtk.c, auth/kerb4.c:
24382: 	More to a less restrictive, ISC-style license.
24383: 	[87534c164a52]
24384: 
24385: 	* auth/bsdauth.c:
24386: 	More to a less restrictive, ISC-style license.
24387: 	[e21be6594b58]
24388: 
24389: 	* auth/afs.c, auth/aix_auth.c, zero_bytes.c:
24390: 	More to a less restrictive, ISC-style license.
24391: 	[6d234be91c5e]
24392: 
24393: 	* sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
24394: 	visudo.man.in, visudo.pod:
24395: 	More to a less restrictive, ISC-style license.
24396: 	[b02aea324fd6]
24397: 
24398: 	* sudo_noexec.c:
24399: 	More to a less restrictive, ISC-style license.
24400: 	[a6da7631e0b2]
24401: 
24402: 	* strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
24403: 	sudo_edit.c:
24404: 	More to a less restrictive, ISC-style license.
24405: 	[71cdcc241e94]
24406: 
24407: 	* sigaction.c, strerror.c:
24408: 	More to a less restrictive, ISC-style license.
24409: 	[4bccdedca58a]
24410: 
24411: 	* ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
24412: 	set_perms.c:
24413: 	More to a less restrictive, ISC-style license.
24414: 	[64d772d70ab3]
24415: 
24416: 	* getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
24417: 	ins_goons.h, insults.h, interfaces.c, interfaces.h:
24418: 	More to a less restrictive, ISC-style license.
24419: 	[520381c60a54]
24420: 
24421: 	* find_path.c, getprogname.c:
24422: 	More to a less restrictive, ISC-style license.
24423: 	[f605d5eab6f1]
24424: 
24425: 	* fileops.c:
24426: 	More to a less restrictive, ISC-style license.
24427: 	[4129a8b38a67]
24428: 
24429: 	* env.c:
24430: 	More to a less restrictive, ISC-style license.
24431: 	[d5bd859757de]
24432: 
24433: 	* defaults.h:
24434: 	More to a less restrictive, ISC-style license.
24435: 	[008f5d5743f5]
24436: 
24437: 	* LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
24438: 	defaults.c:
24439: 	More to a less restrictive, ISC-style license.
24440: 	[d8d7bfc8a18b]
24441: 
24442: 	* utime.c, version.h:
24443: 	More to a less restrictive, ISC-style license.
24444: 	[e2e038ad8209]
24445: 
24446: 	* parse.lex, parse.yacc:
24447: 	More to a less restrictive, ISC-style license.
24448: 	[2f5942e847a1]
24449: 
24450: 	* Makefile.binary:
24451: 	More to a less restrictive, ISC-style license.
24452: 	[1ed561734535]
24453: 
24454: 2004-02-13  Aaron Spangler  <aaron777@gmail.com>
24455: 
24456: 	* sudoers2ldif:
24457: 	Merged in LDAP Support
24458: 	[3994c4d05947]
24459: 
24460: 	* ldap.c, sudo.c, sudo.h:
24461: 	Merged in LDAP Support
24462: 	[547eaa346fcc]
24463: 
24464: 	* def_data.c, def_data.h, def_data.in:
24465: 	Merged in LDAP Support
24466: 	[8fb255280e42]
24467: 
24468: 	* CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
24469: 	Merged in LDAP Support
24470: 	[1038092a161e]
24471: 
24472: 2004-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
24473: 
24474: 	* sudo.h, sudo_noexec.c:
24475: 	Only do "extern int errno" if errno is not a macro.
24476: 	[b2e02a08be8b]
24477: 
24478: 2004-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
24479: 
24480: 	* set_perms.c:
24481: 	setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
24482: 	euid first, then just call setuid(0) to set the real uid too.
24483: 	[f08546e2e0ee]
24484: 
24485: 	* set_perms.c:
24486: 	Use setresuid() and setreuid() for PERM_RUNAS when appropriate
24487: 	instead of seteuid() which may not exist.
24488: 	[ba508581befb]
24489: 
24490: 2004-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
24491: 
24492: 	* LICENSE:
24493: 	2004
24494: 	[37425513a342]
24495: 
24496: 	* INSTALL, config.h.in, configure, configure.in, ins_classic.h:
24497: 	Add --with-pc-insults configure option
24498: 	[7daa5294c17b]
24499: 
24500: 	* visudo.man.in:
24501: 	Prefer VISUAL over EDITOR like old vipw did.
24502: 	[996252a4ab65]
24503: 
24504: 2004-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
24505: 
24506: 	* sudo.man.in, sudoers.man.in:
24507: 	regen
24508: 	[a247f1c52eb9]
24509: 
24510: 	* sudoers.pod:
24511: 	Add a note that noexec is not a cure-all.
24512: 	[9e7fc535367d]
24513: 
24514: 	* sudoers.pod:
24515: 	Mention that disabling "root_sudo" is pretty pointless.
24516: 	[f38a415afba0]
24517: 
24518: 	* configure, configure.in:
24519: 	Substitute for root_sudo in sudoers.pod
24520: 	[ce483cfc86be]
24521: 
24522: 	* sudo.pod:
24523: 	Add sudoedit to the NAME section
24524: 	[51bc453ec2f6]
24525: 
24526: 	* sudoers.pod:
24527: 	Document that fact that setting ignore_dot in sudoers has no effect
24528: 	due to the fact that find_path() is called *before* sudoers is read.
24529: 	[6808df7e417c]
24530: 
24531: 2004-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
24532: 
24533: 	* sudo_edit.c:
24534: 	Do not require _PATH_USRTMP to be set.
24535: 	[546f3270dd10]
24536: 
24537: 	* BUGS, CHANGES, TODO:
24538: 	sync
24539: 	[4205ddeab781]
24540: 
24541: 	* sudo.man.in:
24542: 	regen
24543: 	[e2143690a88a]
24544: 
24545: 	* sudo.pod:
24546: 	Clarify that when sudo is run by root with the SUDO_USER variable
24547: 	set, the sudoers lookup happens for root and not the SUDO_USER user.
24548: 	[47207bec1bdf]
24549: 
24550: 2004-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
24551: 
24552: 	* auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
24553: 	set_perms.c, sigaction.c, sudo.c, tgetpass.c:
24554: 	Use the SET, CLR and ISSET macros.
24555: 	[a8b0d7f1e8fd]
24556: 
24557: 	* fnmatch.c:
24558: 	Use the SET, CLR and ISSET macros.
24559: 	[1afbcba22ba6]
24560: 
24561: 	* defaults.c, env.c:
24562: 	Use the SET, CLR and ISSET macros.
24563: 	[2f39431e0a49]
24564: 
24565: 	* interfaces.h:
24566: 	MAIN was replaced with _SUDO_MAIN some time ago.
24567: 	[ea1b38f2ac9d]
24568: 
24569: 	* sudo.c:
24570: 	Don't look at prev_user until after we've parsed sudoers and done
24571: 	the password check. That way, if sudo/sudoedit is run from a root
24572: 	process that was invoked by sudo, we check sudoers for root, not the
24573: 	previous user. This makes sudoedit much more useful and means that
24574: 	for the sudo case, we get correct logging on who actually ran the
24575: 	command.
24576: 	[431dfbf20552]
24577: 
24578: 2004-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
24579: 
24580: 	* sudo_edit.c:
24581: 	Add a comment describing why we need to be notified about our child
24582: 	stopping.
24583: 	[0bec3ce4b49d]
24584: 
24585: 2004-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
24586: 
24587: 	* def_data.c, def_data.in:
24588: 	Update the noexec variable descriptions
24589: 	[9cb7f1aa0e57]
24590: 
24591: 	* sudoers.man.in, sudoers.pod:
24592: 	noexec now replaces more than just execve()
24593: 	[23cbdc0ee95c]
24594: 
24595: 	* sudo_noexec.c:
24596: 	Alas, all the world does not go through execve(2). Many systems
24597: 	still have an execv(2) system call, Linux 2.6 provides fexecve(2)
24598: 	and it is not uncommon for libc to have underscore ('_') versions of
24599: 	the functions to be used internally by the library. Instead of
24600: 	stubbing all these out by hand, define a macro and let it do the
24601: 	work. Extra exec functions pointed out by Reznic Valery.
24602: 	[9fa0cd871b0c]
24603: 
24604: 	* sudo.c, sudo_edit.c:
24605: 	Fix suspending the editor in -e mode. Because we do a fork() first
24606: 	we need to be notified when the child has been stopped and then send
24607: 	that same signal to ourself so the shell can do its job control
24608: 	thing.
24609: 	[773165eb6057]
24610: 
24611: 	* visudo.c:
24612: 	Use WIFEXITED and WEXITSTATUS macros. If there are systems out there
24613: 	that want to run sudo that still don't support these we can try to
24614: 	deal with that later.
24615: 	[6af68e4aff60]
24616: 
24617: 	* lex.yy.c:
24618: 	regen
24619: 	[403435317d5d]
24620: 
24621: 	* sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
24622: 	Document sudo -e / sudoedit
24623: 	[a80f6ea910af]
24624: 
24625: 	* configure, configure.in:
24626: 	fix typo
24627: 	[5020fcdc27f4]
24628: 
24629: 	* config.h.in, configure.in:
24630: 	Add SET/CLR/ISSET
24631: 	[03ff57286e7e]
24632: 
24633: 2004-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
24634: 
24635: 	* sudo.c:
24636: 	Allow non-exclusive flags when invoked as sudoedit. Pretty print the
24637: 	long usage() line to not wrap (assumes 80 char display)
24638: 	[3941fa4004bb]
24639: 
24640: 	* Makefile.in, sudo.c:
24641: 	If sudo is invoked as "sudoedit" the -e flag is implied and no other
24642: 	flags are permitted.
24643: 	[929670b01293]
24644: 
24645: 	* sudo.h:
24646: 	Add a new flag, -e, that makes it possible to give users the ability
24647: 	to edit files with the editor of their choice as the invoking user,
24648: 	not the runas user. Temporary files are used for the actual edit and
24649: 	the temp file is copied over the original after the editor is done.
24650: 	[c4051414c1f4]
24651: 
24652: 	* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
24653: 	Add a new flag, -e, that makes it possible to give users the ability
24654: 	to edit files with the editor of their choice as the invoking user,
24655: 	not the runas user. Temporary files are used for the actual edit and
24656: 	the temp file is copied over the original after the editor is done.
24657: 	[37ac05c8ac3c]
24658: 
24659: 	* env.c, sudo.c:
24660: 	If real uid == 0 and the SUDO_USER environment variables is set, use
24661: 	that to determine the invoking user's true identity. That way the
24662: 	proper info gets logged by someone who has done "sudo su" but still
24663: 	uses sudo to as root. We can't do this for non-root users since that
24664: 	would open up a security hole, though perhaps it would be acceptable
24665: 	to use getlogin(2) on OSes where this a system call (and doesn't
24666: 	just look in the utmp file).
24667: 	[c2f9198708a1]
24668: 
24669: 	* pathnames.h.in:
24670: 	Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
24671: 	[7d9e5768df93]
24672: 
24673: 	* config.h.in, configure, configure.in:
24674: 	Add check for fchown(2)
24675: 	[a85df18798ed]
24676: 
24677: 2004-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
24678: 
24679: 	* sudo.c:
24680: 	Back out portions of the -i commit that set NewArgv[0] in
24681: 	set_runaspw. It is far to late to set NewArgv[0] there and will have
24682: 	no effect anyway as cmnd and safe_cmnd have already been set.
24683: 	[c2d343430c1c]
24684: 
24685: 	* visudo.c, visudo.pod:
24686: 	Prefer VISUAL over EDITOR like old vipw did.
24687: 	[ae32f477cea3]
24688: 
24689: 2004-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
24690: 
24691: 	* env.c, sudo.c:
24692: 	In -i mode always set new environment based on the runas user's
24693: 	passwd entry.
24694: 	[fa653b7887a8]
24695: 
24696: 2004-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
24697: 
24698: 	* sudo.man.in, sudo.pod:
24699: 	Document the new -i flag and sync SYNOPSIS section with usage() in
24700: 	sudo.c. Also sort the flags in the OPTIONS section.
24701: 	[6aabc0ffc47e]
24702: 
24703: 	* sudo.c, sudo.h:
24704: 	o Add -i that acts similar to "su -", based on patches from David J.
24705: 	MacKenzie o Sort the flags in the usage message
24706: 	[c0fe7d6beffd]
24707: 
24708: 	* sudoers.man.in, sudoers.pod:
24709: 	Add a missing @runas_default@ substitution.
24710: 	[60516fe2d090]
24711: 
24712: 2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
24713: 
24714: 	* sudo.c:
24715: 	Change euid to runas user before calling find_path(). Unfortunately,
24716: 	though runas_user can be modified in sudoers we haven't parsed
24717: 	sudoers yet.
24718: 	[f469fdf2e313]
24719: 
24720: 	* sudoers.man.in, sudoers.pod:
24721: 	Add missing defintion of Parameter_List and use single pipes in the
24722: 	Defaults EBNF definition.
24723: 	[f7bed6e909bf]
24724: 
24725: 	* sudo.c:
24726: 	Fix a bug when set_runaspw() is used as a callback. We don't want to
24727: 	reset the contents of runas_pw if the user specified a user via the
24728: 	-u flag.
24729: 
24730: 	Avoid unnecessary passwd lookups in set_authpw(). In most cases we
24731: 	already have the info in runas_pw.
24732: 	[efc35623ba09]
24733: 
24734: 2004-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
24735: 
24736: 	* check.c:
24737: 	Add Stan Lee / Uncle Ben quote to the lecture from RedHat
24738: 	[ebd5a76ccd7e]
24739: 
24740: 	* sudo.h:
24741: 	Update sudo_getepw() proto and add one for set_runaspw()
24742: 	[6ed65795c17f]
24743: 
24744: 	* parse.c:
24745: 	If we can't stat the command as root, try as the runas user instead.
24746: 	[ae713fca0e15]
24747: 
24748: 	* testsudoers.c, visudo.c:
24749: 	Add stub set_runaspw() function
24750: 	[42aa37050053]
24751: 
24752: 	* sudo.c:
24753: 	Add set_runaspw() function to fill in runas_pw. This will be used as
24754: 	a callback to update runas_pw when the runas user changes.
24755: 	[e570aa0088d0]
24756: 
24757: 	* env.c, sudo.c:
24758: 	PERM_RUNAS -> PERM_FULL_RUNAS
24759: 	[51eec6f9e89a]
24760: 
24761: 	* set_perms.c, sudo.h:
24762: 	Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
24763: 	changes the euid.
24764: 	[877c6fe4d12c]
24765: 
24766: 	* getspwuid.c:
24767: 	Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
24768: 	one chunk for easy free()ing. Also change it from static to extern.
24769: 	[ab503260a7ec]
24770: 
24771: 	* defaults.c, defaults.h:
24772: 	Add callback support
24773: 	[a61c4ca983fb]
24774: 
24775: 	* mkdefaults:
24776: 	Add a callback field and use it for runas_default
24777: 	[96b69c27df5e]
24778: 
24779: 	* def_data.c, def_data.in:
24780: 	Add a callback field and use it for runas_default
24781: 	[d3e9f06872b8]
24782: 
24783: 2004-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
24784: 
24785: 	* auth/fwtk.c:
24786: 	Add support for chalnecho and display server responses used by fwtk
24787: 	>= 2.0
24788: 	[b1870f7aaf0d]
24789: 
24790: 2004-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
24791: 
24792: 	* sudoers.man.in, sudoers.pod:
24793: 	ld.so is ld.so.1 on solaris
24794: 	[2bf9a123fa4c]
24795: 
24796: 	* Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
24797: 	Use closefrom() instead of doing the equivalent inline.
24798: 	[7e3ef6072884]
24799: 
24800: 	* closefrom.c:
24801: 	closefrom(3) for systems w/o it
24802: 	[35caf58bb636]
24803: 
24804: 2004-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
24805: 
24806: 	* sudoers.man.in:
24807: 	Update from .pod file.
24808: 	[d4c94fc0e0c9]
24809: 
24810: 	* configure, configure.in:
24811: 	Substitute noexec_file for the sudoers man page
24812: 	[203d3376a551]
24813: 
24814: 	* sudo.man.in, sudo.pod:
24815: 	Mention noexec
24816: 	[014375ddbb06]
24817: 
24818: 	* sudoers.man.in, sudoers.pod:
24819: 	Document noexec
24820: 	[49a65d06201f]
24821: 
24822: 	* auth/pam.c, config.h.in, configure.in:
24823: 	Move PAM_CONST macro definition from config.h to pam.c where it
24824: 	belongs. We can't have this in config.h since that gets included too
24825: 	early.
24826: 	[e64748071637]
24827: 
24828: 	* auth/pam.c, config.h.in, configure, configure.in:
24829: 	Some PAM implementations put their headers in /usr/include/pam
24830: 	instead of /usr/include/security.
24831: 	[8cc749e9575c]
24832: 
24833: 	* configure.in:
24834: 	I missed changing the EXEC macro -> EXECV here when I changed this
24835: 	in config.h.in and sudo.c a while ago.
24836: 	[6f5afac7789f]
24837: 
24838: 	* acsite.m4:
24839: 	OpenBSD vax/m88k/hppa don't do shared libs
24840: 	[e4901d958bb7]
24841: 
24842: 	* configure, configure.in:
24843: 	o merge the hpux case entries into a single entry w/ its own sub-
24844: 	case statement. o HP-UX >= 11 support getspnam(), use it in
24845: 	preference to getprpwuid()
24846: 	[0caad428894e]
24847: 
24848: 	* configure, configure.in:
24849: 	eval $shrext so that it expands nicely on MacOS X
24850: 	[40419343eef8]
24851: 
24852: 	* Makefile.in:
24853: 	Don't lie about making a module, it does the wrong thing on mach
24854: 	[7629b28f5688]
24855: 
24856: 	* ltmain.sh:
24857: 	Remove requirement that libs must begin with "lib". They don't when
24858: 	we point directly at the lib using LD_PRELOAD or its equivalent.
24859: 	[d66f3de6ec85]
24860: 
24861: 	* acsite.m4:
24862: 	Disable support for c++, f77 and java. We don't need it, it takes a
24863: 	lot of time, and it hosed our check for shared lib support.
24864: 	[4f5749c52ce4]
24865: 
24866: 	* configure:
24867: 	regen
24868: 	[160865e9d15f]
24869: 
24870: 	* configure.in:
24871: 	Call AC_ENABLE_SHARED and check the status of enable_shared to know
24872: 	when shared libs are available.
24873: 	[42504c1668fc]
24874: 
24875: 	* acsite.m4:
24876: 	Duh, OpenBSD suports shared libs too
24877: 	[8e3cd9417475]
24878: 
24879: 	* config.h.in, configure.in:
24880: 	Only OpenPAM and Linux PAM use const qualifiers.
24881: 	[b2f76476e866]
24882: 
24883: 	* configure, configure.in:
24884: 	o No need to check for sed, libtool config does that for us o move
24885: 	check for --with-noexec until after libtool magic is run so we can
24886: 	use $can_build_shared and $shrext
24887: 	[668c656e89cc]
24888: 
24889: 	* ltmain.sh:
24890: 	Don't print a bunch of crap about library installs since we are not
24891: 	really installing a library.
24892: 	[83fbcad29fe4]
24893: 
24894: 	* env.c:
24895: 	Make format_env() varargs Add noexec support for Darwin, MacOS X,
24896: 	Irix, and Tru64
24897: 	[468885d75d10]
24898: 
24899: 	* acsite.m4, ltconfig, ltmain.sh:
24900: 	Update to libtool 1.5 with local changes: o no ldconfig in the
24901: 	finish step o assume no libprefix or version is needed
24902: 	[4961cffc3797]
24903: 
24904: 	* sudo_noexec.c:
24905: 	Fix compilation under K&R
24906: 	[8b309bf0b1b2]
24907: 
24908: 2004-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
24909: 
24910: 	* CHANGES:
24911: 	checkpoint
24912: 	[3c368badab32]
24913: 
24914: 	* sudo_noexec.c:
24915: 	stub execve() that just returns EACCES; used for noexec
24916: 	functionality
24917: 	[1297acae283a]
24918: 
24919: 	* sudo.tab.h:
24920: 	Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
24921: 	generated code.
24922: 	[dcab78c49273]
24923: 
24924: 	* sudo.tab.c:
24925: 	Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
24926: 	generated code.
24927: 	[0a61c735eabe]
24928: 
24929: 2004-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
24930: 
24931: 	* def_data.c, def_data.h, def_data.in:
24932: 	Move the environment defaults to the end and shorten a few of the
24933: 	descriptions.
24934: 	[66787b9c612c]
24935: 
24936: 	* configure, configure.in:
24937: 	no shared libs on ultris or convexos
24938: 	[2c5f3c456e32]
24939: 
24940: 	* Makefile.in, configure, configure.in:
24941: 	Build sudo_noexec shared object using libtool; could use some
24942: 	cleanup.
24943: 	[373f483555dd]
24944: 
24945: 	* acsite.m4, ltconfig, ltmain.sh:
24946: 	libtool scaffolding
24947: 	[c903a42e3d90]
24948: 
24949: 	* parse.yacc, sudo.tab.c:
24950: 	Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
24951: 	important.
24952: 	[c6e8a34639a4]
24953: 
24954: 	* defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
24955: 	parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
24956: 	update copyright year
24957: 	[a16372ae1711]
24958: 
24959: 	* configure, configure.in, defaults.c, env.c, pathnames.h.in:
24960: 	Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
24961: 	option. The default value of noexec_file is set to this.
24962: 	[7d88e1d3c494]
24963: 
24964: 	* def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
24965: 	parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
24966: 	sudo.tab.h:
24967: 	Add support for preloading a shared object containing a dummy
24968: 	execve() function that just sets error and returns -1. This adds a
24969: 	"noexec_file" option to load the filename as well as a "noexec" flag
24970: 	to enable it unconditionally. There is also a NOEXEC tag that can be
24971: 	attached to specific commands and an EXEC tag to disable it.
24972: 	[c8b6712feb91]
24973: 
24974: 	* mkdefaults:
24975: 	add missing newline to usage statement
24976: 	[e84746618362]
24977: 
24978: 	* config.h.in, sudo.c:
24979: 	Rename EXEC macro -> EXECV
24980: 	[ddaa0c027299]
24981: 
24982: 	* logging.c:
24983: 	Don't truncate usernames to 8 characters in the log message.
24984: 	[f62a20f27075]
24985: 
24986: 	* check.c, sudoers.man.in, sudoers.pod:
24987: 	Update copyright year
24988: 	[ca9964054085]
24989: 
24990: 	* check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
24991: 	sudoers.pod:
24992: 	Add a new option, lecture_file, that can be used to point to a
24993: 	custom sudo lecture.
24994: 	[940133231216]
24995: 
24996: 2003-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
24997: 
24998: 	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
24999: 	auth/sudo_auth.c:
25000: 	Add a zero_bytes() function to do the equivalent of bzero in such a
25001: 	way that will heopfully not be optimized away by sneaky compilers.
25002: 	[161b6d74bfb4]
25003: 
25004: 	* zero_bytes.c:
25005: 	Add a zero_bytes() function to do the equivalent of bzero in such a
25006: 	way that will heopfully not be optimized away by sneaky compilers.
25007: 	[d035abf0af94]
25008: 
25009: 	* Makefile.in, sudo.h:
25010: 	Add a zero_bytes() function to do the equivalent of bzero in such a
25011: 	way that will heopfully not be optimized away by sneaky compilers.
25012: 	[ff136de3e255]
25013: 
25014: 	* err.c:
25015: 	Use #ifdef __STDC__, not #if __STDC__.
25016: 	[6889dd6bc51a]
25017: 
25018: 2003-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
25019: 
25020: 	* mkdefaults:
25021: 	Always put at least one space between the def_* macro name and its
25022: 	definition.
25023: 	[6b3ad0e6619a]
25024: 
25025: 	* configure, configure.in:
25026: 	Adjust code for --without-lecture to match new values.
25027: 	[062aa788a6b9]
25028: 
25029: 	* visudo.man.in:
25030: 	regen after pasto fix
25031: 	[3deec16906c0]
25032: 
25033: 	* sudoers.man.in, sudoers.pod:
25034: 	Document that "lecture" has changed from a flag to a tuple.
25035: 	[e2c03062b533]
25036: 
25037: 	* check.c, def_data.c, def_data.h, def_data.in, defaults.c,
25038: 	defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
25039: 	Add support for tuples in def_data.in; these are implemented as an
25040: 	enum type. Currently there is only a single tuple enum but in the
25041: 	future we may have one tuple enum per T_TUPLE entry in def_data.in.
25042: 	Currently listpw, verifypw and lecture are tuples. This avoids the
25043: 	need to have two entries (one ival, one str) for pwflags and syslog
25044: 	values.
25045: 
25046: 	lecture is now a tuple with the following values: never, once,
25047: 	always
25048: 
25049: 	We no longer use both an int and string entry for syslog facilities
25050: 	and priorities. Instead, there are logfac2str() and logpri2str()
25051: 	functions that get used when we need to print the string values.
25052: 	[5293f946c836]
25053: 
25054: 	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
25055: 	auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
25056: 	check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
25057: 	logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
25058: 	sudo.tab.c, visudo.c:
25059: 	Create def_* macros for each defaults value so we no longer need the
25060: 	def_{flag,ival,str,list,mode} macros (which have been removed). This
25061: 	is a step toward more flexible data types in def_data.in.
25062: 	[009c02934106]
25063: 
25064: 	* TODO:
25065: 	checkpoint
25066: 	[0a99a4bb5d15]
25067: 
25068: 2003-12-23  Todd C. Miller  <Todd.Miller@courtesan.com>
25069: 
25070: 	* sudo.c:
25071: 	If we are in -k/-K mode, just spew to stderr. It is not unusual for
25072: 	users to place "sudo -k" in a .logout file which can cause sudo to
25073: 	be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
25074: 	Previously, this would result in useless mail and logging.
25075: 	[d282e7ed63af]
25076: 
25077: 2003-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
25078: 
25079: 	* visudo.pod:
25080: 	fix pasto in VISUAL description
25081: 	[1c6a6148b5f9]
25082: 
25083: 2003-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
25084: 
25085: 	* configure:
25086: 	regen
25087: 	[f44312c63799]
25088: 
25089: 	* CHANGES:
25090: 	checkpoint
25091: 	[0c42e38f78d5]
25092: 
25093: 	* TROUBLESHOOTING:
25094: 	Some OSes (like Solaris) allow export w/ nosuid too
25095: 	[973ce85ffa12]
25096: 
25097: 2003-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
25098: 
25099: 	* compat.h:
25100: 	We don't use FD_ZERO anymore so just define FD_SET (if not already
25101: 	there).
25102: 	[d1c8c11905cd]
25103: 
25104: 2003-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
25105: 
25106: 	* auth/pam.c:
25107: 	Fix a core dump on Solaris by preserving the pam_handle_t we used
25108: 	during authentication for pam_prep_user(). If we didn't authenticate
25109: 	(ie: ticket still valid), we call pam_init() from pam_prep_user().
25110: 	This is something of a hack; it may be better to change the auth API
25111: 	and add an auth_final() function that acts like pam_prep_user().
25112: 	[f787de49b175]
25113: 
25114: 2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
25115: 
25116: 	* set_perms.c:
25117: 	Add explicit declaration of printerr variable in function header
25118: 	(was defaulting to int which is OK but oh so K&R :-). From Theo.
25119: 	[492c2358783f]
25120: 
25121: 2003-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
25122: 
25123: 	* config.h.in, configure.in:
25124: 	s/HAVE_STOW/USE_STOW/
25125: 	[4b99e1824ece]
25126: 
25127: 	* logging.c:
25128: 	Also exit waitpid() loop when pid == 0. Fixes a problem where the
25129: 	sudo process would spin eating up CPU until sendmail finished when
25130: 	it has to send mail.
25131: 	[ec3d5792b9b4]
25132: 
25133: 2003-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
25134: 
25135: 	* fnmatch.c:
25136: 	Remove advertising clause, UCB has disavowed it
25137: 	[43a26bbd6628]
25138: 
25139: 	* fnmatch.3:
25140: 	Remove advertising clause, UCB has disavowed it
25141: 	[3ff24291bcfa]
25142: 
25143: 2003-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
25144: 
25145: 	* parse.c:
25146: 	Don't assume that getgrnam() calls don't modify contents of struct
25147: 	passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
25148: 	Based on a patch from Kirk Webb.
25149: 	[5574c68f60f3]
25150: 
25151: 2003-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
25152: 
25153: 	* configure.in:
25154: 	missing ;;
25155: 	[22378f2a9d31]
25156: 
25157: 	* configure.in:
25158: 	darwin has a broken setreuid() in at least some versions
25159: 	[d572aed930d2]
25160: 
25161: 	* env.c:
25162: 	Fix an off by one error when reallocating the environment; Kevin Pye
25163: 	[3d98e7cf097a]
25164: 
25165: 2003-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
25166: 
25167: 	* sudoers.pod:
25168: 	Fix User_Spec definition; SEKINE Tatsuo
25169: 	[49b0da65e090]
25170: 
25171: 2003-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
25172: 
25173: 	* HISTORY:
25174: 	More info on the early days from Coggs.
25175: 	[9381ca10b06b]
25176: 
25177: 2003-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
25178: 
25179: 	* auth/kerb5.c:
25180: 	remove errant semicolon that prevented compilation under heimdal
25181: 	[d2f2bb73a598]
25182: 
25183: 2003-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
25184: 
25185: 	* testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
25186: 	add DARPA credit on affected files
25187: 	[7020785ee50d]
25188: 
25189: 	* sudoers.pod:
25190: 	add DARPA credit on affected files
25191: 	[83b46318750b]
25192: 
25193: 	* sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
25194: 	sudoers.man.in:
25195: 	add DARPA credit on affected files
25196: 	[d8adf1c2ba22]
25197: 
25198: 	* set_perms.c:
25199: 	add DARPA credit on affected files
25200: 	[3d79fdabb582]
25201: 
25202: 	* pathnames.h.in:
25203: 	add DARPA credit on affected files
25204: 	[e334cdda422f]
25205: 
25206: 	* logging.c, parse.c:
25207: 	add DARPA credit on affected files
25208: 	[8f75f822755b]
25209: 
25210: 	* auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
25211: 	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
25212: 	find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
25213: 	interfaces.h:
25214: 	add DARPA credit on affected files
25215: 	[da66e28fb3f5]
25216: 
25217: 	* auth/kerb5.c, auth/pam.c:
25218: 	add DARPA credit on affected files
25219: 	[15da3021b49c]
25220: 
25221: 	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
25222: 	auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
25223: 	version.h:
25224: 	add DARPA credit on affected files
25225: 	[868d54cbddea]
25226: 
25227: 	* env.c:
25228: 	add DARPA credit on affected files
25229: 	[90239f51ef0a]
25230: 
25231: 	* defaults.c, defaults.h:
25232: 	add DARPA credit on affected files
25233: 	[6a64205fd1eb]
25234: 
25235: 	* compat.h:
25236: 	add DARPA credit on affected files
25237: 	[316a735783c4]
25238: 
25239: 	* Makefile.in, alloc.c, check.c:
25240: 	add DARPA credit on affected files
25241: 	[cd939e05c810]
25242: 
25243: 	* LICENSE:
25244: 	slightly different wording for the darpa credit
25245: 	[e468909c4a21]
25246: 
25247: 2003-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
25248: 
25249: 	* LICENSE:
25250: 	Add DARPA credit
25251: 	[8eb20e2cd63e]
25252: 
25253: 2003-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
25254: 
25255: 	* auth/kerb5.c:
25256: 	Use krb5_princ_component() instead of krb5_princ_realm() for MIT
25257: 	Kerberos like we did before I messed things up ;-)
25258: 
25259: 	Use krb5_principal_get_comp_string() to do the same thing w/
25260: 	Heimdal. I'm not sure if the component should be 0 or 1 in this
25261: 	case.
25262: 
25263: 	#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
25264: 	older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
25265: 	should be a configure check for this I guess.
25266: 	[74919a3933fe]
25267: 
25268: 2003-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
25269: 
25270: 	* sample.sudoers:
25271: 	builtin -> built-in; Jason McIntyre
25272: 	[027f2187923e]
25273: 
25274: 	* TROUBLESHOOTING, config.h.in, configure, configure.in:
25275: 	builtin -> built-in; Jason McIntyre
25276: 	[70b81ac48943]
25277: 
25278: 	* sudoers.pod:
25279: 	built in -> built-in; Jason McIntyre
25280: 	[da658ef5138d]
25281: 
25282: 2003-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
25283: 
25284: 	* CHANGES:
25285: 	checkpoint for 1.6.7p3
25286: 	[da85f989fadf]
25287: 
25288: 	* HISTORY:
25289: 	Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
25290: 	Amazingly, sudo source from 1985 is available via groups.google.com
25291: 	[39e0fc85b89f]
25292: 
25293: 	* sudo.c:
25294: 	Don't change rl.rlim_max for RLIMIT_CORE. We need only set
25295: 	rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
25296: 	RLIMIT_CORE restoration on some OSes.
25297: 	[7e2c1a7adfd8]
25298: 
25299: 2003-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
25300: 
25301: 	* auth/kerb5.c:
25302: 	Make this compile on Heimdal and MIT Kerberos 5
25303: 	[44c07d615868]
25304: 
25305: 	* config.h.in, configure, configure.in:
25306: 	Check for heimdal even if we found krb5-config and define
25307: 	HAVE_HEIMDAL.
25308: 	[aba0126f0059]
25309: 
25310: 	* auth/kerb5.c:
25311: 	Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is no
25312: 	longer defined by MIT kerb5 (though it used to be and indeed remains
25313: 	so in Heimdal).
25314: 	[e5a6c64d7cd5]
25315: 
25316: 2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
25317: 
25318: 	* mkinstalldirs:
25319: 	Remove newer stuff that passes multiple (possibly duplicate)
25320: 	directories to "mkdir -p" since that seems to break on Tru64 Unix at
25321: 	least. This basically brings back what shipped with sudo 1.6.6.
25322: 	[f2a1abd872b3]
25323: 
25324: 2003-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
25325: 
25326: 	* auth/kerb5.c:
25327: 	Correct number of args to krb5_principal_get_realm() and fix an
25328: 	unclosed comment that hid the bug.
25329: 	[0b37f8ce7824]
25330: 
25331: 	* configure:
25332: 	regen
25333: 	[1876cb840fe0]
25334: 
25335: 	* configure.in:
25336: 	++version
25337: 	[480aff7c048e]
25338: 
25339: 	* README:
25340: 	++version
25341: 	[488e0bbff613]
25342: 
25343: 	* Makefile.in:
25344: 	++version
25345: 	[97ef63cedc38]
25346: 
25347: 	* INSTALL.binary:
25348: 	++version
25349: 	[a506204e77d0]
25350: 
25351: 	* INSTALL:
25352: 	++version
25353: 	[555aeba5c2bf]
25354: 
25355: 	* CHANGES, version.h:
25356: 	++version
25357: 	[f66985a64063]
25358: 
25359: 	* BUGS:
25360: 	++version
25361: 	[ea3573432412]
25362: 
25363: 	* configure.in:
25364: 	use krb5-config to determine Kerberos V details if it exists
25365: 	[7b46bbdaf774]
25366: 
25367: 	* alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
25368: 	auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
25369: 	find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
25370: 	testsudoers.c, visudo.c:
25371: 	Use warn/err and getprogname() throughout. The main exception is
25372: 	openlog(). Since the admin may be filtering logs based on the
25373: 	program name in the log files, hard code this to "sudo".
25374: 	[9f180d015cfa]
25375: 
25376: 	* Makefile.in:
25377: 	Add getprogname.c and err.c
25378: 	[d411c54a07dc]
25379: 
25380: 	* configure:
25381: 	regen
25382: 	[6d585d391acc]
25383: 
25384: 	* config.h.in, configure.in:
25385: 	Add checks for getprognam(), __progname and err.h
25386: 	[bcbccf61d34a]
25387: 
25388: 	* emul/err.h:
25389: 	For systems withour err/warn functions.
25390: 	[1b33118884d9]
25391: 
25392: 	* err.c:
25393: 	For systems withour err/warn functions.
25394: 	[26721f6b041f]
25395: 
25396: 	* getprogname.c:
25397: 	For systems neither getprogname() nor __progname; uses Argv[0].
25398: 	[841cf42af1eb]
25399: 
25400: 2003-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
25401: 
25402: 	* CHANGES:
25403: 	checkpoint for 1.6.7p1
25404: 	[5bfdaf441dce]
25405: 
25406: 	* sudo.c, testsudoers.c:
25407: 	fix strlcpy() rval check (innocuous)
25408: 	[e05ac7e0d1f3]
25409: 
25410: 	* check.c:
25411: 	oflow detection in expand_prompt() was faulty (false positives). The
25412: 	count was based on strlcat() return value which includes the length
25413: 	of the entire string.
25414: 	[086c5a0acb25]
25415: 
25416: 2003-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
25417: 
25418: 	* RUNSON, TODO:
25419: 	checkpoint for the sudo 1.6.7 release
25420: 	[096bab4da29a] [SUDO_1_6_7]
25421: 
25422: 	* CHANGES:
25423: 	checkpoint for the sudo 1.6.7 release
25424: 	[87322187ed78]
25425: 
25426: 2003-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
25427: 
25428: 	* logging.c:
25429: 	g/c unused variable
25430: 	[c57cd4a17765]
25431: 
25432: 	* configure:
25433: 	regen
25434: 	[e7c1f581dfac]
25435: 
25436: 	* configure.in:
25437: 	use man sections 8 and 5 for csops
25438: 	[87de581bda88]
25439: 
25440: 2003-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
25441: 
25442: 	* configure:
25443: 	regen
25444: 	[cb1433a9c7a1]
25445: 
25446: 	* configure.in:
25447: 	Add -lskey or -lopie directly to SUDO_LIBS instead of having
25448: 	AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
25449: 	[ac5667978939]
25450: 
25451: 	* configure:
25452: 	regen
25453: 	[638459118a2a]
25454: 
25455: 	* configure.in:
25456: 	Add --with-blibpath for AIX. An alternate libpath may be specified
25457: 	or
25458: 	-blibpath support can be disabled. Also change conifgure such that
25459: 	-blibpath is not specified if no -L libpaths were added to
25460: 	SUDO_LDFLAGS.
25461: 	[c7d17b480cad]
25462: 
25463: 	* aclocal.m4:
25464: 	Add --with-blibpath for AIX. An alternate libpath may be specified
25465: 	or
25466: 	-blibpath support can be disabled. Also change conifgure such that
25467: 	-blibpath is not specified if no -L libpaths were added to
25468: 	SUDO_LDFLAGS.
25469: 	[37022e991575]
25470: 
25471: 	* INSTALL:
25472: 	Add --with-blibpath for AIX. An alternate libpath may be specified
25473: 	or
25474: 	-blibpath support can be disabled. Also change conifgure such that
25475: 	-blibpath is not specified if no -L libpaths were added to
25476: 	SUDO_LDFLAGS.
25477: 	[4b4bbe5bbe1b]
25478: 
25479: 	* configure.in:
25480: 	add AIX blibpath support
25481: 	[16ba788bf086]
25482: 
25483: 	* INSTALL, configure.in:
25484: 	--with-skey and --with-opie now take an option directory argument
25485: 	This obsoletes a --with-csops hack (/tools/cs/skey)
25486: 
25487: 	Also remove the remaining direct uses of "echo"
25488: 	[5b4986a90c03]
25489: 
25490: 2003-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
25491: 
25492: 	* configure.in:
25493: 	Detect KTH Kerberos IV and deal with it. Also make -lroken optional
25494: 	for KTH Kerberos IV and V.
25495: 	[119f97b48e18]
25496: 
25497: 	* aclocal.m4:
25498: 	Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
25499: 	-R/path/to/dir if $with_rpath) to the specified variable.
25500: 	[e55e49d076ce]
25501: 
25502: 	* INSTALL, configure.in:
25503: 	Add -R/path/to/libs for Solaris and SVR4. There is a new configure
25504: 	option, --with-rpath to control this behavior.
25505: 	[d4730c5399ab]
25506: 
25507: 	* configure.in:
25508: 	for kerb4 put libdes after libkrb on the link line
25509: 	[5c566100eab6]
25510: 
25511: 	* auth/kerb4.c:
25512: 	typo
25513: 	[6541b72b64a3]
25514: 
25515: 	* configure.in:
25516: 	fix kerberos lib check when a path is specified
25517: 	[ae833a914c6f]
25518: 
25519: 	* logging.c:
25520: 	Fix boolean thinko in SIGCHLD reaper and call reapchild after
25521: 	sending mail instead of doing a conditional sudo_waitpid.
25522: 	[86fa9a35df5a]
25523: 
25524: 2003-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
25525: 
25526: 	* configure:
25527: 	regen
25528: 	[e6275cf528ba]
25529: 
25530: 	* configure.in:
25531: 	replace =DIR with [=DIR] where sensible
25532: 	[c39a59173b38]
25533: 
25534: 	* configure.in:
25535: 	o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
25536: 	detection based on openssh's configure.in
25537: 	[5b7a340912df]
25538: 
25539: 	* INSTALL:
25540: 	--with-kerb4 and --with-kerb5 now take an optional argument.
25541: 	[71ed87fc9c64]
25542: 
25543: 2003-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
25544: 
25545: 	* auth/securid.c:
25546: 	Kill remaining strcpy(), the programmer's guide says username is 32
25547: 	bytes.
25548: 	[bdba70fcd08d]
25549: 
25550: 	* auth/kerb4.c:
25551: 	trat uid_t as unsigned long for printf and use snprintf, not sprintf
25552: 	[8072f5f8966d]
25553: 
25554: 	* auth/rfc1938.c:
25555: 	use snprintf
25556: 	[fc0c70c665fe]
25557: 
25558: 2003-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
25559: 
25560: 	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
25561: 	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
25562: 	auth/rfc1938.c, auth/sudo_auth.c:
25563: 	update copyright year
25564: 	[b0a10ccb1d0e]
25565: 
25566: 	* sudo.man.in, sudoers.man.in, visudo.man.in:
25567: 	update copyright year
25568: 	[8fce0034eb51]
25569: 
25570: 	* LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
25571: 	configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
25572: 	parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
25573: 	sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
25574: 	update copyright year
25575: 	[d541e75fe520]
25576: 
25577: 	* check.c, env.c, sudo.c:
25578: 	Cast [ug]ids to unsigned long and printf with %lu
25579: 	[2ede64d3592b]
25580: 
25581: 	* configure:
25582: 	regen
25583: 	[c7c3245bdf3e]
25584: 
25585: 	* configure.in:
25586: 	correct error messages for --with-sudoers-{mode,uid,gid}
25587: 	[77fc15b1c9db]
25588: 
25589: 	* alloc.c:
25590: 	make the malloc(0) error specific to each function to aid tracking
25591: 	down bugs.
25592: 	[a58c34374b4b]
25593: 
25594: 	* alloc.c:
25595: 	deal with platforms where size_t is signed and there is no SIZE_MAX
25596: 	or SIZE_T_MAX
25597: 	[7192abb4ab4e]
25598: 
25599: 	* auth/kerb5.c:
25600: 	Make this compile w/ Heimdal and fix some gcc warnings.
25601: 	[f52f026f31c2]
25602: 
25603: 	* sudo.c:
25604: 	Use stat_sudoers macro so --with-stow can work
25605: 	[c3674735c139]
25606: 
25607: 	* INSTALL, config.h.in, configure, configure.in:
25608: 	Add support for --with-stow based on patches from Robert Uhl
25609: 	[b274cc1dd52c]
25610: 
25611: 	* env.c:
25612: 	fix indentation
25613: 	[110d9f1721b1]
25614: 
25615: 	* configure.in:
25616: 	back out rev 1.352
25617: 	[1eee91c83f11]
25618: 
25619: 	* lex.yy.c:
25620: 	regen
25621: 	[72fba1c9590b]
25622: 
25623: 	* parse.lex:
25624: 	use strlcpy, not strncpy
25625: 	[4faccbaeccef]
25626: 
25627: 	* set_perms.c:
25628: 	Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
25629: 	[33bf0d18fdc1]
25630: 
25631: 	* logging.c:
25632: 	use pid_t
25633: 	[3e0536993d2c]
25634: 
25635: 2003-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
25636: 
25637: 	* strlcat.c, strlcpy.c:
25638: 	Make gcc shutup about unused rcsid
25639: 	[1669a0c74e9e]
25640: 
25641: 	* interfaces.c:
25642: 	Move the n == 0 check for the non-getifaddrs cas
25643: 	[2460be061b2a]
25644: 
25645: 	* auth/rfc1938.c:
25646: 	skeychallenge() on NetBSD take a size parameter
25647: 	[05acc2012801]
25648: 
25649: 	* configure:
25650: 	regen
25651: 	[24bccf4749e8]
25652: 
25653: 	* configure.in:
25654: 	put -ldl after -lpam, not before; fixes static linking on Linux
25655: 	[7f06b7b2b4d8]
25656: 
25657: 	* interfaces.c:
25658: 	Avoid malloc(0) and fix the loop invariant for the getifaddrs()
25659: 	case.
25660: 	[239a55068646]
25661: 
25662: 	* sudo.cat, sudoers.cat, visudo.cat:
25663: 	regen
25664: 	[4a2eed3981ca]
25665: 
25666: 	* sudo.man.in, sudoers.man.in, visudo.man.in:
25667: 	regen
25668: 	[2c96ea2cf930]
25669: 
25670: 	* Makefile.in:
25671: 	Preserve copyright notice from .pod file in .man.in file
25672: 	[519fbd09aebc]
25673: 
25674: 	* visudo.pod:
25675: 	Add sudoers(5) to SEE ALSO
25676: 	[77ecfe3aedf1]
25677: 
25678: 2003-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
25679: 
25680: 	* lex.yy.c:
25681: 	regen
25682: 	[6f5751ce0b74]
25683: 
25684: 	* parse.lex:
25685: 	Don't assume libc can realloc() a NULL string. If malloc/realloc
25686: 	fails, make sure we just return; yyerror() is not terminal.
25687: 	[1b8618623708]
25688: 
25689: 	* lex.yy.c:
25690: 	regen
25691: 	[5d31b46191c6]
25692: 
25693: 	* parse.lex:
25694: 	simplify fill_args a little and use strlcpy for paranoia
25695: 	[0ea35a55542b]
25696: 
25697: 	* sudo.tab.c:
25698: 	regen
25699: 	[5a8d508d708b]
25700: 
25701: 	* check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
25702: 	testsudoers.c:
25703: 	Use strlc{at,py} for paranoia's sake and exit on overflow. In all
25704: 	cases the strings were either pre-allocated to the correct size of
25705: 	length checks were done before the copy but a little paranoia can go
25706: 	a long way.
25707: 	[e73d28f1d14e]
25708: 
25709: 	* sudo.h:
25710: 	Add strlc{at,py} protos
25711: 	[748ffc7fc7f4]
25712: 
25713: 	* env.c, interfaces.c:
25714: 	Use erealloc3()
25715: 	[47f2cb46aba8]
25716: 
25717: 	* configure:
25718: 	regen
25719: 	[e7e2fb79f935]
25720: 
25721: 	* alloc.c:
25722: 	Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
25723: 	memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
25724: 	[7e0fa4d6fc1d]
25725: 
25726: 	* sudo.c:
25727: 	snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
25728: 	configure.
25729: 	[09ea4d3959e9]
25730: 
25731: 	* aclocal.m4:
25732: 	In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
25733: 	[31b4fdfdb8bf]
25734: 
25735: 2003-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
25736: 
25737: 	* sudo.c:
25738: 	Use snprintf() for paranoia
25739: 	[a2659ceb46de]
25740: 
25741: 	* parse.yacc:
25742: 	Use emalloc2 and erealloc3
25743: 	[90a069842401]
25744: 
25745: 	* Makefile.in:
25746: 	strlc{at,py} for those w/o it
25747: 	[bac82dc916ee]
25748: 
25749: 	* strlcat.c, strlcpy.c:
25750: 	stlc{at,py} for those w/o it.
25751: 	[ce7254f5db09]
25752: 
25753: 	* config.h.in, configure, configure.in:
25754: 	Add stlc{at,py} for those w/o it.
25755: 	[00f08219657a]
25756: 
25757: 	* alloc.c, sudo.h:
25758: 	Add erealloc3(), a realloc() version of emalloc2().
25759: 	[c96eaf08bbed]
25760: 
25761: 	* interfaces.c, sudo.c:
25762: 	Use emalloc2() to allocate N things of a certain size.
25763: 	[1e0aba365555]
25764: 
25765: 	* alloc.c, sudo.h:
25766: 	Add emalloc2() -- like calloc() but w/o the bzero and with
25767: 	error/oflow checking.
25768: 	[292150bc4153]
25769: 
25770: 	* alloc.c:
25771: 	Error out on malloc(0); suggested by theo
25772: 	[995279e81326]
25773: 
25774: 2003-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
25775: 
25776: 	* configure, configure.in:
25777: 	fix a typo; David Krause
25778: 	[f161213a17ab]
25779: 
25780: 2003-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
25781: 
25782: 	* sudo.pod:
25783: 	fix typo
25784: 	[3ae5ad9a351a]
25785: 
25786: 2003-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
25787: 
25788: 	* env.c:
25789: 	Remove DYLD_ from the environment for MacOS X; from bbraun
25790: 	[38caad5a3935]
25791: 
25792: 2003-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
25793: 
25794: 	* config.h.in, configure.in:
25795: 	not not; Anil Madhavapeddy
25796: 	[d4f4f0bfc66b]
25797: 
25798: 2003-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
25799: 
25800: 	* sudo.pod, sudoers.pod, visudo.pod:
25801: 	typos; jmc@openbsd.org
25802: 	[868c0f09bf9e]
25803: 
25804: 2003-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
25805: 
25806: 	* parse.yacc:
25807: 	Add some missing ';' rule terminators that bison warns about.
25808: 	[535b0b8dcce5]
25809: 
25810: 	* config.sub:
25811: 	fix typo I introduced in last merge
25812: 	[81db4e4f43fe]
25813: 
25814: 	* configure:
25815: 	regenerate with autoconf 2.57
25816: 	[ca0c1e9564f8]
25817: 
25818: 	* config.h.in:
25819: 	Add missing "$HOME"
25820: 	[209186197ad1]
25821: 
25822: 	* configure.in:
25823: 	Add some more square backets to make autoconf 2.57 happy
25824: 	[b5639c14faf7]
25825: 
25826: 	* config.sub, mkinstalldirs:
25827: 	Updates from autoconf-2.57
25828: 	[36be35eb331b]
25829: 
25830: 	* config.guess:
25831: 	Updates from autoconf-2.57
25832: 	[ea0f8ca622af]
25833: 
25834: 2003-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
25835: 
25836: 	* sudo.tab.h:
25837: 	regen
25838: 	[13a65a421567]
25839: 
25840: 	* lex.yy.c, sudo.tab.c:
25841: 	regen
25842: 	[0b529db7cb6d]
25843: 
25844: 	* parse.lex, parse.yacc, sudoers.pod:
25845: 	Add support for Defaults>RunasUser
25846: 	[20d726373175]
25847: 
25848: 2003-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
25849: 
25850: 	* visudo.c:
25851: 	fclose() yyin after each yyparse() is done and use fopen() instead
25852: 	of using freopen().
25853: 	[587f8a2df857]
25854: 
25855: 	* parse.lex:
25856: 	Better fix for sudoers files w/o a newline before EOF. It looks like
25857: 	the issue is that yyrestart() does not reset the start condition to
25858: 	INITIAL which is an issue since we parse sudoers multiple times.
25859: 	[920f8326968a]
25860: 
25861: 2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
25862: 
25863: 	* parse.lex:
25864: 	Work around what appears to be a flex bug when dealing with files
25865: 	that lack a final newline before EOF. This adds a rule to match EOF
25866: 	in the non-initial states which resets the state to INITIAL and
25867: 	throws an error.
25868: 	[b94943bb1f81]
25869: 
25870: 	* visudo.c:
25871: 	o The parser needs sudoers to end with a newline but some editors
25872: 	(emacs) may not add one. Check for a missing newline at EOF and add
25873: 	one if needed. o Set quiet flag during initial sudoers parse (to get
25874: 	options) o Move yyrestart() call and always use freopen() to open
25875: 	yyin after initial sudoers parse.
25876: 	[12d12f9b07aa]
25877: 
25878: 2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
25879: 
25880: 	* set_perms.c:
25881: 	Fix pasto/thinko in setresgid()/setregid() usage. Want to set
25882: 	effective gid, not real gid, when reading sudoers.
25883: 	[c7d18b810fcd]
25884: 
25885: 	* set_perms.c:
25886: 	don't compile set_perms_posix if we have setreuid or setresuid
25887: 	[b9cea7a81a29]
25888: 
25889: 2002-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
25890: 
25891: 	* sudo.pod, sudoers.pod:
25892: 	document new prompt escapes
25893: 	[2f088076b640]
25894: 
25895: 	* check.c:
25896: 	Add %U and %H escapes and redo prompt rewriting. "%%" now gets
25897: 	collapsed to "%" as was originally intended. This also gets rid of
25898: 	lastchar (does lookahead instead of lookback) which should simplify
25899: 	the logic slightly.
25900: 	[4b707b77b3c7]
25901: 
25902: 2002-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
25903: 
25904: 	* tgetpass.c:
25905: 	Write the prompt *after* turning off echo to avoid some password
25906: 	characters being echoed on heavily-loaded machines with fast
25907: 	typists.
25908: 	[d38c57775915]
25909: 
25910: 	* config.sub:
25911: 	Add support for mipseb; wiz@danbala.tuwien.ac.at
25912: 	[cfdac87ed5c8]
25913: 
25914: 	* configure.in:
25915: 	Fix IRIX fallout from name changes in man dir/sect Makefile
25916: 	variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
25917: 	[9a7618755c23]
25918: 
25919: 	* auth/pam.c:
25920: 	Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
25921: 	the global copy. Problem noted by Peter Pentchev.
25922: 	[d0a3e189cb06]
25923: 
25924: 2002-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
25925: 
25926: 	* sudo.tab.c:
25927: 	regen
25928: 	[23b931359087]
25929: 
25930: 	* parse.yacc:
25931: 	Add missing yyerror() calls; YYERROR does not seem to call this for
25932: 	us.
25933: 	[0be7aeb3ac57]
25934: 
25935: 2002-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
25936: 
25937: 	* sudo.c:
25938: 	fix typo in comment; Pedro Bastos
25939: 	[d7406c460e99]
25940: 
25941: 2002-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
25942: 
25943: 	* INSTALL:
25944: 	document --disable-setresuid
25945: 	[fbd03d03a027]
25946: 
25947: 	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
25948: 	auth/sudo_auth.c:
25949: 	Sprinkle some volatile qualifiers to prevent over-enthusiastic
25950: 	optimizers from removing memset() calls.
25951: 	[5370ac0e6129]
25952: 
25953: 	* logging.c, parse.yacc:
25954: 	minor sign fixes pointed out by gcc -Wsign-compare
25955: 	[db872438337f]
25956: 
25957: 	* set_perms.c, sudo.c, sudo.h:
25958: 	Revamp set_perms. We now use a version based on setresuid() or
25959: 	setreuid() when possible since that allows us to support the
25960: 	stay_setuid option and we always know exactly what the semantics
25961: 	will be (various Linux kernels have broken POSIX saved uid support).
25962: 	[523bc212396c]
25963: 
25964: 	* config.h.in, configure:
25965: 	regen from configure.in
25966: 	[351877ea2624]
25967: 
25968: 	* configure.in:
25969: 	Add checks for setresuid() and a way to disable using it
25970: 	[a5b21653d169]
25971: 
25972: 	* compat.h:
25973: 	No long need to emulate set*[ug]id() via setres[ug]id() or
25974: 	setre[ug]id(). The new set_perms stuff only uses things it knows are
25975: 	there.
25976: 	[47884bd5d1d9]
25977: 
25978: 	* sudo.c:
25979: 	Before exec, restore state of signal handlers to be the same as when
25980: 	we were initialy invoked instead of just reseting to SIG_DFL. Fixes
25981: 	a problem when using sudo with nohup. Based on a patch from Paul
25982: 	Markham.
25983: 	[f8f5a1484faa]
25984: 
25985: 	* sudo.c:
25986: 	o timestamp_uid should be uid_t, not int o clarify error message
25987: 	when sudo is run by root and no_root_sudo is set
25988: 	[19dda0734264]
25989: 
25990: 2002-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
25991: 
25992: 	* README:
25993: 	update ftp link for bison
25994: 	[98bc191016e3]
25995: 
25996: 2002-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
25997: 
25998: 	* set_perms.c:
25999: 	Error out if setusercontext() fails and the runas user is not root.
26000: 	[089f9ade4686]
26001: 
26002: 2002-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
26003: 
26004: 	* auth/securid5.c:
26005: 	Fix rcsid
26006: 	[07e9e85dcc2f]
26007: 
26008: 	* configure.in:
26009: 	Fix SecurID API test
26010: 	[5ec201f454a5]
26011: 
26012: 2002-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
26013: 
26014: 	* env.c:
26015: 	typo in comment
26016: 	[9d385c9ac533]
26017: 
26018: 	* configure.in:
26019: 	securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
26020: 	but I don't see a better way at the moment.
26021: 	[f89e55cbb313]
26022: 
26023: 	* Makefile.in, auth/securid5.c:
26024: 	SecurID API version 5 support from Michael Stroucken
26025: 	[68500ac7e531]
26026: 
26027: 	* configure.in:
26028: 	Add check for SecurID 5.0 API
26029: 	[1ee242e6de6b]
26030: 
26031: 2002-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
26032: 
26033: 	* strerror.c:
26034: 	We actually do still need config.h to get the 'const' definition for
26035: 	K&R C.
26036: 	[d9c982032d85]
26037: 
26038: 2002-05-05  Todd C. Miller  <Todd.Miller@courtesan.com>
26039: 
26040: 	* configure:
26041: 	regen with autoconf 2.5.3
26042: 	[c71fc086eef5]
26043: 
26044: 	* configure.in:
26045: 	Don't set sysconfdir to '/etc' if the user has specified a --prefix.
26046: 	[d90da1efafd9]
26047: 
26048: 	* configure.in:
26049: 	Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
26050: 	LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
26051: 	[dd67afefa90d]
26052: 
26053: 	* env.c, sudo.c, sudo.h:
26054: 	No need for dump_badenv() now that dump_defaults() knows how to dump
26055: 	lists.
26056: 	[6bcda468501d]
26057: 
26058: 	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
26059: 	version.h:
26060: 	++version
26061: 	[44e3b8f95f0b]
26062: 
26063: 	* sudoers.pod:
26064: 	document timestampowner
26065: 	[37ebd69e9dd1]
26066: 
26067: 	* check.c:
26068: 	Don't call set_perms() when doing timestamp stuff unless
26069: 	timestamp_uid != 0.
26070: 	[63a63d41d18c]
26071: 
26072: 	* auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
26073: 	sudo.h, testsudoers.c:
26074: 	g/c second arg to set_perms--it is no longer used
26075: 	[7ac4ce50c612]
26076: 
26077: 2002-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
26078: 
26079: 	* check.c, set_perms.c, sudo.c, sudo.h:
26080: 	Add support for non-root timestamp dirs. This allows the timestamp
26081: 	dir to be shared via NFS (though this is not recommended).
26082: 	[faa83dd2b7fb]
26083: 
26084: 	* def_data.c, def_data.h, def_data.in:
26085: 	Add timestampowner, "Owner of the authentication timestamp dir"
26086: 	[d47640d4c86a]
26087: 
26088: 2002-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
26089: 
26090: 	* env.c:
26091: 	Don't try to pre-compute the size of the new envp, just allocate
26092: 	space up front and realloc as needed. Changes to the new env pointer
26093: 	must all be made through insert_env() which now keeps track of
26094: 	spaced used and allocates as needed.
26095: 	[39bc934a9f2c]
26096: 
26097: 2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
26098: 
26099: 	* configure:
26100: 	regen
26101: 	[0e12c09bb790]
26102: 
26103: 	* configure.in:
26104: 	Fix two typo/pastos; from jrj@purdue.edu
26105: 	[b718a4bf1181]
26106: 
26107: 2002-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
26108: 
26109: 	* INSTALL.binary, README:
26110: 	++version
26111: 	[a1e33027278c] [SUDO_1_6_6]
26112: 
26113: 	* configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
26114: 	visudo.cat, visudo.man.in:
26115: 	regen
26116: 	[19eb2be283ef]
26117: 
26118: 	* CHANGES, RUNSON, TODO:
26119: 	Sync with 1.6.6
26120: 	[2ff9a9087f63]
26121: 
26122: 	* check.c:
26123: 	The the loop used to expand %h and %u, the lastchar variable was not
26124: 	being initialized. This means that if the last char in the prompt is
26125: 	'%' and the first char is 'h' or 'u' a extra copy of the host or
26126: 	user name would be copied, for which space had not been allocated.
26127: 	[b2e27197857d]
26128: 
26129: 2002-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
26130: 
26131: 	* BUGS, INSTALL, Makefile.in, configure.in, version.h:
26132: 	crank version to 1.6.6
26133: 	[cfd08689e597]
26134: 
26135: 	* auth/afs.c:
26136: 	#undef VOID to get rid of an AFS warning
26137: 	[b40760564dc1]
26138: 
26139: 	* env.c:
26140: 	Use easprintf instead of emalloc + sprintf for some things.
26141: 	[e7bfe2e69a03]
26142: 
26143: 2002-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
26144: 
26145: 	* lex.yy.c, sudo.tab.c:
26146: 	regen
26147: 	[35327104383d]
26148: 
26149: 	* parse.c, parse.lex, parse.yacc, testsudoers.c:
26150: 	Remove Chris Jepeway's email address so people don't bug him ;-)
26151: 	[c03410747a69]
26152: 
26153: 2002-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
26154: 
26155: 	* sudo.c:
26156: 	Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
26157: 	endgrent() at the same time.
26158: 	[28b6097d5d1a]
26159: 
26160: 2002-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
26161: 
26162: 	* INSTALL:
26163: 	Make it clear which configure options take arguments.
26164: 	[38529e7efad0]
26165: 
26166: 2002-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
26167: 
26168: 	* compat.h:
26169: 	HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
26170: 	RLIM_INFINITY, just pretend it is -1. This works because we only
26171: 	check for RLIM_INFINITY and do not set anything to that value.
26172: 	[53173d34e6eb]
26173: 
26174: 2002-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
26175: 
26176: 	* auth/pam.c:
26177: 	Zero and free allocated memory when there is a conversation error.
26178: 	[e342133db579]
26179: 
26180: 	* auth/bsdauth.c:
26181: 	Use sigaction() not signal()
26182: 	[126c2790561f]
26183: 
26184: 	* INSTALL:
26185: 	Mention that some linux kernels have broken POSIX saved ID support
26186: 	[571ef1a893d3]
26187: 
26188: 	* CHANGES:
26189: 	checkpoint for 1.6.5p2
26190: 	[9e9e456f7f43]
26191: 
26192: 	* configure:
26193: 	regen
26194: 	[d53703a46708]
26195: 
26196: 	* configure.in:
26197: 	Add --disable-setreuid flag
26198: 	[3b9f2679cb55]
26199: 
26200: 	* INSTALL:
26201: 	Document new --disable-setreuid option and change description for
26202: 	--disable-saved-ids to match new error message.
26203: 	[14fd3e5f60a5]
26204: 
26205: 	* set_perms.c:
26206: 	fatal() now takes an argument that determines whether or not to call
26207: 	perror().
26208: 	[d826b25e62ff]
26209: 
26210: 	* TROUBLESHOOTING:
26211: 	Update for new error messages from set_perms()
26212: 	[78007c3f76a9]
26213: 
26214: 	* PORTING:
26215: 	Update for new error messages from set_perms()
26216: 	[60c545a6bcff]
26217: 
26218: 2002-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
26219: 
26220: 	* auth/pam.c:
26221: 	Make this compile w/o warnings
26222: 	[b90843a29af5]
26223: 
26224: 	* auth/pam.c:
26225: 	Mention that we can't use pam_acct_mgmt()
26226: 	[1dfc5a6e0479]
26227: 
26228: 	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
26229: 	The user's password was not zeroed after use when AIX
26230: 	authentication, BSD authentication, FWTK or PAM was in use.
26231: 	[b18fff30b1e7]
26232: 
26233: 2002-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
26234: 
26235: 	* auth/pam.c:
26236: 	Avoid giving PAM a NULL password response, use the empty string
26237: 	instead. This avoids a log warning when the user hits ^C at the
26238: 	password prompt when PAM is in use.
26239: 	[c3315805e4e4]
26240: 
26241: 	* auth/pam.c:
26242: 	Don't check the return value of pam_setcred(). In Linux-PAM 0.75
26243: 	pam_setcred() returns the last saved return code, not the return
26244: 	code for the setcred module. Because we haven't called
26245: 	pam_authenticate(), this is not set and so pam_setcred() returns
26246: 	PAM_PERM_DENIED.
26247: 	[73db145fa179]
26248: 
26249: 	* Makefile.in:
26250: 	Don't need a '/' between $(DESTDIR) and a directory.
26251: 	[0901ca618176]
26252: 
26253: 	* Makefile.binary:
26254: 	Don't need a '/' between $(DESTDIR) and a directory.
26255: 	[cd7eb6098b87]
26256: 
26257: 2002-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
26258: 
26259: 	* configure:
26260: 	regen
26261: 	[41b12c039282]
26262: 
26263: 	* configure.in:
26264: 	o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
26265: 	setreuid() o new NetBSD has a real setreuid() o add check for
26266: 	freeifaddrs() if getifaddrs() exists.
26267: 	[a82ee3b01733]
26268: 
26269: 	* config.h.in, interfaces.c:
26270: 	Older BSDi releases lack freeifaddrs() so add a test for that and if
26271: 	it is not present just use free().
26272: 	[6270671ea9d5]
26273: 
26274: 2002-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
26275: 
26276: 	* CHANGES, RUNSON:
26277: 	Checkpoint for 1.6.5p1
26278: 	[26134ecf9b36]
26279: 
26280: 	* auth/passwd.c:
26281: 	Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
26282: 	to normal passwords, not AUTH_FATAL (which just causes an exit).
26283: 	[785e0f4bc0e2]
26284: 
26285: 	* visudo.c:
26286: 	Don't use memory after it has been freed.
26287: 	[c60492739fdb]
26288: 
26289: 	* auth/passwd.c:
26290: 	skeyaccess() wants a struct passwd * not a char *; Patch from
26291: 	Phillip E. Lobbes
26292: 	[65a1d3806fcd] [SUDO_1_6_5]
26293: 
26294: 	* BUGS:
26295: 	++version
26296: 	[b2e1825e692e]
26297: 
26298: 	* CHANGES, RUNSON, TODO:
26299: 	checkpoint for sudo 1.6.5
26300: 	[d730945622e7]
26301: 
26302: 2002-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
26303: 
26304: 	* configure:
26305: 	regen
26306: 	[49744c403ac9]
26307: 
26308: 	* INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
26309: 	version 1.6.5
26310: 	[ec30a5f7fc45]
26311: 
26312: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
26313: 	visudo.man.in:
26314: 	sudo version 1.6.5
26315: 	[458a3bed535d]
26316: 
26317: 	* logging.c:
26318: 	o when invoking the mailer as root use a hard-coded environment that
26319: 	doesn't include any info from the user's environment. Basically
26320: 	paranoia.
26321: 
26322: 	o Add support for the NO_ROOT_MAILER compile-time option and run the
26323: 	mailer as the user and not root if NO_ROOT_MAILER is defined.
26324: 	[4df351ec92ce]
26325: 
26326: 	* set_perms.c, sudo.h:
26327: 	Bring back PERM_FULL_USER
26328: 	[edb6039bb284]
26329: 
26330: 	* configure:
26331: 	regen
26332: 	[3eb2943afa03]
26333: 
26334: 	* version.h:
26335: 	version 1.6.5
26336: 	[044fc9a0c72b]
26337: 
26338: 	* INSTALL, config.h.in, configure.in:
26339: 	Add --disable-root-mailer option to run the mailer as the user and
26340: 	not root.
26341: 	[e9f805397963]
26342: 
26343: 	* CHANGES:
26344: 	checkpoint for 1.6.4p2
26345: 	[b58aae5aa98a]
26346: 
26347: 	* PORTING:
26348: 	Mention the "seteuid(0): Operation not permitted" problem here too
26349: 	just for good measure.
26350: 	[90135b37a691]
26351: 
26352: 2002-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
26353: 
26354: 	* env.c, getspwuid.c, sudo.c:
26355: 	The SHELL environment variable was preserved from the user's
26356: 	environment instead of being reset based on the passwd database when
26357: 	the "env_reset" option was used. Now it is reset as it should be.
26358: 	[300066ef3c71]
26359: 
26360: 	* configure:
26361: 	regen
26362: 	[a47d779e6552]
26363: 
26364: 	* INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
26365: 	sudo.c:
26366: 	Add a configure option to turn off use of POSIX saved IDs
26367: 	[fb18cc8e94d0]
26368: 
26369: 	* configure:
26370: 	regen
26371: 	[d4f2f20025b6]
26372: 
26373: 	* configure.in:
26374: 	add --with-efence option
26375: 	[45c4f33a8e88]
26376: 
26377: 	* sudo.c:
26378: 	Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
26379: 	"sudo -l" would not work if always_set_home was set.
26380: 	[c3a6de6c4800]
26381: 
26382: 	* lex.yy.c:
26383: 	regen
26384: 	[417424452998]
26385: 
26386: 	* parse.lex:
26387: 	Quoted commas were not being treated correctly in command line
26388: 	arguments.
26389: 	[753415541b37]
26390: 
26391: 	* sudo.c:
26392: 	o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
26393: 	Otherwise, the set_home option has no effect.
26394: 
26395: 	o Fix use of freed memory when the "fqdn" flag is set. This was
26396: 	introduced by the fix for the "segv when gethostbynam() fails" bug.
26397: 	Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
26398: 	there is no need to check the "fqdn" flag in set_fqdn() itself.
26399: 	[4b6a4245c04e]
26400: 
26401: 	* env.c:
26402: 	Add 'continue' statements to optimize the switch statement. From
26403: 	Solar.
26404: 	[a82c76975ae5]
26405: 
26406: 2002-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
26407: 
26408: 	* sudoers.cat, sudoers.man.in:
26409: 	Regen from new sudoers.pod
26410: 	[6ecc07b3d0e1] [SUDO_1_6_4]
26411: 
26412: 	* sudoers.pod:
26413: 	Add caveat about stay_setuid flag
26414: 	[9d228a7bea1b]
26415: 
26416: 	* sudo.c:
26417: 	If set_perms == set_perms_posix and the stay_setuid flag is not set,
26418: 	set all uids to 0 and use set_perms_fallback().
26419: 	[c4e54d1ec86f]
26420: 
26421: 	* set_perms.c, sudo.h:
26422: 	Remove PERM_FULL_USER (which is no longer used) and add
26423: 	PERM_FULL_ROOT (used when exec'ing the mailer).
26424: 	[15406c522ea2]
26425: 
26426: 	* logging.c:
26427: 	Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
26428: 	never want to run the mailer setuid.
26429: 	[2294853e0666]
26430: 
26431: 2002-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
26432: 
26433: 	* sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
26434: 	visudo.pod:
26435: 	Use sudo.ws instead of courtesan.com in URLs
26436: 	[55204002a308]
26437: 
26438: 	* Makefile.binary, Makefile.in:
26439: 	Fix mansect substitution
26440: 	[b7b5cbc3aa91]
26441: 
26442: 	* Makefile.in:
26443: 	Substitute man sections in Makefile.binary
26444: 	[040deb785e56]
26445: 
26446: 	* Makefile.binary:
26447: 	Sync install targets with Makefile.in and substitute in man
26448: 	sections.
26449: 	[77882a275281]
26450: 
26451: 	* INSTALL, INSTALL.binary:
26452: 	version is 1.6.4
26453: 	[0f87aabbcb70]
26454: 
26455: 	* Makefile.in:
26456: 	Repair bindist target
26457: 	[8d43bfe7e2d1]
26458: 
26459: 	* CHANGES:
26460: 	sync for 1.6.4
26461: 	[13ca3d4a0a72]
26462: 
26463: 2002-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
26464: 
26465: 	* install-sh:
26466: 	Fix case where neither whoami nor id are found
26467: 	[424dd270bc47]
26468: 
26469: 2002-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
26470: 
26471: 	* install-sh:
26472: 	If neither whoami nor id exists, just assume we are root.
26473: 	[2d2644e42c53]
26474: 
26475: 	* alloc.c:
26476: 	Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
26477: 	on AIX which for some reason isn't pulling in the malloc prototype.
26478: 	[231440d2ee3b]
26479: 
26480: 2002-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
26481: 
26482: 	* Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
26483: 	(c) 2002
26484: 	[700e3b41a68e]
26485: 
26486: 	* CHANGES:
26487: 	checkpoint
26488: 	[33e604bd8d5b]
26489: 
26490: 	* sudo.c:
26491: 	Defer assigning new environment until right before the exec.
26492: 	[f13c49e75c1c]
26493: 
26494: 	* parse.c:
26495: 	kill extra blank line
26496: 	[12ef22e9dae3]
26497: 
26498: 2002-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
26499: 
26500: 	* configure:
26501: 	regen
26502: 	[a6cd2d788f74]
26503: 
26504: 	* configure.in:
26505: 	Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
26506: 	compiler doesn't recognise -O2.
26507: 	[5234aa543692]
26508: 
26509: 	* HISTORY:
26510: 	Clarify origins of Root Group sudo a bit based on info from
26511: 	billp@rootgroup.com
26512: 	[4deef01c4208]
26513: 
26514: 2002-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
26515: 
26516: 	* LICENSE:
26517: 	2002
26518: 	[6c8e089dbd1a]
26519: 
26520: 	* CHANGES:
26521: 	checkpoint for 1.6.4rc1
26522: 	[3349eb87a49f]
26523: 
26524: 2002-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
26525: 
26526: 	* config.h.in:
26527: 	now generated via autoheader
26528: 	[84657d303cb9]
26529: 
26530: 	* configure:
26531: 	regen
26532: 	[207bfa6a13f6]
26533: 
26534: 	* compat.h:
26535: 	Move in some stuff that was previously in config.h.
26536: 	[e576d8b6480f]
26537: 
26538: 	* aclocal.m4, configure.in:
26539: 	Add info for autoheader.
26540: 	[0549cd5da27c]
26541: 
26542: 2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
26543: 
26544: 	* Makefile.in:
26545: 	o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and -g
26546: 	to facilitate non-root installs
26547: 	[619216038f56]
26548: 
26549: 	* install-sh:
26550: 	Add -M option (like -m but only for root) If we can't find "whoami",
26551: 	use "id" w/ some sed.
26552: 	[b39121c8b792]
26553: 
26554: 	* configure:
26555: 	regen
26556: 	[b39b93ff9804]
26557: 
26558: 	* configure.in:
26559: 	allow user to always override mansectsu and mansectform
26560: 	[0fca5e63bd90]
26561: 
26562: 2001-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
26563: 
26564: 	* mkinstalldirs:
26565: 	update from autoconf 2.52
26566: 	[07bd75a508c3]
26567: 
26568: 	* config.guess, config.sub:
26569: 	Update from autoconf 2.52
26570: 	[857b90fe31b7]
26571: 
26572: 	* configure:
26573: 	regen with autoconf 2.52
26574: 	[08e7d1ea2aeb]
26575: 
26576: 	* configure.in:
26577: 	o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
26578: 	mode o Remove compiler-specific checks for HP-UX now that we use
26579: 	AC_PROG_CC_STDC
26580: 	[d433a70b6208]
26581: 
26582: 	* RUNSON:
26583: 	Checkpoint
26584: 	[babf6d2235d1]
26585: 
26586: 	* auth/pam.c:
26587: 	o Add pam_prep_user function to call pam_setcred() for the target
26588: 	user; on Linux this often sets resource limits. o When calling
26589: 	pam_end(), try to convert the auth->result to a PAM_FOO value. This
26590: 	is a hack--we really need to stash the last PAM_FOO value received
26591: 	and use that instead.
26592: 	[6ad6f340dd2a]
26593: 
26594: 	* set_perms.c, sudo.h:
26595: 	o Add pam_prep_user function to call pam_setcred() for the target
26596: 	user; on Linux this often sets resource limits.
26597: 	[67795421ac82]
26598: 
26599: 	* env.c:
26600: 	Fix off by one error in number of bytes allocated via malloc (does
26601: 	not affected any released version of sudo).
26602: 	[5f5915360111]
26603: 
26604: 2001-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
26605: 
26606: 	* lex.yy.c:
26607: 	regen
26608: 	[8208c0277775]
26609: 
26610: 	* parse.lex:
26611: 	Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
26612: 	requiring that they be quoted.
26613: 	[ae59bc8f68dd]
26614: 
26615: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
26616: 	Mention that no double quotes are needed when
26617: 	adding/deleting/assigning a single value to a list.
26618: 	[25efc940a1f0]
26619: 
26620: 	* Makefile.in:
26621: 	Don't rely on mkdefaults being executable, call perl explicitly.
26622: 	[6edc97ba5f1d]
26623: 
26624: 	* sudo.tab.c:
26625: 	regen
26626: 	[49130b2e7e4d]
26627: 
26628: 	* parse.yacc:
26629: 	Remove some XXX that are no longer relevant.
26630: 	[d460ac0d3767]
26631: 
26632: 	* defaults.c:
26633: 	o Roll our own loop instead of using strpbrk() for better
26634: 	grokability o When adding to a list we must malloc() and use
26635: 	memcpy(), not strdup() since we must only copy len bytes from str.
26636: 	[649bef08e1f0]
26637: 
26638: 2001-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
26639: 
26640: 	* sudo.tab.c:
26641: 	regen
26642: 	[f0bbf2c38c0e]
26643: 
26644: 	* parse.yacc:
26645: 	typo in comment
26646: 	[2563711ff593]
26647: 
26648: 2001-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
26649: 
26650: 	* CHANGES:
26651: 	checkpoint
26652: 	[a6d8a29fb30e]
26653: 
26654: 	* configure:
26655: 	regen
26656: 	[bdfcaaf3bd13]
26657: 
26658: 	* configure.in:
26659: 	avoid the -g flag unless --with-devel was specified
26660: 	[a976707bef30]
26661: 
26662: 	* Makefile.in:
26663: 	mkdefaults, def_data.in and sigaction.c were missing from the
26664: 	tarball
26665: 	[6917ffbaa412]
26666: 
26667: 	* Makefile.in:
26668: 	def_data.c was missing
26669: 	[87c78b11453d]
26670: 
26671: 2001-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
26672: 
26673: 	* env.c:
26674: 	Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
26675: 	allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
26676: 	[fc8698e6a45e]
26677: 
26678: 	* TODO:
26679: 	Another TODO item
26680: 	[6f251d6cd466]
26681: 
26682: 	* sudoers:
26683: 	Add comment for Default section so folks know where it should go.
26684: 	[7edba626f392]
26685: 
26686: 2001-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
26687: 
26688: 	* tgetpass.c:
26689: 	Use TCSETAF, not TCSETA to set terminal in termio case
26690: 	[fbd172f6c5d3]
26691: 
26692: 	* sudoers.cat, sudoers.man.in:
26693: 	regen from sudoers.pod
26694: 	[64edd2de816e]
26695: 
26696: 	* sudoers.pod:
26697: 	o Typo, Runas_User_List should be Runas_List o a User_List can not
26698: 	contain a uid o mention that the Defaults section should come after
26699: 	Alias definitions but before the user specifications
26700: 	[54070ba2092b]
26701: 
26702: 2001-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
26703: 
26704: 	* sudoers.cat, sudoers.man.in:
26705: 	regen
26706: 	[e62d1d97693c]
26707: 
26708: 	* sudoers.pod:
26709: 	Fix listpw and verifypw sections, they were not being formatted
26710: 	properly.
26711: 	[123868c2f3e9]
26712: 
26713: 	* sudoers.cat, sudoers.man.in:
26714: 	regen
26715: 	[f94841f8b374]
26716: 
26717: 	* sudoers.pod:
26718: 	fix typos
26719: 	[f278f1c1184e]
26720: 
26721: 	* configure:
26722: 	regen
26723: 	[d2270049ba9f]
26724: 
26725: 	* config.h.in, configure.in:
26726: 	use AC_SYS_POSIX_TERMIOS instead of rolling our own
26727: 	[c1a13f1354b9]
26728: 
26729: 	* README:
26730: 	Reference sudo.ws not courtesan.com
26731: 	[ca13be67ebd7]
26732: 
26733: 	* PORTING:
26734: 	Add notes on shadow passwords
26735: 	[aa13863f2314]
26736: 
26737: 	* BUGS:
26738: 	In list mode (sudo -l), characters escaped with a backslash are
26739: 	shown verbatim with the backslash.
26740: 	[1a75a2858be2]
26741: 
26742: 	* sudoers:
26743: 	Add simple examples from OpenBSD (Marc Espie)
26744: 	[3ae9a9ae4125]
26745: 
26746: 	* tgetpass.c:
26747: 	Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
26748: 	[f8817699ee10]
26749: 
26750: 	* CHANGES:
26751: 	minor prettyification
26752: 	[f523587929b9]
26753: 
26754: 	* CHANGES:
26755: 	Updated change log
26756: 	[39d9010ee7a8]
26757: 
26758: 	* testsudoers.c:
26759: 	Fix CIDR handling here too.
26760: 	[c91db8344c32]
26761: 
26762: 	* auth/pam.c:
26763: 	Apparently a NULL response is OK
26764: 	[83bae61078d9]
26765: 
26766: 	* TODO:
26767: 	Checkpoint for upcoming beta release
26768: 	[efb95c09df2a]
26769: 
26770: 	* TROUBLESHOOTING:
26771: 	Many people believe that adding a runas spec should obviate the need
26772: 	for the -u flag. It does not.
26773: 	[c698bad85b0e]
26774: 
26775: 	* RUNSON:
26776: 	checkpoint update for upcoming 1.6.4 beta
26777: 	[009e465a0a45]
26778: 
26779: 	* config.h.in:
26780: 	o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
26781: 	if HAVE_STRING_H is defined -- this is safe now
26782: 	[d27c035f4e14]
26783: 
26784: 	* PORTING:
26785: 	Add signals section
26786: 	[2d24c13cb3c8]
26787: 
26788: 	* configure:
26789: 	regen
26790: 	[2b80a939e2ed]
26791: 
26792: 	* configure.in:
26793: 	Fix check for sigaction_t
26794: 	[6fa41c89ab20]
26795: 
26796: 	* sudo.c:
26797: 	XXX - should call find_path() as runas user, not root. Can't do that
26798: 	until the parser changes though.
26799: 	[f0b4f85651bd]
26800: 
26801: 	* sudo.c:
26802: 	If find_path() fails as root, try again as the invoking user (useful
26803: 	for NFS). Idea from Chip Capelik.
26804: 	[e03fa7872692]
26805: 
26806: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
26807: 	Regenerate after pod file changes
26808: 	[48e4bd75ec21]
26809: 
26810: 	* def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
26811: 	sudo.pod, sudoers.pod:
26812: 	Add new sudoers option "preserve_groups". Previously sudo would not
26813: 	call initgroups() if the target user was root. Now it always calls
26814: 	initgroups() unless the -P command line option or the
26815: 	"preserve_groups" sudoers option is set. Idea from TJ Saunders.
26816: 	[4f730359f101]
26817: 
26818: 2001-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
26819: 
26820: 	* compat.h, config.h.in:
26821: 	Use new HAVE_SIGACTION_T define
26822: 	[dfb25f3cae5b]
26823: 
26824: 	* logging.c:
26825: 	Fix compilation on K&C
26826: 	[7355e3275e34]
26827: 
26828: 	* configure:
26829: 	regen
26830: 	[a710584f92f0]
26831: 
26832: 	* configure.in:
26833: 	Add check for sigaction_t -- IRIX already defines this so don't
26834: 	redefine it.
26835: 	[df9c5737f6da]
26836: 
26837: 	* snprintf.c:
26838: 	fix typo
26839: 	[3d782b8134c8]
26840: 
26841: 	* interfaces.c:
26842: 	need stdlib.h here too
26843: 	[c789d8973ab2]
26844: 
26845: 	* configure:
26846: 	regen
26847: 	[44822856bf46]
26848: 
26849: 	* configure.in:
26850: 	Remove redundant checks for string.h, strings.h and unistd.h
26851: 	[933c94f8bbf4]
26852: 
26853: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
26854: 	visudo.man.in:
26855: 	Regen from pod files
26856: 	[ad18c590f638]
26857: 
26858: 	* BUGS:
26859: 	Update for 1.6.4
26860: 	[26bc88b69d22]
26861: 
26862: 	* configure, lex.yy.c, sudo.tab.c:
26863: 	regen
26864: 	[bef89fd6fa2d]
26865: 
26866: 	* strerror.c:
26867: 	Return EINVAL if errnum > sys_nerr
26868: 	[0512374e6661]
26869: 
26870: 	* auth/sudo_auth.h:
26871: 	o Update copyright year
26872: 	[a877016db6e2]
26873: 
26874: 	* LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
26875: 	config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
26876: 	sudo.pod:
26877: 	o Update copyright year
26878: 	[e15a1b39039f]
26879: 
26880: 	* configure.in:
26881: 	o Don't define STDC_HEADERS unconditionally for IRIX o Update
26882: 	copyright year
26883: 	[82a8cb819e07]
26884: 
26885: 	* README:
26886: 	update version
26887: 	[d82e523a16b4]
26888: 
26889: 	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
26890: 	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
26891: 	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
26892: 	auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
26893: 	set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
26894: 	visudo.c:
26895: 	o Reorder some headers and use STDC_HEADERS define properly o Update
26896: 	copyright year
26897: 	[fe39f76b3795]
26898: 
26899: 	* lsearch.c:
26900: 	o Reorder some headers and use STDC_HEADERS define properly o Update
26901: 	copyright year
26902: 	[764ba3d4fa13]
26903: 
26904: 	* getspwuid.c, goodpath.c, interfaces.c:
26905: 	o Reorder some headers and use STDC_HEADERS define properly o Update
26906: 	copyright year
26907: 	[fb46d46140d4]
26908: 
26909: 	* getcwd.c:
26910: 	o Reorder some headers and use STDC_HEADERS define properly o Update
26911: 	copyright year
26912: 	[b199d70ac7ab]
26913: 
26914: 	* alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
26915: 	fnmatch.c:
26916: 	o Reorder some headers and use STDC_HEADERS define properly o Update
26917: 	copyright year
26918: 	[dab8f192a3ed]
26919: 
26920: 	* configure:
26921: 	regen
26922: 	[156658f25cea]
26923: 
26924: 	* tgetpass.c:
26925: 	flags set in signal handlers should be volatile sig_atomic_t
26926: 	[c22931a5535e]
26927: 
26928: 	* config.h.in, configure.in:
26929: 	Add checks for volatile and sig_atomic_t
26930: 	[b03b3341381d]
26931: 
26932: 	* configure, lex.yy.c:
26933: 	regen
26934: 	[ed9daba88217]
26935: 
26936: 	* def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
26937: 	sudo.c, sudoers.pod:
26938: 	Remove "secure_path" Defaults option since it cannot work with the
26939: 	existing parser.
26940: 	[c9e54a0f5971]
26941: 
26942: 	* find_path.c, sudo.c:
26943: 	Unset "secure_path" if user_is_exempt()
26944: 	[fb7544565ae8]
26945: 
26946: 	* env.c, pathnames.h.in:
26947: 	o Remove assumption that PATH and TERM are not listed in env_keep o
26948: 	If no PATH is in the environment use a default value o If TERM is
26949: 	not set in the non-reset case also give it a default value.
26950: 	[c987eb7df268]
26951: 
26952: 	* aclocal.m4, configure.in, defaults.c, pathnames.h.in:
26953: 	_PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
26954: 	systems that define in paths.h
26955: 	[51865b0cdebf]
26956: 
26957: 	* auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
26958: 	Add support for skeyaccess(3) if it is present in libskey.
26959: 	[8add77c7d3e7]
26960: 
26961: 2001-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
26962: 
26963: 	* sudo.c:
26964: 	Only need to do 'lc = login_getclass(NULL)' if lc == NULL
26965: 	[5a3d3cbf2c6d]
26966: 
26967: 	* parse.lex:
26968: 	'\\' is a perfectly legal character to have in a command line
26969: 	argument.
26970: 	[c15a466ef00e]
26971: 
26972: 	* sudo.c:
26973: 	o Defer call to set_fqdn() until it is safe to use log_error() o
26974: 	Don't print errno string value if gethostbyname fails, it is not
26975: 	relevant
26976: 	[c0c6bcf08bcb]
26977: 
26978: 	* parse.c:
26979: 	Fix CIDR -> in_addr_t conversion.
26980: 	[2f307ebeb63f]
26981: 
26982: 2001-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
26983: 
26984: 	* sudoers.pod:
26985: 	Remove an extra "User_List" in the User_Spec definition From
26986: 	ybertrand AT snoopymail.com
26987: 	[97bde59ea280]
26988: 
26989: 	* parse.c:
26990: 	Make 'listpw=never' work for users who are not explicitly mentioned
26991: 	in sudoers.
26992: 	[258f0f30a428]
26993: 
26994: 	* sudoers.pod:
26995: 	Remove gratuitous '=' in EBNF grammar; era AT iki.fi
26996: 	[4b0f03872ee1]
26997: 
26998: 	* sudoers.pod:
26999: 	Document new list Defaults type and convert env_keep and env_delete
27000: 	to lists. Document new env_check option.
27001: 	[a07f1f079fe3]
27002: 
27003: 	* lex.yy.c, sudo.tab.c, sudo.tab.h:
27004: 	regen parser
27005: 	[e39ac6c6581b]
27006: 
27007: 	* parse.lex:
27008: 	Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
27009: 	to #[0-9-]+.
27010: 	[69c5388908f3]
27011: 
27012: 	* configure:
27013: 	regen
27014: 	[0f1877b88cb3]
27015: 
27016: 	* aclocal.m4:
27017: 	Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
27018: 	[6545503ae361]
27019: 
27020: 	* config.h.in, configure.in:
27021: 	Add check for skeyaccess(3)
27022: 	[6caf69fe6359]
27023: 
27024: 	* visudo.pod:
27025: 	Document new -c, -f, and -q options
27026: 	[13d0203c21d3]
27027: 
27028: 	* visudo.c:
27029: 	o Add -f option (alternate sudoers file) o Convert to use getopt(3)
27030: 	[4c2b664d617d]
27031: 
27032: 	* configure:
27033: 	regen
27034: 	[6d5bd932e7b5]
27035: 
27036: 	* aclocal.m4, config.h.in, configure.in:
27037: 	Add check for isblank and a replacement macro if it doesn't exist.
27038: 	[b524f5e4f953]
27039: 
27040: 2001-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
27041: 
27042: 	* visudo.c:
27043: 	In check-only mode, don't create sudoers if it does not already
27044: 	exist.
27045: 	[c748a2d5acad]
27046: 
27047: 	* parse.yacc:
27048: 	o Add a new token, DEFVAR, to indicate a Defaults variable name o
27049: 	Add support for "+=" and "-=" list operators o replace some 1 and 0
27050: 	with TRUE and FALSE for greater legibility.
27051: 	[554cb174b37e]
27052: 
27053: 	* parse.lex:
27054: 	o Use exclusive start conditions to remove some ambiguity in the
27055: 	lexer. Also reorder some things for clarity. o Add support for "+="
27056: 	and "-=" list operators. o Use the new DEFVAR token to denote a
27057: 	Defaults variable name.
27058: 	[3a2cf8323e26]
27059: 
27060: 	* sudo.h:
27061: 	Prototype init_envtables()
27062: 	[b74916469dab]
27063: 
27064: 	* env.c:
27065: 	o Convert environment handling to use lists instead of strings. This
27066: 	greatly simplifies routines that need to do "foreach" type
27067: 	operations. o Add new init_envtables() function to set env_check and
27068: 	env_delete defaults based on initial_badenv_table and
27069: 	initial_checkenv_table (formerly sudo_badenv_table).
27070: 	[0a8b404658b6]
27071: 
27072: 	* defaults.c, defaults.h:
27073: 	o Add a new LIST type and functions to manipulate it. o This is for
27074: 	use with environment handling variables. o Call new init_envtables()
27075: 	routine inside init_defaults() to initialize the environment lists.
27076: 	[ae73e64f0902]
27077: 
27078: 	* def_data.c, def_data.h, def_data.in:
27079: 	Convert environment options to use the new LIST type and add a new
27080: 	one, env_check that only deletes if the sanity check fails.
27081: 	[3019503936de]
27082: 
27083: 	* testsudoers.c:
27084: 	Add dummy version of init_envtables()
27085: 	[9d9e3ee609d9]
27086: 
27087: 	* parse.yacc:
27088: 	honor quiet mode
27089: 	[8330fba6167c]
27090: 
27091: 	* visudo.c:
27092: 	Add check-only mode
27093: 	[dab411bc8c35]
27094: 
27095: 	* mkdefaults:
27096: 	Fix generation of entries with NULL descriptions.
27097: 	[ea75b9fed02e]
27098: 
27099: 2001-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
27100: 
27101: 	* tgetpass.c:
27102: 	Use sigaction_t and quiet a gcc warning.
27103: 	[6f67d719c452]
27104: 
27105: 	* sudo.c:
27106: 	Must reset signal handlers before we exec
27107: 	[300418120e1a]
27108: 
27109: 	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
27110: 	auth/sudo_auth.c:
27111: 	Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
27112: 	version needs testing. Set SIGTSTP to SIG_DFL during password entry
27113: 	so user can suspend us.
27114: 	[00304aa58747]
27115: 
27116: 	* tgetpass.c:
27117: 	Add support for interrupting/suspending tgetpass via keyboard input.
27118: 	If you suspend sudo from the password prompt and resume it will re-
27119: 	prompt you.
27120: 	[4af2b5101d32]
27121: 
27122: 	* sudo.c:
27123: 	Don't block keyboard interrupt signals, just set them to SIG_IGN.
27124: 	[d46d7f67ef6b]
27125: 
27126: 2001-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
27127: 
27128: 	* config.h.in:
27129: 	add back HAVE_SIGACTION
27130: 	[c9c7702c603e]
27131: 
27132: 	* configure:
27133: 	regen
27134: 	[09fe669d337f]
27135: 
27136: 	* config.h.in, configure.in, logging.c, sudo.c, visudo.c:
27137: 	Kill POSIX_SIGNALS define and old signal support now that we emulate
27138: 	POSIX ones Also be sure to correctly initialize struct sigaction.
27139: 	[4bc2a6dbb2be]
27140: 
27141: 	* strerror.c:
27142: 	Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
27143: 	[1ad64a19f328]
27144: 
27145: 	* compat.h:
27146: 	Add scaffolding for POSIX signal emulation
27147: 	[945861d4c93b]
27148: 
27149: 	* sigaction.c:
27150: 	o Add missing ';' so this compiles o Can't use NULL since we don't
27151: 	include stdio.h
27152: 	[04d0cac7438f]
27153: 
27154: 	* sigaction.c:
27155: 	Emulate sigaction() using sigvec()
27156: 	[d0b54a989875]
27157: 
27158: 2001-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
27159: 
27160: 	* sudoers.pod:
27161: 	Document new behavior of negative values of timestamp_timeout Fix a
27162: 	typo
27163: 	[4c0716570d01]
27164: 
27165: 	* sudo.pod:
27166: 	Add security note about command not being logged after 'sudo su' and
27167: 	friends.
27168: 	[43294851a33c]
27169: 
27170: 	* sudo.pod:
27171: 	Mention that -V prints default values when run as root, including
27172: 	the list of environment variables to clear.
27173: 	[d9e5e550a8c3]
27174: 
27175: 	* Makefile.in:
27176: 	Run pod2man with --quotes=none to avoid stupid quoting of C<>
27177: 	entries.
27178: 	[997b23c35dbe]
27179: 
27180: 2001-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
27181: 
27182: 	* auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
27183: 	Add mail_badpass option Also modify mail_always behavior to also
27184: 	send mail when the password is wrong
27185: 	[838d40ccafce]
27186: 
27187: 	* env.c, sudo.c, sudo.h:
27188: 	Dump default bad env table when 'sudo -V' is run by root.
27189: 	[f67f1b8048b0]
27190: 
27191: 	* sudoers.pod:
27192: 	document env_delete
27193: 	[d74f893663a2]
27194: 
27195: 	* env.c:
27196: 	Add support for '*' in env_keep when not resetting the environment
27197: 	(ie: the normal case).
27198: 	[fd4fb62ea8fd]
27199: 
27200: 	* env.c:
27201: 	Add env_delete variable that lets the user replace/add to the
27202: 	bad_env_table. Allow '*' wildcard in env_keep entries.
27203: 	[aa728bc35e29]
27204: 
27205: 2001-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
27206: 
27207: 	* mkinstalldirs:
27208: 	Force umask to 022 to guarantee sane directory permissions.
27209: 	[9ab3cfe70569]
27210: 
27211: 2001-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
27212: 
27213: 	* Makefile.in:
27214: 	add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
27215: 	[671010465e6f]
27216: 
27217: 	* mkdefaults:
27218: 	fix breakage in last commit
27219: 	[8318f8851e56]
27220: 
27221: 	* Makefile.in:
27222: 	acsite.m4 -> aclocal.m4
27223: 	[30c146873a01]
27224: 
27225: 	* check.c:
27226: 	fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
27227: 	[4dc8b39954da]
27228: 
27229: 	* def_data.c:
27230: 	regenerated from def_data.in
27231: 	[915ea16ce1eb]
27232: 
27233: 	* check.c, defaults.c, defaults.h:
27234: 	Add new T_UINT type that most things use instead of T_INT If
27235: 	timestamp_timeout is < 0 then treat the ticket as never expiring (to
27236: 	be expired manually by the user).
27237: 	[3a3a636a2a5d]
27238: 
27239: 	* def_data.in:
27240: 	change most T_INT -> T_UINT
27241: 	[a2228d2457af]
27242: 
27243: 	* mkdefaults:
27244: 	fix warning when no args
27245: 	[ca70a5394af5]
27246: 
27247: 	* visudo.c:
27248: 	Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
27249: 	we are a signal handler. We no longer print the signal number but
27250: 	the user can just check the exit value for that.
27251: 	[dc424f631fef]
27252: 
27253: 2001-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
27254: 
27255: 	* logging.c:
27256: 	when setting up pipes in child process check for case where stdin ==
27257: 	pipe fd 0
27258: 	[518112d76184]
27259: 
27260: 2001-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
27261: 
27262: 	* visudo.c:
27263: 	Ignore editor exit value since XPG4 says vi's exit value is the
27264: 	count of editing errors made (failed searches, etc).
27265: 	[b9d952284865]
27266: 
27267: 2001-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
27268: 
27269: 	* configure:
27270: 	regen
27271: 	[cb3aa586f03b]
27272: 
27273: 	* configure.in:
27274: 	sco now is identified by config.guess as *-sco-*
27275: 	[46664bbdea61]
27276: 
27277: 	* configure.in:
27278: 	Check for getspnam() in -lgen if not in -lc for UnixWare.
27279: 	[0f152ad1ba93]
27280: 
27281: 2001-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
27282: 
27283: 	* sudoers.pod, visudo.pod:
27284: 	"upper case" -> "uppercase"
27285: 	[f9151f232326]
27286: 
27287: 	* sudoers.pod:
27288: 	fix typos and grammar; pjanzen@foatdi.harvard.edu
27289: 	[2855d73d0237]
27290: 
27291: 2001-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
27292: 
27293: 	* sudoers.pod:
27294: 	Missing word (specify); krapht@secureops.com
27295: 	[65523eb37a2c]
27296: 
27297: 2001-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
27298: 
27299: 	* sudo.c:
27300: 	If we fail to lookup a login class, apply the default one.
27301: 	[d4869faa6816]
27302: 
27303: 	* logging.c:
27304: 	In log_error() free message, not logline unconditionally, then free
27305: 	logline if it is not the same as message. No function change but
27306: 	this mirrors how they are allocated.
27307: 	[565e5f6cc643]
27308: 
27309: 2001-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
27310: 
27311: 	* configure:
27312: 	regenerate
27313: 	[834a48f548a2]
27314: 
27315: 	* configure.in:
27316: 	remove some backslash quotes that are unneeded
27317: 	[50d401d6e2ca]
27318: 
27319: 	* configure.in:
27320: 	o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
27321: 	instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
27322: 	can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
27323: 	to AC_DEFINE things manually.
27324: 	[f502c5f15f92]
27325: 
27326: 	* config.guess, config.sub:
27327: 	Updated from autoconf-2.50
27328: 	[6140205915ef]
27329: 
27330: 2001-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
27331: 
27332: 	* README:
27333: 	Update mailing list section. We use mailman now, not majordomo.
27334: 	[b9a8ca45e6dc]
27335: 
27336: 2001-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
27337: 
27338: 	* getspwuid.c, logging.c, sudo.c:
27339: 	Use setpwent()/endpwent() + all the shadow variants to make sure we
27340: 	don't inadvertantly leak an fd to the child. Apparently Linux's
27341: 	shadow routines leave the fd open even if you don't call setspent().
27342: 	Reported by mike@gistnet.com; different patch used.
27343: 	[d33792ef6c01]
27344: 
27345: 2001-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
27346: 
27347: 	* sudoers.pod:
27348: 	s/eg./e.g./
27349: 	[bd32a0acaf93]
27350: 
27351: 	* tgetpass.c:
27352: 	select() may return EAGAIN. If so, continue like we do for EINTR.
27353: 	[5f202c943818]
27354: 
27355: 	* logging.c:
27356: 	Fix a non-exploitable buffer overflow in the word splitting code.
27357: 	This should really be rewritten.
27358: 	[4c724363863a]
27359: 
27360: 	* Makefile.in:
27361: 	FAQ link goes away
27362: 	[1d26dd6c8972]
27363: 
27364: 	* INSTALL:
27365: 	Tell people to look in sample.syslog.conf for examples, not FAQ
27366: 	[affcae3f43ca]
27367: 
27368: 	* TROUBLESHOOTING:
27369: 	Update list of env vars that are cleared
27370: 	[234e56f1435a]
27371: 
27372: 	* sudo.c:
27373: 	remove struct env_table decl since that stuff has all moved to env.c
27374: 	[5dd923148777]
27375: 
27376: 2001-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
27377: 
27378: 	* fileops.c:
27379: 	Fix a pasto in flock-style unlocking and include <sys/file.h> for
27380: 	flock on older systems; twetzel@gwdg.de
27381: 	[d5420d9d2861]
27382: 
27383: 	* configure:
27384: 	regen to get NeXT lockf/flock fix
27385: 	[d3ba6ed70e15]
27386: 
27387: 	* configure.in:
27388: 	force NeXT to use flock since lockf is broken
27389: 	[bd5391dca1bb]
27390: 
27391: 2001-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
27392: 
27393: 	* check.c:
27394: 	Use stashed user_gid when checking against exempt gid since sudo
27395: 	sets its gid to a a value that makes sudoers readable. Previously if
27396: 	you used gid 0 as the exempt group everyone would be exempt. From
27397: 	Paul Kranenburg <pk@cs.few.eur.nl>
27398: 	[0b140cc3a817]
27399: 
27400: 2001-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
27401: 
27402: 	* configure:
27403: 	regen
27404: 	[cc455408f32b]
27405: 
27406: 	* aclocal.m4:
27407: 	#include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
27408: 	some types (such as ssize_t) therein.
27409: 	[b6aee85ca331]
27410: 
27411: 2001-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
27412: 
27413: 	* defaults.c:
27414: 	Fix negation of paths in a boolean context. Problem found by
27415: 	apt@UH.EDU
27416: 	[8aee217a7cdf]
27417: 
27418: 2001-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
27419: 
27420: 	* visudo.c:
27421: 	pasto
27422: 	[ad32b277bf68]
27423: 
27424: 2001-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
27425: 
27426: 	* visudo.c:
27427: 	SA_RESETHAND means the opposite of what I was thinking--oops To
27428: 	block all signals in old-style signals use ~0, not 0xffffffff
27429: 	[6ecdd793590a]
27430: 
27431: 2001-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
27432: 
27433: 	* defaults.c:
27434: 	coerce difference of pointers to int when used in a string length
27435: 	printf format; deraadt@openbsd.org
27436: 	[a9d10f07180d]
27437: 
27438: 2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
27439: 
27440: 	* visudo.c:
27441: 	Block all signals in Exit() to avoid a signal race. There is still a
27442: 	tiny window but I'm not going to worry about it.
27443: 	[6661805c0458]
27444: 
27445: 2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
27446: 
27447: 	* env.c:
27448: 	glibc uses the LANGUAGE env var so clear that too; Solar Designer
27449: 	[d4ba95628afb]
27450: 
27451: 	* lex.yy.c:
27452: 	Regenerate with a fix to flex.skl that preserves errno from
27453: 	clobbering by isatty().
27454: 	[607eec736e19]
27455: 
27456: 2000-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
27457: 
27458: 	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
27459: 	auth/sia.c, auth/sudo_auth.c:
27460: 	Some defaults I_ defines got renamed.
27461: 	[ec19b23caaf3]
27462: 
27463: 	* Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
27464: 	defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
27465: 	set_perms.c, sudo.c, sudo.tab.c:
27466: 	Move defaults info into its own files from which we generate .h and
27467: 	.c files. This makes adding or rearranging variables much simpler.
27468: 	[e91b880b5043]
27469: 
27470: 2000-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
27471: 
27472: 	* configure, configure.in:
27473: 	fix typo in last commit
27474: 	[10a6ee2bae71]
27475: 
27476: 	* compat.h, config.h.in, configure, configure.in:
27477: 	Add check + emulation for setegid (like seteuid).
27478: 	[29492092bd2f]
27479: 
27480: 	* env.c:
27481: 	Make env_keep override badenv_table as documented Fix traversal of
27482: 	badenv_table (broken in last commit)
27483: 	[37c9f0d22673]
27484: 
27485: 	* set_perms.c, sudo.c, sudo.h:
27486: 	Don't try and build saved uid version of set_perms on systems w/o
27487: 	them. Rename set_perms_saved_uid() -> set_perms_posix() Make
27488: 	set_perms_setreuid simply be set_perms_fallback() and simply include
27489: 	the appropriate function at compile time (setreuid() vs. setuid()).
27490: 	[3107333c062c]
27491: 
27492: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
27493: 	PATH is also preserved when env_reset is in effect
27494: 	[90e45c5711ff]
27495: 
27496: 	* CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
27497: 	configure.in, defaults.c, defaults.h, env.c, find_path.c,
27498: 	getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
27499: 	sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
27500: 	visudo.c, visudo.cat, visudo.man.in:
27501: 	New Defaults options: o stay_setuid - sudo will remain setuid if
27502: 	system has saved uids or setreuid(2) o env_reset - reset the
27503: 	environment to a sane default o env_keep - preserve environment
27504: 	variables that would otherwise be cleared
27505: 
27506: 	No longer use getenv/putenv/setenv functions--do environment munging
27507: 	by hand. Potentially dangerous environment variables can be cleared
27508: 	only if they contain '/' pr '%' characters to protect buggy
27509: 	programs. Moved environment routines into env.c (new file)
27510: 	[c2f97651db4c]
27511: 
27512: 	* INSTALL:
27513: 	Clear up --without-passwd description
27514: 	[2f336dab6733]
27515: 
27516: 	* putenv.c, sudo_setenv.c:
27517: 	We now build up a new environment from scratch and assign it to
27518: 	"environ".
27519: 	[6ae6152f2238]
27520: 
27521: 2000-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
27522: 
27523: 	* sudo.pod, visudo.pod:
27524: 	Grammatical fixes from Paul Janzen
27525: 	[e03ead2e56f8]
27526: 
27527: 2000-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
27528: 
27529: 	* visudo.c:
27530: 	If there was a syntax error and the user just wants to quit, unlink
27531: 	sudoers if it is zero length.
27532: 	[74ba7921f520]
27533: 
27534: 	* visudo.c:
27535: 	'Q' means ignore parse error, not 'q'
27536: 	[e8d0e4491fe6]
27537: 
27538: 	* visudo.c:
27539: 	Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
27540: 	<dim@xs4all.nl>
27541: 	[b24990a72491]
27542: 
27543: 2000-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
27544: 
27545: 	* set_perms.c:
27546: 	Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
27547: 	[41a8db10e076]
27548: 
27549: 2000-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
27550: 
27551: 	* config.guess, config.sub:
27552: 	Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
27553: 	[6052da895d2e]
27554: 
27555: 2000-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
27556: 
27557: 	* sudo.c, visudo.c:
27558: 	Use exit(127), not exit(-1)
27559: 	[9ff0c3eada34]
27560: 
27561: 	* Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
27562: 	Move set_perms() to its own file and use POSIX saved uid or
27563: 	setreuid() if available.
27564: 
27565: 	Added stay_setuid option for systems that have libraries that
27566: 	perform extra paranoia checks in system libraries for setuid
27567: 	programs (ie: anything with issetugid(2)).
27568: 	[28960f842698]
27569: 
27570: 	* sudo.c:
27571: 	strip more bits from the environment and add a facility for
27572: 	stripping things only if they contain '/' or '%' to address printf
27573: 	format string vulnerabilities in other programs.
27574: 	[b98d6375f299]
27575: 
27576: 2000-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
27577: 
27578: 	* configure:
27579: 	regen
27580: 	[7e74e5c91049]
27581: 
27582: 	* configure.in:
27583: 	For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
27584: 	strcasecmp().
27585: 	[a418e9e70442]
27586: 
27587: 	* configure:
27588: 	regen
27589: 	[bbff244a52bc]
27590: 
27591: 	* configure.in:
27592: 	Check for strcasecmp(3) in -lc89 for NCR Unix
27593: 	[361c99576681]
27594: 
27595: 2000-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
27596: 
27597: 	* config.h.in:
27598: 	Define HAVE_INNETGR #ifdef HAVE__INNETGR
27599: 	[473cdb92b6db]
27600: 
27601: 	* configure:
27602: 	regen
27603: 	[4e6364a195e0]
27604: 
27605: 	* compat.h, config.h.in, configure.in:
27606: 	Add check for _innetgr(3) since NCR systems have that instead of
27607: 	innetgr(3).
27608: 	[25e6852e7494]
27609: 
27610: 2000-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
27611: 
27612: 	* auth/securid.c:
27613: 	check return value of creadcfg() call sd_close() after sd_auth()
27614: 	store username in sd->username so we don't rely on the USER env
27615: 	variable
27616: 	[d106b4f42722]
27617: 
27618: 2000-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
27619: 
27620: 	* INSTALL:
27621: 	document --with-bsdauth
27622: 	[f1518ecc2ee9]
27623: 
27624: 	* configure:
27625: 	regen
27626: 	[dceb35071ea8]
27627: 
27628: 	* configure.in:
27629: 	--with-bsdauth assumes --with-logincap
27630: 	[4200778083fd]
27631: 
27632: 	* auth/bsdauth.c, auth/fwtk.c:
27633: 	When prompting for a response to a challenge, if the user just hits
27634: 	return then reprompt with echo turned on.
27635: 	[a539b6474a97]
27636: 
27637: 2000-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
27638: 
27639: 	* sudo.c:
27640: 	Remove debugging code that should not have been committed, oops.
27641: 	[9862607b77a7]
27642: 
27643: 	* auth/bsdauth.c:
27644: 	Use lower-level routines and get the password ourselves. Checks for
27645: 	a challenge and if there is one echo is not turned off.
27646: 	[2d8fcd166baa]
27647: 
27648: 	* auth/pam.c, auth/sudo_auth.h:
27649: 	minor housekeeping, no real code changes
27650: 	[d0074a277fb4]
27651: 
27652: 2000-10-27  Todd C. Miller  <Todd.Miller@courtesan.com>
27653: 
27654: 	* sudo.c:
27655: 	Fix a coredump in the logging functions if gethostname(2) fails by
27656: 	deferring the call to log_error() until things are better setup.
27657: 
27658: 	Fix return value of set_loginclass() in non-BSD-auth case.
27659: 
27660: 	Hard-code 'sudo' in the usage message so we can fit more options on
27661: 	a line
27662: 	[d9d1b7579818]
27663: 
27664: 	* logging.c:
27665: 	Fix errant ';' (typo) that broken MSG_ONLY
27666: 	[849b2276a470]
27667: 
27668: 2000-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
27669: 
27670: 	* sudo.cat, sudo.man.in:
27671: 	regen
27672: 	[bb3c8c6704d1]
27673: 
27674: 	* sudo.pod:
27675: 	Document -a flag
27676: 	[e18316cebaac]
27677: 
27678: 	* Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
27679: 	configure, configure.in, getspwuid.c, sudo.c:
27680: 	Add support for BSD authentication.
27681: 	[f374cfd9ca0d]
27682: 
27683: 2000-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
27684: 
27685: 	* sudoers.pod:
27686: 	Fix typo; from sato@complex.eng.hokudai.ac.jp
27687: 	[3085fee9766e]
27688: 
27689: 2000-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
27690: 
27691: 	* sudoers.pod:
27692: 	Mention negating umask
27693: 	[c9e410294dae]
27694: 
27695: 	* defaults.c:
27696: 	Allow user to specify umask of 0777 (same as !umask)
27697: 	[bb771daa96fe]
27698: 
27699: 2000-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
27700: 
27701: 	* sudo.pod, visudo.pod:
27702: 	Fix a typo and give a URL for the sudo history.
27703: 	[77f73199aedb]
27704: 
27705: 2000-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
27706: 
27707: 	* defaults.c, sudo.pod:
27708: 	fix typos; pepper@reppep.com
27709: 	[5532c7421340]
27710: 
27711: 2000-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
27712: 
27713: 	* sudo.c, sudo.h, sudo_setenv.c:
27714: 	sudo_setenv() now exits on memory alloc failure instead of returning
27715: 	-1.
27716: 	[71f1cf18f47b]
27717: 
27718: 2000-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
27719: 
27720: 	* sudo.c:
27721: 	Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
27722: 	and possibly others.
27723: 	[b69d985b0d22]
27724: 
27725: 	* logging.c:
27726: 	Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
27727: 	that "%m" won't be expanded but we don't use that anyway since the
27728: 	logging routines may splat to stderr as well.
27729: 	[8d37a544d0c0]
27730: 
27731: 	* defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
27732: 	sudoers.pod:
27733: 	Add always_set_home variable
27734: 	[dbcaff646e07]
27735: 
27736: 	* configure, configure.in:
27737: 	Have to hard code default values in help since the defaults are set
27738: 	_after_ the help stuff.
27739: 	[7b5d6d72f55c]
27740: 
27741: 2000-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
27742: 
27743: 	* lex.yy.c, parse.lex:
27744: 	Allow special characters (including '#') to be embedded in pathnames
27745: 	if quoted by a '\\'. The quoted chars will be dealt with by
27746: 	fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
27747: 	[3ed33cf09977]
27748: 
27749: 2000-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
27750: 
27751: 	* install-sh:
27752: 	Better path searching for programs we need.
27753: 	[60517cb1f0d6]
27754: 
27755: 	* TROUBLESHOOTING:
27756: 	Add section on "C compiler cannot create executables" errors.
27757: 	[e4ada6eaee59]
27758: 
27759: 	* Makefile.binary, Makefile.in, version.h:
27760: 	Crank version
27761: 	[93d1bd5b7f5e]
27762: 
27763: 	* aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
27764: 	sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
27765: 	visudo.man.in, visudo.pod:
27766: 	Substitute values from configure into man pages.
27767: 	[619854c356c1]
27768: 
27769: 2000-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
27770: 
27771: 	* parse.c, sudo.c:
27772: 	The listpw and verifypw sudoers options would not take effect
27773: 	because the value of the default was checked *before* sudoers was
27774: 	parsed. Instead of passing in the value of PWCHECK_* to
27775: 	sudoers_lookup(), pass in the arg for def_ival() so the check can be
27776: 	deferred until after sudoers is parsed.
27777: 	[4f596e358f72]
27778: 
27779: 2000-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
27780: 
27781: 	* tgetpass.c:
27782: 	When writing prompt, no need to write the NUL as well;
27783: 	hag@linnaean.org
27784: 	[fbcdd7b431ee]
27785: 
27786: 2000-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
27787: 
27788: 	* install-sh:
27789: 	When looking for chown, check in /sbin too
27790: 	[657ba6653f8c]
27791: 
27792: 2000-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
27793: 
27794: 	* visudo.c:
27795: 	Remove extraneous call to init_defaults() and set runas_user to NULL
27796: 	betweem parses so init_defaults will reset it each time, thus
27797: 	avoiding a reference to free()d data.
27798: 	[7421fcd692af]
27799: 
27800: 2000-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
27801: 
27802: 	* config.h.in, interfaces.c, interfaces.h, sudo.c:
27803: 	Add support for using getifaddrs() to get the list of ip addr /
27804: 	netmask pairs. Currently IPv4-only.
27805: 	[a35bc4f7306d]
27806: 
27807: 	* visudo.c:
27808: 	Add a missing check for UserEditor == NULL Add missing '+' before
27809: 	line number when invoking editor to fix a syntax error
27810: 	[f0d4635f6082]
27811: 
27812: 2000-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
27813: 
27814: 	* sudo.c:
27815: 	Call clean_env very early in main() for paranoia's sake. Idea from
27816: 	Marc Esipovich.
27817: 	[f8d72ebd0115]
27818: 
27819: 2000-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
27820: 
27821: 	* sudo.h:
27822: 	Update proto for evasprintf and easprintf
27823: 	[d147d6e58419]
27824: 
27825: 	* alloc.c:
27826: 	Make easprintf() and evasprintf() return an int.
27827: 	[b2ca5d089667]
27828: 
27829: 	* check.c:
27830: 	If the targetpw flag is set, use target username as part of the
27831: 	timestamp path. If tty tickets are in effect cat the tty and the
27832: 	target username with a ':' as the separator.
27833: 	[de11abc693c2]
27834: 
27835: 2000-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
27836: 
27837: 	* auth/pam.c:
27838: 	Backout part of last change; setting PAM_USER to the invoking user
27839: 	breaks things like targetpw.
27840: 	[427218a7387f]
27841: 
27842: 	* auth/pam.c:
27843: 	set tty and username via pam_set_item
27844: 	[85d1922dbcc9]
27845: 
27846: 	* auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
27847: 	Fix root, runas, and target authentication for non-passwd file auth
27848: 	methods.
27849: 	[a14535e7b30c]
27850: 
27851: 2000-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
27852: 
27853: 	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
27854: 	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
27855: 	Use B<-Z> not C<-Z> for command line flags in all places. This is
27856: 	more consistent and works around a bug in Pod::Man.
27857: 	[64b5a05f30c5]
27858: 
27859: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
27860: 	Fix an occurence of 'semicolon' that should be 'colon'
27861: 	[4ea5aacae3fb]
27862: 
27863: 2000-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
27864: 
27865: 	* configure, configure.in:
27866: 	Fix --with-badpri help line
27867: 	[3cc40977c043]
27868: 
27869: 2000-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
27870: 
27871: 	* defaults.c, logging.c, sudo.c:
27872: 	Bracket calls to syslog with an openlog() and closelog() since some
27873: 	authentication methods (like PAM) may do their own logging via
27874: 	syslog. Since we don't use syslog much (usually just once per
27875: 	session) this doesn't really incur a performance penalty. It also
27876: 	Fixes a SEGV with pam_kafs.
27877: 	[fe1cc28529f6]
27878: 
27879: 2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
27880: 
27881: 	* sudo.c:
27882: 	Fix -H flag. runas_homedir is only valid after set_perms(PERM_RUNAS,
27883: 	mode)
27884: 	[ce9b1c6f68a6]
27885: 
27886: 2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
27887: 
27888: 	* INSTALL:
27889: 	Clarify the fact that insults are not enabled just by including them
27890: 	in the binary.
27891: 	[d5a31d48320c]
27892: 
27893: 2000-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
27894: 
27895: 	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
27896: 	visudo.man.in:
27897: 	Regenerated with perl 5.6.0 pod2man
27898: 	[21751433768b]
27899: 
27900: 	* Makefile.in:
27901: 	Give date string to pod2man since its default is ugly and it ain't
27902: 	got no alibi.
27903: 	[0080b2f6298f]
27904: 
27905: 	* Makefile.in:
27906: 	Do section substitution on the output of pod2man and remove hack
27907: 	needed for old pod2man.
27908: 	[1ef843d5c78b]
27909: 
27910: 	* sudo.pod, sudoers.pod, visudo.pod:
27911: 	Put back real man sections, we will do the substitution later.
27912: 	[f728c1abad7e]
27913: 
27914: 2000-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
27915: 
27916: 	* configure, configure.in:
27917: 	Don't bother checking for the path to vi if user specified --with-
27918: 	editor
27919: 	[bf698487e0d5]
27920: 
27921: 2000-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
27922: 
27923: 	* CHANGES, visudo.c:
27924: 	Visudo now does its own fork/exec instead of calling system(3).
27925: 	[99bbcd88863b]
27926: 
27927: 	* CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
27928: 	sudoers.pod, visudo.c:
27929: 	Visudo now checks for the existence of an editor and gives a
27930: 	sensible error if it does not exist.
27931: 
27932: 	The path to the editor for visudo is now a colon-separated list of
27933: 	allowable editors. If the user has $EDITOR set and it matches one of
27934: 	the allowed editors that editor will be used. If not, the first
27935: 	editor in the list that actually exists is used.
27936: 	[cc86eb9f5440]
27937: 
27938: 	* sudo.cat, sudo.man.in, sudo.pod:
27939: 	Clear up confusion wrt sudo's return value.
27940: 	[9385b12d8e79]
27941: 
27942: 2000-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
27943: 
27944: 	* Makefile.in:
27945: 	Strip sudo and visudo for bindist target
27946: 	[a995ddd79177]
27947: 
27948: 	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
27949: 	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
27950: 	Use @mansectsu@ and @mansectform@ in the man page bodies as well.
27951: 	[5eb9e60a726f] [SUDO_1_6_3]
27952: 
27953: 	* visudo.cat, visudo.man.in, visudo.pod:
27954: 	Typo: @sysconf@ -> @sysconfdir@
27955: 	[f07f52fcd099]
27956: 
27957: 	* Makefile.in:
27958: 	'make dist' should not cause any files to be modified so remove its
27959: 	dependencies.
27960: 	[7f44a2666a9c]
27961: 
27962: 	* CHANGES:
27963: 	Whoops, forgot to add release marker
27964: 	[16c0f16b35b8]
27965: 
27966: 2000-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
27967: 
27968: 	* CHANGES:
27969: 	Final change for 1.6.3 (or so I hope)
27970: 	[473c89da6123]
27971: 
27972: 	* sudo.cat, sudoers.cat, visudo.cat:
27973: 	Use SYSV man sections since BSD systems will have nroff...
27974: 	[0a6bd154324e]
27975: 
27976: 2000-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
27977: 
27978: 	* parse.yacc, sudo.tab.c:
27979: 	When checking to see if the host/user matches in a defaults spec,
27980: 	check against TRUE, not just non-zero since it might be -1.
27981: 	[41f2b7ad3fdd]
27982: 
27983: 	* configure, configure.in:
27984: 	OSF/1 puts file formats in section 4, not 5.
27985: 	[d77c1301afa9]
27986: 
27987: 	* CHANGES, INSTALL, sudo.c:
27988: 	Make login class support work on BSD/OS
27989: 	[e9bbe3c08ade]
27990: 
27991: 	* RUNSON:
27992: 	Update for 1.6.3
27993: 	[c40ce1d76c4d]
27994: 
27995: 	* configure, configure.in:
27996: 	If there is no inet_addr but there *is* an __inet_addr that's ok
27997: 	since inet_addr is probably just a macro then. The better thing to
27998: 	do would be to look for the macro, but this is fine for now.
27999: 	[1b8865ae4d68]
28000: 
28001: 	* configure, configure.in:
28002: 	Don't use shlicc for BSD/OS 4.x
28003: 	[83fbf6dedd2c]
28004: 
28005: 	* Makefile.in, configure, configure.in:
28006: 	*.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
28007: 	configure variable so we can deal with this. Also, only remove *.man
28008: 	for 'distclean' not 'clean'.
28009: 	[30d56e6de214]
28010: 
28011: 	* sudo.c:
28012: 	set_loginclass() should be static like the proto says
28013: 	[d570a2d55fb8]
28014: 
28015: 2000-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
28016: 
28017: 	* fnmatch.c:
28018: 	Add #ifdef __STDC__ around the rangematch function header to avoid
28019: 	promotion of test to int, thus violating the prototype. Gcc handles
28020: 	this gracefully but more std ANSI compilers will complain.
28021: 	[7d98c3e332b2]
28022: 
28023: 	* emul/fnmatch.h:
28024: 	Pull in newer fnmatch(3) that supports FNM_CASEFOLD
28025: 	[4e1320852f8b]
28026: 
28027: 	* aclocal.m4, configure, fnmatch.3, fnmatch.c:
28028: 	Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
28029: 	FNM_CASEFOLD in configure
28030: 	[9ef952bf1896]
28031: 
28032: 	* CHANGES, TODO:
28033: 	update for 1.6.3
28034: 	[e4ba6368a0c5]
28035: 
28036: 	* sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
28037: 	Fully qualified hosts w/ wildcards were not matching the FQHOST
28038: 	token type. There's really no need for a separate token for fully-
28039: 	qualified vs. unqualified anymore so FQHOST is now history and
28040: 	hostname_matches now decides which hostname (short or long) to check
28041: 	based on whether or not the pattern contains a '.'.
28042: 	[fbd2887d9811]
28043: 
28044: 	* parse.h:
28045: 	Fully qualified hosts w/ wildcards were not matching the FQHOST
28046: 	token type. There's really no need for a separate token for fully-
28047: 	qualified vs. unqualified anymore so FQHOST is now history and
28048: 	hostname_matches now decides which hostname (short or long) to check
28049: 	based on whether or not the pattern contains a '.'.
28050: 	[dd7bbe223461]
28051: 
28052: 	* lex.yy.c, parse.c, parse.lex, parse.yacc:
28053: 	Fully qualified hosts w/ wildcards were not matching the FQHOST
28054: 	token type. There's really no need for a separate token for fully-
28055: 	qualified vs. unqualified anymore so FQHOST is now history and
28056: 	hostname_matches now decides which hostname (short or long) to check
28057: 	based on whether or not the pattern contains a '.'.
28058: 	[630d9d205397]
28059: 
28060: 	* parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
28061: 	sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
28062: 	Add support for wildcards in the hostname.
28063: 	[d8d821ed4238]
28064: 
28065: 	* Makefile.in:
28066: 	Add targets for *.man.in, using config.status to generate *.man from
28067: 	*.man.in
28068: 	[640e50ede485]
28069: 
28070: 	* sudoers.cat, sudoers.man.in, sudoers.pod:
28071: 	Document set_logname option and enbolden refs to sudo and visudo.
28072: 	[9622b3a48707]
28073: 
28074: 	* INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
28075: 	sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
28076: 	visudo.cat, visudo.man.in, visudo.pod:
28077: 	Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
28078: 	from Michael D. Marchionna. configure now does substitution on the
28079: 	man pages, allowing us to fix up the paths and set the section
28080: 	correctly. Based on an idea from Michael D. Marchionna.
28081: 	[463e928a0a2f]
28082: 
28083: 	* auth/passwd.c:
28084: 	Better fix for handling HP-UX aging info.
28085: 	[3950f42d8549]
28086: 
28087: 	* sudo.c:
28088: 	Add support for set_logname run-time default
28089: 	[c6a7cc76b8b4]
28090: 
28091: 	* sudo.man.in, sudoers.man.in, visudo.man.in:
28092: 	configure does substitution on these to produce *.man
28093: 	[b83fc3c1bfc9]
28094: 
28095: 	* sudo.man, sudoers.man, visudo.man:
28096: 	These files now get generated from *.man.in at configure time.
28097: 	[c499061f79e0]
28098: 
28099: 2000-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
28100: 
28101: 	* defaults.c, defaults.h:
28102: 	Add set_logname option so users can turn off setting of LOGNAME/USER
28103: 	environment variables.
28104: 	[6316869180b8]
28105: 
28106: 	* lsearch.c, parse.c, testsudoers.c:
28107: 	kill register
28108: 	[6e104e653748]
28109: 
28110: 2000-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
28111: 
28112: 	* auth/passwd.c:
28113: 	HP-UX adds extra info at the end for password aging so when
28114: 	comparing the result of crypt to pw_passwd we only compare the first
28115: 	len(epass) bytes *unless* the user entered an empty string for a
28116: 	password.
28117: 	[3d24d4e4e889]
28118: 
28119: 	* logging.c:
28120: 	Get rid of grandchild hack, it was causing problems and there is
28121: 	really no need for it. This fixes a bug where we spin eating up CPU
28122: 	when the user runs a long-running process like a shell.
28123: 	[5743b10b1e81]
28124: 
28125: 2000-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
28126: 
28127: 	* sudo.c:
28128: 	User can always specify a login class if he/she is already root.
28129: 	[710d160cef9f]
28130: 
28131: 	* config.h.in, configure, configure.in, defaults.c, defaults.h,
28132: 	sudo.c, sudo.h:
28133: 	FreeBSD login class (login.conf) support.
28134: 	[026b981d6328]
28135: 
28136: 2000-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
28137: 
28138: 	* auth/sudo_auth.c:
28139: 	HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
28140: 	[9cd4929f1a78]
28141: 
28142: 2000-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
28143: 
28144: 	* auth/passwd.c:
28145: 	Truncate unencrypted password to 8 chars if encrypted password is
28146: 	exactly 13 characters (indicateing standard a DES password). Many
28147: 	versions of crypt() do this for you, but not all (like HP-UX's).
28148: 	[a9d0259cb193]
28149: 
28150: 2000-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
28151: 
28152: 	* INSTALL, RUNSON:
28153: 	Mention that gcc on dynix may have problems
28154: 	[77b97fa5bf1b]
28155: 
28156: 2000-02-29  Todd C. Miller  <Todd.Miller@courtesan.com>
28157: 
28158: 	* Makefile.in:
28159: 	Link visudo with NET_LIBS since we now call syslog via defaults.c
28160: 	[9e3830b277cc]
28161: 
28162: 	* defaults.c:
28163: 	Use Argv[0] as the first arg to openlog() since visudo uses this
28164: 	too.
28165: 	[e61078f328ec]
28166: 
28167: 2000-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
28168: 
28169: 	* sudo.c:
28170: 	Stash coredumpsize resource limit and retsore it before the exec()
28171: 	Otherwise the child ends up with a coredumpsize of 0.
28172: 	[f6a4783835a3]
28173: 
28174: 2000-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
28175: 
28176: 	* sudo.cat, sudo.man, sudo.pod:
28177: 	document -S flag
28178: 	[3ebd805b7142]
28179: 
28180: 	* sudo.c:
28181: 	fix usage string
28182: 	[66b2dfa47fe8]
28183: 
28184: 	* CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
28185: 	auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
28186: 	Added -S flag (read passwd from stdin) and tgetpass_flags global
28187: 	that holds flags to be passed in to tgetpass(). Change echo_off
28188: 	param to tgetpass() into a flags field. There are currently 2
28189: 	possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
28190: 	tgetpass(), abstract the echo set/clear via macros and if (flags &
28191: 	TGP_ECHO) but echo is not set on the terminal, but sure to set it.
28192: 	[a4fcbb712cd0]
28193: 
28194: 	* tgetpass.c:
28195: 	Fixed a bug that caused an infinite loop when the password timeout
28196: 	was disabled.
28197: 	[2be1ffc5a39f]
28198: 
28199: 2000-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
28200: 
28201: 	* CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
28202: 	sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
28203: 	Add rootpw, runaspw, and targetpw options.
28204: 	[2d4563e46df7]
28205: 
28206: 	* CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
28207: 	visudo.c:
28208: 	enveditor -> env_editor
28209: 	[ddc5f856e583]
28210: 
28211: 2000-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
28212: 
28213: 	* BUGS, INSTALL, Makefile.in, README, configure, configure.in,
28214: 	sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
28215: 	visudo.man:
28216: 	crank versino to 1.6.3
28217: 	[a5f7d3e74360]
28218: 
28219: 	* INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
28220: 	sudoers.pod, visudo.c:
28221: 	Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
28222: 	them. This means that visudo will now parse the sudoers file
28223: 	*before* it is edited so a bogus sudoers file will cause a warning
28224: 	to go to stderr. Also, visudo checks the variables once--it does not
28225: 	check them after each editor run since that could be confusing.
28226: 	[9f5af18e9212]
28227: 
28228: 2000-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
28229: 
28230: 	* RUNSON:
28231: 	1.6.2 -> 1.6.2p1
28232: 	[e25b74f1d1af]
28233: 
28234: 	* check.c, sudo.c, sudo.h:
28235: 	Move user_is_exempt prototype into sudo.h
28236: 	[daf26a6ded8a]
28237: 
28238: 2000-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
28239: 
28240: 	* configure, configure.in:
28241: 	Fix thinko, some && should have been || in the last commit
28242: 	[4b9b2d487ded]
28243: 
28244: 	* configure, configure.in:
28245: 	Don't initialized Makefile variables to be NULL since the user may
28246: 	want to import variables from their environment.
28247: 	[7be019f4422c]
28248: 
28249: 2000-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
28250: 
28251: 	* configure, configure.in:
28252: 	typo
28253: 	[38f4d8971f0a]
28254: 
28255: 2000-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>
28256: 
28257: 	* sudo.tab.c:
28258: 	fix a yacc (skeleton.c) warning
28259: 	[a2da228a937b]
28260: 
28261: 2000-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
28262: 
28263: 	* INSTALL, RUNSON, configure, configure.in:
28264: 	Make pam work on HP-UX 11.0;jaearick@colby.edu
28265: 	[b94de0ff6f42]
28266: 
28267: 	* CHANGES:
28268: 	recent changes; prepare for 1.6.2p1
28269: 	[b291635ea141]
28270: 
28271: 	* find_path.c:
28272: 	Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
28273: 	[4306285c4f6e]
28274: 
28275: 2000-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
28276: 
28277: 	* sudo.tab.c:
28278: 	Regen with yacc that has a memory leak plugged.
28279: 	[e26383a04eb7]
28280: 
28281: 	* sudoers.cat, sudoers.man, sudoers.pod:
28282: 	Expanded docs on sudoers 'defaults' options based on INSTALL file
28283: 	info.
28284: 	[54c3d62d6c74]
28285: 
28286: 	* INSTALL:
28287: 	Fix some while lies
28288: 	[d15311782150]
28289: 
28290: 2000-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
28291: 
28292: 	* Makefile.in:
28293: 	When making a bindist, link FAQ to TROUBLESHOOTING instead of
28294: 	copying.
28295: 	[2d88a6ac88cf]
28296: 
28297: 	* sudoers.cat, sudoers.man, sudoers.pod:
28298: 	Add netgroup caveat
28299: 	[28d119f466e3] [SUDO_1_6_2]
28300: 
28301: 	* RUNSON:
28302: 	Last minute updates
28303: 	[89fb4ed22d52]
28304: 
28305: 	* TROUBLESHOOTING:
28306: 	PAM entry
28307: 	[a9fd59f39457]
28308: 
28309: 	* auth/pam.c:
28310: 	correct a comment
28311: 	[a29627225ba9]
28312: 
28313: 	* CHANGES, RUNSON:
28314: 	update for 1.6.2
28315: 	[b7f1c40ea732]
28316: 
28317: 	* auth/pam.c:
28318: 	Better detection of PAM errors and fix custom prompts with PAM.
28319: 	Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
28320: 	[ff69234b94a5]
28321: 
28322: 2000-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
28323: 
28324: 	* snprintf.c:
28325: 	Cast ULONG_MAX to unsigned long long when comparing to an unsigned
28326: 	long long value.
28327: 	[9d918c3a2ecd]
28328: 
28329: 2000-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
28330: 
28331: 	* CHANGES, config.h.in, configure, configure.in, visudo.c:
28332: 	Fix sudoers locking in visudo. We now lock the sudoers file itself,
28333: 	not the temp file (since locking the temp file can foul up editors).
28334: 	The previous locking scheme didn't work because the fd was closed
28335: 	too early.
28336: 	[de2011bb11ed]
28337: 
28338: 	* config.h.in, configure, configure.in:
28339: 	Don't need test for ftruncate() any more.
28340: 	[e5f71c848104]
28341: 
28342: 	* configure, configure.in:
28343: 	Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
28344: 	the unbundled HP-UX cc.
28345: 	[2c373612c644]
28346: 
28347: 2000-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
28348: 
28349: 	* sudoers.cat, sudoers.man, sudoers.pod:
28350: 	"a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
28351: 	[05360d2c314e]
28352: 
28353: 2000-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
28354: 
28355: 	* LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
28356: 	parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
28357: 	version.h, visudo.c:
28358: 	update copyright year on changed files
28359: 	[5792a2a28a4c]
28360: 
28361: 	* RUNSON:
28362: 	updates
28363: 	[edf8f19aa403]
28364: 
28365: 	* CHANGES:
28366: 	aix fix
28367: 	[4d4a243b31e2]
28368: 
28369: 	* INSTALL:
28370: 	Crank version to 1.6.2
28371: 	[bcb5cb411624]
28372: 
28373: 	* configure:
28374: 	Crank version to 1.6.2
28375: 	[32a19f33427f]
28376: 
28377: 	* sudo.c:
28378: 	When using rlimit check for RLIM_INFINITY When computing the value
28379: 	of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
28380: 	[8c16166802e5]
28381: 
28382: 	* CHANGES:
28383: 	recent changes
28384: 	[09fc7112e44d]
28385: 
28386: 	* BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
28387: 	sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
28388: 	Crank version to 1.6.2
28389: 	[055fa61a7c61]
28390: 
28391: 	* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
28392: 	Add 'shell_noargs' runtime option back in. We have to defer checking
28393: 	until after the sudoers file has been parsed but since there are now
28394: 	other options that operate that way this one can too. Based on a
28395: 	patch from bguillory@email.com.
28396: 	[231db7a007a6]
28397: 
28398: 	* defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
28399: 	Add "listpw" and "verifypw" options.
28400: 	[190683bac878]
28401: 
28402: 	* sudoers.cat, sudoers.man, sudoers.pod:
28403: 	o Fix some typos/omissions o Add section on verifypw and listpw o
28404: 	Define how NOPASSWD interacts with the -v and -l flags
28405: 	[6feb7350eb79]
28406: 
28407: 2000-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
28408: 
28409: 	* configure, configure.in:
28410: 	For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
28411: 	-D_HPUX_SOURCE to CPPFLAGS.
28412: 	[06cc35d89dc8]
28413: 
28414: 	* defaults.c, defaults.h:
28415: 	In struct sudo_defs_types, move the union to the end and don't
28416: 	initialize the union member since that only works with an ANSI
28417: 	compiler. We set the value of the union by hand in init_defaults()
28418: 	anyway. This allows sudo to compile on a K&R compiler again.
28419: 	[623487e1fcfa]
28420: 
28421: 2000-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
28422: 
28423: 	* parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
28424: 	netgr_matches needs to check shost as well as host since they may be
28425: 	different.
28426: 	[3f43ace23d3e]
28427: 
28428: 	* tgetpass.c:
28429: 	End on \r as well as \n
28430: 	[cb7c6e6f4202]
28431: 
28432: 2000-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
28433: 
28434: 	* sudo.c:
28435: 	Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
28436: 	from 0400 to whatever SUDOERS_MODE is (converting from the old
28437: 	sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
28438: 	0400 which should always be the case.
28439: 	[34cd83d49d20]
28440: 
28441: 	* parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
28442: 	Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
28443: 	w/o a passwd if there is *any* entry for the user on the host with a
28444: 	NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
28445: 	the user on the host w/ the specified runas user have the NOPASSWD
28446: 	flag set.
28447: 	[4b3b85697653]
28448: 
28449: 	* Makefile.in:
28450: 	add check target
28451: 	[3d24d34a76fd]
28452: 
28453: 1999-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
28454: 
28455: 	* visudo.c:
28456: 	Treat EOF at whatnow prompt like 'x' instead of looping.
28457: 	[5deffc27114c]
28458: 
28459: 1999-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
28460: 
28461: 	* CHANGES:
28462: 	recent changes
28463: 	[5836a9452568] [SUDO_1_6_1]
28464: 
28465: 1999-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
28466: 
28467: 	* config.h.in, configure, configure.in, sudo.c:
28468: 	Add check for initgroups() since old SYSV lacks this.
28469: 	[657a6005a569]
28470: 
28471: 	* CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
28472: 	parse.c, testsudoers.c:
28473: 	o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
28474: 	exists.
28475: 	[17d081e917d6]
28476: 
28477: 1999-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
28478: 
28479: 	* auth/sudo_auth.c:
28480: 	Don't allow insults to be enabled if the insults[] array is empty.
28481: 	Otherwise there would be division by zero.
28482: 	[b20c14db6029]
28483: 
28484: 	* insults.h:
28485: 	Don't allow insults to be enabled if the insults[] array is empty.
28486: 	Otherwise there would be division by zero.
28487: 	[028f130204b0]
28488: 
28489: 	* CHANGES, RUNSON:
28490: 	Don't allow insults to be enabled if the insults[] array is empty.
28491: 	Otherwise there would be division by zero.
28492: 	[974f4780254b]
28493: 
28494: 	* insults.h:
28495: 	Don't care about USE_INSULTS #define since the insult stuff may be
28496: 	overridden at runtime.
28497: 	[b873df8b299c]
28498: 
28499: 	* auth/sudo_auth.c:
28500: 	Honor insults flag.
28501: 	[756111640fdc]
28502: 
28503: 	* CHANGES, parse.c:
28504: 	Don't ask the user for a password if the user is not allowed to run
28505: 	the command and the authenticate flag (in sudoers) is false.
28506: 	[cea9fdc09c76]
28507: 
28508: 	* CHANGES, RUNSON, lex.yy.c, parse.lex:
28509: 	o Whenever we get a bare newline we change to the INITIAL state. o
28510: 	Enter GOTRUNAS when we see Runas_Alias
28511: 
28512: 	This allows #uid to work in a RunasAlias.
28513: 	[a475513e7c7a]
28514: 
28515: 1999-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
28516: 
28517: 	* CHANGES, parse.yacc, sudo.tab.c:
28518: 	fix parsing of runas lists: o oprunasuser and runaslist now return a
28519: 	value o in a runasspec, if a runaslist does not return TRUE, set
28520: 	runas_matches to FALSE. Normally, a runaslist only returns FALSE for
28521: 	explicitly denied users. o since runaslist does not modify the stack
28522: 	there is no need for a push/pop in runasalias.
28523: 	[82b305b34a8c]
28524: 
28525: 	* check.c, sudo.c:
28526: 	Don't kill the user's tickets until after sudoers has been parsed
28527: 	since tty_tickets and ticket_dir could be set in sudoers.
28528: 	[f43e25367f3a]
28529: 
28530: 	* BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
28531: 	configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
28532: 	sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
28533: 	crank version to 1.6
28534: 	[95f8bdcf9bb2]
28535: 
28536: 	* testsudoers.c:
28537: 	add set_fqdn() stub
28538: 	[bbc81af5b41a]
28539: 
28540: 1999-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
28541: 
28542: 	* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
28543: 	sudoers.man, sudoers.pod, visudo.c:
28544: 	o Kill shell_noargs option, it cannot work since the command needs
28545: 	to be set before sudoers is parsed. o Fix the "set_home" sudoers
28546: 	option (only worked at compile time). o Fix "fqdn" sudoers option.
28547: 	We now set host/shost via set_fqdn which gets called when the "fqdn"
28548: 	option is set in sudoers. o Move the openlog() to store_syslogfac()
28549: 	so this gets overridden correctly from the sudoers file.
28550: 	[3dca861f0f5d]
28551: 
28552: 	* auth/securid.c:
28553: 	SecurID support should compile now.
28554: 	[a544e5c6ea34]
28555: 
28556: 1999-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
28557: 
28558: 	* sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
28559: 	visudo.man, visudo.pod:
28560: 	fix some syntactic goofs
28561: 	[b3451f0d5239]
28562: 
28563: 1999-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
28564: 
28565: 	* Makefile.in, sudo.html, sudoers.html, visudo.html:
28566: 	No longer need the .html files as they are generated automatically
28567: 	on the web site.
28568: 	[1b4aa4204584]
28569: 
28570: 	* CHANGES, LICENSE:
28571: 	kill characters that made wml unhappy
28572: 	[b988fbc6da56]
28573: 
28574: 	* HISTORY:
28575: 	typo
28576: 	[a418963f7fce]
28577: 
28578: 1999-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
28579: 
28580: 	* README:
28581: 	majordomo@cs.colorado.edu -> majordomo@courtesan.com
28582: 	[5d151e8ffd3b]
28583: 
28584: 	* Makefile.in, configure:
28585: 	Wrap script execution w/ /bin/sh for the benefit of ctm
28586: 	[3a9c4766b2c3]
28587: 
28588: 1999-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
28589: 
28590: 	* sudo.c:
28591: 	Make the -s flag be exclusive too. Also reorder the flags in the
28592: 	exclusive usage message so they are alphabetical.
28593: 	[4c7af200db34]
28594: 
28595: 1999-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
28596: 
28597: 	* auth/pam.c:
28598: 	make pam errors other than PAM_PERM_DENIED fatal
28599: 	[64bcb3fd2baf]
28600: 
28601: 	* auth/API:
28602: 	fix typo
28603: 	[f3134c88b12e]
28604: 
28605: 	* INSTALL:
28606: 	make it clear that /etc/pam.d/sudo is required on linux
28607: 	[213cc3eaad82]
28608: 
28609: 	* auth/pam.c:
28610: 	fix a warning on redhat and spew an error if pam_authenticate()
28611: 	returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
28612: 	[7e46dd19da89]
28613: 
28614: 	* sudo.cat, sudo.html, sudo.man, sudo.pod:
28615: 	Be very clear that the password required is the user's not root's
28616: 	[a6da127347e5]
28617: 
28618: 1999-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
28619: 
28620: 	* Makefile.in:
28621: 	add sample.syslog.conf to DISTFILES and BINFILES
28622: 	[8661c27c007e]
28623: 
28624: 1999-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
28625: 
28626: 	* RUNSON:
28627: 	updates from Brian Jackson + some formatting
28628: 	[6d31c6fa63f8]
28629: 
28630: 1999-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
28631: 
28632: 	* INSTALL.binary, Makefile.binary, README, RUNSON:
28633: 	o One RUNSon update o Changes for automating real binary releases
28634: 	[dd9585f4406c]
28635: 
28636: 	* Makefile.in:
28637: 	Add bindist target
28638: 	[546ed3fa94bb]
28639: 
28640: 1999-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
28641: 
28642: 	* TROUBLESHOOTING:
28643: 	talk about run-time options in addition to compile-time options
28644: 	[1eb813ff0a9a] [SUDO_1_6_0]
28645: 
28646: 	* CHANGES:
28647: 	fix typos
28648: 	[65e92bb70a7b]
28649: 
28650: 	* sudo.c:
28651: 	need sys/time.h if HAVE_SETRLIMIT
28652: 	[ce31655a8a60]
28653: 
28654: 	* PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
28655: 	sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
28656: 	get rid of references to sudo-bugs. Now mention the web site or the
28657: 	sudo@ alias
28658: 	[a9db861fd8c6]
28659: 
28660: 	* sudoers.html:
28661: 	repair pod2html damage
28662: 	[62ece4277f1f]
28663: 
28664: 	* RUNSON, TODO:
28665: 	Update for 1.6 release
28666: 	[98569c57ba2a]
28667: 
28668: 	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28669: 	Add warning about using ALL in a command context.
28670: 	[6c77685ab280]
28671: 
28672: 1999-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
28673: 
28674: 	* visudo.c:
28675: 	Call yyrestart() on a parse error to reset the lexer state.
28676: 	[1370a27acdb2]
28677: 
28678: 	* lex.yy.c, parse.lex:
28679: 	Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
28680: 	since it might not get called in yywrap if we get a parse error (and
28681: 	we only reread the file on error anyway).
28682: 	[37f4b449e28e]
28683: 
28684: 	* lex.yy.c, parse.lex:
28685: 	Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
28686: 	might still exist. Call yyrestart() instead of using the deprecated
28687: 	YY_NEW_FILE macro.
28688: 	[7d0d873046c6]
28689: 
28690: 	* lex.yy.c, parse.lex:
28691: 	flex doesn't need %N table size declarations
28692: 	[268b020fd60a]
28693: 
28694: 	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28695: 	Mention what characters need to be escaped in names.
28696: 	[72ccbb6b0f31]
28697: 
28698: 1999-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
28699: 
28700: 	* configure:
28701: 	regen
28702: 	[65827abb5c7b]
28703: 
28704: 	* INSTALL:
28705: 	clarify Mac OS X entry
28706: 	[8da1549a71f5]
28707: 
28708: 	* RUNSON:
28709: 	update
28710: 	[0cff8df7459f]
28711: 
28712: 	* configure.in:
28713: 	o Use AC_MSG_ERROR throughout o Check syslog configure options for
28714: 	danity
28715: 	[4cb81e642e5c]
28716: 
28717: 1999-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
28718: 
28719: 	* defaults.c:
28720: 	Fix printing of type T_MODE in dump_defaults()
28721: 	[a868bb6f5515]
28722: 
28723: 	* strcasecmp.c:
28724: 	missing sys/types.h
28725: 	[ca694ca325b6]
28726: 
28727: 	* INSTALL:
28728: 	Break out options that may be overridden at run time into their own
28729: 	section. Add a not about Max OS X and correct some lies.
28730: 	[d8bcfd120593]
28731: 
28732: 1999-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
28733: 
28734: 	* CHANGES, config.h.in, configure, configure.in, sudo.c:
28735: 	o Now use getrlimit to find the highest fd when closing all non-std
28736: 	fd's o Turn off core dumps via setrlimit for the sake of paranoia
28737: 	[dd9f651b6def]
28738: 
28739: 	* RUNSON:
28740: 	updates
28741: 	[f581841fe615]
28742: 
28743: 1999-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
28744: 
28745: 	* CHANGES:
28746: 	updates
28747: 	[553baa1d44c7]
28748: 
28749: 	* tgetpass.c:
28750: 	When read()'ing, do a single character at a time to be sure we don't
28751: 	go oast the newline.
28752: 	[907d33f55bb4]
28753: 
28754: 	* sudo.c:
28755: 	For the sudo_root option, check against user_uid, not getuid() since
28756: 	at this point, ruid == euid == 0.
28757: 	[92d5c51939b4]
28758: 
28759: 	* RUNSON:
28760: 	some updates
28761: 	[e3ed0c1f312b]
28762: 
28763: 	* logging.h:
28764: 	Fix compilation problem when --with-logging=file was specified. This
28765: 	means that syslog is now required to build sudo but that should not
28766: 	be a problem. If it is it can be fixed trivially with a configure
28767: 	check for syslog() or syslog.h.
28768: 	[839a4b069190]
28769: 
28770: 	* tgetpass.c:
28771: 	Make this work again for things like "sudo echo hi | more" where the
28772: 	tty gets put into character at a time mode. We read until we read
28773: 	end of line or we run out of space (similar to fgets(3)).
28774: 	[c8f746df2e63]
28775: 
28776: 1999-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
28777: 
28778: 	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
28779: 	change ital to bold
28780: 	[f860978e530a]
28781: 
28782: 	* RUNSON:
28783: 	update
28784: 	[9bcfbb405568]
28785: 
28786: 1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
28787: 
28788: 	* defaults.c:
28789: 	Error out if syslog parameters are given without a value. For Ultrix
28790: 	or 4.2BSD "syslog" is allowed without a value since there are no
28791: 	facilities in the 4.2BSD syslog.
28792: 	[69e7a686f5f0]
28793: 
28794: 1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
28795: 
28796: 	* defaults.c:
28797: 	Ignore the syslog facility for systems w/ old syslog like Ultrix.
28798: 	[5c250adbbb84]
28799: 
28800: 	* TROUBLESHOOTING:
28801: 	people with "." early in their path can have problems running sudo
28802: 	from the build dir ;-)
28803: 	[20a1744a24a4]
28804: 
28805: 1999-10-13  Todd C. Miller  <Todd.Miller@courtesan.com>
28806: 
28807: 	* sudo.cat, sudo.html, sudo.man, sudo.pod:
28808: 	Remove -r realm option
28809: 	[127caa537f95]
28810: 
28811: 	* auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
28812: 	configure.in, sudo.c:
28813: 	New krb5 code from Frank Cusack <fcusack@iconnet.net>.
28814: 	[7177a3893a62]
28815: 
28816: 	* CHANGES:
28817: 	update to reality
28818: 	[766cfbb512d6]
28819: 
28820: 1999-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
28821: 
28822: 	* auth/fwtk.c:
28823: 	include <auth.h> to get function prototypes.
28824: 	[d6c7c12d09fe]
28825: 
28826: 	* sudo.cat, sudo.html, sudo.man, sudo.pod:
28827: 	document -L flag
28828: 	[dc803e1ce0d7]
28829: 
28830: 1999-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
28831: 
28832: 	* sudo.c:
28833: 	in set_perms(), always call setuid(0) before changing the ruid/euid
28834: 	so we always know it will succeed.
28835: 	[8cced1b862bf]
28836: 
28837: 	* defaults.h:
28838: 	#undef T_FOO to avoid conflicts with system defines (like on
28839: 	ULTRIX).
28840: 	[d9f0aac092b0]
28841: 
28842: 	* TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
28843: 	sudoers.pod:
28844: 	Docuement "Defaults" lines in /etc/sudoers. Still needs some
28845: 	fleshing out but this is a start.
28846: 	[521a1e629bbc]
28847: 
28848: 1999-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
28849: 
28850: 	* use strtol, not strtoul since not everyone has not strtoul
28851: 	[988462f093cc]
28852: 
28853: 	* defaults.c:
28854: 	use strtol, not strtoul since not everyone has not strtoul
28855: 	[fce835ce62e3]
28856: 
28857: 	* lex.yy.c, parse.lex:
28858: 	last {WORD} rule should only apply in the INITIAL state
28859: 	[9b57570bfa83]
28860: 
28861: 	* lex.yy.c, parse.lex:
28862: 	o Add support for escaped characters in the WORD macro o Modify
28863: 	fill() to squash escape chars
28864: 	[87572d59e4e0]
28865: 
28866: 	* defaults.c, defaults.h:
28867: 	o Add T_PATH flag to allow simple sanity checks for default values
28868: 	that are supposed to be pathnames. o Fix a duplicate free when
28869: 	visudo finds an error.
28870: 	[bdc6855a6c6d]
28871: 
28872: 1999-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
28873: 
28874: 	* defaults.c, defaults.h, logging.c:
28875: 	mail_if_foo -> mail_foo
28876: 	[cbee9415875d]
28877: 
28878: 1999-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
28879: 
28880: 	* compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
28881: 	o Add requiretty option o Move O_NOCTTY to compat.h
28882: 	[65b8bf0e1795]
28883: 
28884: 	* logging.c:
28885: 	The exit() in log_error() was mistakenly removed in a previous
28886: 	version. Put it back...
28887: 	[9473449130a4]
28888: 
28889: 1999-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
28890: 
28891: 	* INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
28892: 	auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
28893: 	configure, configure.in, defaults.c, defaults.h, find_path.c,
28894: 	getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
28895: 	o Change defaults stuff to put the value right in the struct. o
28896: 	Implement mailer_flags o Store syslog stuff both in int and string
28897: 	form. Setting the string form magically updates the int version. o
28898: 	Add boolean attribute to strings where it makes sense to say !foo
28899: 	[4698953f9a36]
28900: 
28901: 	* tgetpass.c:
28902: 	add O_NOCTTY when opening /dev/tty just in case
28903: 	[4c6d1d1bb300]
28904: 
28905: 1999-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
28906: 
28907: 	* auth/API:
28908: 	cleanup function no longer takes a status arg
28909: 	[0819edbfe7f8]
28910: 
28911: 	* INSTALL:
28912: 	the the
28913: 	[19aadb65ea28]
28914: 
28915: 1999-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
28916: 
28917: 	* TODO, config.h.in, configure, configure.in, logging.c:
28918: 	Use strftime() instead of ctime() if it is available.
28919: 	[fb60ea63b514]
28920: 
28921: 1999-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
28922: 
28923: 	* defaults.c:
28924: 	fix copyright date
28925: 	[4a53b54aa72f]
28926: 
28927: 	* RUNSON:
28928: 	update ReliantUNIX entry
28929: 	[de618a4f67d9]
28930: 
28931: 	* defaults.c, defaults.h, logging.c:
28932: 	add log_year option
28933: 	[251a9e20568a]
28934: 
28935: 	* configure, configure.in:
28936: 	add --without-sendmail to help output
28937: 	[93162f199902]
28938: 
28939: 	* configure, configure.in:
28940: 	enforce an otctal arg for --with-suoders-mode
28941: 	[45e1b04ccad3]
28942: 
28943: 1999-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
28944: 
28945: 	* BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
28946: 	auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
28947: 	auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
28948: 	defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
28949: 	parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
28950: 	testsudoers.c, version.c, visudo.c:
28951: 	Add support for "Defaults" line in sudoers to make configuration
28952: 	variables changable at runtime (and on a global, per-host and per-
28953: 	user basis). Both the names and the internal representation are
28954: 	still subject to change. It was necessary to make sudo_user.runas
28955: 	but a char ** instead of a char * since this value can be changed by
28956: 	a Defaults line. There is a similar (but more complicated) issue
28957: 	with sudo_user.prompt but it is handled differently at the moment.
28958: 
28959: 	Add a "-L" flag to list the name of options with their descriptions.
28960: 	This may only be temporary.
28961: 
28962: 	Move some prototypes to parse.h
28963: 
28964: 	Be much less restrictive on what is allowed for a username.
28965: 	[f71abf7ba80c]
28966: 
28967: 	* sample.syslog.conf:
28968: 	Add more info
28969: 	[e952e6f42d4d]
28970: 
28971: 1999-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
28972: 
28973: 	* LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
28974: 	strcasecmp.c:
28975: 	UCB has dropped the advertising clause from their license.
28976: 	[a5602b36a341]
28977: 
28978: 1999-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
28979: 
28980: 	* auth/sudo_auth.h:
28981: 	move dce_verofy proto to correct section
28982: 	[972c815af558]
28983: 
28984: 	* auth/dce.c:
28985: 	remove XXX
28986: 	[820631855be0]
28987: 
28988: 1999-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
28989: 
28990: 	* emul/fnmatch.h:
28991: 	Add fnmatch() prototype
28992: 	[79e84576d92a]
28993: 
28994: 	* fnmatch.c, parse.c, testsudoers.c:
28995: 	Move inclusion of emul/fnmatch.h to be after sudo.h for __P
28996: 	[1182c89fa811]
28997: 
28998: 	* sudo.h:
28999: 	add strcasecmp proto
29000: 	[512d1d8a6a0c]
29001: 
29002: 	* auth/sudo_auth.c:
29003: 	add check for case where there are no auth methods
29004: 	[e4af2b91b43e]
29005: 
29006: 	* configure, configure.in:
29007: 	Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
29008: 	SunOS4 w/ gcc
29009: 	[746ce8bcec23]
29010: 
29011: 	* getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
29012: 	include strings.h everywhere we include string.h
29013: 	[6f7d5d437e7b]
29014: 
29015: 	* version.c:
29016: 	nicer output when showing auth methods
29017: 	[0eac4b977f9d]
29018: 
29019: 	* version.c:
29020: 	Add support for SEND_MAIL_WHEN_NO_HOST
29021: 	[9f20a3a3fae6]
29022: 
29023: 	* config.h.in, configure, configure.in:
29024: 	Add _GNU_SOURCE for Linux
29025: 	[c7bd8c511847]
29026: 
29027: 	* lex.yy.c, parse.lex:
29028: 	fix definition of OCTECT
29029: 	[4af30e63244d]
29030: 
29031: 	* configure, configure.in:
29032: 	aix_auth.o not authenticate.o
29033: 	[fe95dfb08df4]
29034: 
29035: 1999-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
29036: 
29037: 	* sudo.c:
29038: 	Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
29039: 	keyboard). Since we run with ruid/euid == 0 the user can't really
29040: 	signal us in nasty ways.
29041: 	[a7f6487c0f48]
29042: 
29043: 	* visudo.c:
29044: 	Don't need to worry about catching too many signals since we do
29045: 	locking on the tmp file. If a lockfile is really stale, it will be
29046: 	detected and overwritten.
29047: 	[28983db3e749]
29048: 
29049: 	* INSTALL, Makefile.in:
29050: 	include auth/API in tarball
29051: 	[014991600252]
29052: 
29053: 	* auth/sudo_auth.c:
29054: 	move memset() of plaintext pw outside of verify loop and only do the
29055: 	memset if we are *not* in standalone mode.
29056: 	[66f8e87567e2]
29057: 
29058: 	* auth/sudo_auth.c, auth/sudo_auth.h:
29059: 	DCE is not a standalone method
29060: 	[34963e2d8a1b]
29061: 
29062: 	* sudo.c:
29063: 	fix --enable-noargs-shell
29064: 	[4234062abbb0]
29065: 
29066: 	* snprintf.c:
29067: 	"#ifdef __STDC__" not "#if __STDC__" (I missed one)
29068: 	[c430b80454c6]
29069: 
29070: 	* auth/fwtk.c, auth/sia.c:
29071: 	_cleanup() function returns an int.
29072: 	[d1a1cc071ec1]
29073: 
29074: 	* auth/dce.c:
29075: 	there were still some return(0)'s hanging around, make them
29076: 	AUTH_FAILURE
29077: 	[1002aa1962c3]
29078: 
29079: 	* parse.c:
29080: 	typo in comment
29081: 	[5abc410dbfd2]
29082: 
29083: 	* version.c:
29084: 	add missing semicolon
29085: 	[a262283b52a5]
29086: 
29087: 	* auth/sudo_auth.h:
29088: 	missing backslash
29089: 	[bf89f6bd2900]
29090: 
29091: 1999-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
29092: 
29093: 	* CHANGES, config.h.in, configure, configure.in:
29094: 	Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
29095: 	[f1a9bca0cf67]
29096: 
29097: 	* Makefile.in:
29098: 	add parse.h to HDRS
29099: 	[a3d054987766]
29100: 
29101: 	* Makefile.in, configure, configure.in:
29102: 	Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
29103: 	LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
29104: 	network libs like -lsocket, -lnsl go in NET_LIBS. This allows
29105: 	testsudoers to build on Solaris and is a bit cleaner in general.
29106: 	[4e6239e97002]
29107: 
29108: 	* UPGRADE:
29109: 	mention ptmp -> sudoers.tmp
29110: 	[ec3baa0fe8a1]
29111: 
29112: 	* config.h.in, configure, configure.in:
29113: 	Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
29114: 	[6f93dc7f39f5]
29115: 
29116: 	* RUNSON:
29117: 	add 2 reports
29118: 	[ce0fcc00ee4e]
29119: 
29120: 	* auth/kerb5.c:
29121: 	Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
29122: 	return a value more like a system function
29123: 	[0dd56aa21424]
29124: 
29125: 	* auth/dce.c:
29126: 	Add an XXX
29127: 	[58fc8562c212]
29128: 
29129: 	* TODO:
29130: 	more things todo!
29131: 	[5a459d0cf339]
29132: 
29133: 	* sample.sudoers:
29134: 	update based on what is in the man page
29135: 	[1a0477db96fa]
29136: 
29137: 	* parse.yacc, sudo.tab.c:
29138: 	minor change to first line printed in -l mode
29139: 	[69eb57d96952]
29140: 
29141: 	* sudo.cat, sudo.html, sudo.man, sudo.pod:
29142: 	rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
29143: 	standard and add "EXAMPLES" section
29144: 	[7e543335ebe1]
29145: 
29146: 	* visudo.cat, visudo.html, visudo.man, visudo.pod:
29147: 	rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
29148: 	standard
29149: 	[f82d87ed65c2]
29150: 
29151: 	* logging.c, parse.c, sudo.h:
29152: 	add FLAG_NO_CHECK
29153: 	[c7d69176a2d7]
29154: 
29155: 	* lex.yy.c, parse.lex:
29156: 	make an OCTET really be limited to 0-255
29157: 	[6ee568dd6a02]
29158: 
29159: 	* UPGRADE:
29160: 	mention timestamp changes
29161: 	[e44d5302bf60]
29162: 
29163: 	* PORTING:
29164: 	cosmetic cleanup
29165: 	[36fa3a2664dd]
29166: 
29167: 	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
29168: 	new sudoers(8) man page
29169: 	[e674d06283d0]
29170: 
29171: 1999-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
29172: 
29173: 	* version.c:
29174: 	Update comments about syslog name tables
29175: 	[63830a782dcb]
29176: 
29177: 	* CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
29178: 	strcasecmp.c, sudo.tab.c:
29179: 	include strcasecmp() for those without it
29180: 	[a0d8e2488bbc]
29181: 
29182: 	* sample.sudoers:
29183: 	Use the : operator some more and fix a typo
29184: 	[18804c70da86]
29185: 
29186: 	* HISTORY:
29187: 	update the history of sudo
29188: 	[9d9b3d5279b3]
29189: 
29190: 	* parse.c, parse.lex, testsudoers.c:
29191: 	CIDR-style netmask support
29192: 	[768644467353]
29193: 
29194: 	* CHANGES:
29195: 	recent changes
29196: 	[a4319e9d07cb]
29197: 
29198: 	* sudo.tab.c, sudo.tab.h:
29199: 	these should be generated with byacc, not bison
29200: 	[f57b9489b752]
29201: 
29202: 	* lex.yy.c:
29203: 	regen
29204: 	[522461f95dfa]
29205: 
29206: 	* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
29207: 	In "sudo -l" mode, the type of the stored (expanded) alias was not
29208: 	stored with the contents. This could lead to incorrect output if the
29209: 	sudoers file had different alias types with the same name. Normal
29210: 	parsing (ie: not in '-l' mode) is unaffected.
29211: 	[823fe2bc4b79]
29212: 
29213: 1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
29214: 
29215: 	* configure, configure.in:
29216: 	define _XOPEN_SOURCE to get at crypt() proto on some systems
29217: 	[1b3769b86fb9]
29218: 
29219: 1999-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
29220: 
29221: 	* snprintf.c:
29222: 	fix comment
29223: 	[fc1264df00f7]
29224: 
29225: 	* tgetpass.c:
29226: 	don't need limits.h
29227: 	[f1631829af45]
29228: 
29229: 	* snprintf.c:
29230: 	kill bogus reference to vfprintf
29231: 	[a0b99b25d389]
29232: 
29233: 	* sample.sudoers, sudoers:
29234: 	better examples
29235: 	[b4d87ea64cc8]
29236: 
29237: 	* snprintf.c:
29238: 	Add some const in the K&R defs. This is safe since we define const
29239: 	away if the compiler doesn't grok it.
29240: 	[614d6e83d45e]
29241: 
29242: 	* aclocal.m4, configure:
29243: 	Better test for working long long support. Ultrix compiler supports
29244: 	basic long long but not all operations on them.
29245: 	[5da1508710ed]
29246: 
29247: 	* aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
29248: 	snprintf.c, sudo.c:
29249: 	Add check for LONG_IS_QUAD #undef MAXINT before including
29250: 	hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
29251: 	in snprintf.c and use LONG_IS_QUAD
29252: 	[a1f7993367fc]
29253: 
29254: 1999-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
29255: 
29256: 	* LICENSE, aclocal.m4, config.h.in, configure, configure.in,
29257: 	snprintf.c:
29258: 	UCB-derived snprintf + asprintf support. Supports quads if the
29259: 	compiler does. No floating point yet, perhaps later...
29260: 	[0caf05aba945]
29261: 
29262: 1999-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
29263: 
29264: 	* auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
29265: 	goodpath.c, logging.c, parse.c, sudo.c:
29266: 	Run most of the code as root, not the invoking user. It doesn't
29267: 	really gain us anything to run as the user since an attacker can
29268: 	just have an setuid(0) in their egg. Running as root solves
29269: 	potential problems wrt signalling.
29270: 	[408e530dda01]
29271: 
29272: 	* sudo.tab.c:
29273: 	regen
29274: 	[f8cfb37e37de]
29275: 
29276: 1999-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
29277: 
29278: 	* logging.c, sudo.c:
29279: 	Don't wait for child to finish in log_error(), let the signal
29280: 	handler get it if we are still running, else let init reap it for
29281: 	us. The extra time it takes to wait lets the user know that mail is
29282: 	being sent.
29283: 
29284: 	Install SIGCHLD handler in main() and for POSIX signals, block
29285: 	everything
29286: 	*except* SIGCHLD.
29287: 	[d2b6ab0ef3be]
29288: 
29289: 	* INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
29290: 	parse.yacc, sudo.c, sudo.h:
29291: 	sudoers_lookup() now returns a bitmap instead of an int. This makes
29292: 	it possible to express things like "failed to validate because user
29293: 	not listed for this host". Some thigns that were previously
29294: 	VALIDATE_FOO are now FLAG_FOO. This may change later on.
29295: 
29296: 	Reorganized code in log_auth() and sudo.c to deal with above
29297: 	changes.
29298: 
29299: 	Safer versions of push/pushcp with in the do { ... } while (0) style
29300: 
29301: 	parse.yacc now saves info on the stack to allow parse.c to determine
29302: 	if a user was listed, but not for the host he/she tried to run on.
29303: 
29304: 	Added --with-mail-if-no-host option
29305: 	[63326cb01efc]
29306: 
29307: 1999-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
29308: 
29309: 	* parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
29310: 	visudo.man, visudo.pod:
29311: 	o NewArgv and NewArgc don't need to be externally visible. o If
29312: 	pedantic > 1, it is a parse error. o Add -s (strict) option to
29313: 	visudo which sets pedantic to 2.
29314: 	[5d7d81b55cd5]
29315: 
29316: 	* HISTORY, INSTALL:
29317: 	Just have sudo-bugs contact info in one place
29318: 	[e7f6588ea683]
29319: 
29320: 	* sudo.cat, sudo.html, sudo.man, sudo.pod:
29321: 	Add BUGS section
29322: 	[6607d96ea510]
29323: 
29324: 	* Makefile.in, configure, configure.in:
29325: 	Add testsudoers to default build target if --with-devel Don't clean
29326: 	generated parser files unless "distclean".
29327: 	[5827b769dc57]
29328: 
29329: 	* parse.yacc, sudo.tab.c:
29330: 	In pedantic mode we need to save *all* the aliases, not just those
29331: 	that match, or we get spurious warnings.
29332: 	[24f5b1f0e1de]
29333: 
29334: 	* TROUBLESHOOTING:
29335: 	reference samples.sylog.conf
29336: 	[11841668380a]
29337: 
29338: 1999-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
29339: 
29340: 	* sample.syslog.conf:
29341: 	Sample entries for syslog.conf
29342: 	[0f7697d878a1]
29343: 
29344: 	* CHANGES:
29345: 	recent changes
29346: 	[8bca8810c6bd]
29347: 
29348: 	* auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
29349: 	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
29350: 	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
29351: 	auth/sudo_auth.c, auth/sudo_auth.h:
29352: 	In struct sudo_auth, turn need_root and configured into flags and
29353: 	add a flag to specify an auth method is running alone (the only
29354: 	one). Pass auth methods their sudo_auth pointer, not the data
29355: 	pointer. This allows us to get at the flags and tell if we are the
29356: 	only auth method. That, in turn, allows the method to be able to
29357: 	decide what should/should not be a fatal error. Currently only
29358: 	rfc1938 uses it this way, which allows us to kill the OTP_ONLY
29359: 	define and te hackery that went with it. With access to the
29360: 	sudo_auth struct, methods can also get at a string holding their
29361: 	cannonical name (useful in error messages).
29362: 	[b7e320fc6511]
29363: 
29364: 	* INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
29365: 	getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
29366: 	sudo.tab.h:
29367: 	o --with-otp deprecated, use --without-passwd instead o real
29368: 	dependencies in the Makefile o --with-devel option to enable yacc,
29369: 	lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
29370: 	back to being a token, not a string but don't leak memory o rename
29371: 	hsotspec -> host in parse.yacc
29372: 	[912c45226cb2]
29373: 
29374: 1999-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
29375: 
29376: 	* BUGS, CHANGES:
29377: 	recent changes
29378: 	[801fa6e55687]
29379: 
29380: 	* auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
29381: 	sudo.c, sudo.h:
29382: 	o Digital UNIX needs to check for *snprintf() before -ldb is added
29383: 	to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
29384: 	for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
29385: 	functions in snprintf.c to fix -Wall o Add missing includes to fix
29386: 	more -Wall
29387: 	[8d207203e126]
29388: 
29389: 	* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
29390: 	configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
29391: 	visudo.c:
29392: 	o Add a "pedentic" flag to the parser. This makes sudo warn in cases
29393: 	where an alias may be used before it is defined. Only turned on for
29394: 	visudo and testsudoers. o Add --disable-authentication option that
29395: 	makes sudo not require authentication by default. The PASSWD tag can
29396: 	be used to require authentication for an entry. We no longer
29397: 	overload --without-passwd.
29398: 	[f307e09adf98]
29399: 
29400: 	* lex.yy.c, parse.lex:
29401: 	Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
29402: 	username can contain just about anything so be very permissive. Also
29403: 	drop the unused \. punctuation.
29404: 	[06a50614ff89]
29405: 
29406: 1999-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
29407: 
29408: 	* parse.yacc, sudo.tab.c:
29409: 	o add a 'val' element to aliasinfo struct and move -> parse.h o
29410: 	find_alias() now returns an aliasinfo * instead of boolean o
29411: 	add_alias() now takes a value parameter to store in the
29412: 	aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
29413: 	return: 1) positive match 0) negative match (due to '!')
29414: 	-1) no match This means setting $$ explicitly in all cases, which I
29415: 	should have done in the first place. It also means that we always
29416: 	store a value that is != -1 and when we see a '!' we can set
29417: 	*_matches to !rv if rv != -1. The upshot of all of this is that '!'
29418: 	now works the way it should in lists and some of the rules are more
29419: 	uniform and sensible.
29420: 	[ad8e73b5d581]
29421: 
29422: 	* Makefile.in:
29423: 	add parse.h dependency
29424: 	[4ccccd464d30]
29425: 
29426: 	* parse.h:
29427: 	kill unused *_matched macros
29428: 	[02cba6dcb732]
29429: 
29430: 	* parse.yacc:
29431: 	Allow a list of users as the first thing in a user spec, not just a
29432: 	single entry. This makes things more uniform, though it does allow
29433: 	you to write user specs that are hard to read.
29434: 	[3c4c91c508ca]
29435: 
29436: 	* sudo.tab.c:
29437: 	parse.yacc
29438: 	[feca81881bb6]
29439: 
29440: 	* configure:
29441: 	regen
29442: 	[6f247010bb3b]
29443: 
29444: 	* configure.in:
29445: 	fix check for crypt() in libufc
29446: 	[82770736f4b0]
29447: 
29448: 1999-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
29449: 
29450: 	* README:
29451: 	sudo-users list now exists
29452: 	[4716d2bb0bbf]
29453: 
29454: 	* INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
29455: 	Update to reality.
29456: 	[1eda2d57e42a]
29457: 
29458: 	* CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
29459: 	config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
29460: 	version.c, visudo.c:
29461: 	o Move lock_file() and touch() into fileops.c so visudo can use them
29462: 	o Visudo now locks the sudoers temp file instead of bailing when the
29463: 	temp file already exists. This fixes the problem of stale temp files
29464: 	but it does *require* that you not try to put the temp file in a
29465: 	world-writable directory. This shoud not be an issue as the temp
29466: 	file should live in the same dir as sudoers. o Visudo now only
29467: 	installs the temp file as sudoers if it changed.
29468: 	[2517cd06c070]
29469: 
29470: 1999-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
29471: 
29472: 	* logging.c:
29473: 	add fcntl locking
29474: 	[c304adeaf515]
29475: 
29476: 	* config.h.in, configure, configure.in, logging.c:
29477: 	Lock the log file.
29478: 	[d8652704fbdf]
29479: 
29480: 	* Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
29481: 	visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
29482: 	o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
29483: 	temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
29484: 	-> _PATH_SUDOERS_TMP
29485: 	[68cad8975807]
29486: 
29487: 1999-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
29488: 
29489: 	* INSTALL, check.c, config.h.in, configure, configure.in, version.c:
29490: 	o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
29491: 	root sudo -V config reporting
29492: 	[cdd2613a9dcf]
29493: 
29494: 	* configure, configure.in:
29495: 	aix_auth.o not authenticate.o
29496: 	[d972e35f6730]
29497: 
29498: 	* config.h.in:
29499: 	Add --with-goodpri and --with-badpri configure options to specify
29500: 	the syslog priority to use.
29501: 	[2595ae50ab86]
29502: 
29503: 	* INSTALL, configure, configure.in, logging.h:
29504: 	Add --with-goodpri and --with-badpri configure options to specify
29505: 	the syslog priority to use.
29506: 	[8276ee9b2b49]
29507: 
29508: 	* compat.h:
29509: 	kill crufty AIX stuff
29510: 	[a4f35ef9854e]
29511: 
29512: 	* Makefile.in:
29513: 	Sigh, some versions of make (like Solaris's) don't deal with $< like
29514: 	I would expect. Both GNU and BSD makes get this right but... So, we
29515: 	just expand $< inline at the cost of some ugliness.
29516: 	[b1b456f8801f]
29517: 
29518: 	* version.c:
29519: 	If the invoking user is root, sudo will now print configure info in
29520: 	-V mode. Currently just prints logging info, to be expanded later.
29521: 	[392f7ed99267]
29522: 
29523: 	* logging.c, logging.h, sudo.c, sudo.h:
29524: 	o new defines for syslog facility and priority o use new
29525: 	print_version() functino for -V mode
29526: 	[78abc5142985]
29527: 
29528: 	* check.c:
29529: 	Don't need version.c
29530: 	[db9a830ad893]
29531: 
29532: 	* aclocal.m4, config.h.in, configure, configure.in:
29533: 	Add check for syslog facilities and priorities tables in syslog.h
29534: 	[b86213e5fc5c]
29535: 
29536: 	* Makefile.in:
29537: 	o authenticate -> aix_auth o add version.c
29538: 	[44b6b9a8d0f5]
29539: 
29540: 	* auth/sudo_auth.c:
29541: 	Missed a prompt -> user_prompt conversion
29542: 	[e4c60b1f210c]
29543: 
29544: 1999-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
29545: 
29546: 	* TODO:
29547: 	sudo should lock its logfile
29548: 	[6d2830b28b07]
29549: 
29550: 	* parse.yacc, sudo.tab.c:
29551: 	o Add '!' correctly when expanding Aliases. o Add shortcut macros
29552: 	for append() to make things more readable. o The separator in
29553: 	append() is now a string instead of a char. o In append(), only
29554: 	prepend the separator if the last char is not a '!'. This is a hack
29555: 	but it greatly simplifies '!' handling. o In -l mode, Runas lists
29556: 	and NOPASSWD/PASSWD tags are now inherited across entries in a list
29557: 	(matches current behavior). o Fix formatting in -l mode such that
29558: 	items in a list are separated by a space. Greatlt improves
29559: 	readability. o Space for name field in struct aliasinfo is now
29560: 	allocated dyanically instead of using a (big) buffer. o In
29561: 	add_alias(), only search the list once (lsearch instead of lfind +
29562: 	lsearch)
29563: 	[51f7e07addb9]
29564: 
29565: 	* lex.yy.c, sudo.tab.c, sudo.tab.h:
29566: 	regen
29567: 	[5c19bb05dc21]
29568: 
29569: 	* configure, configure.in:
29570: 	Solais pam doesn't require anye xtra setup
29571: 	[a25ba03d91d1]
29572: 
29573: 	* parse.yacc:
29574: 	o Simpler '!' support now that the lexer deals with multiple !'s for
29575: 	us. o In the case of opFOO, have FOO give a boolean return value and
29576: 	set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
29577: 	it gets fill()'d in parse.lex--fixes a small memory leak. In the
29578: 	long run it may be better to just fix parse.lex and make ALL back
29579: 	into a token. However, having it be a string is useful since it can
29580: 	be easily passed back to the parent rule if we so desire.
29581: 	[b3c64b443018]
29582: 
29583: 	* parse.lex:
29584: 	o Remove some unnecessary backslashes o collapse multiple !'s by
29585: 	using !+ and checking if yyleng is even or odd. this allows us to
29586: 	simplify ! handling in parse.yacc
29587: 	[76330e8da8e3]
29588: 
29589: 	* sudo.c:
29590: 	-u flag was being ignored
29591: 	[e30283207585]
29592: 
29593: 1999-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
29594: 
29595: 	* Makefile.in:
29596: 	correct fix
29597: 	[a0e2377dec8f]
29598: 
29599: 	* Makefile.in:
29600: 	work around pod2man stupididy
29601: 	[7c755640b67f]
29602: 
29603: 	* Makefile.in:
29604: 	correct dependencies for .cat
29605: 	[5ed7b0653b68]
29606: 
29607: 	* sudo.cat, sudo.man, visudo.cat, visudo.man:
29608: 	regen
29609: 	[b74510dd6a0a]
29610: 
29611: 	* sudo.pod, visudo.pod:
29612: 	Add copyright Update to reality
29613: 	[188e9b046c15]
29614: 
29615: 	* parse.c, sudo.c, sudo.h:
29616: 	rename validate() to the more descriptive sudoers_lookup()
29617: 	[7a1cb652f379]
29618: 
29619: 	* auth/aix_auth.c:
29620: 	use tgetpass
29621: 	[b8ba5daec40a]
29622: 
29623: 1999-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
29624: 
29625: 	* CHANGES:
29626: 	updates
29627: 	[e61460cdf4a0]
29628: 
29629: 	* HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
29630: 	configure, configure.in, sudo.c:
29631: 	Sudo, not CU Sudo
29632: 	[9061b3573c0c]
29633: 
29634: 	* LICENSE:
29635: 	add 4th term to license similar to term 5 in the apache license
29636: 	[92712e895afb]
29637: 
29638: 	* emul/search.h, emul/utime.h:
29639: 	add 4th term to license similar to term 5 in the apache license
29640: 	[4f93a8b9396e]
29641: 
29642: 	* auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
29643: 	auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
29644: 	auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
29645: 	auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
29646: 	logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
29647: 	pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
29648: 	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
29649: 	visudo.c:
29650: 	add 4th term to license similar to term 5 in the apache license
29651: 	[afae9f2bf9ec]
29652: 
29653: 	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
29654: 	add 4th term to license similar to term 5 in the apache license
29655: 	[c389d3fdafac]
29656: 
29657: 	* Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
29658: 	getspwuid.c, goodpath.c:
29659: 	add 4th term to license similar to term 5 in the apache license
29660: 	[969e63dbd38e]
29661: 
29662: 	* LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
29663: 	insults.h, logging.c, sudo.c, sudo.h:
29664: 	there was a 1995 release too
29665: 	[5963fd89457a]
29666: 
29667: 1999-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
29668: 
29669: 	* CHANGES:
29670: 	updates
29671: 	[254b794f16ab]
29672: 
29673: 	* check.c:
29674: 	Use dirs instead of files for timestamp. This allows tty and non-
29675: 	tty schemes to coexist reasonably. Note, however, that when you
29676: 	update a tty ticket, the mtime on the user dir gets updated as well.
29677: 	[44bfac32f799]
29678: 
29679: 	* configure, configure.in:
29680: 	Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
29681: 	when linking test program, not just -lprot. Also add check for
29682: 	getspnam(). The SCO docs indicate that /etc/shadow can be used but
29683: 	this may be a lie.
29684: 	[2ba21d36cc1e]
29685: 
29686: 1999-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
29687: 
29688: 	* auth/API:
29689: 	first cut at auth API description
29690: 	[3d10df021eb8]
29691: 
29692: 1999-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
29693: 
29694: 	* auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
29695: 	auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
29696: 	auth/sudo_auth.h:
29697: 	auth API change. There is now an init method that gets run before
29698: 	the main loop. This allows auth routines to differentiate between
29699: 	initialization that happens once vs. setup that needs to run each
29700: 	time through the loop.
29701: 	[76df1c0d3478]
29702: 
29703: 	* auth/kerb5.c, logging.c:
29704: 	use easprintf() and evasprintf()
29705: 	[fd97d96dc12f]
29706: 
29707: 	* alloc.c, sudo.h:
29708: 	add easprintf() and evasprintf(), error checking versions of
29709: 	asprintf() and vasprintf()
29710: 	[f54385de20b7]
29711: 
29712: 	* TODO:
29713: 	remove 2 items. One done, one won't do.
29714: 	[64513b47bc7a]
29715: 
29716: 	* lex.yy.c, sudo.tab.c:
29717: 	regen
29718: 	[4aa299de2752]
29719: 
29720: 	* configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
29721: 	visudo.html, visudo.man:
29722: 	regen
29723: 	[553c0d1209be]
29724: 
29725: 	* CHANGES:
29726: 	new changes
29727: 	[d7be00b7e36b]
29728: 
29729: 	* sudo.pod:
29730: 	o Document -K flag and update meaning of -k flag. o BSD-style
29731: 	copyright o Document clearing of BIND resolver environment variables
29732: 	o Clarify bit about shared libs o suggest rc files create /tmp/.odus
29733: 	if your OS gives away files
29734: 	[4a4092be1455]
29735: 
29736: 	* visudo.pod:
29737: 	BSD license
29738: 	[ad0bfd0a4630]
29739: 
29740: 	* version.h:
29741: 	BSD-style copyright
29742: 	[ecc6479325be]
29743: 
29744: 	* tgetpass.c:
29745: 	o BSD copyright o no need to block signals, we now do that in main()
29746: 	o cosmetic changes
29747: 	[61958beda7ab]
29748: 
29749: 	* testsudoers.c, visudo.c:
29750: 	o BSD-style copyright o Use "struct sudo_user" instead of old
29751: 	globals. o some cometic cleanup
29752: 	[88c0c6924082]
29753: 
29754: 	* sudo_setenv.c:
29755: 	BSD-style copyright
29756: 	[df20290129a0]
29757: 
29758: 	* sudo.h:
29759: 	o BSD copyright o logging and parser bits moved to their own .h
29760: 	files o new "struct sudo_user" to encapsulate many of the old
29761: 	globals.
29762: 	[50fc86bf25cb]
29763: 
29764: 	* sudo.c:
29765: 	o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
29766: 	logging routines o simplified flow of control o BIND resolver
29767: 	additions to badenv_table
29768: 	[8c53f15bfcb0]
29769: 
29770: 	* strerror.c:
29771: 	BSD-style copyright
29772: 	[7c906c3a82ac]
29773: 
29774: 	* snprintf.c:
29775: 	Now compiles on more K&R compilers
29776: 	[07ab1d3231c7]
29777: 
29778: 	* putenv.c:
29779: 	BSD-style copyright, cosmetic changes
29780: 	[c42371295881]
29781: 
29782: 	* pathnames.h.in:
29783: 	BSD-style copyright
29784: 	[e5c34ebd4cf1]
29785: 
29786: 	* parse.c, parse.h, parse.lex, parse.yacc:
29787: 	BSD-style copyright. Move parser-specific defines and structs into
29788: 	parse.h + other cosmetic changes
29789: 	[d3088efb6228]
29790: 
29791: 	* logging.h:
29792: 	defines for logging routines
29793: 	[13147941c02d]
29794: 
29795: 	* find_path.c, getspwuid.c, goodpath.c, interfaces.c:
29796: 	BSD-style copyright, cosmetic changes
29797: 	[e8205e91a4fa]
29798: 
29799: 	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
29800: 	interfaces.h:
29801: 	BSD-style copyright
29802: 	[b9499da7cdce]
29803: 
29804: 	* configure.in:
29805: 	o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
29806: 	kill --disable-tgetpass o add --without-passwd o changes to fill in
29807: 	AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
29808: 	v?asprintf() o replace --with-AuthSRV with --with-fwtk
29809: 	[9a3f39b9c128]
29810: 
29811: 	* config.h.in:
29812: 	BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
29813: 	HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
29814: 	HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
29815: 	[9a09054db53a]
29816: 
29817: 	* compat.h:
29818: 	BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
29819: 	[25509c566975]
29820: 
29821: 	* alloc.c:
29822: 	BSD-style copyright
29823: 	[4967be892363]
29824: 
29825: 	* TROUBLESHOOTING:
29826: 	no more --with-getpass
29827: 	[afd5b670c196]
29828: 
29829: 	* TODO:
29830: 	Take out things I've done...
29831: 	[375420c8270e]
29832: 
29833: 	* README:
29834: 	Refer to LICENSE
29835: 	[c486c8db30f6]
29836: 
29837: 	* PORTING:
29838: 	--with-getpass no longer exists
29839: 	[db48202df1bb]
29840: 
29841: 	* Makefile.in:
29842: 	BSD-style copyright. Update to reflect reality wrt new files and new
29843: 	auth modules.
29844: 	[61a2ca7940fb]
29845: 
29846: 	* INSTALL:
29847: 	Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
29848: 	--without-passwd.
29849: 	[64e8f9e1c05e]
29850: 
29851: 	* HISTORY:
29852: 	Update history a bit
29853: 	[df60c0a871b8]
29854: 
29855: 	* COPYING, LICENSE:
29856: 	Now distributed under a BSD-style license
29857: 	[d1a184ccabe1]
29858: 
29859: 	* auth/sudo_auth.c:
29860: 	o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
29861: 	options. o skey/opie replaced by rfc1938 code o new struct sudo_user
29862: 	global
29863: 	[891b57060868]
29864: 
29865: 	* auth/pam.c, auth/sia.c:
29866: 	BSD-style copyright and use new log functions
29867: 	[65c44445ea84]
29868: 
29869: 	* auth/kerb5.c:
29870: 	o BSD-style copyright o Use new log functiongs o Use asprintf() and
29871: 	snprintf() where sensible.
29872: 	[1ff0feaacf95]
29873: 
29874: 	* check.c:
29875: 	Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
29876: 	done more reasonably--better sanity checks and tty-based stamps are
29877: 	now done as files in a directory with the same name as the invoking
29878: 	user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
29879: 	to mix tty and non-tty based ticket schemes but this may change in
29880: 	the future (it requires sudo to use a directory instead of a file in
29881: 	the non-tty case). Also, ``sudo -k'' now sets the ticket back to the
29882: 	epoch and ``sudo -K'' really deletes the file. That way you don't
29883: 	get the lecture again just because you killed your ticket in
29884: 	.logout. BSD-style copyright now.
29885: 	[ec3460f85be8]
29886: 
29887: 	* logging.c:
29888: 	o rewritten logging routines. log_error() now takes printf-style
29889: 	varargs and log_auth() for the return value of validate(). o BSD-
29890: 	style copyright
29891: 	[438292025c4e]
29892: 
29893: 	* auth.c, check_sia.c, dce_pwent.c, secureware.c:
29894: 	superceded by new auth API
29895: 	[412060590da7]
29896: 
29897: 	* auth/kerb4.c:
29898: 	BSD-style copyright
29899: 	[cc4e800833c7]
29900: 
29901: 	* auth/fwtk.c:
29902: 	Use snprintf() where it makes sense and add a BSD-style copyright
29903: 	[1b7502388a74]
29904: 
29905: 	* auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
29906: 	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
29907: 	BSD-style copyright
29908: 	[42583bedae5c]
29909: 
29910: 	* emul/utime.h, utime.c:
29911: 	BSD-style copyright
29912: 	[3985c90aba47]
29913: 
29914: 	* emul/search.h:
29915: 	this has been rewritten so use my BSD-style copyright
29916: 	[176df1b0de6f]
29917: 
29918: 1999-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
29919: 
29920: 	* snprintf.c:
29921: 	include malloc.h if no stdlib.h
29922: 	[7b123f1d1d03]
29923: 
29924: 	* snprintf.c:
29925: 	KTH snprintf()/asprintf() for systems w/o them
29926: 	[3ca9aefb9d01]
29927: 
29928: 	* strerror.c:
29929: 	strerror() for systems w/o it
29930: 	[7f0bd8a1c1b4]
29931: 
29932: 1999-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
29933: 
29934: 	* visudo.c:
29935: 	stylistic changes
29936: 	[6f99aceb7170]
29937: 
29938: 	* parse.c, parse.lex, parse.yacc:
29939: 	Add contribution info in the main comment
29940: 	[e50cec10acd6]
29941: 
29942: 1999-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
29943: 
29944: 	* auth/pam.c:
29945: 	remove missed ref to PAM_nullpw
29946: 	[a43e59692cdb]
29947: 
29948: 	* auth/sudo_auth.h:
29949: 	pasto
29950: 	[891ff138ab89]
29951: 
29952: 	* auth/kerb5.c:
29953: 	more or less complete now--still untested
29954: 	[21036732faa0]
29955: 
29956: 	* auth/afs.c, auth/pam.c:
29957: 	don't use user_name macro, it will go away
29958: 	[def7cf727349]
29959: 
29960: 	* auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
29961: 	combine skey/opie code into rfc1938.c
29962: 	[44d88ca93d3e]
29963: 
29964: 	* auth/dce.c, auth/sudo_auth.h:
29965: 	DCE authentication method; basically unchanged from dce_pwent.c
29966: 	[4d468473dd6f]
29967: 
29968: 	* auth/aix_auth.c, auth/sudo_auth.h:
29969: 	AIX authenticate() support. Could probably be much better
29970: 	[000013321a33]
29971: 
29972: 	* auth/sia.c:
29973: 	Fix an uninitialized variable and some cleanup. Now works (tested)
29974: 	[fd6ad88ff055]
29975: 
29976: 	* auth/sia.c, auth/sudo_auth.h:
29977: 	SIA support for digital unix
29978: 	[5335f3e70eab]
29979: 
29980: 	* auth/pam.c:
29981: 	don't use prompt global, it will go away
29982: 	[fadd22dd6ce4]
29983: 
29984: 	* auth/secureware.c:
29985: 	correct copyright years
29986: 	[6aa07c49f51b]
29987: 
29988: 	* auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
29989: 	auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
29990: 	auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
29991: 	New authentication API and methods
29992: 	[9debe9b59c79]
29993: 
29994: 1999-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
29995: 
29996: 	* sudo.tab.c:
29997: 	regen
29998: 	[84578e82c1a6]
29999: 
30000: 	* parse.yacc:
30001: 	only save an entry if user_matches && host_matches, even if the
30002: 	stack is empty (fix for previous commit)
30003: 	[00984b078d8a]
30004: 
30005: 	* sudo.tab.c:
30006: 	regen
30007: 	[66acf160b4b7]
30008: 
30009: 	* parse.yacc:
30010: 	1) Always save an entry on the stack if it is empty. This fixes the
30011: 	-l and -v flags that were broken by earlier parser changes.
30012: 
30013: 	2) In a Runas list, don't negate FALSE -> TRUE since that would make
30014: 	!foo match any time the user specified a runas user (via -u) other
30015: 	than foo.
30016: 	[f322eb54b015]
30017: 
30018: 	* testsudoers.c:
30019: 	interfaces and num_interfaces are now auto, not extern
30020: 	[113add5c6518]
30021: 
30022: 1999-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
30023: 
30024: 	* auth.c:
30025: 	use a static global to keep stae about empty passwords
30026: 	[bc02e30807d8]
30027: 
30028: 	* check_sia.c:
30029: 	make PASSWORD_NOT_CORRECT logging consistent with other modules
30030: 	[21962549d5fd]
30031: 
30032: 1999-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
30033: 
30034: 	* auth.c:
30035: 	PAM prompt code was wrong, looks like we have to kludge it after
30036: 	all.
30037: 	[91f246155ead]
30038: 
30039: 	* auth.c:
30040: 	In the PAM code, when a user hits return at the first password
30041: 	prompt, exit without a warning just like the normal auth code
30042: 	[918f59bacdb7]
30043: 
30044: 	* configure, configure.in:
30045: 	kludge around cross-compiler false positives
30046: 	[5e5fc8356400]
30047: 
30048: 	* auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
30049: 	New (correct) PAM code Tgetpass now takes an echo flag for use with
30050: 	PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
30051: 	useless umask setting Change error from BAD_ALLOCATION ->
30052: 	BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
30053: 	for consistency
30054: 	[e71397f09dd8]
30055: 
30056: 	* sudo.c:
30057: 	Some -Wall and kill some trailing spaces
30058: 	[8229b43d5c4e]
30059: 
30060: 	* configure.in:
30061: 	define -D__EXTENSIONS__ for solaris so we get crypt() proto
30062: 	[7533e4436cab]
30063: 
30064: 1999-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
30065: 
30066: 	* RUNSON:
30067: 	add Dynix 4.4.4
30068: 	[b69f773efbce]
30069: 
30070: 	* INSTALL, config.h.in, configure, configure.in:
30071: 	for kerberos V < version, fall back on old kerb4 auth code
30072: 	[d685ed3a1d8e]
30073: 
30074: 	* INSTALL:
30075: 	clarify some things
30076: 	[2f5ba2e8e53a]
30077: 
30078: 	* UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
30079: 	typos
30080: 	[8925a109c093]
30081: 
30082: 1999-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
30083: 
30084: 	* sudo.c:
30085: 	mention why DONT_LEAK_PATH_INFO is not the default
30086: 	[0346260cb4ec]
30087: 
30088: 1999-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
30089: 
30090: 	* tgetpass.c:
30091: 	Fix open(2) return value checking, was NULL for fopen, should be -1
30092: 	for open
30093: 	[355878bf6d8a]
30094: 
30095: 	* configure:
30096: 	regen
30097: 	[68bf82871862]
30098: 
30099: 	* configure.in:
30100: 	better wording for solaris pam notice
30101: 	[04e88c7a6c42]
30102: 
30103: 	* CHANGES:
30104: 	document recent changes
30105: 	[7c922c5622ef]
30106: 
30107: 	* TROUBLESHOOTING:
30108: 	Update shadow password section
30109: 	[e8448bae7d66]
30110: 
30111: 	* auth.c:
30112: 	move authentication code from check.c to auth.c
30113: 	[e9f6ecae2399]
30114: 
30115: 	* Makefile.in, check.c, sudo.h:
30116: 	move authentication code to auth.c
30117: 	[124cded85f46]
30118: 
30119: 1999-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
30120: 
30121: 	* Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
30122: 	getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
30123: 	logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
30124: 	sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
30125: 	visudo.c:
30126: 	Move interface-related defines to interfaces.h so we don't have to
30127: 	include <netinet/in.h> everywhere.
30128: 	[e7599d8ea0bf]
30129: 
30130: 1999-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
30131: 
30132: 	* CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
30133: 	parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
30134: 	o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
30135: 	turns out the old DES crypt does the right thing with passwords
30136: 	longert than 8 characters. o Fix common typo (necesary -> necessary)
30137: 	o Update TODO list
30138: 	[ad75007a6f13]
30139: 
30140: 1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
30141: 
30142: 	* sudo.c:
30143: 	set $LOGNAME when we set $USER
30144: 	[391596210fd7]
30145: 
30146: 1999-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
30147: 
30148: 	* INSTALL:
30149: 	add comment about digital unix and interfaces.c warning with gcc
30150: 	[e20f815901cc]
30151: 
30152: 1999-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
30153: 
30154: 	* sample.sudoers:
30155: 	use modern paths and give examples for some of the new parser
30156: 	features
30157: 	[e7b2e507c695]
30158: 
30159: 1999-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
30160: 
30161: 	* parse.c:
30162: 	fix comment
30163: 	[5eb0d005a65f]
30164: 
30165: 	* alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
30166: 	getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
30167: 	parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
30168: 	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
30169: 	Function names should be flush with the start of the line so they
30170: 	can be found trivially in an editor and with grep
30171: 	[3c400abde574]
30172: 
30173: 	* find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
30174: 	sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
30175: 	free(3) is already void, no need to cast it
30176: 	[6981e1ebda0f]
30177: 
30178: 	* logging.c, sudo.c, sudo.h:
30179: 	catch case where cmnd_safe is not set (this should not be possible)
30180: 	[3e1e3038546c]
30181: 
30182: 	* CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
30183: 	testsudoers.c, visudo.c:
30184: 	Stash the "safe" path (ie: the one listed in sudoers) to the command
30185: 	instead of stashing the struct stat. Should be safer.
30186: 	[aa2883fcf57e]
30187: 
30188: 1999-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
30189: 
30190: 	* INSTALL, Makefile.in, UPGRADE:
30191: 	notes on updating from an earlier release
30192: 	[df9fffa4ab2c]
30193: 
30194: 	* CHANGES:
30195: 	updated
30196: 	[574f5065d15a]
30197: 
30198: 1999-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
30199: 
30200: 	* parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
30201: 	sudoers.man, sudoers.pod:
30202: 	You can now specifiy a host list instead of just a host or alias.
30203: 	Ie: user = host1,host2,ALIAS,!host3 my_command now works.
30204: 	[e3942bb78021]
30205: 
30206: 	* testsudoers.c:
30207: 	Quiet -Wall
30208: 	[a3edc8b08c3a]
30209: 
30210: 	* parse.yacc, sudo.tab.c:
30211: 	Move the push from the beginning of cmndspec to the end. This means
30212: 	we no longer have to do a push at the end of privilege, just reset
30213: 	some values.
30214: 	[8ea66e5860c6]
30215: 
30216: 	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
30217: 	runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
30218: 	use "!" most everywhere
30219: 	[aadae4d1c9d5]
30220: 
30221: 1999-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
30222: 
30223: 	* sudoers.pod:
30224: 	modernize paths and update su example based on sample.sudoers one
30225: 	[3f6a37e16c83]
30226: 
30227: 	* sample.sudoers:
30228: 	New runas semantics
30229: 	[756ee92865b7]
30230: 
30231: 	* CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
30232: 	strdup.c, sudo.h:
30233: 	In estrdup(), do the malloc ourselves so we don't need to rely on
30234: 	the system strdup(3) which may or may not exist. There is now no
30235: 	need to provide strdup() for those w/o it. Also, the prototype for
30236: 	estrdup() was wrong, it returns char * and its param is const.
30237: 	[5f1f984da8e3]
30238: 
30239: 	* getcwd.c:
30240: 	$Sudo tag
30241: 	[e4188a35e68c]
30242: 
30243: 	* check.c:
30244: 	buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
30245: 	[2aec87c86cde]
30246: 
30247: 	* CHANGES, TODO, parse.yacc, sudo.tab.c:
30248: 	It is now possible to use the '!' operator in a runas list as well
30249: 	as in a Cmnd_Alias, Host_Alias and User_Alias.
30250: 	[a4fdaabda990]
30251: 
30252: 	* logging.c, sudo.h:
30253: 	Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
30254: 	[73d0376785ae]
30255: 
30256: 	* sudo.h:
30257: 	Definitions of *_matched were wrong--user top, not top-2 as
30258: 	subscript.
30259: 	[5f8350a57362]
30260: 
30261: 	* logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
30262: 	Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
30263: 	command but the NOPASSWD flag was set. Make runasspec, runaslist,
30264: 	runasuser, and nopasswd typeless in parse.yacc Add support for '!'
30265: 	in the runas list Fix double printing of '%' and '+' for groups and
30266: 	netgroups respectively Add *_matched macros (no need for local stack
30267: 	variable). Should only be used directly after a pop (since top must
30268: 	be >= 2).
30269: 	[392b1400c4e6]
30270: 
30271: 	* aclocal.m4, configure.in:
30272: 	Add copyright, somewhat silly
30273: 	[55c2cdd82dca]
30274: 
30275: 1999-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
30276: 
30277: 	* BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
30278: 	compat.h, config.h.in, configure, configure.in, dce_pwent.c,
30279: 	emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
30280: 	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
30281: 	lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
30282: 	putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
30283: 	sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
30284: 	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
30285: 	visudo.man:
30286: 	Crank version to 1.6 and combine copyright statements
30287: 	[0e1c791658ae]
30288: 
30289: 	* sample.sudoers:
30290: 	Use ! not ^ to do negation
30291: 	[1480a0761730]
30292: 
30293: 	* lex.yy.c, sudo.tab.c:
30294: 	regen
30295: 	[89ca5a46684b]
30296: 
30297: 	* parse.lex, parse.yacc:
30298: 	Make runas and NOPASSWD tags persistent across entris in a command
30299: 	list. Add a PASSWD tag to reverse NOPASSWD. When you override a
30300: 	runas or *PASSWD tag the value given becomes the new default for the
30301: 	rest of the command list.
30302: 	[f1bbb4066542]
30303: 
30304: 1999-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
30305: 
30306: 	* CHANGES, RUNSON:
30307: 	update for 1.5.9
30308: 	[a1ae9d4a7d54] [SUDO_1_5_9]
30309: 
30310: 	* visudo.c:
30311: 	Shift return value of system(3) by 8 to get real exit value and if
30312: 	it is not 1 or 0 print the retval along with the error message.
30313: 	[c1ff50d743fb]
30314: 
30315: 1999-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
30316: 
30317: 	* Makefile.in:
30318: 	testsudoers needs LIBOBJS too
30319: 	[972571b4e4bf]
30320: 
30321: 	* parse.c, parse.yacc, sudo.tab.c:
30322: 	Fix another parser bug. For a sudoers entry like this: millert
30323: 	ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
30324: 	as root.
30325: 	[51968e1eb33d]
30326: 
30327: 	* CHANGES:
30328: 	new change
30329: 	[271c6110bb62]
30330: 
30331: 	* parse.yacc, sudo.tab.c:
30332: 	Save entries that match a ! command on the matching stack too
30333: 	[5afb5107116c]
30334: 
30335: 	* sudo.c:
30336: 	Make sudo's usage info better when mutually exclusive args are given
30337: 	and don't rely on argument order to detect this; nick@zeta.org.au
30338: 	[2422753c88fd]
30339: 
30340: 1999-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
30341: 
30342: 	* CHANGES, Makefile.in, RUNSON:
30343: 	updates from CU
30344: 	[b37381e3dafb]
30345: 
30346: 	* Makefile.in:
30347: 	use gzip
30348: 	[94a64e52a166]
30349: 
30350: 	* parse.yacc, sudo.tab.c:
30351: 	Fix off by one error introduced in *alloc changes
30352: 	[95ede581153a]
30353: 
30354: 	* BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
30355: 	check_sia.c, compat.h, config.h.in, configure, configure.in,
30356: 	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
30357: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
30358: 	interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
30359: 	pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
30360: 	sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
30361: 	sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
30362: 	visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
30363: 	++version
30364: 	[c6d88f024e37]
30365: 
30366: 	* Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
30367: 	interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
30368: 	putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
30369: 	sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
30370: 	Use emalloc/erealloc/estrdup
30371: 	[44221d97361a]
30372: 
30373: 	* alloc.c:
30374: 	error checking memory allocation routines
30375: 	[5f8c1e7bbc71]
30376: 
30377: 	* parse.yacc, sudo.tab.c:
30378: 	Still not right, this fixes it for real
30379: 	[ad553b6f5339]
30380: 
30381: 	* parse.yacc, sudo.tab.c:
30382: 	Fix for previous commit
30383: 	[4d6f989f9bf2]
30384: 
30385: 	* CHANGES, INSTALL, parse.yacc:
30386: 	Fix a parser bug that was exposed when mixing different runas specs
30387: 	and ! commands. For example: millert ALL=(daemon)
30388: 	/usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
30389: 	as well as daemon when it should just allow daemon. The problem was
30390: 	that comma-separated commands in a list shared the same entry on the
30391: 	matching stack. Now they get their own entry iff there is a full
30392: 	match. It may be better to just make the runas spec persistent
30393: 	across all commands in a list like the user and host entries of the
30394: 	matching stack. However, since that is a fairly major change it
30395: 	should gets its own minor rev increase.
30396: 	[c4b939cdcc8e]
30397: 
30398: 1999-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
30399: 
30400: 	* check.c, config.h.in:
30401: 	Simplify PAM code and fix a PAM-related warning on Linux
30402: 	[2468399523b6]
30403: 
30404: 1999-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
30405: 
30406: 	* CHANGES:
30407: 	updates
30408: 	[29d4a997769c]
30409: 
30410: 	* sample.sudoers:
30411: 	better su entry
30412: 	[76d8285a72ba]
30413: 
30414: 	* configure:
30415: 	regen
30416: 	[b7450cc6975d]
30417: 
30418: 	* check.c, configure.in:
30419: 	new pam code that works on solaris, should work on linux too;
30420: 	aelberg@home.com
30421: 	[84c16c0ff259]
30422: 
30423: 1999-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
30424: 
30425: 	* RUNSON:
30426: 	more entries
30427: 	[b6bef8660759]
30428: 
30429: 	* config.h.in:
30430: 	only include strings.h if there is no string.h
30431: 	[b66054a32b00]
30432: 
30433: 1999-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
30434: 
30435: 	* config.guess:
30436: 	Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
30437: 	[c086d2fe63af]
30438: 
30439: 1999-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
30440: 
30441: 	* sudo.c:
30442: 	shost must be set before log functions are called #ifdef HOST_IN_LOG
30443: 	[d49a7944358f]
30444: 
30445: 1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
30446: 
30447: 	* CHANGES, lex.yy.c, parse.lex:
30448: 	Fix a bug wrt quoting characters in command args. Stop processing an
30449: 	arg when you hit a backslash so the quoted-character detection can
30450: 	catch it.
30451: 	[2281438d7f41]
30452: 
30453: 1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
30454: 
30455: 	* interfaces.c:
30456: 	include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
30457: 	[31118a9e9916]
30458: 
30459: 1999-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
30460: 
30461: 	* configure, configure.in:
30462: 	add missing case statement so --without-sendmail works
30463: 	[ca25614f7dd9]
30464: 
30465: 1999-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
30466: 
30467: 	* CHANGES:
30468: 	more
30469: 	[4d70e44f7f93]
30470: 
30471: 1999-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
30472: 
30473: 	* configure, configure.in:
30474: 	only search for -lsun in irix <= 4.x
30475: 	[e604238317b1]
30476: 
30477: 	* configure, configure.in:
30478: 	back out last configure.in change now that I've hacked autoconf to
30479: 	fix the real problem and add a missing newline
30480: 	[2dabf59a79b5]
30481: 
30482: 	* CHANGES:
30483: 	updated
30484: 	[bb35d526552f]
30485: 
30486: 	* getcwd.c:
30487: 	add def of dirfd() for those without it
30488: 	[95f0173d8441]
30489: 
30490: 	* configure, configure.in:
30491: 	When falling back to checking for socket() when linking with
30492: 	"-lsocket -lnsl" check for main() instead since autoconf has already
30493: 	cached the results of checking for socket() in -lsocket. This is
30494: 	really an autoconf bug as it should use the extra libs as part of
30495: 	the cache variable name.
30496: 	[a845f8b710ad]
30497: 
30498: 	* configure.in:
30499: 	typo
30500: 	[a7d62f62a478]
30501: 
30502: 1999-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
30503: 
30504: 	* configure.in:
30505: 	fix occurrence of $with_timeout that should be
30506: 	$with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
30507: 	bochum.de
30508: 	[8c4da2cf73d1]
30509: 
30510: 1999-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
30511: 
30512: 	* sudo.cat, sudo.html, sudo.man, sudo.pod:
30513: 	fix grammar; espie@openbsd.org
30514: 	[7031d9dfbc3e] [SUDO_1_5_8]
30515: 
30516: 1999-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
30517: 
30518: 	* parse.yacc, sudo.c, testsudoers.c:
30519: 	add cast for strdup in places it does not have it
30520: 	[7ce4478d3b0f]
30521: 
30522: 1999-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
30523: 
30524: 	* configure, configure.in:
30525: 	define for_BSD_TYPES irix
30526: 	[858337ff4af8]
30527: 
30528: 1999-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
30529: 
30530: 	* Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
30531: 	Make it clear that it is the user's password, not root's, that we
30532: 	want.
30533: 	[ae0f51b35ee4]
30534: 
30535: 	* check.c, sudo.h:
30536: 	If the user enters an empty password and really has no password,
30537: 	accept the empty password they entered. Perviously, they could enter
30538: 	anything
30539: 	*but* an empty password. Also, add GETPASS macro that calls either
30540: 	tgetpass() or getpass() depending on how sudo was configured.
30541: 	Problem noted by jdg@maths.qmw.ac.uk
30542: 	[2fde21ce94c1]
30543: 
30544: 1999-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
30545: 
30546: 	* Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
30547: 	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
30548: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
30549: 	interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
30550: 	pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
30551: 	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
30552: 	visudo.c:
30553: 	add explicate copyright
30554: 	[d3b4449834a5]
30555: 
30556: 	* CHANGES:
30557: 	mention -lsocket, -lnsl configure changes
30558: 	[9140af4ad8ae]
30559: 
30560: 1999-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
30561: 
30562: 	* sudo.c:
30563: 	Don't clobber errno after calling check_sudoers().
30564: 	[59bd581b2654]
30565: 
30566: 1999-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
30567: 
30568: 	* configure, configure.in:
30569: 	When linking with both -lsocket and -lnsl be sure to do so in that
30570: 	order. Also, when we can't find socket() or inet_addr() and have to
30571: 	try linking with both libs, issue a warning.
30572: 	[0ee547163067]
30573: 
30574: 	* sudo.cat, sudo.man, sudo.pod:
30575: 	clarify bad timestamp and fmt
30576: 	[70e42cf56c75]
30577: 
30578: 1999-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
30579: 
30580: 	* INSTALL, RUNSON:
30581: 	be clear that pam is linux-only and add a RUNSON entry
30582: 	[7fdeab875e0d]
30583: 
30584: 1999-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
30585: 
30586: 	* CHANGES, INSTALL, configure, configure.in:
30587: 	fix and correctly document --with-umask; problem noted by
30588: 	adap@adap.org
30589: 	[11cd0481d63a]
30590: 
30591: 1999-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
30592: 
30593: 	* configure, configure.in:
30594: 	only use /usr/{man,catman}/local to store man pages if suer didn't
30595: 	override prefix or mandir
30596: 	[781ad2cbe9be]
30597: 
30598: 	* INSTALL, configure, configure.in:
30599: 	fix typo, make --with-SecurID take an arg
30600: 	[026a9b4014fc]
30601: 
30602: 1999-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
30603: 
30604: 	* RUNSON:
30605: 	updates from users
30606: 	[2286982b31e6]
30607: 
30608: 	* CHANGES, INSTALL, check.c, configure, configure.in:
30609: 	FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
30610: 	[23aa4e5c6b02]
30611: 
30612: 	* configure, configure.in:
30613: 	better fix for the problem of unresolved symbols in -lnsl or
30614: 	-lsocket
30615: 	[82fe70fc287f]
30616: 
30617: 	* configure, configure.in:
30618: 	when checking for functions in -lnsl and -lsocket link with both of
30619: 	them to avoid unresolved symbols on some weirdo systems
30620: 	[1734a591808e]
30621: 
30622: 1999-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
30623: 
30624: 	* BUGS, CHANGES, RUNSON, TODO:
30625: 	old changes that didn't make it into RCS before the RCS->CVS switch
30626: 	[846eb2b8f9aa]
30627: 
30628: 1999-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
30629: 
30630: 	* Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
30631: 	configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
30632: 	getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
30633: 	ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
30634: 	lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
30635: 	secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
30636: 	sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
30637: 	visudo.pod:
30638: 	add sudo tags
30639: 	[962f81eaa5ab]
30640: 
30641: 	* sudo.h:
30642: 	testing Sudo tag
30643: 	[e84cbc521129]
30644: 
30645: 	* version.h:
30646: 	testing Sudo tag
30647: 	[a8c3a3998b88]
30648: 
30649: 	* BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
30650: 	config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
30651: 	find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
30652: 	ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
30653: 	logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
30654: 	secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
30655: 	sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
30656: 	utime.c, version.h, visudo.c, visudo.cat, visudo.man:
30657: 	crank version and regen files
30658: 	[23eacf00a1a4]
30659: 
30660: 	* Makefile.in:
30661: 	kill rcs goop in update_version and fix now that version is a const
30662: 	[e6e50bd8d1e1]
30663: 
30664: 	* INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
30665: 	sudo.c, sudo.h, sudo.pod:
30666: 	kerb5 support from fcusack@iconnet.net
30667: 	[8134027986e2]
30668: 
30669: 	* realpath.c, sudo_realpath.c:
30670: 	we no longer use realpath
30671: 	[0f5f64abc646]
30672: 
30673: 	* qualify.c:
30674: 	replaced by find_path.c
30675: 	[9e32a87e09c4]
30676: 
30677: 	* options.h:
30678: 	all options are now configure flags
30679: 	[ee6bd9610102]
30680: 
30681: 	* lex.yy.c:
30682: 	regen
30683: 	[bdbf8a18161f]
30684: 
30685: 	* getwd.c:
30686: 	superceded by getcwd.c
30687: 	[1e54ee0990b4]
30688: 
30689: 	* getpass.c:
30690: 	superceded by tgetpass.c
30691: 	[4e0d1edc30e3]
30692: 
30693: 	* SUPPORTED:
30694: 	superceded by RUNSON
30695: 	[854c5a21cb53]
30696: 
30697: 	* OPTIONS:
30698: 	No longer used now that we have configure options for everything.
30699: 	[9b1ae1c89259]
30700: 
30701: 	* configure:
30702: 	regen based on configure.in
30703: 	[3a4d73936973]
30704: 
30705: 	* sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
30706: 	sudoers.man, visudo.cat, visudo.html, visudo.man:
30707: 	regen based on sudo.pod, sudoers.pod, and visudo.pod
30708: 	[c267beb90778]
30709: 
30710: 1998-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
30711: 
30712: 	* check.c:
30713: 	fix tty tickets in remove_timestamp (didn't use ':')
30714: 	[fd964a74a32b]
30715: 
30716: 1998-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
30717: 
30718: 	* interfaces.c:
30719: 	close sock when we are done with it
30720: 	[95de0380f8a4]
30721: 
30722: 1998-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
30723: 
30724: 	* parse.yacc:
30725: 	never say "error on line -1"
30726: 	[361db1491121]
30727: 
30728: 1998-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
30729: 
30730: 	* configure.in:
30731: 	check for -lnsl before -lsocket
30732: 	[8e966d6bbcb5]
30733: 
30734: 	* configure.in:
30735: 	quote '[', ']' used in ranges correctly
30736: 	[fa4f9c6ff651]
30737: 
30738: 1998-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
30739: 
30740: 	* config.h.in:
30741: 	add missing NO_ROOT_SUDO noted by drno@tsd.edu
30742: 	[c969f25d1667]
30743: 
30744: 1998-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
30745: 
30746: 	* version.h:
30747: 	1.5.7
30748: 	[7a22de0bc148]
30749: 
30750: 	* INSTALL:
30751: 	more info for 1.5.7
30752: 	[30ad9e784799]
30753: 
30754: 	* README:
30755: 	update for 1.5.7
30756: 	[cd03a0a27cd2]
30757: 
30758: 	* parse.yacc:
30759: 	make increases of cm_list_size and ga_list_size be similar to
30760: 	increases of stacksize (ie: >= not > in initial compare).
30761: 	[6bd450a896c7]
30762: 
30763: 	* parse.yacc:
30764: 	when we get a syntax error, report it for the previous line since
30765: 	that's generally where the error occurred.
30766: 	[c4ac84058f0b]
30767: 
30768: 1998-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
30769: 
30770: 	* config.h.in, configure.in, interfaces.c:
30771: 	add back check for sys/sockio.h but only use it if SIOCGIFCONF is
30772: 	not defined
30773: 	[d197f31fd1e4] [SUDO_1_5_7]
30774: 
30775: 	* config.h.in:
30776: 	define BSD_COMP for svr4
30777: 	[87ac1147ff79]
30778: 
30779: 	* check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
30780: 	goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
30781: 	parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
30782: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
30783: 	more -Wall
30784: 	[d98e2d32db2a]
30785: 
30786: 	* configure.in:
30787: 	kill check for sockio,h
30788: 	[4399779014c1]
30789: 
30790: 	* config.h.in:
30791: 	no more HAVE_SYS_SOCKIO_H
30792: 	[67484528e347]
30793: 
30794: 	* check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
30795: 	goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
30796: 	parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
30797: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
30798: 	-Wall
30799: 	[2b7e83976788]
30800: 
30801: 1998-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
30802: 
30803: 	* sudo.c:
30804: 	add missing inform_user()
30805: 	[8689528c6d55]
30806: 
30807: 1998-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
30808: 
30809: 	* find_path.c:
30810: 	return NOT_FOUND if given fully qualified path and it does not exist
30811: 	previously it would perror(ENOENT) which bypasses the option to not
30812: 	leak path info
30813: 	[ccbc3d0130ae]
30814: 
30815: 	* configure.in:
30816: 	for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
30817: 	-ldes
30818: 	[c77d3b484ece]
30819: 
30820: 1998-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
30821: 
30822: 	* INSTALL:
30823: 	tty tickets are user:tty now
30824: 	[a53a303a614d]
30825: 
30826: 	* check.c:
30827: 	when using tty tickets make it user:tty not user.tty as a username
30828: 	could have a '.' in it
30829: 	[3160b3f5c890]
30830: 
30831: 1998-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
30832: 
30833: 	* sudo.c:
30834: 	add "ignoring foo found in ." for auth successful case
30835: 	[24257169e0bd]
30836: 
30837: 1998-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
30838: 
30839: 	* sudo.c:
30840: 	add missing printf param
30841: 	[8c905124f777]
30842: 
30843: 1998-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
30844: 
30845: 	* INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
30846: 	go back to printing "command not found" unless --disable-path-info
30847: 	specified. Also, tell user when we ignore '.' in their path and it
30848: 	would have been used but for --with-ignore-dot.
30849: 	[066e118c11e4]
30850: 
30851: 	* check.c, sudo.c:
30852: 	Only one space after a colon, not two, in printf's
30853: 	[38452f4c8007]
30854: 
30855: 1998-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
30856: 
30857: 	* sudo.pod:
30858: 	document setting $USER
30859: 	[80557fe6aede]
30860: 
30861: 	* check.c:
30862: 	fix bugs with prompt expansion
30863: 	[44c4fca5f009]
30864: 
30865: 	* sudo.c:
30866: 	set $USER for root too
30867: 	[4b525e1c6269]
30868: 
30869: 1998-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
30870: 
30871: 	* getspwuid.c:
30872: 	typo
30873: 	[5107446f43e0]
30874: 
30875: 	* configure.in:
30876: 	HP-UX's iscomsec is in -lsec, not libc
30877: 	[03c9f700b795]
30878: 
30879: 	* configure.in:
30880: 	remove some entries in the OS case statement that did nothing
30881: 	[ea96e7e0f624]
30882: 
30883: 	* TROUBLESHOOTING:
30884: 	add "cd" section and flush out syslog section
30885: 	[5107f7363b78]
30886: 
30887: 	* Makefile.in:
30888: 	no more sudo-lex.yy.c
30889: 	[ed50826efbbc]
30890: 
30891: 	* check_sia.c:
30892: 	add custom prompt support
30893: 	[6a285cea10b7]
30894: 
30895: 	* testsudoers.c:
30896: 	kill perror("malloc") since we already have a good error messages
30897: 	pw_ent -> pw for brevity
30898: 	[eee31052921e]
30899: 
30900: 	* sudo.c:
30901: 	kill perror("malloc") since we already have a good error messages
30902: 	pw_ent -> pw for brevity set $USER if -u specified
30903: 	[9f3753461f8a]
30904: 
30905: 	* parse.yacc:
30906: 	kill perror("malloc") since we already have a good error messages
30907: 	[849459088ac3]
30908: 
30909: 	* parse.c:
30910: 	kill perror("malloc") since we already have a good error messages
30911: 	pw_ent -> pw for brevity when checking if %group matches, look up
30912: 	user in password file so that %groups works in a RunAs spec.
30913: 	[0489b4ecc59a]
30914: 
30915: 	* logging.c:
30916: 	kill perror("malloc") since we already have a good error messages
30917: 	[3191a18b3526]
30918: 
30919: 	* check.c, getspwuid.c, interfaces.c:
30920: 	kill perror("malloc") since we already have a good error messages
30921: 	pw_ent -> pw for brevity
30922: 	[7193fdb38cf9]
30923: 
30924: 1998-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
30925: 
30926: 	* tgetpass.c:
30927: 	the prompt is expanded before tgetpass is called
30928: 	[0f408f508041]
30929: 
30930: 	* sudo.h:
30931: 	tgetpass now has the same args as getpass again
30932: 	[b6778cd9d79f]
30933: 
30934: 	* getspwuid.c:
30935: 	add iscomsec, issecure support
30936: 	[007be7ec7ae7]
30937: 
30938: 	* check.c:
30939: 	we now expand any %h or %u in the prompt before passing to tgetpass
30940: 	[f3db8c9ee387]
30941: 
30942: 	* configure.in:
30943: 	add check for syslog(3) in -lsocket, -lnsl, -linet
30944: 	[5a96f902ce00]
30945: 
30946: 	* config.h.in:
30947: 	add HAVE_ISCOMSEC and HAVE_ISSECURE
30948: 	[f640b0d4cf05]
30949: 
30950: 	* configure.in:
30951: 	add check for iscomsec in HP-UX
30952: 	[b28b249040f0]
30953: 
30954: 	* configure.in:
30955: 	check for issecure if we have getpwanam on SunOS some options are
30956: 	incompatible with DUNIX SIA check for dispcrypt on DUNIX
30957: 	[a49d05d9c913]
30958: 
30959: 1998-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
30960: 
30961: 	* config.h.in:
30962: 	add HAVE_DISPCRYPT
30963: 	[7376d543d8d6]
30964: 
30965: 	* secureware.c:
30966: 	add back support for non-dispcrypt based checking for older DUNIX
30967: 	[977b98e936be]
30968: 
30969: 	* INSTALL:
30970: 	sia changes
30971: 	[c5387c06e30f]
30972: 
30973: 	* configure.in:
30974: 	SIA becomes the default on Digital UNIX now havbe --disable-sia to
30975: 	turn it off...
30976: 	[3b647558ea13]
30977: 
30978: 	* check.c:
30979: 	move local includes after system ones
30980: 	[b2abad4c4aef]
30981: 
30982: 1998-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
30983: 
30984: 	* check.c, check_sia.c, sudo.h:
30985: 	add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
30986: 	stderr
30987: 	[547cbf299661]
30988: 
30989: 	* check_sia.c:
30990: 	fix while loop in sia_attempt_auth() that checks the password. Only
30991: 	the first iteration was working.
30992: 	[1886fd1ac831]
30993: 
30994: 1998-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
30995: 
30996: 	* aclocal.m4:
30997: 	don't trust UID_MAX or MAXUID
30998: 	[2aeddb1654d8]
30999: 
31000: 	* configure.in:
31001: 	fix two pastos
31002: 	[c18f0a10b75d]
31003: 
31004: 	* configure.in:
31005: 	fix typo
31006: 	[1eb3190ef12d]
31007: 
31008: 	* getspwuid.c, secureware.c:
31009: 	init crypt_type to INT_MAX since it is legal to be negative in DUNX
31010: 	5.0
31011: 	[cefbde04822d]
31012: 
31013: 	* configure.in:
31014: 	for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
31015: 	-ldb since DUNX < 4.0 lacks it
31016: 	[e6b11d971068]
31017: 
31018: 1998-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
31019: 
31020: 	* check.c, compat.h, config.h.in, configure.in, getspwuid.c,
31021: 	secureware.c, sudo.c, tgetpass.c:
31022: 	getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
31023: 	minutes if the shadow files don't exist).
31024: 	[2f297d095004]
31025: 
31026: 1998-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
31027: 
31028: 	* INSTALL:
31029: 	updated --with-editor blurb
31030: 	[77d8a3ea7328]
31031: 
31032: 	* TROUBLESHOOTING:
31033: 	tell how to put sudoers in a different dir
31034: 	[456cd20eb1d0]
31035: 
31036: 	* configure.in:
31037: 	add missing quotes around $with_editor
31038: 	[22881748ab1b]
31039: 
31040: 	* configure.in:
31041: 	typo in --with-editor bits
31042: 	[ab6964580681]
31043: 
31044: 	* INSTALL:
31045: 	I don't expect it to work on Solaris
31046: 	[1c2fceaaf56e]
31047: 
31048: 	* check.c:
31049: 	add back security/pam_misc.h
31050: 	[6ffd30033c1e]
31051: 
31052: 1998-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
31053: 
31054: 	* INSTALL:
31055: 	remove dunix note since configure checks for this now
31056: 	[e9904512b8e8]
31057: 
31058: 	* configure.in:
31059: 	add check for broken dunix prot.h (4.0 < 4.0D is bad)
31060: 	[8a4c1e6aef3b]
31061: 
31062: 	* getspwuid.c, secureware.c, tgetpass.c:
31063: 	new dunix shadow code, use dispcrypt(3)
31064: 	[1b936bc7268c]
31065: 
31066: 	* config.h.in:
31067: 	add HAVE_INITPRIVS
31068: 	[4369f4c4f914]
31069: 
31070: 	* sudo.c:
31071: 	call initprivs() if we have it for getprpwuid later on
31072: 	[11cf5915d826]
31073: 
31074: 	* Makefile.in:
31075: 	clean pathnames.h too
31076: 	[5f1df3262613]
31077: 
31078: 	* configure.in:
31079: 	quote "Sorry, try again." with [] since it has a comma in it set
31080: 	LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
31081: 	getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
31082: 	initprivs later.
31083: 	[e226b0a3f250]
31084: 
31085: 	* INSTALL:
31086: 	update Digital UNIX note about acl.h
31087: 	[80132b71d73a]
31088: 
31089: 	* INSTALL:
31090: 	add --with-sia
31091: 	--without-root-sudo -> --disable-root-sudo some reordering
31092: 	[198386358818]
31093: 
31094: 	* secureware.c:
31095: 	add whitespace
31096: 	[4aadaf1a54b0]
31097: 
31098: 	* Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
31099: 	add SIA support
31100: 	[fa3ddbb9cc51]
31101: 
31102: 	* check_sia.c:
31103: 	Initial revision
31104: 	[2968551d40e4]
31105: 
31106: 1998-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
31107: 
31108: 	* configure.in:
31109: 	when checking for -lsocket, -lnsl, and -linet, check for the
31110: 	specific functions we need from them.
31111: 	[8d33e64362a3]
31112: 
31113: 	* config.h.in, sudo.h:
31114: 	move Syslog_* defs into sudo.h
31115: 	[03d1774f25c7]
31116: 
31117: 	* Makefile.in, sudo.h:
31118: 	added check_secureware
31119: 	[e46e3cbb9a97]
31120: 
31121: 	* configure.in:
31122: 	finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
31123: 	[dbefe1856503]
31124: 
31125: 	* insults.h:
31126: 	don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
31127: 	defined. configure now does that for us
31128: 	[e4520ea0581f]
31129: 
31130: 	* configure.in:
31131: 	move some --with options around change a bunch of echo's to
31132: 	AC_MSG_CHECKING, AC_MSG_RESULT pairs
31133: 	[ffdf6869fdd7]
31134: 
31135: 	* configure.in:
31136: 	change $with_foo-bar -> $with_foo_bar kill extra " that caused a
31137: 	syntax error add some echo verbage
31138: 	[3278c49bf74b]
31139: 
31140: 1998-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
31141: 
31142: 	* check.c:
31143: 	moved SecureWare stuff into secureware.c
31144: 	[42d3d3ac35dc]
31145: 
31146: 	* secureware.c:
31147: 	Initial revision
31148: 	[aa7f72a249cf]
31149: 
31150: 	* INSTALL:
31151: 	update url to solaris gcc bins
31152: 	[36a3eb668777]
31153: 
31154: 	* INSTALL:
31155: 	change option formatter and flesh out someentries
31156: 	[6fbd1db4a8ad]
31157: 
31158: 	* TROUBLESHOOTING, sudo.pod, visudo.pod:
31159: 	environmental variable -> environment variable
31160: 	[6f14d708e32d]
31161: 
31162: 	* BUGS:
31163: 	everything is now done via configure
31164: 	[c217858f58ab]
31165: 
31166: 	* README:
31167: 	prev rev was 1.5.6
31168: 	[7b4177103c35]
31169: 
31170: 	* Makefile.in:
31171: 	passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
31172: 	[31c6b0a5e0e2]
31173: 
31174: 	* config.h.in:
31175: 	SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
31176: 	[d406a1ef6d25]
31177: 
31178: 	* Makefile.in:
31179: 	merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
31180: 	sudoers_mode from configure
31181: 	[1c509500655a]
31182: 
31183: 	* configure.in:
31184: 	SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
31185: 	the Makefile, not config.h
31186: 	[d4482f1492fe]
31187: 
31188: 	* INSTALL:
31189: 	document all --with/--enable options
31190: 	[22d81b312d7f]
31191: 
31192: 1998-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
31193: 
31194: 	* insults.h:
31195: 	options.h is no more
31196: 	[560946a33f7f]
31197: 
31198: 	* config.h.in:
31199: 	assimilated options.h
31200: 	[dd8ce74613c1]
31201: 
31202: 	* configure.in:
31203: 	moved options from options.h to configure
31204: 	[d39662f71b4e]
31205: 
31206: 	* check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
31207: 	logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
31208: 	sudo_setenv.c, visudo.c:
31209: 	no more options.h
31210: 	[43924bf0858d]
31211: 
31212: 	* INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
31213: 	remove references to options.h
31214: 	[ef3474295395]
31215: 
31216: 	* dce_pwent.c, interfaces.c, sudo.c:
31217: 	kill sys/time.h
31218: 	[4d833f0034e4]
31219: 
31220: 	* tgetpass.c:
31221: 	if select return < -1 still prompt for pw
31222: 	[e0009e5c93a2]
31223: 
31224: 	* options.h:
31225: 	convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
31226: 	configure options
31227: 	[e60a1e546516]
31228: 
31229: 	* parse.c:
31230: 	FAST_MATCH is no longer an optino
31231: 	[c448dbb3464b]
31232: 
31233: 	* check.c:
31234: 	remove_timestamp() if timestamp is preposterous
31235: 	[70d9a86c6ecd]
31236: 
31237: 	* options.h:
31238: 	convert more options to --with/--enable
31239: 	[34646d9b09dc]
31240: 
31241: 	* INSTALL, aclocal.m4:
31242: 	logfile -> logpath
31243: 	[42de502bc637]
31244: 
31245: 	* configure.in:
31246: 	convert more options into --with and --enable
31247: 	[92d0898c9844]
31248: 
31249: 	* tgetpass.c:
31250: 	catch EINTR in select and restart
31251: 	[f045d2f234d7]
31252: 
31253: 	* logging.c:
31254: 	sys/errno -> errno
31255: 	[7f0c5beab6f2]
31256: 
31257: 1998-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
31258: 
31259: 	* sudo.c:
31260: 	UMASK -> SUDO_UMASK.
31261: 	[48f308661514]
31262: 
31263: 	* check.c, logging.c:
31264: 	time.h, not sys/time.h
31265: 	[91de049c79e4]
31266: 
31267: 1998-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
31268: 
31269: 	* logging.c:
31270: 	MAILER -> _PATH_SENDMAIL
31271: 	[df65d6896639]
31272: 
31273: 	* INSTALL, configure.in:
31274: 	no more --with-C2, now it is --disable-shadow
31275: 	[18bfcab3b9ab]
31276: 
31277: 	* aclocal.m4, check.c, compat.h, config.h.in, configure.in,
31278: 	getspwuid.c, sudo.c, tgetpass.c:
31279: 	new shadow password scheme. Always include shadow support if the
31280: 	platform supports it and the user did not disable it via configure
31281: 	[2135d93bb4a9]
31282: 
31283: 1998-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
31284: 
31285: 	* configure.in:
31286: 	--with-getpass -> --{enable,disable}-tgetpass
31287: 	[451b33fdd4c7]
31288: 
31289: 	* Makefile.in:
31290: 	pathnames.h -> pathnames.h.in
31291: 	[b109022eca69]
31292: 
31293: 	* check.c:
31294: 	fix version string
31295: 	[761b25c314ea]
31296: 
31297: 	* check.c:
31298: 	move pam_conv to be static to auth function remove pam_misc.h
31299: 	(solaris doesn't have one)
31300: 	[a682e4da987a]
31301: 
31302: 	* aclocal.m4:
31303: 	_CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
31304: 	[e6005d0599b5]
31305: 
31306: 	* configure.in:
31307: 	munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
31308: 	[24c0ac2155ef]
31309: 
31310: 	* pathnames.h.in:
31311: 	convert to pathnames.h.in
31312: 	[013bddf7f684]
31313: 
31314: 1998-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
31315: 
31316: 	* configure.in:
31317: 	fix typo in sysv4 matching case /.
31318: 	[2994c4f88cf5]
31319: 
31320: 1998-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
31321: 
31322: 	* check.c:
31323: 	pam stuff needs to run as root, not user, for shadow passwords
31324: 	[d94ff75de503]
31325: 
31326: 1998-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
31327: 
31328: 	* BUGS, INSTALL, README, configure.in:
31329: 	updated version
31330: 	[775adc7de7ac]
31331: 
31332: 	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31333: 	emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
31334: 	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
31335: 	logging.c, options.h, parse.c, parse.lex, parse.yacc,
31336: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31337: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
31338: 	updated version
31339: 	[5ca599fb6b93]
31340: 
31341: 	* check.c:
31342: 	user version.h for long message
31343: 	[47a52ac7e542]
31344: 
31345: 	* check.c:
31346: 	this is version 1.5.6
31347: 	[8451ac79eee2]
31348: 
31349: 1998-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
31350: 
31351: 	* Makefile.in:
31352: 	remove errant backslash
31353: 	[0222a8a650ff]
31354: 
31355: 1998-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
31356: 
31357: 	* options.h, parse.yacc, pathnames.h.in:
31358: 	fix version string
31359: 	[fdee73255d64] [SUDO_1_5_6]
31360: 
31361: 	* BUGS, CHANGES, TODO:
31362: 	updtaed for 1.5.6
31363: 	[752443bf7f26]
31364: 
31365: 	* RUNSON:
31366: 	updated for 1.5.6
31367: 	[0f878123fe6a]
31368: 
31369: 1998-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
31370: 
31371: 	* interfaces.c:
31372: 	kill unused localhost_mask var copy if name to ifr_tmp after we zero
31373: 	it
31374: 	[8e89c364cef2]
31375: 
31376: 1998-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
31377: 
31378: 	* INSTALL:
31379: 	Better description of new vs. old sudoers modes fix some typos
31380: 	better description of /usr/ucb/cc gotchas on slowaris
31381: 	[c00b2a6fc1e8]
31382: 
31383: 	* Makefile.in:
31384: 	add sample.pam
31385: 	[ec7f6cc19b00]
31386: 
31387: 	* sudo.c:
31388: 	set NewArgv[0] to user_shell, not basename(user_shell)
31389: 	[1e907cbc9f7b]
31390: 
31391: 1998-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
31392: 
31393: 	* README:
31394: 	mention TROUBLESHOOTING more fix some typos
31395: 	[2c2e6907d4a4]
31396: 
31397: 	* configure.in:
31398: 	move --enable/--disable to be after --with
31399: 	[9b30097f76c1]
31400: 
31401: 	* INSTALL:
31402: 	document --enable/--disable
31403: 	[c522362e38a8]
31404: 
31405: 	* INSTALL:
31406: 	document --with-pam
31407: 	[7e38932c78ac]
31408: 
31409: 1998-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
31410: 
31411: 	* configure.in:
31412: 	Add message for pam users
31413: 	[d224f277e3cd]
31414: 
31415: 	* sample.pam:
31416: 	Initial revision
31417: 	[3a84d7045f54]
31418: 
31419: 	* config.h.in:
31420: 	fix HAVE_PAM
31421: 	[2f0f303ebd88]
31422: 
31423: 	* check.c, config.h.in, configure.in:
31424: 	pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
31425: 	[ea3e0a72d707]
31426: 
31427: 1998-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
31428: 
31429: 	* config.h.in:
31430: 	add HOST_IN_LOG and WRAP_LOG
31431: 	[822c36eeb6a8]
31432: 
31433: 	* logging.c:
31434: 	add WRAP_LOG and HOST_IN_LOG
31435: 	[3cf6052bd27e]
31436: 
31437: 	* configure.in:
31438: 	add --enable-log-host and --enable-log-wrap
31439: 	[c968cc12b353]
31440: 
31441: 	* aclocal.m4:
31442: 	use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
31443: 	[915fef7e11a1]
31444: 
31445: 1998-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
31446: 
31447: 	* compat.h:
31448: 	add howmany macro
31449: 	[9107a057a7c8]
31450: 
31451: 	* tgetpass.c:
31452: 	include sys/param.h to get howmany macro
31453: 	[7e908b5e1f32]
31454: 
31455: 1998-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
31456: 
31457: 	* OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
31458: 	add RUNAS_DEFAULT
31459: 	[1e76398ea3fd]
31460: 
31461: 1998-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
31462: 
31463: 	* fnmatch.c:
31464: 	bring in stdio.h for NULL
31465: 	[69c016610cbb]
31466: 
31467: 	* aclocal.m4:
31468: 	allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
31469: 	[15ab2972f8d0]
31470: 
31471: 	* sudo.c:
31472: 	use HAVE_SET_AUTH_PARAMETERS
31473: 	[8abfdc8c80f7]
31474: 
31475: 	* config.h.in:
31476: 	add HAVE_SET_AUTH_PARAMETERS
31477: 	[673a5ebd5539]
31478: 
31479: 	* configure.in:
31480: 	add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
31481: 	[a401f5a7469a]
31482: 
31483: 	* config.sub:
31484: 	add support for HI-UX/MPP SR220001 02-03 0 SR2201
31485: 	[cb657b7acaae]
31486: 
31487: 	* interfaces.c:
31488: 	initialize previfname
31489: 	[26a1902f56dc]
31490: 
31491: 	* interfaces.c:
31492: 	Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
31493: 	it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
31494: 	kludging it
31495: 	[fa5c890c313b]
31496: 
31497: 	* configure.in:
31498: 	typo
31499: 	[bff579fbe95c]
31500: 
31501: 	* Makefile.in:
31502: 	don't need special build line for sudo.tab.o
31503: 	[10c0a0a912e4]
31504: 
31505: 	* Makefile.in:
31506: 	don't clean sudo.tab.[ch]
31507: 	[c40d5968efbb]
31508: 
31509: 	* sudo.c:
31510: 	Sudo should prompt for a password before telling the user that a
31511: 	command could not be found.
31512: 	[d718c85a0047]
31513: 
31514: 	* BUGS:
31515: 	for 1.5.6
31516: 	[0cc1fe5b9129]
31517: 
31518: 	* INSTALL, README:
31519: 	no longer require yacc
31520: 	[d9096fc5b8b6]
31521: 
31522: 	* Makefile.in:
31523: 	typo
31524: 	[70feb1aefbd5]
31525: 
31526: 	* Makefile.in:
31527: 	y.tab -> sudo.tab include pre-yacc'd parse.yacc
31528: 	[cc802025fd44]
31529: 
31530: 	* parse.lex:
31531: 	include sudo.tab.h, not y.tab.h don't break out of command args if
31532: 	you get a '='
31533: 	[728ad26dbda5]
31534: 
31535: 	* insults.h:
31536: 	fix version ,
31537: 	[242bbce1b2d4]
31538: 
31539: 	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
31540: 	fix version
31541: 	[2bb9086fea1e]
31542: 
31543: 	* compat.h:
31544: 	fix version
31545: 	[7e634d498ce6]
31546: 
31547: 	* getcwd.c:
31548: 	getcwd(3) from OpenBSD for those without it.
31549: 	[6c68d0df8f6c]
31550: 
31551: 	* sudo.h:
31552: 	HAVE_GETWD -> HAVE_GETCWD
31553: 	[2ad1e64d60c0]
31554: 
31555: 	* configure.in:
31556: 	pretend sunos doesn't have getcwd(3) since it opens a pipe to
31557: 	getpwd!
31558: 	[677992ba5a6a]
31559: 
31560: 	* parse.c:
31561: 	use NAMLEN() macro
31562: 	[8f5685aa3165]
31563: 
31564: 	* fnmatch.c:
31565: 	remove duplicate include of string.h
31566: 	[6024f3051ac3]
31567: 
31568: 	* configure.in:
31569: 	call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
31570: 	[3d82a9c22cc2]
31571: 
31572: 	* aclocal.m4:
31573: 	add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
31574: 	[53fbc47282f9]
31575: 
31576: 	* config.h.in:
31577: 	add dev_t and ino_t
31578: 	[5929bb0c7e1a]
31579: 
31580: 1998-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
31581: 
31582: 	* check.c:
31583: 	fix OTP_ONLY for opie
31584: 	[7edcfa78f2ec]
31585: 
31586: 1998-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
31587: 
31588: 	* testsudoers.c, tgetpass.c:
31589: 	include stdlib.h for malloc proto
31590: 	[c9f4b99a2fe9]
31591: 
31592: 1998-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
31593: 
31594: 	* Makefile.in:
31595: 	make update_version saner
31596: 	[d522f93ee04a]
31597: 
31598: 	* config.h.in:
31599: 	add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
31600: 	[c9a2d21dc608]
31601: 
31602: 	* configure.in:
31603: 	check for waitpid and wait3 or no waitpid
31604: 	[1f18c3224184]
31605: 
31606: 	* logging.c:
31607: 	used waitpid or wait3 if we have 'em
31608: 	[391c3279ee65]
31609: 
31610: 1998-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
31611: 
31612: 	* visudo.c:
31613: 	fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
31614: 	[fbf53b18178f]
31615: 
31616: 1998-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
31617: 
31618: 	* configure.in:
31619: 	don't need to explicately mention -lsocket -lnsl for sequent
31620: 	[1898dc055352]
31621: 
31622: 1998-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
31623: 
31624: 	* configure.in:
31625: 	dynix should not link with -linet
31626: 	[278a4b9cfe2a]
31627: 
31628: 1998-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
31629: 
31630: 	* INSTALL:
31631: 	mention that HP-UX doesn't ship with yacc
31632: 	[bde5147198c0]
31633: 
31634: 1998-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
31635: 
31636: 	* check.c:
31637: 	ignore kerberos if we can't get the local realm
31638: 	[1e311a091a27]
31639: 
31640: 1998-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
31641: 
31642: 	* BUGS, INSTALL, README, configure.in:
31643: 	++version
31644: 	[499ffc746018]
31645: 
31646: 	* version.h:
31647: 	++
31648: 	[35ba1ee01bd3]
31649: 
31650: 	* Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
31651: 	find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
31652: 	logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
31653: 	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
31654: 	updated version
31655: 	[b4990a513f31]
31656: 
31657: 	* check.c, sudo.h:
31658: 	fix version
31659: 	[5710795834e8]
31660: 
31661: 	* getcwd.c:
31662: 	don't use popen/pclose. Do it inline.
31663: 	[29e57b0646a4]
31664: 
31665: 	* lsearch.c:
31666: 	add rcsid
31667: 	[b2b55c39858d]
31668: 
31669: 	* sudo.c:
31670: 	typo
31671: 	[d381ac39ed0f]
31672: 
31673: 	* check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
31674: 	ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
31675: 	sudo.h:
31676: 	updated version
31677: 	[462d6e1a2d75]
31678: 
31679: 	* check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
31680: 	MAX* + 1 -> MAX*
31681: 	[2c2eeb78d34f]
31682: 
31683: 	* Makefile.in:
31684: 	getwd.c -> getcwd.c
31685: 	[7d718c32fc02]
31686: 
31687: 	* config.h.in:
31688: 	kill HAVE_GETWD
31689: 	[6ad3d702343f]
31690: 
31691: 	* configure.in:
31692: 	getcwd, not getwd
31693: 	[33e5b9841f58]
31694: 
31695: 	* getcwd.c:
31696: 	use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
31697: 	purpose
31698: 	[24e58d340161]
31699: 
31700: 1998-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
31701: 
31702: 	* OPTIONS, options.h:
31703: 	add STUB_LOAD_INTERFACES
31704: 	[d747cb23ca83]
31705: 
31706: 	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31707: 	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31708: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31709: 	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31710: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31711: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
31712: 	updated version
31713: 	[0798229312cc]
31714: 
31715: 	* configure.in:
31716: 	support *-ccur-sysv4 and fix two typos
31717: 	[24a823ad7cc9]
31718: 
31719: 1998-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
31720: 
31721: 	* configure.in:
31722: 	don't echo about with_logfile and with_timedir
31723: 	[31e4a1e2d9ad]
31724: 
31725: 	* INSTALL:
31726: 	document --with-logfile and --with-timedir
31727: 	[674f811a40e0]
31728: 
31729: 	* aclocal.m4:
31730: 	support --with-logfile and --with-timedir
31731: 	[2fc36b35db12]
31732: 
31733: 	* configure.in:
31734: 	Add --with-logfile and --with-timedir
31735: 	[09045bf07e29]
31736: 
31737: 	* sudo.c:
31738: 	change size computation of NewArgv for UNICOS
31739: 	[b50df07da3a1]
31740: 
31741: 1998-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
31742: 
31743: 	* configure.in:
31744: 	treate -*-sysv4* like *-*-svr4
31745: 	[471b7ef4dbf2]
31746: 
31747: 1998-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
31748: 
31749: 	* configure.in:
31750: 	fix spacing for --with-authenticate help
31751: 	[8321cb37c410]
31752: 
31753: 	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31754: 	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31755: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31756: 	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31757: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31758: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
31759: 	updated version
31760: 	[dc1ab97312eb]
31761: 
31762: 	* parse.yacc:
31763: 	fix off by one error in push macro
31764: 	[bece59c8c3a9]
31765: 
31766: 1998-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
31767: 
31768: 	* configure.in:
31769: 	removed bogus alloca hack
31770: 	[a68dd720462d]
31771: 
31772: 	* check.c:
31773: 	added AIX 4.x authenticate() support
31774: 	[12985eb448a0]
31775: 
31776: 	* parse.yacc:
31777: 	include alloca.h if using bison and not gcc and it exists. fixes an
31778: 	alloca problem on hpux 10.x
31779: 	[e3b5c4f26072]
31780: 
31781: 	* INSTALL:
31782: 	mention --with-authenticate
31783: 	[78a1c96820e7]
31784: 
31785: 	* configure.in:
31786: 	added AIX authenticate() support
31787: 	[c983193ec252]
31788: 
31789: 	* config.h.in:
31790: 	add HAVE_AUTHENTICATE
31791: 	[7b0e5f5db5d9]
31792: 
31793: 	* interfaces.c:
31794: 	dynamically size ifconf buffer
31795: 	[10afb0e9b2f9]
31796: 
31797: 	* configure.in:
31798: 	quote '[' and ']'
31799: 	[8fc38a4defad]
31800: 
31801: 	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31802: 	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31803: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31804: 	logging.c, options.h, parse.c, parse.lex, parse.yacc,
31805: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31806: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
31807: 	updated version
31808: 	[5f66de71ec61]
31809: 
31810: 	* visudo.pod:
31811: 	add ERRORS section
31812: 	[3df3edb73cf6]
31813: 
31814: 1998-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
31815: 
31816: 	* TROUBLESHOOTING:
31817: 	add busy stmp file explanation
31818: 	[6c555d469b6f]
31819: 
31820: 1998-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
31821: 
31822: 	* configure.in:
31823: 	the name of the cached var that signals whether or not you are cross
31824: 	compiling changed. It is now ac_cv_prog_cc_cross
31825: 	[123911c0658c]
31826: 
31827: 1998-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
31828: 
31829: 	* INSTALL:
31830: 	mention glibc 2.07 is fixed wrt lsearch()\.
31831: 	[ded758524582]
31832: 
31833: 1998-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
31834: 
31835: 	* sample.sudoers, sudoers.pod:
31836: 	better example of su but not root su
31837: 	[b3199610be21]
31838: 
31839: 1998-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
31840: 
31841: 	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
31842: 	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
31843: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
31844: 	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
31845: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
31846: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
31847: 	updated version
31848: 	[46922b84e86b]
31849: 
31850: 	* Makefile.in:
31851: 	correct regexp for updating version
31852: 	[8032728b2a8a]
31853: 
31854: 	* tgetpass.c:
31855: 	remove bogus flush of stderr spew prompt before turning off echo.
31856: 	Seems to fix a weird problem where if sudo complained about a bogus
31857: 	stamp file the user would sometimes not have a chance to enter a
31858: 	password
31859: 	[7aa1493cc141]
31860: 
31861: 	* check.c:
31862: 	fix bogus flush of stderr
31863: 	[6d047871c5e8]
31864: 
31865: 	* sudo.c:
31866: 	close fd's <=2 not <=3 and move that chunk of code up
31867: 	[553e4faac195]
31868: 
31869: 	* configure.in:
31870: 	support hpux1[0-9] not just hpux10
31871: 	[5a34a000ff8a]
31872: 
31873: 1998-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
31874: 
31875: 	* parse.c:
31876: 	set sudoers_fp to nil after closing
31877: 	[221a8b4bbf34]
31878: 
31879: 1998-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
31880: 
31881: 	* config.guess, config.sub:
31882: 	updated from autoconf 2.12
31883: 	[6fc86a0fc61b]
31884: 
31885: 	* configure.in:
31886: 	add *-*-svr4 rule
31887: 	[38f0427f7c9d]
31888: 
31889: 1998-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
31890: 
31891: 	* tgetpass.c:
31892: 	fix select usage for high fd's (dynamically allocate readfds)
31893: 	[c2d1f76e0321]
31894: 
31895: 	* check.c:
31896: 	kill extra whitespace
31897: 	[d784b6c9c514]
31898: 
31899: 	* sudo.c:
31900: 	do an initgroups() before running a command, unless the target user
31901: 	is root.
31902: 	[4ca561287480]
31903: 
31904: 1998-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
31905: 
31906: 	* TROUBLESHOOTING:
31907: 	tell people to use tabs, not spaces, in syslog.conf
31908: 	[8ae90a205134]
31909: 
31910: 1998-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
31911: 
31912: 	* Makefile.in, config.h.in, dce_pwent.c, emul/utime.h, getwd.c,
31913: 	parse.lex, putenv.c, strdup.c, testsudoers.c, utime.c:
31914: 	updated version
31915: 	[4d855ff5de26]
31916: 
31917: 	* check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
31918: 	logging.c, parse.c, sudo.c, sudo_setenv.c, tgetpass.c, visudo.c:
31919: 	updated version
31920: 	[8e007e178b33]
31921: 
31922: 	* compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
31923: 	insults.h, options.h, parse.yacc, pathnames.h.in, sudo.h:
31924: 	updated version
31925: 	[9ddea5c8814d]
31926: 
31927: 	* Makefile.in:
31928: 	more tweaks to update_version
31929: 	[047698752855]
31930: 
31931: 	* Makefile.in:
31932: 	fixed up update_version rule
31933: 	[47b6fa34b77f]
31934: 
31935: 	* configure.in:
31936: 	++version
31937: 	[c1ca664e30b7]
31938: 
31939: 	* Makefile.in:
31940: 	removed supe of check.c
31941: 	[8f340a05296a]
31942: 
31943: 	* INSTALL:
31944: 	++version I missed
31945: 	[a298e6c17491]
31946: 
31947: 	* RUNSON:
31948: 	updated
31949: 	[a14f6057bc15]
31950: 
31951: 	* BUGS, INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
31952: 	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, getwd.c,
31953: 	goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
31954: 	insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
31955: 	parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
31956: 	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
31957: 	visudo.c:
31958: 	updated version
31959: 	[02231b1a3ab3]
31960: 
31961: 	* CHANGES:
31962: 	updated for 1.5.5
31963: 	[634e5fcaf40b]
31964: 
31965: 	* Makefile.in:
31966: 	add rules to update version stuff in files so I don't need to do it
31967: 	by hand
31968: 	[3620ad60485a]
31969: 
31970: 	* sudo.h:
31971: 	sudoers_fp is now extern
31972: 	[88c6e9b9ea84]
31973: 
31974: 	* sudo.c:
31975: 	in check_sudoers, cache the sudoers file handle in sudoers_fp so we
31976: 	don't have to open it again in the parse. This may help with weird
31977: 	solaris problems where EAGAIN sometime occurrs.
31978: 	[d3c26451ed1d]
31979: 
31980: 	* parse.c:
31981: 	sudoers file open is now done only in check_sudoers() so we just do
31982: 	a rewind() instead of an open. May help people on solaris who were
31983: 	getting EAGAIN.
31984: 	[c8b8c7722fa5]
31985: 
31986: 1998-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
31987: 
31988: 	* INSTALL:
31989: 	mention that newer glibc is fixed
31990: 	[20f06f5d3ef3]
31991: 
31992: 1998-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
31993: 
31994: 	* sudo.c:
31995: 	newer irix uses _RLDN32_* envariables for 32-bit binaries so ignore
31996: 	_RLD* instead of _RLD_*
31997: 	[1e22c588d602]
31998: 
31999: 	* parse.c:
32000: 	typo
32001: 	[d0b7cb85f08a]
32002: 
32003: 	* parse.c:
32004: 	fix that bug for real
32005: 	[5a6eeca6d04b]
32006: 
32007: 	* INSTALL:
32008: 	document Linux's libc6 brokenness.
32009: 	[0246c1aa64ee]
32010: 
32011: 	* parse.yacc:
32012: 	-Wall
32013: 	[d0e452fb1e2d]
32014: 
32015: 	* RUNSON:
32016: 	updated
32017: 	[4949a1bbd0a9] [SUDO_1_5_4]
32018: 
32019: 	* TROUBLESHOOTING:
32020: 	remind people to HUP syslogd
32021: 	[590962faa4f0]
32022: 
32023: 	* Makefile.in:
32024: 	add -O flag to tar
32025: 	[622d02de339d]
32026: 
32027: 	* RUNSON:
32028: 	updated
32029: 	[a72930d6e615]
32030: 
32031: 	* TODO:
32032: 	updated
32033: 	[4a51bd458390]
32034: 
32035: 	* sudo.pod:
32036: 	remove author's email addr. people should mail sudo-bugs
32037: 	[9b6bbdb3a6d9]
32038: 
32039: 	* INSTALL:
32040: 	fix version
32041: 	[246274c6c8af]
32042: 
32043: 	* README, check.c, compat.h, config.h.in, configure.in, dce_pwent.c,
32044: 	find_path.c, getspwuid.c, getwd.c, goodpath.c, ins_2001.h,
32045: 	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
32046: 	logging.c, options.h, parse.c, parse.lex, parse.yacc,
32047: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
32048: 	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
32049: 	++version
32050: 	[f532ff4ee766]
32051: 
32052: 	* RUNSON:
32053: 	updated
32054: 	[62d5c71358b5]
32055: 
32056: 	* INSTALL, Makefile.in:
32057: 	++version
32058: 	[1a7c7628edfc]
32059: 
32060: 	* CHANGES:
32061: 	updated fort 1.5.4
32062: 	[7e4873508c99]
32063: 
32064: 	* check.c:
32065: 	exit(1) if user enters no passwd
32066: 	[f382c0e35e4e]
32067: 
32068: 	* BUGS:
32069: 	++version
32070: 	[fab6a867ab67]
32071: 
32072: 	* parse.c:
32073: 	commands can start with ./* not just /* -- fixes a serious security
32074: 	hole.
32075: 	[244d2fe35ee3]
32076: 
32077: 1997-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
32078: 
32079: 	* sudo.c:
32080: 	Don't set the tty variable to NULL when we lack a tty, leave it as
32081: 	"unknown".
32082: 	[193b26daba03]
32083: 
32084: 1997-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
32085: 
32086: 	* sample.sudoers:
32087: 	fix usage of (username) in conjunction with , and !
32088: 	[7ae68607f68f]
32089: 
32090: 	* visudo.c:
32091: 	catch the case where the user is not in the passwd file
32092: 	[31650258deb0]
32093: 
32094: 	* tgetpass.c:
32095: 	use fileno(input) + 1 instead of getdtablesize() as the nfds arg to
32096: 	select(2)
32097: 	[60ab2d9a9ee8]
32098: 
32099: 	* sudo.c:
32100: 	define tty global to an initial value to avoid dumping core in
32101: 	logging functions when passwd file is unavailable.
32102: 	[77056c7bc908]
32103: 
32104: 	* sudo.c:
32105: 	do the set_perms(PERM_USER, sudo_mode) after we have gotten the
32106: 	passwd entry
32107: 	[1fdb8e579a5a]
32108: 
32109: 	* sudo.pod:
32110: 	talk about problem of ALL
32111: 	[1cd1905c9f6f]
32112: 
32113: 1997-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
32114: 
32115: 	* README:
32116: 	new web location
32117: 	[d24dc26f6da5]
32118: 
32119: 	* INSTALL:
32120: 	fdesc bug is fixed in Open/Net BSD
32121: 	[7d4d81b08ac3]
32122: 
32123: 	* HISTORY:
32124: 	updates from Nieusma
32125: 	[3a43769a1b78]
32126: 
32127: 1997-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
32128: 
32129: 	* dce_pwent.c:
32130: 	move compat.h after the system includes
32131: 	[5ea43a5968ac]
32132: 
32133: 1997-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
32134: 
32135: 	* logging.c:
32136: 	save errno from being clobbered by wait(). From Theo
32137: 	[f2d1c48cd592]
32138: 
32139: 1997-05-21  Todd C. Miller  <Todd.Miller@courtesan.com>
32140: 
32141: 	* compat.h:
32142: 	fix an occurence of setresuid -> setreuid (typo)
32143: 	[394de35c9b1c]
32144: 
32145: 1997-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
32146: 
32147: 	* install-sh:
32148: 	check for path to strip
32149: 	[2b7ef824bd55]
32150: 
32151: 1997-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
32152: 
32153: 	* logging.c:
32154: 	deal with maxfilelen < 0 case
32155: 	[f0af095178d7]
32156: 
32157: 	* OPTIONS:
32158: 	fixed descriptin
32159: 	[629f60bd4b5f]
32160: 
32161: 1996-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
32162: 
32163: 	* sudo.c:
32164: 	correct error message if mode/owner wrong and not statable by owner
32165: 	but is statable by root.
32166: 	[cb631ce2e85e]
32167: 
32168: 1996-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
32169: 
32170: 	* config.guess, config.sub:
32171: 	autoconf 2.11
32172: 	[f3cbe59e0756]
32173: 
32174: 1996-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
32175: 
32176: 	* CHANGES, RUNSON, TODO:
32177: 	sudo 1.5.3.
32178: 	[2be3229b8626]
32179: 
32180: 1996-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
32181: 
32182: 	* parse.yacc, sudo.h:
32183: 	command_alias -> generic_alias
32184: 	[c404ca8c510d] [SUDO_1_5_3]
32185: 
32186: 	* sample.sudoers:
32187: 	added Runas_Alias example and fixed syntax errors
32188: 	[c304053f4a8a]
32189: 
32190: 	* OPTIONS, options.h:
32191: 	updated MAILSUBJECT
32192: 	[18d1573fcd2a]
32193: 
32194: 	* logging.c:
32195: 	added %h expansion
32196: 	[a4bff9b284fd]
32197: 
32198: 	* INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
32199: 	configure.in, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
32200: 	goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
32201: 	insults.h, interfaces.c, logging.c, options.h, parse.c, parse.lex,
32202: 	parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h,
32203: 	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
32204: 	visudo.c:
32205: 	++version
32206: 	[211ff20f956f]
32207: 
32208: 	* BUGS, emul/utime.h:
32209: 	++version
32210: 	[cde5376579e3]
32211: 
32212: 	* sudoers.pod:
32213: 	document Runas_Alias
32214: 	[b1a58f28fb2c]
32215: 
32216: 	* visudo.pod:
32217: 	q (uid) -> Q
32218: 	[d256649a0e6b]
32219: 
32220: 	* visudo.c:
32221: 	buffer oflow checking q (uit) -> Q if yyparse() fails drop into
32222: 	whatnow
32223: 	[1cb183d15626]
32224: 
32225: 	* parse.yacc:
32226: 	add size params to sprintf
32227: 	[9228f698921f]
32228: 
32229: 	* parse.lex:
32230: 	allow trailing space after '\\' but before '\n'
32231: 	[f51dbbf69fdf]
32232: 
32233: 	* find_path.c:
32234: 	off by one error in path size check
32235: 	[a6d75ccd7632]
32236: 
32237: 	* check.c:
32238: 	sprintf paranoia
32239: 	[3ffb12d198dd]
32240: 
32241: 1996-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
32242: 
32243: 	* parse.yacc:
32244: 	fixed more_aliases
32245: 	[aab12f2a50af]
32246: 
32247: 	* visudo.c:
32248: 	now warns if killed by signal ./
32249: 	[310c186a0fd7]
32250: 
32251: 1996-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
32252: 
32253: 	* parse.yacc:
32254: 	fix Runas_Alias stuff Alias's in runas list now get expanded (but it
32255: 	is gross)
32256: 	[45590b83120f]
32257: 
32258: 	* sudo.c:
32259: 	Can now deal with SUDOERS_UID == 0 and SUDOERS_MODE == 0400
32260: 	[d53e01c14c58]
32261: 
32262: 	* parse.yacc:
32263: 	add Runas_Alias support change FOO to FOO_ALIAS (ie: USER_ALIAS)
32264: 	[7a4a040aae2d]
32265: 
32266: 	* parse.lex:
32267: 	Add Runas_Alias and simplify a rule.
32268: 	[6f794a769a37]
32269: 
32270: 	* parse.yacc:
32271: 	always store User_Alias's since they can be used inside of a runas
32272: 	list. Sigh. Really need a Runas_Alias instead.
32273: 	[3bab058a873e]
32274: 
32275: 1996-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
32276: 
32277: 	* visudo.c:
32278: 	deal with case where there is no sudoers file
32279: 	[fa38b3bb244d]
32280: 
32281: 1996-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
32282: 
32283: 	* TROUBLESHOOTING:
32284: 	added one
32285: 	[e61346d06725]
32286: 
32287: 1996-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
32288: 
32289: 	* HISTORY, testsudoers.c:
32290: 	developement -> development
32291: 	[4df55e293941]
32292: 
32293: 	* INSTALL:
32294: 	added a note
32295: 	[3845fb83dbc0]
32296: 
32297: 	* RUNSON:
32298: 	for 1.5.2
32299: 	[5489b7298942]
32300: 
32301: 	* CHANGES:
32302: 	updated
32303: 	[0741834929e6]
32304: 
32305: 1996-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
32306: 
32307: 	* PORTING:
32308: 	removed seteuid() notes
32309: 	[1010a60f281d] [SUDO_1_5_2]
32310: 
32311: 1996-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
32312: 
32313: 	* compat.h:
32314: 	better seteuid() emulatino
32315: 	[e807623b662c]
32316: 
32317: 	* configure.in:
32318: 	added check for seteuid
32319: 	[8cf9fabc6f4f]
32320: 
32321: 	* config.h.in:
32322: 	added HAVE_SETEUID
32323: 	[596db46aa828]
32324: 
32325: 1996-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
32326: 
32327: 	* configure.in:
32328: 	first stab at sequent support
32329: 	[b85a7bfcac76]
32330: 
32331: 	* config.h.in:
32332: 	added HAVE_SYS_SELECT_H
32333: 	[93ecdd042463]
32334: 
32335: 	* compat.h:
32336: 	sequent -> _SEQUENT_
32337: 	[63a38b6da98c]
32338: 
32339: 	* compat.h:
32340: 	added seteuid() macro for DYNIX
32341: 	[695bd63c5ea6]
32342: 
32343: 	* tgetpass.c:
32344: 	_AIX -> HAVE_SYS_SELECT_H
32345: 	[b31221211bc2]
32346: 
32347: 1996-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
32348: 
32349: 	* BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in, logging.c,
32350: 	parse.c, parse.lex, parse.yacc, putenv.c, strdup.c, sudo_setenv.c,
32351: 	testsudoers.c, tgetpass.c, utime.c, visudo.c:
32352: 	++version
32353: 	[8052992fd453]
32354: 
32355: 	* check.c, compat.h, dce_pwent.c, emul/utime.h, find_path.c,
32356: 	getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
32357: 	ins_csops.h, ins_goons.h, insults.h, interfaces.c, options.h,
32358: 	pathnames.h.in, version.h:
32359: 	++version
32360: 	[f7ad15e1598a]
32361: 
32362: 	* sudo.pod:
32363: 	added -H and SUDO_PS1
32364: 	[bb965241e30c]
32365: 
32366: 	* configure.in:
32367: 	use SUDO_FUNC_FNMATCH
32368: 	[6a8350d85fb2]
32369: 
32370: 	* aclocal.m4:
32371: 	added SUDO_FUNC_FNMATCH
32372: 	[45b32c91c4ba]
32373: 
32374: 	* sudo.c:
32375: 	added -H flag
32376: 	[11ebc6872fd6]
32377: 
32378: 	* sudo.h:
32379: 	added MODE_RESET_HOME /
32380: 	[67a7f8bcbbd6]
32381: 
32382: 1996-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
32383: 
32384: 	* INSTALL:
32385: 	mention OPIE
32386: 	[5723515d5bbd]
32387: 
32388: 	* options.h:
32389: 	SKEY -> OTP
32390: 	[c1d268130bc4]
32391: 
32392: 	* configure.in:
32393: 	added opie support
32394: 	[123872b41b20]
32395: 
32396: 	* compat.h, config.h.in:
32397: 	added HAVE_OPIE
32398: 	[528c71afc1e5]
32399: 
32400: 	* check.c:
32401: 	added HAVE_OPIE and changed to *_OTP_*
32402: 	[4c62f5db872a]
32403: 
32404: 	* OPTIONS:
32405: 	SKEY -> OTP
32406: 	[bd858e5e9652]
32407: 
32408: 1996-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
32409: 
32410: 	* check.c:
32411: 	moved fclose() in skey stuff.
32412: 	[11f7dc8431a6]
32413: 
32414: 1996-10-03  Todd C. Miller  <Todd.Miller@courtesan.com>
32415: 
32416: 	* putenv.c:
32417: 	index -> strchr remove unnecesary stuff
32418: 	[af2d05238062]
32419: 
32420: 	* check.c:
32421: 	now call skeychallenge() to get challenge instead of making one up
32422: 	ourselves. this way, we get extra goodies in the prompt.
32423: 	[49b770d98d3a]
32424: 
32425: 1996-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
32426: 
32427: 	* CHANGES:
32428: 	added one
32429: 	[3f5149357e2a] [SUDO_1_5_1]
32430: 
32431: 	* parse.lex:
32432: 	allow logins to start with a number (YUCK!)
32433: 	[7ed7ef324741]
32434: 
32435: 1996-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
32436: 
32437: 	* TROUBLESHOOTING:
32438: 	added soalris 2.5 vs 2.4 note
32439: 	[16160a251aae]
32440: 
32441: 	* configure.in:
32442: 	DUNIX doesn't need -lnsl
32443: 	[be924cc322c3]
32444: 
32445: 	* CHANGES:
32446: 	*** empty log message ***
32447: 	[1b2937521981]
32448: 
32449: 	* check.c, compat.h, config.h.in, dce_pwent.c, find_path.c,
32450: 	getspwuid.c, getwd.c, goodpath.c, ins_2001.h, ins_classic.h,
32451: 	ins_csops.h, ins_goons.h, insults.h, interfaces.c, logging.c,
32452: 	options.h, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
32453: 	strdup.c, sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c,
32454: 	utime.c, version.h, visudo.c:
32455: 	courtesan
32456: 	[5f203589bbfe]
32457: 
32458: 	* PORTING, README, RUNSON:
32459: 	courtesan
32460: 	[d72517f4937e]
32461: 
32462: 	* INSTALL, Makefile.in, TROUBLESHOOTING:
32463: 	courtesan
32464: 	[5c007e3c7a71]
32465: 
32466: 	* visudo.pod:
32467: 	*** empty log message ***
32468: 	[37ebe85bd4e1]
32469: 
32470: 	* sudo.pod, visudo.pod:
32471: 	courtesan
32472: 	[37f02e2130ea]
32473: 
32474: 1996-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
32475: 
32476: 	* HISTORY:
32477: 	added courtesan ./
32478: 	[b01435226276]
32479: 
32480: 1996-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
32481: 
32482: 	* sudo.c:
32483: 	added $SUDO_PROMPT support
32484: 	[cb1fa72c093d]
32485: 
32486: 1996-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
32487: 
32488: 	* check.c:
32489: 	print long skey challemged to stderr, not stdout
32490: 	[750fc775b3b2]
32491: 
32492: 1996-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
32493: 
32494: 	* CHANGES:
32495: 	updated for 1.5.1
32496: 	[9b615f393057]
32497: 
32498: 	* emul/utime.h:
32499: 	++version
32500: 	[a94de18deafb]
32501: 
32502: 1996-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
32503: 
32504: 	* RUNSON:
32505: 	updated for 1.5.1
32506: 	[4092f20ab634]
32507: 
32508: 1996-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
32509: 
32510: 	* check.c:
32511: 	use shost, not host for tgetpass
32512: 	[6061c49ff9be]
32513: 
32514: 	* sudo.pod:
32515: 	documented %u and %h
32516: 	[6d2922d29897]
32517: 
32518: 	* OPTIONS:
32519: 	documented %u and %h
32520: 	[1a71da13a864]
32521: 
32522: 	* configure.in:
32523: 	fixed typo
32524: 	[1230dec2b062]
32525: 
32526: 	* INSTALL, Makefile.in, README, check.c, compat.h, config.h.in,
32527: 	dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
32528: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
32529: 	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
32530: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
32531: 	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
32532: 	++version
32533: 	[65ce8eabf77a]
32534: 
32535: 	* BUGS:
32536: 	++version
32537: 	[afecab53aab7]
32538: 
32539: 1996-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
32540: 
32541: 	* Makefile.in, configure.in, version.h:
32542: 	++version
32543: 	[fb3ff940d672]
32544: 
32545: 	* sudo.h:
32546: 	new tgetpass() params
32547: 	[9eccc5b0f8ae]
32548: 
32549: 	* check.c:
32550: 	pass use and host to tgetpass
32551: 	[c56d9d13c401]
32552: 
32553: 	* tgetpass.c:
32554: 	added %u and %h escapes
32555: 	[04ae775d3e5d]
32556: 
32557: 	* OPTIONS, check.c, options.h:
32558: 	added NO_MESSAGE
32559: 	[3927dad19057]
32560: 
32561: 	* configure.in:
32562: 	added cray (unicos) support
32563: 	[1122210c5fb1]
32564: 
32565: 1996-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
32566: 
32567: 	* OPTIONS, options.h, sudo.c:
32568: 	added SHELL_SETS_HOME
32569: 	[0b26909b0929]
32570: 
32571: 1996-08-25  Todd C. Miller  <Todd.Miller@courtesan.com>
32572: 
32573: 	* INSTALL:
32574: 	added note about "make install"
32575: 	[7e56ea76d4b4]
32576: 
32577: 	* parse.yacc:
32578: 	changed length/size params from int to size_t
32579: 	[5654e5ceb1b3]
32580: 
32581: 	* OPTIONS:
32582: 	now get CSOPS insults as well by default
32583: 	[297323d0179a]
32584: 
32585: 	* insults.h:
32586: 	use csops insults too by default
32587: 	[07fafc136169]
32588: 
32589: 	* INSTALL, Makefile.in, README, config.h.in, configure.in, version.h:
32590: 	version = 1.5
32591: 	[4b8772b11e3b]
32592: 
32593: 	* sudo.c:
32594: 	added runas_homedir
32595: 	[b0e0d4417a15]
32596: 
32597: 	* TODO:
32598: 	updated for 1.5
32599: 	[66259df825d5]
32600: 
32601: 	* RUNSON:
32602: 	updated for 1.5
32603: 	[e08bc9ebfe95]
32604: 
32605: 	* CHANGES:
32606: 	1.5 release
32607: 	[8c16942fea41]
32608: 
32609: 	* INSTALL:
32610: 	added "upgrading" notes
32611: 	[210d968964ff]
32612: 
32613: 1996-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
32614: 
32615: 	* visudo.c:
32616: 	now do chmod and chown after edit of temp file and before rename
32617: 	[de174e34faa7] [SUDO_1_5_0]
32618: 
32619: 1996-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
32620: 
32621: 	* Makefile.in:
32622: 	++version added INSTALL.configure
32623: 	[c9e9214f52ae]
32624: 
32625: 	* configure.in, version.h:
32626: 	++version
32627: 	[5985abed3eb2]
32628: 
32629: 	* TROUBLESHOOTING:
32630: 	*** empty log message ***
32631: 	[d65c540ec52e]
32632: 
32633: 	* parse.yacc:
32634: 	added missing cast
32635: 	[e7247319a7d5]
32636: 
32637: 	* sudo.c:
32638: 	sets $HOME to pw_dir of runas user
32639: 	[d3f7f4d05752]
32640: 
32641: 	* sudo.pod:
32642: 	document $HOME change
32643: 	[854454d458c4]
32644: 
32645: 1996-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
32646: 
32647: 	* sudo.pod:
32648: 	fixed up some wording
32649: 	[b0c8582f2c97]
32650: 
32651: 	* check.c, dce_pwent.c, find_path.c, getspwuid.c, getwd.c, goodpath.c,
32652: 	interfaces.c, logging.c, parse.c, parse.lex, parse.yacc, putenv.c,
32653: 	strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
32654: 	visudo.c:
32655: 	++version
32656: 	[748be723fd8b]
32657: 
32658: 	* compat.h, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
32659: 	insults.h, options.h, pathnames.h.in, sudo.h:
32660: 	++version
32661: 	[acdf8b1b2a1b]
32662: 
32663: 	* emul/utime.h:
32664: 	++version
32665: 	[b3f35298ab8d]
32666: 
32667: 	* sudo.h:
32668: 	name nad type changes
32669: 	[db24ab3da141]
32670: 
32671: 	* testsudoers.c:
32672: 	now works with new sudo
32673: 	[379346c42cc2]
32674: 
32675: 	* parse.yacc:
32676: 	fixed some XXX
32677: 	[f5fe4c990052]
32678: 
32679: 	* parse.yacc:
32680: 	some variable name changes + comment headers for functions.
32681: 	[3dc3bd9aa73d]
32682: 
32683: 	* tgetpass.c:
32684: 	added extra paren's to make compilers happy
32685: 	[9e4968a34d56]
32686: 
32687: 	* sudo.c:
32688: 	*** empty log message ***
32689: 	[70c924c1ed69]
32690: 
32691: 	* parse.c:
32692: 	now uses init_parser() if not in sudoers and tries "list" or
32693: 	"validate" scold but don't be nasty.
32694: 	[c0d8fb3f8c9e]
32695: 
32696: 	* TROUBLESHOOTING:
32697: 	now can use upper case login names
32698: 	[c772fffcefe5]
32699: 
32700: 	* visudo.c:
32701: 	now uses init_parser()
32702: 	[b9efae7243fd]
32703: 
32704: 	* INSTALL, README:
32705: 	updated
32706: 	[27dc8283fdc8]
32707: 
32708: 	* PORTING:
32709: 	added info about PASSWORD_TIMEOUT
32710: 	[980e15d892f8]
32711: 
32712: 	* INSTALL.configure:
32713: 	Initial revision
32714: 	[8292e89a08d3]
32715: 
32716: 	* BUGS:
32717: 	fixed a bug ,
32718: 	[c6e46f5624f9]
32719: 
32720: 	* parse.yacc:
32721: 	now dynamically allocates memory for the stacks -- no more
32722: 	overflows!
32723: 	[8615c35b6ad3]
32724: 
32725: 	* sudo.pod:
32726: 	-l now explands command aliases
32727: 	[39f45605935d]
32728: 
32729: 	* parse.yacc:
32730: 	hacks to expand command aliases for `sudo -l'
32731: 	[e4eb752608f9]
32732: 
32733: 	* sudo.c:
32734: 	remove $ENV and $BASH_ENV (dangerous in ksh, posix sh, and bash)
32735: 	[01327ca5084b]
32736: 
32737: 	* sudo.h:
32738: 	added struct command_alias
32739: 	[dd2f32764082]
32740: 
32741: 	* sudo.pod:
32742: 	fixed a bug
32743: 	[e708ff08d2eb]
32744: 
32745: 	* lsearch.c:
32746: 	in compar() key should be first arg
32747: 	[fc14c3fa62ee]
32748: 
32749: 1996-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
32750: 
32751: 	* BUGS:
32752: 	fixed some bugs
32753: 	[639dfe425bd5]
32754: 
32755: 	* parse.yacc:
32756: 	can now deal with upcase HOST and USER names
32757: 	[c6aa7bcfb00d]
32758: 
32759: 	* sudo.c:
32760: 	don't yell too loudly at non-sudoers if they do "sudo -l"
32761: 	[4ef146128d89]
32762: 
32763: 	* sudo.pod:
32764: 	fixed thinko
32765: 	[830f2f0f22e7]
32766: 
32767: 	* parse.c:
32768: 	fix comment
32769: 	[d20ce9e17ddc]
32770: 
32771: 1996-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
32772: 
32773: 	* parse.c, parse.yacc:
32774: 	added support for new `sudo -l' stuff
32775: 	[7dceaef3c733]
32776: 
32777: 	* sudo.c:
32778: 	now uses list_matches()
32779: 	[293364821b61]
32780: 
32781: 	* sudo.h:
32782: 	added struct sudo_match
32783: 	[b2684179d179]
32784: 
32785: 	* configure.in:
32786: 	now more -lgnumalloc
32787: 	[4f8ae42617d8]
32788: 
32789: 1996-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
32790: 
32791: 	* install-sh:
32792: 	added more paths for chown and whoami
32793: 	[6e685a19426c]
32794: 
32795: 1996-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
32796: 
32797: 	* check.c:
32798: 	typo
32799: 	[3adfa01c04bc]
32800: 
32801: 1996-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
32802: 
32803: 	* aclocal.m4:
32804: 	fixed DUNIX check for shadow pw
32805: 	[c25324bcd27b]
32806: 
32807: 	* tgetpass.c:
32808: 	now only turn off echo if it is already on. this fixes a race when
32809: 	you use sudo in a pipelin
32810: 	[28388c2de21c]
32811: 
32812: 	* INSTALL:
32813: 	updated
32814: 	[b45ac9366b7e]
32815: 
32816: 	* configure.in:
32817: 	changed "test -z $foo && do_this" to if; then construct
32818: 	[2183c4426bca]
32819: 
32820: 1996-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
32821: 
32822: 	* configure.in:
32823: 	added missing defines of SHADOW_TYPE
32824: 	[be89ea68a7f3]
32825: 
32826: 1996-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
32827: 
32828: 	* check.c:
32829: 	protect AUTH_CRYPT_OLDCRYPT and AUTH_CRYPT_C1CRYPT since they are
32830: 	only in dunix 4.x
32831: 	[1e7c1c677263]
32832: 
32833: 	* getspwuid.c:
32834: 	added AUTH_CRYPT_C1CRYPT support
32835: 	[88d6b0058b20]
32836: 
32837: 	* parse.c:
32838: 	no longer return VALIDATE_NOT_OK if there was a runas that didn't
32839: 	match. Now we can have runas stuff on more than one line.
32840: 	[52b68920d7b7]
32841: 
32842: 	* getspwuid.c, sudo.c, tgetpass.c:
32843: 	use SHADOW_TYPE instead of HAVE_C2_SECURITY
32844: 	[cf401dfcbc06]
32845: 
32846: 	* configure.in:
32847: 	got rid of HAVE_C2_SECURITY SHADOW_TYPE is always defined to
32848: 	something
32849: 	[c7a233c4dd93]
32850: 
32851: 	* config.h.in:
32852: 	removed HAVE_C2_SECURITY added SPW_BSD
32853: 	[8314405e9754]
32854: 
32855: 	* compat.h:
32856: 	use SHADOW_TYPE instead of HAVE_C2_SECURITY
32857: 	[6f94870df17f]
32858: 
32859: 	* check.c:
32860: 	SHADOW_TYPE is always defined so just against its value
32861: 	[72c69a55d02f]
32862: 
32863: 	* aclocal.m4:
32864: 	added SUDO_CHECK_SHADOW_DUNIX
32865: 	[ef025ae9d496]
32866: 
32867: 1996-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
32868: 
32869: 	* sudoers.pod:
32870: 	* -> ?* in one example added another instance of (runas) and one of
32871: 	NOPASSWD:
32872: 	[d74fe1dcbe7d]
32873: 
32874: 1996-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
32875: 
32876: 	* configure.in:
32877: 	added back check for config.cache from other host type
32878: 	[0ba87871f585]
32879: 
32880: 	* parse.lex:
32881: 	removed an instance of \"
32882: 	[1e008d3709f6]
32883: 
32884: 	* sample.sudoers:
32885: 	added an example
32886: 	[dbfcf68ee330]
32887: 
32888: 	* sudoers.pod:
32889: 	updated wrt new wildcard matching
32890: 	[193fa44a475b]
32891: 
32892: 	* configure.in:
32893: 	new check for shadow passwords if we don't know anything
32894: 	[67465df7dc9a]
32895: 
32896: 	* aclocal.m4:
32897: 	new SUDO_CHECK_SHADOW_GENERIC
32898: 	[3563b16a41b8]
32899: 
32900: 	* configure.in:
32901: 	added back check for -lsocket (oops)
32902: 	[a80882ee1cb6]
32903: 
32904: 	* configure.in:
32905: 	better (working) check for shadow passwd type if we know to use C2.
32906: 	[3cdd2a59a641]
32907: 
32908: 	* configure.in:
32909: 	now uses AC_CANONICAL_HOST to figure out os type
32910: 	[80db7fe6e704]
32911: 
32912: 	* Makefile.in:
32913: 	added config.{guess,sub}
32914: 	[c6be7e3ca384]
32915: 
32916: 	* aclocal.m4:
32917: 	removed unused stuff to figure out os type
32918: 	[c9a0f3b57123]
32919: 
32920: 	* config.sub:
32921: 	added openbsd
32922: 	[bfc6bfec3668]
32923: 
32924: 	* config.sub:
32925: 	Initial revision
32926: 	[e6e06ce0d17d]
32927: 
32928: 	* config.guess:
32929: 	Initial revision
32930: 	[99dd06f79199]
32931: 
32932: 	* testsudoers.c:
32933: 	don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
32934: 	pathname. need to check against sudoers_args even if user_args is
32935: 	nil
32936: 	[66e6cf77f5d6]
32937: 
32938: 	* parse.c:
32939: 	don't call fnmatch() with FNM_PATHNAME flag unless it can only be a
32940: 	pathname need to check against sudoers_args even if user_args is nil
32941: 	[74374df17311]
32942: 
32943: 1996-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
32944: 
32945: 	* check.c:
32946: 	added support for AUTH_CRYPT_OLDCRYPT w/ DUNIX C2
32947: 	[cbb00261c415]
32948: 
32949: 	* testsudoers.c:
32950: 	now takes command line args and uses cmnd_args
32951: 	[f0c2fd35a527]
32952: 
32953: 	* parse.lex:
32954: 	fill_args was adding an extra leading space
32955: 	[692fc999b2e8]
32956: 
32957: 1996-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
32958: 
32959: 	* visudo.c:
32960: 	fixed dummy command_matches()
32961: 	[93d9543db6e2]
32962: 
32963: 	* parse.yacc:
32964: 	fixed prototype
32965: 	[7b0addfbd429]
32966: 
32967: 	* sudo.h:
32968: 	added cmnd_args
32969: 	[8f47c4ae65ef]
32970: 
32971: 	* parse.yacc:
32972: 	now uses flat args string
32973: 	[016e65877da3]
32974: 
32975: 	* parse.c, parse.lex:
32976: 	now uses flat arg string
32977: 	[5b5f2e3f4c09]
32978: 
32979: 	* visudo.c:
32980: 	added cmnd_args def
32981: 	[876867134775]
32982: 
32983: 	* sudo.c:
32984: 	now sets cmnd_args global
32985: 	[e6fee70cb59b]
32986: 
32987: 	* logging.c:
32988: 	cmnd_args is now exported from sudo.[ch]
32989: 	[7a9cd36e356f]
32990: 
32991: 1996-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>
32992: 
32993: 	* parse.yacc:
32994: 	can't rely on cmnd_matches as much as I thought -- added some $$
32995: 	stuff back in to prevent namespace pollution problems.
32996: 	[3c45fedb5af3]
32997: 
32998: 	* parse.yacc:
32999: 	Simplified parse rules wrt runas and NOPASSWD (more consistent).
33000: 	[e6d838c8a4c7]
33001: 
33002: 1996-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
33003: 
33004: 	* parse.lex:
33005: 	NOPASSWD may now have blanks before the ':' '(' only starts a
33006: 	'runas' if in the initial state to avoid collision with command args
33007: 	[c5c01172f499]
33008: 
33009: 	* configure.in:
33010: 	added checks for specific shadow passwd schemes
33011: 	[b7e3d1f7b84f]
33012: 
33013: 	* aclocal.m4:
33014: 	added routines to check for specific shadow passwd types
33015: 	[e5e1d19960a6]
33016: 
33017: 1996-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
33018: 
33019: 	* configure.in:
33020: 	added support for ncr boxen
33021: 	[bea9dc5aae7f]
33022: 
33023: 	* aclocal.m4:
33024: 	added support for detecting ncr boxen
33025: 	[8653a158a924]
33026: 
33027: 1996-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
33028: 
33029: 	* configure.in:
33030: 	added sinix support
33031: 	[5de2b2173ee1]
33032: 
33033: 1996-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
33034: 
33035: 	* TROUBLESHOOTING:
33036: 	added info about "config.cache from other other" error.
33037: 	[845b10198e0b]
33038: 
33039: 	* aclocal.m4:
33040: 	now makes sure you don't have a config.cache file from another OS
33041: 	[4fe32571c021]
33042: 
33043: 	* configure.in:
33044: 	now sets $LIBS when needed to configure links with libs when doing
33045: 	tests hpux10 now uses SPW_SECUREWARE for C2 added check for
33046: 	bigcrypt(3) if SPW_SECUREWARE
33047: 	[2df6b8ca538f]
33048: 
33049: 	* getspwuid.c:
33050: 	fixed typo
33051: 	[fe1cb1d792d6]
33052: 
33053: 	* tgetpass.c:
33054: 	now include stuff for SPW_SECUREWARE to get AUTH_MAX_PASSWD_LENGTH
33055: 	[f71138372c07]
33056: 
33057: 	* getspwuid.c:
33058: 	no more SPW_HPUX10
33059: 	[cfdeb18bc16b]
33060: 
33061: 	* config.h.in:
33062: 	no more SPW_HPUX10 added HAVE_BIGCRYPT
33063: 	[00d296479a61]
33064: 
33065: 	* compat.h:
33066: 	now uses AUTH_MAX_PASSWD_LENGTH if SPW_SECUREWARE
33067: 	[6c6d9e680417]
33068: 
33069: 	* check.c:
33070: 	SPW_SECUREWARE now uses bigcrypt
33071: 	[be71fc66690f]
33072: 
33073: 1996-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
33074: 
33075: 	* sample.sudoers:
33076: 	fixed 2 syntax errors
33077: 	[45eee19ef4ac]
33078: 
33079: 	* sudoers:
33080: 	root may now run ALL as ALL
33081: 	[1b54c6b9b212]
33082: 
33083: 1996-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
33084: 
33085: 	* interfaces.c:
33086: 	fixed a typo/thinko that broke BSD's with sa_len
33087: 	[603438360126]
33088: 
33089: 1996-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
33090: 
33091: 	* check.c, configure.in:
33092: 	updated AFS support
33093: 	[e572eb8d177a]
33094: 
33095: 	* TROUBLESHOOTING:
33096: 	added entry about /usr/ucb/cc
33097: 	[025b353aa9d3]
33098: 
33099: 	* INSTALL:
33100: 	prep no longer holds gcc binaries
33101: 	[8b0942958049]
33102: 
33103: 	* INSTALL:
33104: 	updated AFS note
33105: 	[7af6efd5abe4]
33106: 
33107: 	* Makefile.in:
33108: 	added @AFS_LIBS@
33109: 	[97b6fe6ad7d6]
33110: 
33111: 	* compat.h:
33112: 	AFS allows long passwords
33113: 	[5fb17122c302]
33114: 
33115: 	* testsudoers.c:
33116: 	fixed -u user support
33117: 	[b1a0c1648639]
33118: 
33119: 	* parse.c:
33120: 	sudo -v now groks VALIDATE_OK_NOPASS
33121: 	[74fc03fffe7e]
33122: 
33123: 	* parse.yacc:
33124: 	fixed no_passwd vs. runas_matched
33125: 	[549a9b791a6a]
33126: 
33127: 	* TROUBLESHOOTING:
33128: 	took out stuff about NFS-mounting since it is no longer an issue
33129: 	[d95ab7fbbc61]
33130: 
33131: 	* INSTALL:
33132: 	added --with-libraries > --with-libpath --with-incpath
33133: 	[d5d15a7a0f4c]
33134: 
33135: 	* parse.yacc:
33136: 	was setting runas_matches to -1 in wrong place
33137: 	[db2b1deb8d33]
33138: 
33139: 	* check.c:
33140: 	removed usersec.h which is not present in new AFS versions
33141: 	[618b016dd17f]
33142: 
33143: 	* tgetpass.c:
33144: 	now deals with timeout <= 0
33145: 	[ba53a1257255]
33146: 
33147: 	* OPTIONS:
33148: 	updated
33149: 	[75093bd8fdca]
33150: 
33151: 	* configure.in:
33152: 	BSD/OS >= 2.0 now uses shlicc instead of just gcc
33153: 	[ff6dbf7825c2]
33154: 
33155: 	* sudo.c:
33156: 	fixed backwards compatibility with sudo 1.4 sudoers mode for root
33157: 	readable/writable filesystems
33158: 	[2694ed627221]
33159: 
33160: 	* Makefile.in:
33161: 	now gives INSTALL -c flag
33162: 	[63db055a2fd1]
33163: 
33164: 	* parse.yacc:
33165: 	slightly simpler initialization of no_passwd and runas_matches
33166: 	[463a1b5fa323]
33167: 
33168: 	* testsudoers.c:
33169: 	added -u username support
33170: 	[38b072fcd6b3]
33171: 
33172: 	* configure.in:
33173: 	improved --with-libraries support
33174: 	[047dbc5f0af2]
33175: 
33176: 1996-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
33177: 
33178: 	* configure.in:
33179: 	added --with-incpath, --with-libpath, --with-libraries
33180: 	[20f20d6c718c]
33181: 
33182: 	* parse.yacc:
33183: 	now initializes some fields that weren't getting set to -1 pretty
33184: 	gross -- need a rewrite.
33185: 	[021c160390c6]
33186: 
33187: 1996-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
33188: 
33189: 	* alloca.c:
33190: 	removed emacs'isms
33191: 	[9d4ec2efe057]
33192: 
33193: 	* configure.in:
33194: 	no longer add -lPW to *_LIBS since we include alloca.c
33195: 	[a626d1bbea80]
33196: 
33197: 	* config.h.in:
33198: 	added HAVE_ALLOCA_H
33199: 	[15491e2a6cff]
33200: 
33201: 	* Makefile.in:
33202: 	added alloca.c
33203: 	[0400f25e1fe4]
33204: 
33205: 	* alloca.c:
33206: 	Initial revision
33207: 	[06d033aa4882]
33208: 
33209: 	* configure.in:
33210: 	++version
33211: 	[f52c0fb98f90]
33212: 
33213: 1996-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
33214: 
33215: 	* sudo.c:
33216: 	now set uid to 1 instead of nobody for PERM_SUDOERS since nobody is
33217: 	not always set to a valid uid.
33218: 	[c2669f77704d]
33219: 
33220: 	* OPTIONS:
33221: 	fixed entry for SUDO_MODE
33222: 	[d7272f6035b8]
33223: 
33224: 	* sudo.c:
33225: 	Fixed NFS-mounted sudoers file under solaris both uid *and* gid were
33226: 	being set to -2. Now beat NFS to the punch and set uid to "nobody"
33227: 	ourselves, preserving group 0 to read sudoers.
33228: 	[b1fbc5dd1e34]
33229: 
33230: 	* parse.c:
33231: 	moved set_perms(PERM_ROOT) to be before yyparse()
33232: 	[7619d8080735]
33233: 
33234: 	* logging.c:
33235: 	fixed a typo
33236: 	[318acc48cde0]
33237: 
33238: 	* configure.in:
33239: 	no longer need AC_PROG_INSTALL
33240: 	[de01b1336dc8]
33241: 
33242: 	* Makefile.in:
33243: 	always use install-sh to avoid install(1)'s that use get{pw,gr}nam
33244: 	[ea2351986406]
33245: 
33246: 	* INSTALL:
33247: 	make clean -> make distclean
33248: 	[704a98e8ba10]
33249: 
33250: 1996-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
33251: 
33252: 	* parse.yacc:
33253: 	removed some unnecsary if's
33254: 	[f00db6508132]
33255: 
33256: 	* Makefile.in, version.h:
33257: 	++version
33258: 	[bdb6740b24c8]
33259: 
33260: 	* parse.c, testsudoers.c:
33261: 	now includes netgroup.h
33262: 	[93f5a06352bc]
33263: 
33264: 	* interfaces.c:
33265: 	removed cats of ioctl to int since they didn't shut up -Wall
33266: 	[83e9f912cd7a]
33267: 
33268: 	* interfaces.c:
33269: 	explicately cast ioctl() to int since it it not always declared
33270: 	[2ff9294e469e]
33271: 
33272: 	* sudo.h:
33273: 	added declarations for yyparse() and yylex()
33274: 	[6071321ab771]
33275: 
33276: 	* parse.yacc:
33277: 	fixed an occurence of '==' -> '='
33278: 	[2c46d2e11d57]
33279: 
33280: 	* config.h.in, configure.in:
33281: 	added check for netgroup.h
33282: 	[73403050f4e3]
33283: 
33284: 	* sudo.c:
33285: 	fixed 2 compiler warnings
33286: 	[680929b0bd97]
33287: 
33288: 	* sudo.c:
33289: 	SHELL_IF_NO_ARGS caused core dump since NewArg[cv] weren't being
33290: 	initialized
33291: 	[18707ecd07c2]
33292: 
33293: 1996-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
33294: 
33295: 	* sudo.pod:
33296: 	fixed a typo
33297: 	[e4b5c12aa130]
33298: 
33299: 1996-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
33300: 
33301: 	* parse.yacc:
33302: 	fixed a formatting thingie
33303: 	[c79327b6f19b]
33304: 
33305: 	* parse.c, parse.yacc:
33306: 	fixed -u support with multiple user lists on a line
33307: 	[e4d1066adca2]
33308: 
33309: 	* configure.in:
33310: 	unixware needs -lgen
33311: 	[b5bf9bca63cc]
33312: 
33313: 	* README:
33314: 	updated ftp location
33315: 	[b25a033f7921]
33316: 
33317: 	* sudoers.pod:
33318: 	add net_addr/netmask support
33319: 	[674e83516d1e]
33320: 
33321: 	* sample.sudoers:
33322: 	added net_addr/mask example
33323: 	[774878e89b28]
33324: 
33325: 	* parse.c, parse.lex:
33326: 	added support for net_addr/netmask
33327: 	[e33de27325d8]
33328: 
33329: 1996-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
33330: 
33331: 	* sudoers.pod:
33332: 	^ -> !
33333: 	[1a084950d6ef]
33334: 
33335: 1996-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
33336: 
33337: 	* RUNSON:
33338: 	updated for 1.4.3
33339: 	[c82019025d09]
33340: 
33341: 	* CHANGES:
33342: 	udpated for 1.4.3
33343: 	[ceaa81adb8f0]
33344: 
33345: 	* BUGS, TODO, TROUBLESHOOTING:
33346: 	updated
33347: 	[ff94fae4b853]
33348: 
33349: 	* sample.sudoers:
33350: 	updated with examples of new stuff
33351: 	[99d0b4cb4c9c]
33352: 
33353: 	* INSTALL, README:
33354: 	++version
33355: 	[b763b80fe836]
33356: 
33357: 	* sudoers.pod:
33358: 	updated wrt -u and NOPASSWD
33359: 	[0b5b722ea0f4]
33360: 
33361: 	* sudo.pod:
33362: 	updated wrt -u and CAVEATS
33363: 	[71d5d53b5d18]
33364: 
33365: 1996-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
33366: 
33367: 	* sudo.c:
33368: 	fixed usage()
33369: 	[114c7d09b550]
33370: 
33371: 	* parse.lex:
33372: 	now use :foo: character classes (makes no diff for generated lexer)
33373: 	[7b0aeb737a02]
33374: 
33375: 1996-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
33376: 
33377: 	* check.c:
33378: 	fixed LONG_SKEY_PROMPT stuff
33379: 	[0efe78b4bdda]
33380: 
33381: 1996-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
33382: 
33383: 	* visudo.c:
33384: 	fixed a comment
33385: 	[3d289017104b]
33386: 
33387: 	* lsearch.c:
33388: 	make more like NetBSD one -- now compiles w/o warnings
33389: 	[932206296a54]
33390: 
33391: 	* emul/search.h:
33392: 	fixed decls of lsearch()
33393: 	[c58cf4584c45]
33394: 
33395: 	* config.h.in, configure.in, getspwuid.c:
33396: 	added SPW_HPUX10
33397: 	[d74e5eaa5f17]
33398: 
33399: 	* check.c:
33400: 	hpux 10 uses bigcrypt() if C2
33401: 	[359eb63f4021]
33402: 
33403: 1996-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
33404: 
33405: 	* parse.c:
33406: 	now always uses fnmatch to match args
33407: 	[a9d91f35256a]
33408: 
33409: 	* tgetpass.c:
33410: 	back to using stdio instead of raw i/o since that caused some
33411: 	problems
33412: 	[e7ce2bc92974]
33413: 
33414: 1996-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
33415: 
33416: 	* sudo.c:
33417: 	now give usage warning if use -l,-v,-k with args
33418: 	[6b48180c4fea]
33419: 
33420: 1996-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
33421: 
33422: 	* sudo.c:
33423: 	NewArgc is now set to 1 for -l, -v, -k
33424: 	[7497cb1416a8]
33425: 
33426: 	* sudo.c:
33427: 	now sets sudoers to correct group if mode is 0400
33428: 	[484c43d99718]
33429: 
33430: 	* install-sh:
33431: 	updated to version used by inn and bind
33432: 	[28683ad8725a]
33433: 
33434: 	* configure.in:
33435: 	now uses -lgnumalloc if it exists
33436: 	[3651ca4415a2]
33437: 
33438: 	* Makefile.in:
33439: 	"make install" now sets uid/gid and mode on sudoers if it exists
33440: 	[1f5216191ae9]
33441: 
33442: 	* sudo.c:
33443: 	rmeoved debugging statements
33444: 	[aeda278e2c26]
33445: 
33446: 	* parse.yacc:
33447: 	added a missing free()
33448: 	[592c9482a159]
33449: 
33450: 	* sudo.c:
33451: 	now uses user_gid instead of getegid (which was wrong anyway) to set
33452: 	SUDO_GID Now sets command line args in SUDO_COMMAND envariabled
33453: 	(logging.c depends on args being in the environment)
33454: 	[9f5328a3b942]
33455: 
33456: 	* logging.c:
33457: 	now uses SUDO_COMMAND envariable to get command args rather than
33458: 	building it up again.
33459: 	[7f8edc5bccb7]
33460: 
33461: 	* parse.c:
33462: 	now uses user_gid
33463: 	[4b9303ae45fe]
33464: 
33465: 	* sudo.c:
33466: 	fixed off by one error in allocation NewArgv
33467: 	[921ea1a4e7c6]
33468: 
33469: 	* parse.c:
33470: 	in sudoers, 'command ""' now means command with no args
33471: 	[a5273648ace2]
33472: 
33473: 	* configure.in:
33474: 	added check for fnmatch(3) and fnmatch.h
33475: 	[258916a7866f]
33476: 
33477: 	* config.h.in:
33478: 	added HAVE_FNMATCH
33479: 	[b9860d361e93]
33480: 
33481: 	* Makefile.in:
33482: 	replaced wildcat.* with fnmatch.*
33483: 	[03ad9ee21a1c]
33484: 
33485: 	* testsudoers.c:
33486: 	now uses fnmatch()
33487: 	[5a7f7de987a9]
33488: 
33489: 1996-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
33490: 
33491: 	* parse.c:
33492: 	now uses fnmatch() instead of wildmat a trailing star (*) by itself
33493: 	now matches multiple args added support for wildcards in the
33494: 	pathname in sudoers
33495: 	[1f7fb950b868]
33496: 
33497: 1996-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
33498: 
33499: 	* fnmatch.c:
33500: 	now includes compat.h and config.h
33501: 	[090206b95cf8]
33502: 
33503: 	* config.h.in:
33504: 	added HAVE_FNMATCH_H
33505: 	[90eb42150173]
33506: 
33507: 	* configure.in:
33508: 	now checks for alloca() (if needed by bison or dce) and links with
33509: 	-lPW if it contains alloca() and libv and compiler do not.
33510: 	[cfa2b3cef49a]
33511: 
33512: 	* emul/fnmatch.h, fnmatch.3, fnmatch.c:
33513: 	Initial revision
33514: 	[20b1f762a32a]
33515: 
33516: 1996-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
33517: 
33518: 	* sudo.c:
33519: 	now fixes mode on sudoers if set to 0400 to aid in upgrade
33520: 	[d4bdfd521820]
33521: 
33522: 1996-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
33523: 
33524: 	* Makefile.in:
33525: 	fixed pod2man usage
33526: 	[5adf2ec77b27]
33527: 
33528: 	* Makefile.in, configure.in, version.h:
33529: 	++version
33530: 	[b4029de876d0]
33531: 
33532: 	* testsudoers.c, visudo.c:
33533: 	runas_user is now initialized to "root"
33534: 	[8537d97bff39]
33535: 
33536: 	* sudo.h:
33537: 	removed PERM_FULL_ROOT
33538: 	[241f8bbf647f]
33539: 
33540: 	* sudo.c:
33541: 	runas_user defaults to "root" so no more need to PERM_RUNAS
33542: 	[fc0c0dfc72ba]
33543: 
33544: 	* parse.c:
33545: 	will now only running commands as root if there was no runas list
33546: 	(or if root is in the runas list)
33547: 	[40c587666c81]
33548: 
33549: 	* logging.c:
33550: 	now logs "USER=%s"
33551: 	[b733504c87fd]
33552: 
33553: 	* parse.yacc:
33554: 	runas_matches is now set to false if we get a negative match
33555: 	[5495b150b300]
33556: 
33557: 	* parse.lex:
33558: 	make #uid work + some minor cleanup
33559: 	[07851bbce03a]
33560: 
33561: 	* sample.sudoers:
33562: 	added support for NOPASSWD and "runas" from garp@opustel.com /
33563: 	[7a9c67b51fa5]
33564: 
33565: 	* visudo.c:
33566: 	added support for "runas" from garp@opustel.com replaced
33567: 	SUDOERS_OWNER with SUDOERS_UID, SUDOERS_GID added support for
33568: 	SUDOERS_MODE
33569: 	[e714209b9885]
33570: 
33571: 	* testsudoers.c:
33572: 	added support for "runas" from garp@opustel.com
33573: 	[b837f856da10]
33574: 
33575: 	* sudo.h:
33576: 	added support for NO_PASSWD and runas from garp@opustel.com replaced
33577: 	SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
33578: 	SUDOERS_MODE
33579: 	[cea6f26679b7]
33580: 
33581: 	* sudo.c:
33582: 	added support for NO_PASSWD and runas from garp@opustel.com replaced
33583: 	SUDOERS_OWNER with SUDOERS_UID and SUDOERS_GID and added support fro
33584: 	SUDOERS_MODE
33585: 	[61b5434237c5]
33586: 
33587: 	* parse.yacc:
33588: 	added support for NO_PASSWD and runas from garp@opustel.com
33589: 	[72ebd3056f22]
33590: 
33591: 	* parse.c, parse.lex:
33592: 	added support for NO_PASSWD and runas from garp@opustel.com
33593: 	[fef6dbdd114d]
33594: 
33595: 	* logging.c:
33596: 	added support for SUDOERS_WRONG_MODE and "runas"
33597: 	[e794efc2b443]
33598: 
33599: 	* configure.in:
33600: 	added --with-CC only link with -lshadow on linux (with shadow pw) if
33601: 	libc lacks getspnam()
33602: 	[3ecf4ae21002]
33603: 
33604: 	* OPTIONS, options.h:
33605: 	removed NO_PASSWD since it is not possible to do this in the sudoers
33606: 	file itself. Replaced SUDOERS_OWNER with SUDOERS_UID and
33607: 	SUDOERS_GID. Added SUDOERS_MODE.
33608: 	[2eaa4891ef48]
33609: 
33610: 	* Makefile.in:
33611: 	now uses SUDOERS_UID and SUDOERS_GID
33612: 	[8d615f0fdb2a]
33613: 
33614: 1996-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
33615: 
33616: 	* INSTALL:
33617: 	added --with-CC
33618: 	[a1b8286a81b8]
33619: 
33620: 1996-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
33621: 
33622: 	* parse.lex:
33623: 	added double quote support
33624: 	[a5e4fc7e3a2b]
33625: 
33626: 	* sudoers.pod:
33627: 	documented double quoting
33628: 	[c6ea47969a44]
33629: 
33630: 1996-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
33631: 
33632: 	* mkinstalldirs:
33633: 	Initial revision
33634: 	[dcb86d65ad8f]
33635: 
33636: 	* check.c:
33637: 	fixed some indentation
33638: 	[4d1c5ab8072b]
33639: 
33640: 	* Makefile.in:
33641: 	fixed a typo
33642: 	[0d27eebc7227]
33643: 
33644: 	* Makefile.in:
33645: 	added install-dirs .
33646: 	[f499b99b8be7]
33647: 
33648: 1996-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
33649: 
33650: 	* dce_pwent.c:
33651: 	new version from "Jeff A. Earickson" <jaearick@colby.edu>
33652: 	[422481be5fbd]
33653: 
33654: 1996-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
33655: 
33656: 	* configure.in:
33657: 	$CSOPS -> $with_csops (whoops, missed one)
33658: 	[b04c6948130e]
33659: 
33660: 	* BUGS:
33661: 	updated
33662: 	[c4d5713e227d]
33663: 
33664: 	* parse.lex:
33665: 	FQHOST now has same constraints as non-FQHOST
33666: 	[e1c3bf2381d1]
33667: 
33668: 	* INSTALL:
33669: 	added note about OS's w/ shadow passwords turned on by default
33670: 	[166257f43be4]
33671: 
33672: 1996-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
33673: 
33674: 	* configure.in:
33675: 	fixed a typo
33676: 	[e5c3e2e9a359]
33677: 
33678: 	* configure.in:
33679: 	added support for --without-THING sanitized shadow pw situtation by
33680: 	adding support for
33681: 	--without-C2
33682: 	[65dc6bf64cce]
33683: 
33684: 	* tgetpass.c:
33685: 	fixed a typo wrt placement of an end paren
33686: 	[a8780f818231]
33687: 
33688: 	* check.c:
33689: 	was closing an fd that may not have been opened
33690: 	[760271c7bdc9]
33691: 
33692: 1996-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
33693: 
33694: 	* OPTIONS, options.h, sudo.c:
33695: 	added NO_PASSWD
33696: 	[28ff1dc93d7a]
33697: 
33698: 1996-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
33699: 
33700: 	* configure.in:
33701: 	now always use shadow pw on some arches
33702: 	[069161ccffda]
33703: 
33704: 1996-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
33705: 
33706: 	* configure.in:
33707: 	added pyramid support
33708: 	[a0eb57a3a531]
33709: 
33710: 	* configure.in:
33711: 	no longer check for C2 if alternate passwd method is used no longer
33712: 	check for some libs twice
33713: 	[2d0c3c902b40]
33714: 
33715: 	* parse.yacc:
33716: 	moved fqdn stuff into parse.lex (FQHOST)
33717: 	[d9c9abd481d8]
33718: 
33719: 	* parse.lex:
33720: 	added FQHOST rules
33721: 	[4a1695acff6d]
33722: 
33723: 	* tgetpass.c:
33724: 	now define TCSASOFT in necesary
33725: 	[3fac2e21c9ab]
33726: 
33727: 	* tgetpass.c:
33728: 	now uses read/write instead of stdio string goop to avoid problems
33729: 	with select(2)
33730: 	[67fd174e518c]
33731: 
33732: 	* OPTIONS, find_path.c, options.h:
33733: 	-DNO_DOT_PATH -> -DIGNORE_DOT_PATH
33734: 	[d05ba5100d28]
33735: 
33736: 1996-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
33737: 
33738: 	* INSTALL:
33739: 	added note about no shadow auto-detect if using alternate auth
33740: 	schemes
33741: 	[b425592232a3]
33742: 
33743: 	* configure.in:
33744: 	don't check for C2 if AFS or DCE (unless they said --with-C2)
33745: 	[61342962171a]
33746: 
33747: 	* testsudoers.c:
33748: 	now groks shost
33749: 	[85dda17303f6]
33750: 
33751: 	* OPTIONS, find_path.c, options.h:
33752: 	added NO_DOT_PATH
33753: 	[c261ca1fb196]
33754: 
33755: 1996-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
33756: 
33757: 	* find_path.c:
33758: 	checkdot now works correctly
33759: 	[3bc4835bb3e9]
33760: 
33761: 1996-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
33762: 
33763: 	* configure.in:
33764: 	can't have DCE and C2 passwords both...
33765: 	[fb9a8ab7ca66]
33766: 
33767: 1996-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
33768: 
33769: 	* parse.yacc, sudo.c, sudo.h, visudo.c:
33770: 	now uses shost even if not FQDN
33771: 	[87f7498b3a1f]
33772: 
33773: 	* configure.in:
33774: 	now looks for skey in /usr/lib and doesn't require libskey to be in
33775: 	/usr/local/lib just because skey.h is (for my netbsd box :-)
33776: 	[ceb1763e37d2]
33777: 
33778: 	* aclocal.m4, config.h.in, pathnames.h.in:
33779: 	_SUDO_PATH_ -> _CONFIG_PATH_
33780: 	[84d97ad13d75]
33781: 
33782: 	* aclocal.m4, sudo.pod:
33783: 	/var/run/.odus -> /var/run/sudo
33784: 	[922da220b8f5]
33785: 
33786: 	* pathnames.h.in:
33787: 	now uses _SUDO_PATH_TIMEDIR
33788: 	[5ecab0155fdf]
33789: 
33790: 	* OPTIONS:
33791: 	udpated FQDN
33792: 	[361b6f7440c0]
33793: 
33794: 	* aclocal.m4, configure.in:
33795: 	added SUDO_TIMEDIR
33796: 	[368c95c8c950]
33797: 
33798: 	* config.h.in:
33799: 	added _SUDO_PATH_TIMEDIR
33800: 	[3879864d808c]
33801: 
33802: 	* sudo.pod:
33803: 	updated wrt /var/run/sudo
33804: 	[9e14f2a429d3]
33805: 
33806: 	* sudo.c, sudo.h:
33807: 	added support for shost if FQDN
33808: 	[51a3f51a09a1]
33809: 
33810: 	* parse.yacc, visudo.c:
33811: 	now uses shost if FQDN
33812: 	[d19da2e92b42]
33813: 
33814: 	* check.c:
33815: 	Now use skeylookup() instead off skeychallenge()
33816: 	[4c7438bb2ae0]
33817: 
33818: 1996-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
33819: 
33820: 	* logging.c:
33821: 	mail_argv should not contain ALERTMAIL as it includes "-t"
33822: 	[67ffaaa8f843]
33823: 
33824: 1996-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
33825: 
33826: 	* INSTALL, Makefile.in, README, configure.in, version.h:
33827: 	++version
33828: 	[e08fd4a809fc]
33829: 
33830: 	* compat.h:
33831: 	added more _PASSWD_LEN stuff -- now uses PASS_MAX too
33832: 	[2f20c3153689]
33833: 
33834: 	* tgetpass.c:
33835: 	now includes limits.h moved _PASSWD_LEN -> compat.h
33836: 	[b1ca3cafdacc]
33837: 
33838: 1996-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
33839: 
33840: 	* INSTALL, README:
33841: 	++version
33842: 	[3eacf32803f5]
33843: 
33844: 	* Makefile.in:
33845: 	++versoin
33846: 	[3b91c317630a]
33847: 
33848: 	* Makefile.in:
33849: 	fixed a typo
33850: 	[3661ac4a7803]
33851: 
33852: 	* configure.in:
33853: 	++version
33854: 	[60e842973745]
33855: 
33856: 1996-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
33857: 
33858: 	* RUNSON:
33859: 	updated
33860: 	[def2c3c24195]
33861: 
33862: 	* CHANGES:
33863: 	done for 1.4.1 (I hope)
33864: 	[2ab543769a40]
33865: 
33866: 	* sudoers.pod:
33867: 	added info on wildcards
33868: 	[ce3bd41bc063]
33869: 
33870: 	* sample.sudoers:
33871: 	added wildcard example
33872: 	[762feb0577bd]
33873: 
33874: 	* Makefile.in:
33875: 	now uses *.pod to build *.man and *.cat & *.html
33876: 	[3ec14962028b]
33877: 
33878: 	* configure.in:
33879: 	addedSUDO_PROG_BSHELL !ll
33880: 	[3c80b320bf16]
33881: 
33882: 	* visudo.pod:
33883: 	fixed up some formatting
33884: 	[12166c434526]
33885: 
33886: 	* sudoers.pod:
33887: 	redid section describing sample sudoers stuff
33888: 	[b8065cceec71]
33889: 
33890: 	* sudo.pod:
33891: 	fixed some formatting
33892: 	[aa9a681add0f]
33893: 
33894: 	* getspwuid.c:
33895: 	now treats "" as bourne shell
33896: 	[30194a72ad56]
33897: 
33898: 	* Makefile.in:
33899: 	TESTOBJS nwo includes wildmat.o
33900: 	[86cc6500f84d]
33901: 
33902: 	* testsudoers.c:
33903: 	now works with NewArg[cv]
33904: 	[2f72674ce942]
33905: 
33906: 	* sudo.c:
33907: 	removed an XXX (fixed it in getspwuid.c)
33908: 	[e791ee0d1a68]
33909: 
33910: 	* aclocal.m4:
33911: 	added check for bourne shell
33912: 	[a2fd51676b8a]
33913: 
33914: 	* pathnames.h.in:
33915: 	added _PATH_BSHELL
33916: 	[e7c10011d47b]
33917: 
33918: 	* config.h.in:
33919: 	added _SUDO_PATH_BSHELL
33920: 	[6a1182898de9]
33921: 
33922: 1996-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
33923: 
33924: 	* visudo.c:
33925: 	unixware vi returns 256 instead of 0
33926: 	[234ffc7c6786]
33927: 
33928: 	* INSTALL:
33929: 	added Linux note
33930: 	[5f85efcd2b58]
33931: 
33932: 	* logging.c:
33933: 	fixed up some XXX's. file log format now looks a little more like
33934: 	real syslog(3) format.
33935: 	[6df55707bfc3]
33936: 
33937: 	* README, TROUBLESHOOTING:
33938: 	updated wrt lex/flex
33939: 	[eb787d69156b]
33940: 
33941: 	* Makefile.in:
33942: 	commented out rule to build lex.yy.c from parse.lex since we ship
33943: 	with a pre-flex'd parser
33944: 	[7507e2ce4a95]
33945: 
33946: 	* parse.c, parse.yacc, visudo.c:
33947: 	path_matches -> command_matches
33948: 	[0bd469424f86]
33949: 
33950: 	* logging.c:
33951: 	eliminated some strcat()'s
33952: 	[9878a79bc374]
33953: 
33954: 	* configure.in:
33955: 	no longer checks for lex/flex (now assumes flex)
33956: 	[a086ccc73798]
33957: 
33958: 	* configure.in:
33959: 	now checks for $kerb_dir_candidate/krb.h instead of just
33960: 	kerb_dir_candidate
33961: 	[9133bc3c5208]
33962: 
33963: 1996-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
33964: 
33965: 	* parse.yacc:
33966: 	now use a 'hook' expression instead of an iffy one :-)
33967: 	[9560df01b8c0]
33968: 
33969: 1996-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
33970: 
33971: 	* visudo.c:
33972: 	now works with new sudo arg stuff
33973: 	[310a0d43ddad]
33974: 
33975: 	* parse.yacc:
33976: 	fixed dereferencing deadbeef
33977: 	[474ef8a8006b]
33978: 
33979: 	* sudo.c:
33980: 	changed an occurrence of Argv to NewArgv
33981: 	[205b012b7691]
33982: 
33983: 	* parse.lex:
33984: 	took out support for quoted commands since there is no need...
33985: 	[5c5036d353b1]
33986: 
33987: 	* parse.c:
33988: 	fixed a typo in a for() loop
33989: 	[7e8d5283c43b]
33990: 
33991: 	* logging.c:
33992: 	protected against dereferencing rogue pointers
33993: 	[56debd517717]
33994: 
33995: 	* sudo.c:
33996: 	now uses NewArgv amd NewArgc so cmnd_aegs is no longer needed this
33997: 	also allows us to eliminate some kludges in parse_args() and
33998: 	eliminate superfluous code.
33999: 	[5122f66ad150]
34000: 
34001: 	* logging.c:
34002: 	no longer uses cmnd_args, now uses NewArgv instead.
34003: 	[abddd23cf068]
34004: 
34005: 	* sudo.h:
34006: 	added struct sudo_command, NewArgc, and NewArgv removed cmnd_args
34007: 	(no longer used)
34008: 	[78410984fb05]
34009: 
34010: 	* Makefile.in:
34011: 	added wildmat.c to SRCS & SUDOBJS
34012: 	[3800efb41794]
34013: 
34014: 	* parse.yacc:
34015: 	COMMAND is now a struct containing the path and args
34016: 	[5c32822c5b94]
34017: 
34018: 	* parse.lex:
34019: 	replaced append() with fill_cmnd() and fill_args. command args from
34020: 	a sudoers entry are now stored in an arrary for easy matching.
34021: 	[a981d7f4eb0d]
34022: 
34023: 	* parse.c:
34024: 	command line args from sudoers file are now in an array like ones
34025: 	passed in from the command line
34026: 	[1d9e37e84519]
34027: 
34028: 1996-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
34029: 
34030: 	* parse.c:
34031: 	wildwat stuff now works
34032: 	[49d16488531f]
34033: 
34034: 1996-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
34035: 
34036: 	* version.h:
34037: 	++version
34038: 	[53e55463ef89]
34039: 
34040: 	* Makefile.in:
34041: 	++version added wildmat.*
34042: 	[0508297a4711]
34043: 
34044: 1996-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>
34045: 
34046: 	* parse.lex:
34047: 	added support for quoted commands (w/ or w/o args)
34048: 	[b9a637155673]
34049: 
34050: 1996-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
34051: 
34052: 	* sudo.pod, visudo.pod:
34053: 	cleaned up formatting
34054: 	[4591d4195437]
34055: 
34056: 	* sudo.pod, visudo.pod:
34057: 	Initial revision
34058: 	[7564a8242750]
34059: 
34060: 1996-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
34061: 
34062: 	* sudoers.pod:
34063: 	looks reasonable, could be mroe readable
34064: 	[a5be2d19d9e0]
34065: 
34066: 	* sudoers.pod:
34067: 	Initial revision
34068: 	[957888be31a6]
34069: 
34070: 1996-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
34071: 
34072: 	* RUNSON:
34073: 	updated
34074: 	[633743aa924b]
34075: 
34076: 	* OPTIONS:
34077: 	updated NO_ROOT_SUDO entry
34078: 	[f1c15b1dec9e]
34079: 
34080: 1996-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
34081: 
34082: 	* RUNSON:
34083: 	*** empty log message ***
34084: 	[5b63de579ff7] [SUDO_1_4_0]
34085: 
34086: 	* sudo.c:
34087: 	fixed SECURE_PATH
34088: 	[6002889f606d]
34089: 
34090: 	* RUNSON:
34091: 	udpa`ted for 1.4
34092: 	[6014a8592815]
34093: 
34094: 	* configure.in:
34095: 	AIX aixcrypt.exp now uses $(srcdir)
34096: 	[b0d57674fef4]
34097: 
34098: 	* TROUBLESHOOTING:
34099: 	added entry for anal ansi compilers
34100: 	[4193cec1c6b1]
34101: 
34102: 1996-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
34103: 
34104: 	* INSTALL:
34105: 	added info on libcrypt_i for SCO
34106: 	[575497d56698]
34107: 
34108: 	* TODO:
34109: 	*** empty log message ***
34110: 	[d0aaf67b9913]
34111: 
34112: 	* sample.sudoers:
34113: 	added comments
34114: 	[a7773f7eda8d]
34115: 
34116: 	* TODO:
34117: 	1.4 release
34118: 	[1dade29e9fd9]
34119: 
34120: 	* CHANGES:
34121: 	++version
34122: 	[67241be40780]
34123: 
34124: 	* INSTALL, OPTIONS, README, config.h.in, configure.in:
34125: 	++version
34126: 	[2e0a37897f68]
34127: 
34128: 	* BUGS:
34129: 	++version and fixed ISC
34130: 	[78963f01a0e3]
34131: 
34132: 	* check.c, compat.h, dce_pwent.c, find_path.c, getspwuid.c, getwd.c,
34133: 	goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h,
34134: 	insults.h, logging.c, options.h, pathnames.h.in, putenv.c, strdup.c,
34135: 	sudo.c, sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
34136: 	visudo.c:
34137: 	++version
34138: 	[b6227f29b3d9]
34139: 
34140: 	* interfaces.c:
34141: 	added STUB_LOAD_INTERFACES ++version
34142: 	[d8150a3fd577]
34143: 
34144: 	* Makefile.in, emul/utime.h, parse.c, parse.lex, parse.yacc,
34145: 	version.h:
34146: 	++version
34147: 	[da9e90e69bdc]
34148: 
34149: 	* PORTING:
34150: 	added info about fd_set in tgetpass added info on interfaces.c
34151: 	[a39902febd17]
34152: 
34153: 1996-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
34154: 
34155: 	* dce_pwent.c:
34156: 	added sudo header
34157: 	[fc0f2c48682e]
34158: 
34159: 	* tgetpass.c:
34160: 	fixed a typo
34161: 	[43d40b72ee8f]
34162: 
34163: 	* Makefile.in:
34164: 	tgetpass.o is now only linked in with sudo (not visudo)
34165: 	[7407c5ff11f8]
34166: 
34167: 1996-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
34168: 
34169: 	* BUGS, INSTALL, Makefile.in, OPTIONS, README, config.h.in,
34170: 	configure.in:
34171: 	++version
34172: 	[9b82ad805d6b]
34173: 
34174: 	* emul/utime.h:
34175: 	added copyright notice
34176: 	[4380f16cd075]
34177: 
34178: 	* check.c, compat.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
34179: 	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
34180: 	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
34181: 	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
34182: 	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c:
34183: 	++version
34184: 	[32717fdb5d05]
34185: 
34186: 	* tgetpass.c:
34187: 	minor cleanup and now includes sys/bsdtypes for svr4'ish boxen
34188: 	[326864428da2]
34189: 
34190: 	* configure.in:
34191: 	ISC now gets -lcrypt now check for sys/bsdtypes.h
34192: 	[e064799c054b]
34193: 
34194: 	* config.h.in:
34195: 	added check for sys/bsdtypes.h
34196: 	[9adb9533c363]
34197: 
34198: 1996-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
34199: 
34200: 	* parse.yacc:
34201: 	removed debugging stuff (setting freed ptr to NULL)
34202: 	[02fe8eec63a0]
34203: 
34204: 	* TROUBLESHOOTING:
34205: 	added 2 entries
34206: 	[02884e2733e2]
34207: 
34208: 	* Makefile.in:
34209: 	added FAQ
34210: 	[074d8dfcf28d]
34211: 
34212: 	* TROUBLESHOOTING:
34213: 	added section on syslog
34214: 	[e6bc02a22b86]
34215: 
34216: 	* configure.in:
34217: 	added AC_ISC_POSIX for better ISC support
34218: 	[8436b3e12af2]
34219: 
34220: 	* config.h.in:
34221: 	fixed typo
34222: 	[f1b3922babf4]
34223: 
34224: 	* config.h.in:
34225: 	added define for _POSIX_SOURCE
34226: 	[ded6d92b34f9]
34227: 
34228: 1996-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
34229: 
34230: 	* configure.in:
34231: 	fixed check for lsearch()
34232: 	[75baa5bc28a3]
34233: 
34234: 1995-12-22  Todd C. Miller  <Todd.Miller@courtesan.com>
34235: 
34236: 	* interfaces.c:
34237: 	fixed for AIX now deal if num_interfaces == 0 (should not happen)
34238: 	[ae450e859227]
34239: 
34240: 1995-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
34241: 
34242: 	* configure.in:
34243: 	now only define HAVE_LSEARCH if there is a corresponding search.h
34244: 	[8ce645c5d17f]
34245: 
34246: 	* interfaces.c:
34247: 	works on ISC again
34248: 	[ccac920d424c]
34249: 
34250: 1995-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
34251: 
34252: 	* configure.in:
34253: 	now define HAVE_LSEARCH if we find lsearch() in libcompat
34254: 	[7343e4313a87]
34255: 
34256: 	* lsearch.c:
34257: 	char * -> const char *
34258: 	[1c0b11c2300a]
34259: 
34260: 	* configure.in:
34261: 	now looks in -lcompat for lsearch()
34262: 	[a1cc1d6fcd09]
34263: 
34264: 	* Makefile.in:
34265: 	remove sudo.core visudo.core for clan target
34266: 	[b523456a85df]
34267: 
34268: 	* aclocal.m4:
34269: 	added UID_MAX support in check for MAX_UID_T_LEN
34270: 	[7ab262b1173f]
34271: 
34272: 	* Makefile.in:
34273: 	fixed another occurence of sudo_getpwuid.*
34274: 	[fb5809c07da2]
34275: 
34276: 	* Makefile.in, getspwuid.c:
34277: 	sudo_getpwuid.c -> getspwuid.c
34278: 	[875f2ef808b4]
34279: 
34280: 	* configure.in:
34281: 	moved the "echo"
34282: 	[ad7b8f966076]
34283: 
34284: 	* BUGS, CHANGES, INSTALL, Makefile.in, OPTIONS, README, check.c,
34285: 	compat.h, config.h.in, configure.in, find_path.c, getspwuid.c,
34286: 	getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
34287: 	ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
34288: 	parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
34289: 	sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
34290: 	version.h, visudo.c:
34291: 	++version
34292: 	[ee57c6410ffa]
34293: 
34294: 	* testsudoers.c:
34295: 	added group support
34296: 	[54d8097df8bd]
34297: 
34298: 	* sample.sudoers:
34299: 	added group entry
34300: 	[50994d31fd49]
34301: 
34302: 	* sudoers.man:
34303: 	documented group support
34304: 	[0a16707f8fed]
34305: 
34306: 	* parse.c, parse.lex, parse.yacc, visudo.c:
34307: 	added group support
34308: 	[427218c879c8]
34309: 
34310: 1995-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
34311: 
34312: 	* check.c:
34313: 	tkfile was too short and overflowed the kerberos realm
34314: 	[53823a1ff5af]
34315: 
34316: 1995-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
34317: 
34318: 	* sudo.c:
34319: 	now copy command args directly from Argv
34320: 	[77408278b6fd]
34321: 
34322: 	* sudo.c:
34323: 	replaced code to copy cmnd_args so that is does not use realloc
34324: 	since most realloc()'s really stink
34325: 	[b29a0ff73fb6]
34326: 
34327: 1995-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
34328: 
34329: 	* configure.in:
34330: 	syslog() fixed in hpux 10.01
34331: 	[2648e6f0cdb0]
34332: 
34333: 1995-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
34334: 
34335: 	* configure.in:
34336: 	AC_CHECK_LIB() now sets SUDO_LIBS (and VISUDO_LIBS if appropriate)
34337: 	[8f108b8d8711]
34338: 
34339: 	* configure.in:
34340: 	better error if cannot find skey incs or libs
34341: 	[5887662ee9d3]
34342: 
34343: 	* aclocal.m4:
34344: 	now use a temp file for determining max len of uid_t in string form.
34345: 	the old hacky way broke on netbsd
34346: 	[b68f470fa9f8]
34347: 
34348: 	* sudo.c:
34349: 	added set of parens and a space
34350: 	[8a3d4826d022]
34351: 
34352: 1995-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
34353: 
34354: 	* dce_pwent.c:
34355: 	fixes from Jeff Earickson <jaearick@colby.edu> ,
34356: 	[bde0f0b756ec]
34357: 
34358: 	* check.c:
34359: 	modified a comment
34360: 	[e2a97f1afbbe]
34361: 
34362: 	* Makefile.in:
34363: 	fixed up testsudoers target
34364: 	[d39c4e7bb609]
34365: 
34366: 	* configure.in:
34367: 	DCE changes from Jeff Earickson <jaearick@colby.edu> LIBS ->
34368: 	SUDO_LIBS and VISUDO_LIBS LDFLAGS -> SUDO_FDFLAGS and VISUDO_LDFLAGS
34369: 	[da7a1c433828]
34370: 
34371: 	* Makefile.in:
34372: 	LIBS -> SUDO_LIBS , VISUDO_LIBS LDFLAGS -> SUDO_LDFLAGS,
34373: 	VISUDO_LDFLAGS
34374: 	[4b69503e8487]
34375: 
34376: 1995-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
34377: 
34378: 	* configure.in:
34379: 	fix for C2 on hpux 10 now uses -linet if it exists
34380: 	[8d300112263d]
34381: 
34382: 	* check.c:
34383: 	LONG_SKEY_PROMPT is less of a klusge /
34384: 	[dcc144abaac3]
34385: 
34386: 	* configure.in:
34387: 	fixed typos w/ dce stuff
34388: 	[f7dfd6d4e149]
34389: 
34390: 	* Makefile.in:
34391: 	added dce_pwent.c
34392: 	[79047acdc516]
34393: 
34394: 1995-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
34395: 
34396: 	* INSTALL:
34397: 	amended section on combining authentication mechanisms
34398: 	[dc5138c7c716]
34399: 
34400: 	* PORTING:
34401: 	minor updates for 1.3.6
34402: 	[fe80c13bd994]
34403: 
34404: 	* TROUBLESHOOTING:
34405: 	added 2 more entries
34406: 	[c7201439a0f5]
34407: 
34408: 	* BUGS:
34409: 	updated for 1.3.6
34410: 	[979b414d2a2d]
34411: 
34412: 	* README:
34413: 	overhauled
34414: 	[3af8b60eb594]
34415: 
34416: 	* INSTALL:
34417: 	rewrote for sudo 1.3.6
34418: 	[b16027b9c726]
34419: 
34420: 	* TROUBLESHOOTING:
34421: 	added 3 entries
34422: 	[934c9ee3f153]
34423: 
34424: 1995-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
34425: 
34426: 	* find_path.c, getspwuid.c, sudo.c:
34427: 	added explict casts for strdup since many includes don't prototype
34428: 	it. gag me.
34429: 	[3e19a11f2fcc]
34430: 
34431: 	* sudo.h:
34432: 	removed prototype for sudo_getpwuid() since convex C compiler choked
34433: 	on it.
34434: 	[c3ea74ca67b0]
34435: 
34436: 	* sudo.c:
34437: 	added prototype for sudo_getpwuid()
34438: 	[4a8e3cdc2b98]
34439: 
34440: 	* lsearch.c:
34441: 	now compiles on strict ANSI compilers
34442: 	[3ce5d72d0b08]
34443: 
34444: 	* check.c:
34445: 	added LONG_SKEY_PROMPT support
34446: 	[48a18b8a2332]
34447: 
34448: 	* Makefile.in:
34449: 	added extra $'s for make to eat up, yum.
34450: 	[2995b214e12b]
34451: 
34452: 	* OPTIONS, options.h:
34453: 	added LONG_SKEY_PROMPT
34454: 	[f23ae799b5a4]
34455: 
34456: 1995-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
34457: 
34458: 	* check.c:
34459: 	s/key support now works with normal s/key as well as logdaemon
34460: 	[d67573f523bf]
34461: 
34462: 	* OPTIONS, options.h:
34463: 	added SKEY_ONLY
34464: 	[bbf07654e0de]
34465: 
34466: 	* compat.h:
34467: 	set _PASSWD_LEN to 256 for any of KERB4, DCE, SKEY
34468: 	[205895b96a36]
34469: 
34470: 	* INSTALL:
34471: 	added DCE note added more AIX notes
34472: 	[6345403b3522]
34473: 
34474: 	* sudo.c:
34475: 	now include pthread.h for DCE support
34476: 	[6fe02865f679]
34477: 
34478: 	* check.c:
34479: 	dce_pwent() is ok after all .,
34480: 	[d26a8746a55d]
34481: 
34482: 	* logging.c:
34483: 	now uses SYSLOG() macro that equates to either syslog() or
34484: 	syslog_wrapper
34485: 	[42ac4cff8045]
34486: 
34487: 	* dce_pwent.c:
34488: 	minor formatting changes. renamed check() to somthing less generic
34489: 	[71859f217be1]
34490: 
34491: 	* check.c, logging.c, parse.yacc, sudo.c, sudo.h, testsudoers.c,
34492: 	visudo.c:
34493: 	now uses user_pw_ent and simple macros to get at the contents
34494: 	[f4cbf3e7145a]
34495: 
34496: 1995-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
34497: 
34498: 	* check.c:
34499: 	simpler dec unix C2 support
34500: 	[86bc8f75250e]
34501: 
34502: 	* getspwuid.c:
34503: 	now sets crypt_type for DEC unix C2
34504: 	[99aeadd18266]
34505: 
34506: 1995-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
34507: 
34508: 	* configure.in:
34509: 	added csops paths for skey
34510: 	[b8ca672e2117]
34511: 
34512: 	* getspwuid.c:
34513: 	now includes string.h for strdup() prototype
34514: 	[3605259c3620]
34515: 
34516: 	* getspwuid.c:
34517: 	fixed a few typos
34518: 	[46c97e4ea417]
34519: 
34520: 	* check.c:
34521: 	now includes skey.h
34522: 	[11e611ce1b61]
34523: 
34524: 	* getspwuid.c:
34525: 	fixed up comments
34526: 	[223dac56f0c8]
34527: 
34528: 	* check.c:
34529: 	moved a lot of the shadow passwd crap to sudo_getpwuid()
34530: 	[97d8887fb7d3]
34531: 
34532: 	* sudo.c:
34533: 	now uses sudo_pw_ent
34534: 	[d014dadbef48]
34535: 
34536: 	* testsudoers.c:
34537: 	now uses sudo_pw_ent
34538: 	[d92936ed7e34]
34539: 
34540: 	* visudo.c:
34541: 	now sets sudo_pw_ent
34542: 	[ff75cdfcf8b3]
34543: 
34544: 	* getspwuid.c:
34545: 	Initial revision
34546: 	[6deb6df9d7bc]
34547: 
34548: 	* tgetpass.c:
34549: 	moved dce stuff into compat.h
34550: 	[1124284396e7]
34551: 
34552: 	* logging.c, sudo.h:
34553: 	now uses sudo_pw_ent
34554: 	[404ff20a5067]
34555: 
34556: 	* Makefile.in:
34557: 	added sudo_getpwuid.c
34558: 	[6666d0644512]
34559: 
34560: 	* compat.h:
34561: 	added dce support
34562: 	[3c3b36a7ce0e]
34563: 
34564: 	* parse.yacc:
34565: 	now uses sudo_pw_ent
34566: 	[9f5e8d11bd68]
34567: 
34568: 1995-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
34569: 
34570: 	* check.c:
34571: 	fixed exempt_group stuff for OS's that don't put base gid in group
34572: 	vector
34573: 	[003f153bd396]
34574: 
34575: 	* check.c:
34576: 	S/Key support now works with sunos4 shadow passwords
34577: 	[1eb64a5efff1]
34578: 
34579: 	* Makefile.in:
34580: 	fixed clean rule
34581: 	[5695a2c62816]
34582: 
34583: 	* config.h.in, configure.in:
34584: 	added DCE support
34585: 	[f53c766c1947]
34586: 
34587: 	* tgetpass.c:
34588: 	DCE & KERB support
34589: 	[904cf436506a]
34590: 
34591: 	* check.c:
34592: 	first stab at dce support
34593: 	[aea5ca07b1e3]
34594: 
34595: 	* dce_pwent.c:
34596: 	now smells like sudo
34597: 	[8b3d609b49cd]
34598: 
34599: 	* dce_pwent.c:
34600: 	Initial revision
34601: 	[b573555f2399]
34602: 
34603: 	* check.c:
34604: 	skey'd sudo now works w/ normal password as well
34605: 	[8d038f9f6e94]
34606: 
34607: 1995-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
34608: 
34609: 	* Makefile.in, OPTIONS, check.c, compat.h, config.h.in, find_path.c,
34610: 	getwd.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
34611: 	ins_goons.h, insults.h, interfaces.c, logging.c, options.h, parse.c,
34612: 	parse.lex, parse.yacc, pathnames.h.in, putenv.c, strdup.c, sudo.c,
34613: 	sudo.h, sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c,
34614: 	version.h, visudo.c:
34615: 	updated version number
34616: 	[ba7e346d7904]
34617: 
34618: 	* README:
34619: 	updated to reflect version change
34620: 	[1d15cf1d8cc8]
34621: 
34622: 	* configure.in:
34623: 	--with options now line up ++version
34624: 	[08ebf625fbca]
34625: 
34626: 	* sudo.h:
34627: 	removed unecesary S/Key stuff
34628: 	[68188cba90af]
34629: 
34630: 	* configure.in:
34631: 	fixed S/Key support
34632: 	[f6d9cbc36618]
34633: 
34634: 	* Makefile.in:
34635: 	-I stuff now goes in CPPFLAGS
34636: 	[7b8e53c5b046]
34637: 
34638: 	* check.c:
34639: 	fixed SKey support
34640: 	[52c1a5cf4435]
34641: 
34642: 	* README:
34643: 	updated version
34644: 	[bed6498a10bb]
34645: 
34646: 	* OPTIONS:
34647: 	fixed description of EXEMPTGROUP
34648: 	[cfeead55edc2]
34649: 
34650: 	* sudo.c:
34651: 	more people use _RLD_ than just alphas...
34652: 	[6a3c7090a6f6]
34653: 
34654: 	* Makefile.in:
34655: 	replaced $man_prefix with $mandir
34656: 	[dc4b36a550e2]
34657: 
34658: 	* configure.in:
34659: 	fixed a typo
34660: 	[a38a4acddcaf]
34661: 
34662: 	* Makefile.in:
34663: 	now use more GNU'ish dir names
34664: 	[c5498391a520]
34665: 
34666: 	* configure.in:
34667: 	now set *dir correctly (can override from command line)
34668: 	[523ff98fd438]
34669: 
34670: 	* sudo.c:
34671: 	now deal with situations where we getwd() fails
34672: 	[88a9e61dccbb]
34673: 
34674: 1995-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
34675: 
34676: 	* Makefile.in:
34677: 	added etc_dir, bin_dir, sbin_dir
34678: 	[75fd08d92842]
34679: 
34680: 	* configure.in:
34681: 	added sbin_dir
34682: 	[3cb318c0d8d1]
34683: 
34684: 	* Makefile.in:
34685: 	now ship a flex-generated lex.yy.c
34686: 	[4d083ed70dce]
34687: 
34688: 	* Makefile.in:
34689: 	now sets _PATH_SUDO_SUDOERS, _PATH_SUDO_STMP, SUDOERS_OWNER
34690: 	[4d51dc9c3780]
34691: 
34692: 	* pathnames.h.in:
34693: 	_PATH_SUDO_SUDOERS & _PATH_SUDO_STMP are now overridden via Makefile
34694: 	[773fd163d52f]
34695: 
34696: 	* options.h:
34697: 	no more error for redefining SUDOERS_OWNER
34698: 	[4ba336644c6a]
34699: 
34700: 	* OPTIONS:
34701: 	expanded SUDOERS_OWNER section
34702: 	[12fae405759e]
34703: 
34704: 1995-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
34705: 
34706: 	* visudo.c:
34707: 	now warn if chown(2) failed
34708: 	[d0d1db6e3a1f]
34709: 
34710: 	* logging.c:
34711: 	better default warning for NO_SUDOERS_FILE
34712: 	[5260b458ac64]
34713: 
34714: 	* sudo.c:
34715: 	added missing set_perms() no more cryptic message if the sudoers
34716: 	file is zero length, now just give a parse error
34717: 	[b81ea724838a]
34718: 
34719: 	* logging.c:
34720: 	better diagnostics if NO_SUDOERS_FILE
34721: 	[877e878663c5]
34722: 
34723: 	* sudo.c:
34724: 	check_sudoers() now catches sudoers files that are not readable (but
34725: 	are stat'able).
34726: 	[fea05663b3de]
34727: 
34728: 1995-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
34729: 
34730: 	* configure.in:
34731: 	now add -D__STDC__ for convex cc (not gcc)
34732: 	[c80fc53ff51b]
34733: 
34734: 	* configure.in:
34735: 	MAN_PREFIX -> man_prefix now sets prefix and exec_prefix
34736: 	[fe238226a057]
34737: 
34738: 	* Makefile.in:
34739: 	now uses exec_prefix & prefix from configure
34740: 	[f62fca5f56bd]
34741: 
34742: 	* find_path.c, getwd.c, goodpath.c, interfaces.c, logging.c, parse.c,
34743: 	parse.lex, parse.yacc, sudo.c, sudo.h, sudo_setenv.c, tgetpass.c,
34744: 	utime.c, visudo.c:
34745: 	options.h is now <> instead of "" so shadow build trees can have a
34746: 	custom copy of options.h
34747: 	[e6782676099c]
34748: 
34749: 	* check.c:
34750: 	user_is_exempt() is no longer a hack, it now uses getgrnam()
34751: 	[287f8d5356f7]
34752: 
34753: 	* options.h:
34754: 	EXEMPTGROUP is now "sudo"
34755: 	[61487304dbe1]
34756: 
34757: 	* configure.in:
34758: 	MAN_POSTINSTALL now contains a leading space
34759: 	[eaad4ac34012]
34760: 
34761: 	* Makefile.in:
34762: 	removed leading tab if @MAN_POSTINSTALL@ not defined now removes
34763: 	testsudoers in clean:
34764: 	[e01711baceb8]
34765: 
34766: 	* tgetpass.c:
34767: 	includes pwd.h to get _PASSWD_LEN definition
34768: 	[8ec174f263f1]
34769: 
34770: 1995-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
34771: 
34772: 	* sudo.c:
34773: 	unset the KRB_CONF envariable if using kerberos so we don't get
34774: 	spoofed into using a bogus server
34775: 	[2561a0274fca]
34776: 
34777: 1995-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
34778: 
34779: 	* parse.yacc:
34780: 	now explicately initialize match[] tp be FALSE
34781: 	[0e45e5c47766]
34782: 
34783: 1995-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
34784: 
34785: 	* sudo.c:
34786: 	removed unused variable now passes -Wall
34787: 	[3452508bc16d]
34788: 
34789: 	* parse.yacc:
34790: 	yyerror and dumpaliases are now void's now passes -Wall
34791: 	[2769dfb51993]
34792: 
34793: 	* parse.lex:
34794: 	added prototype for yyerror
34795: 	[1f3f0c1b4ab4]
34796: 
34797: 	* check.c, logging.c, parse.c:
34798: 	now passes -Wall
34799: 	[eab57e5e81d2]
34800: 
34801: 	* interfaces.c:
34802: 	rmeoved unused cruft now passes -Wall
34803: 	[7a47e1866f4b]
34804: 
34805: 	* Makefile.in:
34806: 	fixed headers that moved to emul dir
34807: 	[e680c1e5049b]
34808: 
34809: 	* logging.c:
34810: 	fixed deref of nil pointer if no args
34811: 	[973b9bea432f]
34812: 
34813: 1995-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
34814: 
34815: 	* OPTIONS:
34816: 	added a caveat to FQDN section
34817: 	[dcf6e2a5fff4]
34818: 
34819: 1995-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
34820: 
34821: 	* Makefile.in:
34822: 	more $srcdir support for install targets
34823: 	[f6eac78436dd]
34824: 
34825: 	* find_path.c, interfaces.c, parse.c, parse.lex, parse.yacc, putenv.c,
34826: 	strdup.c, sudo.c, sudo_setenv.c, testsudoers.c, visudo.c:
34827: 	don't include malloc.h if we include stdlib.h
34828: 	[fca2ff307cd8]
34829: 
34830: 	* parse.yacc:
34831: 	local search.h now lives in emul
34832: 	[51c458904424]
34833: 
34834: 	* check.c, utime.c:
34835: 	local utime.h now lives in emul dir
34836: 	[f92fc9e8c8de]
34837: 
34838: 	* lsearch.c:
34839: 	local search.h now lives in emul
34840: 	[579efc407439]
34841: 
34842: 	* Makefile.in:
34843: 	added support for building in other than the sourcedir
34844: 	[2ab53a43f7d4]
34845: 
34846: 1995-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
34847: 
34848: 	* OPTIONS:
34849: 	annotated CSOPS_INSULTS option
34850: 	[9e57d45a0afa]
34851: 
34852: 	* TROUBLESHOOTING:
34853: 	updated shadow passwords blurb
34854: 	[39b785bc7253]
34855: 
34856: 	* sudo.c:
34857: 	if SHELL_IF_NO_ARGS is set, "sudo -- foo" now runs a shell and
34858: 	passes along foo as the arguments
34859: 	[a91077aa8fc5]
34860: 
34861: 1995-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
34862: 
34863: 	* parse.lex:
34864: 	collapsed pathname and dir sections into one -- its now less
34865: 	expensive
34866: 	[89caa03bec25]
34867: 
34868: 	* parse.lex:
34869: 	fixed spacing quoting [,:\\=] now works correctly append() and
34870: 	fill() now take args to make the above work
34871: 	[09d023d9ef3a]
34872: 
34873: 	* sudo.c:
34874: 	fixed a typo that caused commands with no tty on fd 0 but a tty on
34875: 	fd 1 to erroneously have "none" as their tty
34876: 	[07d2c0e7977c]
34877: 
34878: 1995-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
34879: 
34880: 	* check.c:
34881: 	timestampfile is now a global static removed decl of timestampfile
34882: 	in remove_timestamp since we can just use the global one
34883: 	[f0cbdc6aab1c]
34884: 
34885: 	* check.c:
34886: 	created touch() to update timestamps added USE_TTY_TICKETS support
34887: 	(bit of a kludge)
34888: 	[cee1dd0318f8]
34889: 
34890: 	* compat.h:
34891: 	added _S_IFDIR and S_ISDIR
34892: 	[b4a51cc9628e]
34893: 
34894: 	* OPTIONS, options.h:
34895: 	added USE_TTY_TICKETS
34896: 	[b4e22f81f25e]
34897: 
34898: 	* parse.yacc:
34899: 	removed const from casts for lsearch() & lfind() to placate irix 4.x
34900: 	C compiler
34901: 	[5003081f76ea]
34902: 
34903: 1995-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
34904: 
34905: 	* sudo.c:
34906: 	now only strip '/dev/' off of a tty if it starts with '/dev/'
34907: 	[7f62bcd24039]
34908: 
34909: 	* pathnames.h.in:
34910: 	added _PATH_DEV
34911: 	[6375f44d1910]
34912: 
34913: 	* configure.in:
34914: 	AC_HAVE_HEADERS -> AC_CHECK_HEADERS now check for tcgetattr only if
34915: 	have termios.h
34916: 	[9c60391235fd]
34917: 
34918: 	* tgetpass.c:
34919: 	fixed incorrect #ifdef termio uses "unsigned short" not int for
34920: 	c_?flag
34921: 	[d032e6a29845]
34922: 
34923: 	* parse.lex, parse.yacc:
34924: 	fixed a spelling error
34925: 	[cad6a944c7b1]
34926: 
34927: 	* Makefile.in:
34928: 	fixed typo
34929: 	[204a65403e7c]
34930: 
34931: 1995-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
34932: 
34933: 	* Makefile.in:
34934: 	fixed a comment
34935: 	[268f760e57ad]
34936: 
34937: 	* parse.yacc:
34938: 	added dotcat() to cat 2 strings w/ a dot effeciently now that we
34939: 	dynamically allocate strings they need to be free()'d
34940: 	[ec2e2152f415]
34941: 
34942: 	* parse.lex:
34943: 	dynamically allocates space for strings
34944: 	[d10ac3533d66]
34945: 
34946: 	* sudo.h:
34947: 	no more MAXCOMMANDLENGTH
34948: 	[e2e1219bff8a]
34949: 
34950: 	* sudo.h:
34951: 	added decl of tty
34952: 	[c8ae81303ee5]
34953: 
34954: 	* logging.c, sudo.c:
34955: 	moved tty stuff into sudo.c
34956: 	[e028abefeb07]
34957: 
34958: 1995-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
34959: 
34960: 	* parse.c:
34961: 	fixed a logic bug. Was denying a command if user gave command line
34962: 	args but there were none in the sudoers file which is wrong.
34963: 	[7489a99b8e8a]
34964: 
34965: 	* sudo.h:
34966: 	MAXCOMMMANDLEN dropped down to 1K
34967: 	[38ef54ba290b]
34968: 
34969: 	* parse.lex:
34970: 	return foo; -> return(foo);
34971: 	[0e8be1b57001]
34972: 
34973: 	* parse.yacc:
34974: 	fixed netgr_matches() prototype
34975: 	[e69f15910464]
34976: 
34977: 	* parse.lex:
34978: 	added support for escaping "termination" characters
34979: 	[8bd4ef50f35c]
34980: 
34981: 	* parse.c:
34982: 	buf is now of size MAXPATHLEN+1 since it never holds command args
34983: 	[2ce4b763058c]
34984: 
34985: 	* sudo.c:
34986: 	fixed comments
34987: 	[0c74a3d2ebb0]
34988: 
34989: 	* goodpath.c:
34990: 	fixed negation problem (doh!)
34991: 	[782814e3a2d1]
34992: 
34993: 	* parse.yacc:
34994: 	fixed 2nd parameter to lfind()
34995: 	[63d7b1623c08]
34996: 
34997: 	* parse.lex:
34998: 	now do bounds checking in fill() and append()
34999: 	[54381b563251]
35000: 
35001: 	* sudo.c:
35002: 	include netdb.h as we should added a missing void cast added
35003: 	SHELL_IF_NO_ARGS support now use realloc() properly. would fail if
35004: 	realloc actually moved the string instead of shrinking it
35005: 	[897ccdec9c06]
35006: 
35007: 	* sample.sudoers:
35008: 	updated with examples of new features
35009: 	[9b3ed00e8aa6]
35010: 
35011: 	* goodpath.c:
35012: 	now set errno to EACCES if not a regular file or not executable
35013: 	[2d069548a5ea]
35014: 
35015: 	* find_path.c:
35016: 	if given a fully-qualified or relative path we now check it with
35017: 	sudo_goodpath() and error out with the appropriate error message if
35018: 	the file does not exist or is not executable
35019: 	[590f89dd8dec]
35020: 
35021: 	* emul/search.h, lsearch.c:
35022: 	now use correct args for lfind
35023: 	[fccdcdbf020e]
35024: 
35025: 	* logging.c:
35026: 	added a comment
35027: 	[fab9f49708ea]
35028: 
35029: 	* insults.h:
35030: 	added in CSOps insults
35031: 	[ad8eb1862adc]
35032: 
35033: 	* ins_csops.h:
35034: 	Initial revision
35035: 	[de5a475ec018]
35036: 
35037: 	* tgetpass.c:
35038: 	added RCS id
35039: 	[c3ffd550a482]
35040: 
35041: 	* sudo.h:
35042: 	increased MAXCOMMANDLENGTH to 8k HAVE_GETCWD -> HAVE_GETWD
35043: 	[aba25c90d08a]
35044: 
35045: 	* OPTIONS:
35046: 	added CLASSIC_INSULTS, CSOPS_INSULTS, SHELL_IF_NO_ARGS
35047: 	[e27bd62e9ccf]
35048: 
35049: 	* sudo.c:
35050: 	fixed -k load_interfaces() now gets called if FQDN is set
35051: 	-p now works with -s
35052: 	[07ca2a34bae8]
35053: 
35054: 	* parse.c:
35055: 	don't try to stat() "pseudo commands" like "validate"
35056: 	[75527045984b]
35057: 
35058: 	* options.h:
35059: 	added CLASSIC_INSULTS added CSOPS_INSULTS added SHELL_IF_NO_ARGS
35060: 	[07b157a0eafd]
35061: 
35062: 	* configure.in:
35063: 	added SecurID support added other insults to --with-csops
35064: 	[6c992ceb244c]
35065: 
35066: 	* config.h.in:
35067: 	added HAVE_SECURID
35068: 	[e734ff617fe8]
35069: 
35070: 	* Makefile.in:
35071: 	added clobber target added ins_csops.h now gets CFLAGS from
35072: 	configure
35073: 	[d1e29c7cec25]
35074: 
35075: 	* aclocal.m4:
35076: 	relaxed SUDO_FULL_VOID
35077: 	[fb4084f27406]
35078: 
35079: 	* visudo.c:
35080: 	function comment blocks are now in same style as rest of code
35081: 	[04a2931354c5]
35082: 
35083: 	* testsudoers.c:
35084: 	added support for command line args in /etc/sudoers
35085: 	[bfe4e1bcc655]
35086: 
35087: 	* sudoers.man:
35088: 	updated to have command args in the sudoers file
35089: 	[1cd34355e9ea]
35090: 
35091: 	* sudo.man:
35092: 	added -s and -- flags added SHELL to ENVIRONMENT VARIABLES section
35093: 	[930b48023b68]
35094: 
35095: 1995-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
35096: 
35097: 	* parse.yacc:
35098: 	PATH renamed to COMMAND
35099: 	[4e109a6de3cd]
35100: 
35101: 	* parse.lex:
35102: 	it is now a parse error for directories to have args attached to
35103: 	them
35104: 	[2ab10a146b54]
35105: 
35106: 	* logging.c:
35107: 	now say command args if telling user to buzz off
35108: 	[933de26ded8b]
35109: 
35110: 	* sudo.c:
35111: 	-s no longer indicates end of args sped up loading on cmnd_args in
35112: 	load_cmnd()
35113: 	[eac99a4da862]
35114: 
35115: 	* parse.c:
35116: 	removed an unreachable statement
35117: 	[634302623c49]
35118: 
35119: 	* parse.lex:
35120: 	made more efficient by pulling out the terminators when in GOTCMND
35121: 	state and making them their own rule
35122: 	[80798f1e1166]
35123: 
35124: 1995-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
35125: 
35126: 	* sudo.h:
35127: 	removed MAXLOGLEN since it is no longer used
35128: 	[102824196b71]
35129: 
35130: 	* parse.lex:
35131: 	now allows command args
35132: 	[d29dfa1e5254]
35133: 
35134: 	* parse.c:
35135: 	now groks command arguments
35136: 	[6c414cb7f105]
35137: 
35138: 	* logging.c:
35139: 	now sets tty correctly when piped input
35140: 	[de46a30c0406]
35141: 
35142: 	* sudo.c:
35143: 	fixed loading of cmnd_args (was including command name too)
35144: 	[15319a425ea6]
35145: 
35146: 	* logging.c:
35147: 	fixed a core dump due to incorrect if construct
35148: 	[582363c7d7fa]
35149: 
35150: 1995-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
35151: 
35152: 	* configure.in:
35153: 	only add -lsun is irix < 5 don't look for -lnsl or -lsocket if irix
35154: 	[da591fe9b931]
35155: 
35156: 	* aclocal.m4:
35157: 	fixed check for ISC
35158: 	[52e59f2082a7]
35159: 
35160: 	* sudo.c:
35161: 	now sets cmnd_args used by log_error() and that will be used by the
35162: 	parse to check against command args
35163: 	[c6804389723b]
35164: 
35165: 	* sudo.h:
35166: 	added cmnd_args
35167: 	[4d00446b4a8d]
35168: 
35169: 	* logging.c:
35170: 	now dynamically allocate logline since we can guess at its size
35171: 	[4bed8c8446aa]
35172: 
35173: 1995-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
35174: 
35175: 	* logging.c:
35176: 	cleaned up a bunch of unnecesary #ifdef's eliminated a buffer remove
35177: 	"register" since the compiler knows more than I do now do a
35178: 	"basename" of the tty
35179: 	[3b1bbf0b3da1]
35180: 
35181: 1995-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
35182: 
35183: 	* configure.in:
35184: 	++version
35185: 	[5ce552f9a5f1]
35186: 
35187: 	* sudo.h:
35188: 	added shell extern changed MODE_* to be bit masks to allow for
35189: 	several options together
35190: 	[06f9dc4f400c]
35191: 
35192: 	* sudo.c:
35193: 	added -s (shell) option made MODE_* masks so we can do bitwise & and
35194: 	| to see if multiple flags are set.
35195: 	[01f8143010ad]
35196: 
35197: 	* check.c:
35198: 	added securid support
35199: 	[909e078005fe]
35200: 
35201: 1995-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
35202: 
35203: 	* logging.c:
35204: 	removed a bunch of unnecesary strncpy()'s and replaced with strcat()
35205: 	[644506b57d61]
35206: 
35207: 1995-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
35208: 
35209: 	* Makefile.in, version.h:
35210: 	++version
35211: 	[3cd6f1fbc3d9]
35212: 
35213: 1995-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
35214: 
35215: 	* parse.yacc:
35216: 	fixed free() of an uninitialized pointer (yuck)
35217: 	[8c404ee502ee]
35218: 
35219: 	* testsudoers.c:
35220: 	added netgr_matches
35221: 	[e7c9fa2f774c]
35222: 
35223: 	* parse.c:
35224: 	cleaned up netgr_matches
35225: 	[8108f00b810e]
35226: 
35227: 1995-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
35228: 
35229: 	* RUNSON:
35230: 	updated for 1.3.4
35231: 	[4741704310a1]
35232: 
35233: 1995-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
35234: 
35235: 	* Makefile.in:
35236: 	now installs sudoers.man -- really should clean this up though.
35237: 	[455631d45a1d]
35238: 
35239: 	* Makefile.in:
35240: 	added sudoers.cat and sudoers.man
35241: 	[0bdedd6c7363]
35242: 
35243: 	* sudo.man:
35244: 	pulled out stuff on the sudoers file format into a separate man page
35245: 	[de215d999cb9]
35246: 
35247: 	* sudoers.man:
35248: 	Initial revision
35249: 	[f25eafbb7095]
35250: 
35251: 	* HISTORY:
35252: 	fixed up my email address
35253: 	[254fbf80be74]
35254: 
35255: 	* configure.in:
35256: 	added checks for innetgr and getdomainname
35257: 	[24a99cb7e97e]
35258: 
35259: 	* visudo.c:
35260: 	added dummy netgr_matches function
35261: 	[1841ff2c01da]
35262: 
35263: 	* parse.c:
35264: 	added netgr_matches
35265: 	[ec90db6a97b8]
35266: 
35267: 	* parse.lex, parse.yacc:
35268: 	added NETGROUP support
35269: 	[c9dd93e3bc4b]
35270: 
35271: 	* config.h.in:
35272: 	added HAVE_INNETGR & HAVE_GETDOMAINNAME
35273: 	[14abd494d875]
35274: 
35275: 1995-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
35276: 
35277: 	* sudo.c:
35278: 	rewrote clean_env() that has rm_env() builtin
35279: 	[55cb43818a95]
35280: 
35281: 1995-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
35282: 
35283: 	* check.c:
35284: 	now cast uid to long in sprintf
35285: 	[b549eea40aeb]
35286: 
35287: 	* OPTIONS:
35288: 	added _INSULTS suffix to HAL & GOONS end
35289: 	[ed620d0aad30]
35290: 
35291: 	* options.h:
35292: 	added _INSULTS suffix to HAL & GOONS
35293: 	[9f72e9b83afd]
35294: 
35295: 	* ins_2001.h, ins_classic.h, ins_goons.h, insults.h:
35296: 	converted to new scheme of insult "unions" end
35297: 	[2f6d2b412132]
35298: 
35299: 	* sudo.c:
35300: 	now uses MAX_UID_T_LEN
35301: 	[c1df79e0f389]
35302: 
35303: 	* configure.in:
35304: 	added SUDO_UID_T_LEN !l
35305: 	[195f0b9f5f84]
35306: 
35307: 	* config.h.in:
35308: 	added MAX_UID_T_LEN
35309: 	[73f42ae4f14d]
35310: 
35311: 	* check.c:
35312: 	now use MAX_UID_T_LEN
35313: 	[df9c063234cb]
35314: 
35315: 	* aclocal.m4:
35316: 	added check for max len of uid_t fixed sco vs. isc check
35317: 	[d558f36d2223]
35318: 
35319: 1995-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
35320: 
35321: 	* configure.in:
35322: 	corrected version
35323: 	[828dd1571e86]
35324: 
35325: 	* configure.in:
35326: 	added sco support
35327: 	[af1e2f616638]
35328: 
35329: 	* aclocal.m4:
35330: 	hack to check for sco
35331: 	[549ab99a9a43]
35332: 
35333: 	* interfaces.c:
35334: 	removed #include <net/route.h> since it was hosing some OS's
35335: 	[ac78a7c04005]
35336: 
35337: 1995-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
35338: 
35339: 	* find_path.c:
35340: 	fixed prreadlink() prototype
35341: 	[b380fe1f2b11]
35342: 
35343: 	* check.c:
35344: 	added parens in #if's
35345: 	[e96ade691b82]
35346: 
35347: 	* configure.in:
35348: 	added SPW_ prefix
35349: 	[a302683a1483]
35350: 
35351: 	* sudo.h:
35352: 	moved SPW_* to config.h.in
35353: 	[6b3be70e34cf]
35354: 
35355: 	* sudo.c:
35356: 	added a set of parens
35357: 	[8188d735d695]
35358: 
35359: 	* config.h.in:
35360: 	added SPW_*
35361: 	[5ead6371cf60]
35362: 
35363: 	* sudo.h:
35364: 	added SPW_* reordered error codes
35365: 	[dead25b4ed0a]
35366: 
35367: 	* check.c:
35368: 	moved SPW_* to sudo.h
35369: 	[ca51fb04caf4]
35370: 
35371: 1995-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
35372: 
35373: 	* sudo.c:
35374: 	SPW_AUTH -> SPW_SECUREWARE
35375: 	[6b512b2bc5dc]
35376: 
35377: 	* logging.c:
35378: 	GLOBAL_NO_AUTH_ENT -> GLOBAL_NO_SPW_ENT
35379: 	[defdd0944e2f]
35380: 
35381: 	* configure.in:
35382: 	AUTH -> SECUREWARE
35383: 	[d1f8a17001dd]
35384: 
35385: 	* check.c:
35386: 	SPW_AUTH -> SPW_SECUREWARE
35387: 	[af0e8d8b89b2]
35388: 
35389: 	* check.c:
35390: 	now uses SHADOW_TYPE to make shadow pw support more readable and
35391: 	modular. It's a start...
35392: 	[8c2a59667014]
35393: 
35394: 	* configure.in:
35395: 	added autodetection of shadow passwords
35396: 	[85f81fa54b1b]
35397: 
35398: 	* sudo.c:
35399: 	now uses SHADOW_TYPE define
35400: 	[355e5dc09b07]
35401: 
35402: 	* config.h.in:
35403: 	added SHADOW_TYPE which replaces SUNOS4 & __svr4__ defines
35404: 	[c0c06e83e483]
35405: 
35406: 	* aclocal.m4:
35407: 	added SUDO_CHECK_SHADOW
35408: 	[464301301639]
35409: 
35410: 1995-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
35411: 
35412: 	* configure.in:
35413: 	define SVR4 for ISC define BROKEN_SYSLOG for hpux took out test for
35414: 	memmove() since we dno longer use it...
35415: 	[8aefa87d7d31]
35416: 
35417: 	* CHANGES:
35418: 	updated
35419: 	[ce97b3fd7182]
35420: 
35421: 	* logging.c:
35422: 	added BROKEN_SYSLOG support
35423: 	[a45c3bca36f6]
35424: 
35425: 	* config.h.in:
35426: 	added BROKEN_SYSLOG
35427: 	[6f6abf0a6268]
35428: 
35429: 	* check.c:
35430: 	now only bitch it timestamp > time_now + 2 * timeout to allow for a
35431: 	machine udpating its time from a server
35432: 	[546bc8d35325]
35433: 
35434: 	* sudo.man:
35435: 	added 2 security notes updated Nieusma's email addr
35436: 	[616756c56977]
35437: 
35438: 	* lsearch.c:
35439: 	changed a memmove() to memcpy() since we don't have to worry about
35440: 	overlapping segments.
35441: 	[30baa478526b]
35442: 
35443: 1995-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
35444: 
35445: 	* interfaces.c:
35446: 	cleanup up the loop when interfaces are groped in so that it is
35447: 	readable
35448: 	[1fa39446bd69]
35449: 
35450: 	* Makefile.in, version.h:
35451: 	++version
35452: 	[b46bd2b1770f]
35453: 
35454: 1995-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
35455: 
35456: 	* CHANGES:
35457: 	annotated 124-126
35458: 	[b82a2b3ec7ce]
35459: 
35460: 1995-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
35461: 
35462: 	* check.c:
35463: 	fixed permissions check on /tmp/.odus
35464: 	[cc2431a65468]
35465: 
35466: 1995-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
35467: 
35468: 	* check.c:
35469: 	fixed some comments
35470: 	[8896d09b4fda]
35471: 
35472: 	* check.c:
35473: 	now checks owner & mode of timedir also checks for bogus dates on
35474: 	timestamp file
35475: 	[a0fad5df5b0a]
35476: 
35477: 	* OPTIONS:
35478: 	updated TIMEOUT info
35479: 	[033cc22d9e04]
35480: 
35481: 	* logging.c, sudo.h:
35482: 	added BAD_STAMPDIR and BAD_STAMPFILE
35483: 	[31d9ce691101]
35484: 
35485: 	* compat.h:
35486: 	added definition of S_IRWXU
35487: 	[ff2dab091a9b]
35488: 
35489: 	* CHANGES:
35490: 	updated
35491: 	[a40df90284f1]
35492: 
35493: 1995-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>
35494: 
35495: 	* interfaces.c:
35496: 	added #ifdef to make it compile on strange arches
35497: 	[4a127f12afce]
35498: 
35499: 1995-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
35500: 
35501: 	* aclocal.m4:
35502: 	fixed check for fulkl void impl.
35503: 	[b6f2a4a361d8]
35504: 
35505: 	* check.c:
35506: 	added mssing "static"
35507: 	[520552f2772b]
35508: 
35509: 	* insults.h:
35510: 	replaced #elif with #else #if constructs for ancient C compilers
35511: 	[39ab2d365b57]
35512: 
35513: 	* INSTALL:
35514: 	updated irix c2 & kerb5 info
35515: 	[ae79b99b4905]
35516: 
35517: 	* configure.in:
35518: 	added shadow pw support for irix
35519: 	[632469d9c528]
35520: 
35521: 1995-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
35522: 
35523: 	* BUGS, TODO:
35524: 	updated
35525: 	[2a96bb18ac30]
35526: 
35527: 	* CHANGES:
35528: 	last changes for sudo 1.3.3
35529: 	[c1c0cd1034b8]
35530: 
35531: 	* configure.in:
35532: 	now calls SUDO_SOCK_SA_LEN
35533: 	[14ea78159d45]
35534: 
35535: 	* config.h.in:
35536: 	added HAVE_SA_LEN
35537: 	[cc2a346aa905]
35538: 
35539: 	* aclocal.m4:
35540: 	added SUDO_SOCK_SA_LEN
35541: 	[456a2025644a]
35542: 
35543: 	* interfaces.c:
35544: 	now works with ip implementations that use sa_len in sockaddr
35545: 	[90be6e028077]
35546: 
35547: 	* INSTALL:
35548: 	added note about buggy AIX compiler
35549: 	[c0f6d427e4e4]
35550: 
35551: 	* interfaces.c:
35552: 	now include sys/time.h for AIX
35553: 	[2510858ab38b]
35554: 
35555: 1995-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
35556: 
35557: 	* Makefile.in:
35558: 	getcwd -> getwd
35559: 	[66085ebca98e]
35560: 
35561: 	* interfaces.c:
35562: 	now works for ISC and others. yay.
35563: 	[f336d4ffc927]
35564: 
35565: 1995-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
35566: 
35567: 	* Makefile.in, version.h:
35568: 	version++
35569: 	[836cffc2078d]
35570: 
35571: 1995-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
35572: 
35573: 	* aclocal.m4:
35574: 	fixed test for full void impl
35575: 	[fb004107e7b9]
35576: 
35577: 	* sudo.c:
35578: 	now check to see that st_dev is non-zero before assuming that we are
35579: 	being spoofed
35580: 	[1b0e1c30c506]
35581: 
35582: 1995-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
35583: 
35584: 	* aclocal.m4, configure.in:
35585: 	SUDO_FUNC_UTIME_NULL -> AC_FUNC_UTIME_NULL
35586: 	[4953379bfb01]
35587: 
35588: 1995-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
35589: 
35590: 	* aclocal.m4:
35591: 	fixed include file order for SUDO_FUNC_UTIME_POSIX
35592: 	[ff64ab7df44f]
35593: 
35594: 	* logging.c:
35595: 	added cast for ttyname()
35596: 	[444f05f56758]
35597: 
35598: 	* configure.in:
35599: 	fixed typo
35600: 	[de068e748431]
35601: 
35602: 	* check.c:
35603: 	now deal correctly with all known variation of utime() -- yippe
35604: 	[b778a4195a89]
35605: 
35606: 	* configure.in:
35607: 	added SUDO_FUNC_UTIME_POSIX
35608: 	[cf635f2269d6]
35609: 
35610: 	* aclocal.m4:
35611: 	added SUDO_FUNC_UTIME_NULL and SUDO_FUNC_UTIME_POSIX
35612: 	[d79593be4b73]
35613: 
35614: 	* config.h.in:
35615: 	added HAVE_UTIME_POSIX
35616: 	[c67b4ac0dca5]
35617: 
35618: 	* check.c:
35619: 	fixed a typo
35620: 	[b14df5680f59]
35621: 
35622: 	* check.c:
35623: 	no longer assume !HAVE_UTIME_NULL means old BSD utime()
35624: 	[0aeaf4b2f38b]
35625: 
35626: 	* check.c:
35627: 	fixed fascist C compiler warning
35628: 	[c61ddf2f1f93]
35629: 
35630: 	* interfaces.c:
35631: 	now set strioctl.ic_timout in STRSET() now initialize num_interfaces
35632: 	to 0 (just to be anal)
35633: 	[c54cc2ba0052]
35634: 
35635: 1995-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
35636: 
35637: 	* sudo.h:
35638: 	increaed MAXLOGLEN by MAXPATHLEN to account for ttyname
35639: 	[74cf585a54fb]
35640: 
35641: 	* logging.c:
35642: 	added tty logging
35643: 	[e27d8dcfbd78]
35644: 
35645: 	* interfaces.c:
35646: 	reworked the ISC code
35647: 	[bcf57ce8ae69]
35648: 
35649: 	* Makefile.in, version.h:
35650: 	updated version
35651: 	[032941c9b94d]
35652: 
35653: 	* check.c:
35654: 	now expect old-style utime(3) if utime() can't take NULL as an arg
35655: 	[018dd4a73030]
35656: 
35657: 	* configure.in:
35658: 	added check for utime.h
35659: 	[0b76e8feb618]
35660: 
35661: 	* config.h.in:
35662: 	added HAVE_UTIME_H
35663: 	[62ee42feda46]
35664: 
35665: 	* Makefile.in:
35666: 	added CPPFLAGS STATIC_FLAGS -> LDFLAGS
35667: 	[fa3201d294e1]
35668: 
35669: 	* configure.in:
35670: 	now search for kerb libs and includes
35671: 	[cc332401e571]
35672: 
35673: 	* check.c:
35674: 	added support for utime(2)'s that can't take a NULL parameter
35675: 	[98797fedf69f]
35676: 
35677: 	* utime.c:
35678: 	moved HAVE_UTIME_NULL stuff to update_timestamp() where t belongs
35679: 	[6ce6d825fb44]
35680: 
35681: 	* configure.in:
35682: 	added utime(s) stuff
35683: 	[a2afb744403e]
35684: 
35685: 	* check.c:
35686: 	now use utime()
35687: 	[48902240a51e]
35688: 
35689: 	* config.h.in:
35690: 	added HAVE_UTIME and HAVE_UTIME_NULL
35691: 	[9a56ab65d4f4]
35692: 
35693: 1995-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
35694: 
35695: 	* utime.c:
35696: 	now use HAVE_UTIME_NULL
35697: 	[e3944de09a92]
35698: 
35699: 	* emul/utime.h, utime.c:
35700: 	Initial revision
35701: 	[a2cbf2ef3427]
35702: 
35703: 	* check.c:
35704: 	need to setuid(0) to make kerb4 stuff work.
35705: 	[c6cfda4039d7]
35706: 
35707: 	* tgetpass.c:
35708: 	no more special case for kerberos
35709: 	[4a5c33145be9]
35710: 
35711: 	* config.h.in:
35712: 	took out setreuid and setresuid stuff added kerb5 stuff (use kerb4
35713: 	emulation)
35714: 	[a607ee43e650]
35715: 
35716: 	* compat.h:
35717: 	no longer need setreuid() emulation now set _PASSWD_LEN to 128 if
35718: 	kerberos
35719: 	[02fb274cc136]
35720: 
35721: 	* check.c:
35722: 	now use private ticket file for kerberos support to avoid trouncing
35723: 	on system one
35724: 	[28d8b6b812c7]
35725: 
35726: 1995-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
35727: 
35728: 	* sudo.h:
35729: 	added SPOOF_ATTEMPT & cmnd_st
35730: 	[d3b42a1f4d0d]
35731: 
35732: 	* sudo.c:
35733: 	added anti-spoofing support
35734: 	[ab1e2aa44a57]
35735: 
35736: 	* parse.c:
35737: 	now use global cmnd_st
35738: 	[47018265a1a6]
35739: 
35740: 	* logging.c:
35741: 	added SPOOF_ATTEMPT suypport
35742: 	[7bbe9dd2a021]
35743: 
35744: 	* testsudoers.c, visudo.c:
35745: 	added void casts where appropriate
35746: 	[f191441ba333]
35747: 
35748: 	* parse.yacc:
35749: 	fixed up spacing and added void casts where appropriate
35750: 	[15d886fc809c]
35751: 
35752: 	* sudo.c:
35753: 	fixed problem with "-p prompt" but no args
35754: 	[6fc048261a3e]
35755: 
35756: 1995-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
35757: 
35758: 	* sudo.man:
35759: 	added BUGS and annotated -l description
35760: 	[e5c506de2603]
35761: 
35762: 	* sudo.h:
35763: 	validate() now takes a flag
35764: 	[26627becc60a]
35765: 
35766: 	* sudo.c:
35767: 	validate() now takes a flag added -l
35768: 	[a4f7bb97fe54]
35769: 
35770: 	* parse.yacc:
35771: 	added support for -l
35772: 	[e7a9b10b0ad3]
35773: 
35774: 	* parse.c:
35775: 	validate() now takes a flag that says whether or not to check the
35776: 	command
35777: 	[9e1e67f4e281]
35778: 
35779: 1995-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
35780: 
35781: 	* logging.c:
35782: 	now deals with Argv == 1
35783: 	[0acb637ab635]
35784: 
35785: 	* sudo.man:
35786: 	added -p option
35787: 	[e60382fc0561]
35788: 
35789: 	* sudo.c:
35790: 	added prompt support reworked parse_args()
35791: 	[2f605267ed4a]
35792: 
35793: 	* sudo.h:
35794: 	added prompt
35795: 	[5ab021bdb419]
35796: 
35797: 	* options.h:
35798: 	added PASSPROMPT
35799: 	[614727ff44a2]
35800: 
35801: 	* check.c:
35802: 	now use BUFSIZ as length of kerb password added kpass so pass is
35803: 	always a char * now use prompt global when asking for a password
35804: 	[76be09af784f]
35805: 
35806: 	* tgetpass.c:
35807: 	now use BUFSIZ as _PASSWD_LEN if using kerberos
35808: 	[1e907eed312b]
35809: 
35810: 	* OPTIONS:
35811: 	added PASSPROMPT
35812: 	[ddb2f405ce40]
35813: 
35814: 1995-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
35815: 
35816: 	* configure.in:
35817: 	only look for -lufc or -lcrypt if crypt() not in libc
35818: 	[9717d315661f]
35819: 
35820: 	* check.c:
35821: 	don't exit on kerb error, just warn if k_errno == KDC_PR_UNKNOWN
35822: 	(unknown user) silently fail
35823: 	[2b48693d4ee9]
35824: 
35825: 	* INSTALL:
35826: 	added kerb4 note
35827: 	[986e393f740c]
35828: 
35829: 	* tgetpass.c:
35830: 	HAVE_KERBEROS -> HAVE_KERB4
35831: 	[e438bfb5e6aa]
35832: 
35833: 	* check.c:
35834: 	removed debugging printf
35835: 	[1cf9f5cbffa5]
35836: 
35837: 	* configure.in:
35838: 	KERBEROS -> KERB4 added checks for setreuid & setresuid
35839: 	[01e9945beb1e]
35840: 
35841: 	* config.h.in:
35842: 	HAVE_KERBEROS -> HAVE_KERB4 added HAVE_SETREUID and HAVE_SETRESUID
35843: 	[0e0bb5b8ac3e]
35844: 
35845: 	* compat.h:
35846: 	added deif of UID_NO_CHANGE & GID_NO_CHANGE added setreuid emulation
35847: 	with setresuid if applic
35848: 	[9dae24c47696]
35849: 
35850: 	* check.c:
35851: 	HAVE_KERBEROS -> HAVE_KERB4 now only do the stupid chown() hack if
35852: 	no setreuid() or a broken one
35853: 	[1fca642bdb8e]
35854: 
35855: 1995-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
35856: 
35857: 	* configure.in:
35858: 	added kerberos support
35859: 	[da5639b9b8e7]
35860: 
35861: 	* config.h.in:
35862: 	added HAVE_KERBEROS
35863: 	[fcc5be550e65]
35864: 
35865: 	* tgetpass.c:
35866: 	added KERBEROS support (long passwords)
35867: 	[303ba6924dd2]
35868: 
35869: 	* check.c:
35870: 	added kerberos support
35871: 	[e40afe98fc1d]
35872: 
35873: 1995-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
35874: 
35875: 	* sudo.h:
35876: 	added MODE_BACKGROUND
35877: 	[9b483c932016]
35878: 
35879: 	* sudo.man:
35880: 	escaped dashes added -b option
35881: 	[62e84f1a7714]
35882: 
35883: 	* sudo.c:
35884: 	added -b option
35885: 	[7e78aaefeb95]
35886: 
35887: 	* check.c:
35888: 	added crypt() for osf/1 3.x enhanced secuiry
35889: 	[e9aa5abdb7d5]
35890: 
35891: 	* configure.in:
35892: 	now check for -lcrypt
35893: 	[5cb9c67e9fa2]
35894: 
35895: 	* interfaces.c:
35896: 	added ENXIO like EADDRNOTAVAIL
35897: 	[74223bb1ba75]
35898: 
35899: 1995-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
35900: 
35901: 	* configure.in:
35902: 	now emulate getwd(), not getcwd()
35903: 	[3e5439d9a5f4]
35904: 
35905: 	* sudo.c:
35906: 	getcwd() -> getwd()
35907: 	[6392a96a658e]
35908: 
35909: 	* getwd.c:
35910: 	getcwd -> getwd
35911: 	[1b0ab9bae11e]
35912: 
35913: 1995-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
35914: 
35915: 	* ins_2001.h, ins_classic.h, ins_goons.h:
35916: 	Initial revision
35917: 	[86db60d8cf00]
35918: 
35919: 	* insults.h:
35920: 	broke out insults into separate include files
35921: 	[0a01993bd38a]
35922: 
35923: 	* OPTIONS, options.h:
35924: 	added GOONS
35925: 	[e283203c6515]
35926: 
35927: 	* Makefile.in:
35928: 	added ins_2001.h ins_classic.h ins_goons.h
35929: 	[2a39cd6a4cd2]
35930: 
35931: 	* Makefile.in, version.h:
35932: 	++version
35933: 	[05ebf4f5e41a]
35934: 
35935: 	* visudo.c:
35936: 	moved signal handler setup to setup_signals()
35937: 	[3dd976c04540]
35938: 
35939: 	* sudo.h:
35940: 	added load_interfaces()
35941: 	[af2d473b09e2]
35942: 
35943: 	* sudo.c:
35944: 	moved load_interfaces to interfaces.c
35945: 	[5c8c138e5d4c]
35946: 
35947: 	* parse.yacc:
35948: 	added clearaliases
35949: 	[aeb4ff301daa]
35950: 
35951: 	* OPTIONS, options.h:
35952: 	added FAST_MATCH
35953: 	[f49ea3d1b525]
35954: 
35955: 	* parse.lex:
35956: 	now uses clearaliases variable
35957: 	[a2dda415bf61]
35958: 
35959: 	* interfaces.c:
35960: 	Initial revision
35961: 	[a1990e3f5c69]
35962: 
35963: 	* Makefile.in:
35964: 	added interfaces.[co]
35965: 	[1e8e5984de97]
35966: 
35967: 	* testsudoers.c:
35968: 	now uses ip addrs and netmasks via load_interfaces()
35969: 	[54b8f7a6835e]
35970: 
35971: 	* sudo.c:
35972: 	now remove IFS instead of setting to "sane" value
35973: 	[ce7eec9f115e]
35974: 
35975: 1995-05-01  Todd C. Miller  <Todd.Miller@courtesan.com>
35976: 
35977: 	* parse.c:
35978: 	added FAST_MATCH
35979: 	[816d4f5fe81a]
35980: 
35981: 1995-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
35982: 
35983: 	* Makefile.in:
35984: 	sudo_goodpath.c-> goodpath.c
35985: 	[a5072c4e1de2]
35986: 
35987: 	* sudo.c:
35988: 	added Andy's new ISC changes
35989: 	[caa6bbee358e]
35990: 
35991: 1995-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
35992: 
35993: 	* OPTIONS:
35994: 	added a sentence to SECURE_PATH info
35995: 	[cad6e1569d15]
35996: 
35997: 	* BUGS:
35998: 	added one
35999: 	[4b35cf699a83]
36000: 
36001: 	* CHANGES:
36002: 	updated
36003: 	[5fded9dc62f0]
36004: 
36005: 	* RUNSON:
36006: 	updated
36007: 	[33cb993cfd39]
36008: 
36009: 1995-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
36010: 
36011: 	* RUNSON:
36012: 	updated for beta3
36013: 	[a05dc6a91995]
36014: 
36015: 	* Makefile.in, version.h:
36016: 	++version
36017: 	[54aaf3fadc75]
36018: 
36019: 	* aclocal.m4:
36020: 	sendmail is now looked for in /usr/ucblib
36021: 	[231ac1a4662f]
36022: 
36023: 	* sudo.c:
36024: 	fixed indentation
36025: 	[fb137400c8c2]
36026: 
36027: 	* aclocal.m4:
36028: 	fixed a typo
36029: 	[e03f1acc468b]
36030: 
36031: 	* sudo.c:
36032: 	updated ISC mods
36033: 	[070290d4754b]
36034: 
36035: 	* configure.in:
36036: 	added unixware case
36037: 	[e90250bae0d9]
36038: 
36039: 	* check.c:
36040: 	user_is_exempt is no longer hidden
36041: 	[1a341765b8af]
36042: 
36043: 	* RUNSON:
36044: 	updated
36045: 	[a9c4898b26dd]
36046: 
36047: 	* aclocal.m4:
36048: 	isc and riscos changes
36049: 	[98b5d86585d1]
36050: 
36051: 	* OPTIONS:
36052: 	added NOTE about new interaction of EXEMPTGROUP and SECURE_PATH
36053: 	[e1ecc464ce4b]
36054: 
36055: 	* Makefile.in:
36056: 	fixed a typo and added testsudoers stuff
36057: 	[435d60e163dc]
36058: 
36059: 	* testsudoers.c:
36060: 	Initial revision
36061: 	[6ce14a448662]
36062: 
36063: 1995-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
36064: 
36065: 	* parse.yacc:
36066: 	applied fixed patch from Chris
36067: 	[cd6144203d13]
36068: 
36069: 1995-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
36070: 
36071: 	* Makefile.in:
36072: 	fixed a typo
36073: 	[34f8a54ba041]
36074: 
36075: 	* parse.yacc:
36076: 	added a set of braces for bison
36077: 	[f0e43b938914]
36078: 
36079: 	* parse.yacc:
36080: 	merged in Chris' changes to dekludge the parser.
36081: 	[82d6e373ab1c]
36082: 
36083: 	* logging.c:
36084: 	send_mail() was calling find_path() which is wrong since find_path()
36085: 	stores cmnd in a static var. Anyhow, it doesn't make much sense
36086: 	since MAILER should always be fully qualified
36087: 	[6eae6a0b8098]
36088: 
36089: 1995-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
36090: 
36091: 	* sample.sudoers:
36092: 	added User_Alias stuff
36093: 	[aaba8c8e918d]
36094: 
36095: 	* aclocal.m4:
36096: 	SUDO_NEXT now looks for /usr/lib/NextStep/software_version
36097: 	[52bd81f34b32]
36098: 
36099: 	* RUNSON:
36100: 	added DEC UNIX 3.0 w/ gcc
36101: 	[7daf570775b5]
36102: 
36103: 	* visudo.c:
36104: 	Exit was being used in places where exit should be used
36105: 	[6026a89c07ed]
36106: 
36107: 	* sudoers:
36108: 	added "User alias specification"
36109: 	[a487b6e234f8]
36110: 
36111: 	* parse.yacc:
36112: 	fixed probs caused by making nslots and naliases a size_t
36113: 	[0be919384f3f]
36114: 
36115: 	* RUNSON:
36116: 	added KSR, upped rev to 1.3.1b2
36117: 	[ce04ee6faadf]
36118: 
36119: 	* logging.c, parse.yacc:
36120: 	1024 -> BUFSIZ
36121: 	[cd6dda45fa11]
36122: 
36123: 	* parse.yacc:
36124: 	void * -> VOID * naliases and nslots are now size_t to appease
36125: 	lsearch on 64-bit machines
36126: 	[bf2f807c0dc1]
36127: 
36128: 1995-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
36129: 
36130: 	* TODO:
36131: 	did a bunch of things and added a bunch :-)
36132: 	[42afd957b829]
36133: 
36134: 	* PORTING:
36135: 	updated
36136: 	[972f95c85776]
36137: 
36138: 	* visudo.man:
36139: 	closer to BSD manpage style
36140: 	[07ae88f50325]
36141: 
36142: 	* sudo.man:
36143: 	closer to standard BSD man format
36144: 	[372c28dcc135]
36145: 
36146: 	* compat.h, config.h.in, emul/search.h, insults.h, options.h,
36147: 	pathnames.h.in, sudo.h, version.h:
36148: 	added RCS id
36149: 	[c0ec90b81002]
36150: 
36151: 	* sudo.h:
36152: 	removed crufty #defines that are no longer used
36153: 	[35e2b4b477f0]
36154: 
36155: 	* BUGS:
36156: 	fixed a bug
36157: 	[5bb3e1bee85e]
36158: 
36159: 	* sudo.man:
36160: 	updated based on sudo changes
36161: 	[e65de1cae438]
36162: 
36163: 	* parse.yacc:
36164: 	now allow ALL keyword in User_Aliases now allow ALL keyword as well
36165: 	as a NAME or ALIAS
36166: 	[1fb31404dd0f]
36167: 
36168: 	* CHANGES:
36169: 	updated
36170: 	[b24018ac610b]
36171: 
36172: 	* sudo.c:
36173: 	now sets SUDO_COMMAND and SUDO_GID envariables.
36174: 	[e9d791557fb7]
36175: 
36176: 	* aclocal.m4:
36177: 	fixed bug with full void impl check
36178: 	[35715301023c]
36179: 
36180: 	* parse.yacc:
36181: 	fixed User_Alias supoprt
36182: 	[4c30dfbaaa07]
36183: 
36184: 	* parse.yacc:
36185: 	added stubs for User_Alias support
36186: 	[f4afbd247edf]
36187: 
36188: 	* sudo.c:
36189: 	now sets removes # bogus interfaces from num_interfaces
36190: 	[6f077fac9ab1]
36191: 
36192: 	* parse.lex:
36193: 	added User_Alias support
36194: 	[bc7997e5df85]
36195: 
36196: 1995-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
36197: 
36198: 	* Makefile.in:
36199: 	removed extraneous TODO
36200: 	[bc87a3b14d6d]
36201: 
36202: 1995-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
36203: 
36204: 	* visudo.c:
36205: 	ntwk_matches -> addr_matches
36206: 	[475044e288b8]
36207: 
36208: 	* parse.yacc:
36209: 	ntwk_matches -> addr_matches
36210: 	[dd1f4093fd2d]
36211: 
36212: 	* parse.c:
36213: 	ntwk_matches -> addr_matches now use inet_addr() not inet_network()
36214: 	(which expects octet boundaries) fixes for OSF (sizeof(int) !=
36215: 	sizeof(long))
36216: 	[acd2f556940f]
36217: 
36218: 	* sudo.c:
36219: 	took out debugging info
36220: 	[044023063eca]
36221: 
36222: 	* aclocal.m4:
36223: 	OS was being set to unknown before non-uname based host checks. This
36224: 	caused no checks to happen since $OS was not zero-length.
36225: 	[335a7267479d]
36226: 
36227: 	* sudo.c:
36228: 	fixed loading of interfaces struct still has debugging info in
36229: 	though
36230: 	[2d1a18998c1e]
36231: 
36232: 	* parse.c:
36233: 	fixed typo
36234: 	[175674a3a9fa]
36235: 
36236: 1995-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
36237: 
36238: 	* Makefile.in:
36239: 	++version
36240: 	[55d191b5daa3]
36241: 
36242: 	* version.h:
36243: 	++
36244: 	[d7d1f115696a]
36245: 
36246: 	* visudo.c:
36247: 	removed extraneous extern decl of "top
36248: 	[50355621047d]
36249: 
36250: 	* visudo.c:
36251: 	now zeros "top"
36252: 	[4e683210345b]
36253: 
36254: 	* parse.yacc:
36255: 	removed parser_cleanup (no need for it now)
36256: 	[afa59f222b6c]
36257: 
36258: 	* parse.lex:
36259: 	now calls reset_aliases() directly
36260: 	[3a23cbd60fc0]
36261: 
36262: 1995-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
36263: 
36264: 	* OPTIONS:
36265: 	added a sentence to SECURE_PATH description
36266: 	[c5bf75b85af0]
36267: 
36268: 	* parse.c:
36269: 	fixed my stupid bug where I used NAMLEN on something I wanted to
36270: 	just get the name from. argh.
36271: 	[111f460f6540]
36272: 
36273: 1995-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
36274: 
36275: 	* lsearch.c:
36276: 	fixed argument order of memmove() that i hosed when converting from
36277: 	bcopy(). arghh.
36278: 	[2f5336045c8b]
36279: 
36280: 	* Makefile.in:
36281: 	finally fixed DISTFILES line
36282: 	[a1b419e73a63]
36283: 
36284: 	* Makefile.in:
36285: 	tabs -> spaces
36286: 	[280fb03e5764]
36287: 
36288: 	* Makefile.in:
36289: 	added missing files to DISTFILES
36290: 	[991fc1cd2263]
36291: 
36292: 	* Makefile.in:
36293: 	SUPPORTED -> RUNSON
36294: 	[7580e65b05fb]
36295: 
36296: 1995-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
36297: 
36298: 	* TODO:
36299: 	updated
36300: 	[fe764a29c1cc]
36301: 
36302: 	* RUNSON:
36303: 	updated for pl5b1 release
36304: 	[aefc35bd2291]
36305: 
36306: 	* BUGS, TODO:
36307: 	updated
36308: 	[8f0ea249b687]
36309: 
36310: 	* check.c:
36311: 	fixed bug where if you hit return at first sudo prompt it would
36312: 	still log as a failure
36313: 	[24539c854692]
36314: 
36315: 	* CHANGES:
36316: 	updated
36317: 	[251cc7b3ede4]
36318: 
36319: 	* aclocal.m4:
36320: 	better test for bogus void * implementation
36321: 	[efe23180cb88]
36322: 
36323: 	* logging.c:
36324: 	added PASSWORDS_NOT_CORRECT
36325: 	[bd12c73f83f7]
36326: 
36327: 	* check.c:
36328: 	added PASSWORDS_NOT_CORRECT stuff]
36329: 	[90de391a979f]
36330: 
36331: 	* sudo.h:
36332: 	added PASSWORDS_NOT_CORRECT
36333: 	[727fbeb76fc5]
36334: 
36335: 	* tgetpass.c:
36336: 	moved pathnames.h
36337: 	[4f910e5a8df7]
36338: 
36339: 	* sudo.c:
36340: 	removed some unused vars and fixed up uid2str
36341: 	[70e92c7f9076]
36342: 
36343: 	* putenv.c:
36344: 	moved compat.h
36345: 	[b271091586f6]
36346: 
36347: 	* getcwd.c, getwd.c:
36348: 	added pathnames.h
36349: 	[6f25218f133f]
36350: 
36351: 1995-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
36352: 
36353: 	* parse.yacc:
36354: 	fixed a typo I introduced in the last checkin :-(
36355: 	[62c3af75c4fe]
36356: 
36357: 	* parse.lex:
36358: 	can't have #ifdef's where N is defined so just do this the broken
36359: 	way for AIX
36360: 	[c5648a5594e4]
36361: 
36362: 	* parse.yacc:
36363: 	better hack from Chris (but still a hack)
36364: 	[6b6d8aed93f3]
36365: 
36366: 	* parse.lex:
36367: 	stupid hack for broken aix lex
36368: 	[efc3f9e5280e]
36369: 
36370: 	* tgetpass.c:
36371: 	now includes compat.h 
36372: 	[401822173f77]
36373: 
36374: 	* visudo.c:
36375: 	now includes fcntl.h
36376: 	[63865c2f8ac6]
36377: 
36378: 	* compat.h:
36379: 	added FD_SET and FD_ZERO for 4.2BSD
36380: 	[00c5597c0bb0]
36381: 
36382: 	* parse.yacc:
36383: 	dirty hack to fix parser bug. i don't really like this but it works
36384: 	for now...
36385: 	[5b8bbdc81569]
36386: 
36387: 	* sudo.c:
36388: 	uid2str is now static like the prototype says
36389: 	[f2a97b5cb870]
36390: 
36391: 1995-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
36392: 
36393: 	* CHANGES, SUPPORTED, TODO, TROUBLESHOOTING:
36394: 	updated
36395: 	[6f79c3e92716]
36396: 
36397: 	* RUNSON:
36398: 	Initial revision
36399: 	[12a09ef9e884]
36400: 
36401: 	* sudo.c:
36402: 	check_sudoers now returns an error code and sudo calls inform_user
36403: 	and log_error based on the return value.
36404: 	[340eca188d9a]
36405: 
36406: 	* logging.c, sudo.h:
36407: 	added entries for new errors
36408: 	[6050d8542e1f]
36409: 
36410: 	* parse.c:
36411: 	now set uid to that of SUDOERS_OWNER while parsing sudoers file
36412: 	[3683c42bc9b0]
36413: 
36414: 	* Makefile.in:
36415: 	took out testsudoers 
36416: 	[65317d49db48]
36417: 
36418: 	* sudo.c:
36419: 	now explicately checks that it is setuid root
36420: 	[2fe1be60ef6a]
36421: 
36422: 	* sudo.c:
36423: 	If a user has no passwd entry sudo would segv (writing to a garbage
36424: 	pointer). Now allocate space before writing :-)
36425: 	[d08e7eb5e5ef]
36426: 
36427: 	* configure.in:
36428: 	reordered AC_CHECK_FUNCS
36429: 	[4c82e56c6f4f]
36430: 
36431: 	* config.h.in:
36432: 	fixed memset macro
36433: 	[77ede6b714ab]
36434: 
36435: 	* tgetpass.c, visudo.c:
36436: 	bzero -> memset
36437: 	[1a005bb322c8]
36438: 
36439: 	* logging.c:
36440: 	bzero -> memset when a parse error is logged the line number of the
36441: 	error is now logged too
36442: 	[a42d68047723]
36443: 
36444: 	* INSTALL:
36445: 	added Sunos to blurb about c2 security
36446: 	[af750a1d131e]
36447: 
36448: 	* configure.in:
36449: 	added a SUN4 define for C2 security
36450: 	[6ad5b23a3eb0]
36451: 
36452: 	* config.h.in:
36453: 	bcopy -> memmove bzero -> memset
36454: 	[5494460c8464]
36455: 
36456: 	* lsearch.c:
36457: 	bcopy -> memmove char * -> VOID *
36458: 	[a15f5c316e16]
36459: 
36460: 	* check.c:
36461: 	added support for sunos with C2 security
36462: 	[03fea5bb21e6]
36463: 
36464: 	* OPTIONS, options.h:
36465: 	reordered
36466: 	[1686265af3e1]
36467: 
36468: 	* pathnames.h.in:
36469: 	_PATH_SUDO_LOGFILE now set based on configure
36470: 	[5867b58e4a04]
36471: 
36472: 	* configure.in:
36473: 	added SUDO_LOGFILE and SUDO_TYPE_SIZE_T
36474: 	[1984d9fd1b5c]
36475: 
36476: 	* config.h.in:
36477: 	added _SUDO_PATH_LOGFILE
36478: 	[dd3eebe62580]
36479: 
36480: 	* aclocal.m4:
36481: 	added SUDO_LOGFILE to find where to put sudo.log added
36482: 	SUDO_CHECK_TYPE (just AC_CHECK_TYPE but checks unistd.h too) added
36483: 	SUDO_TYPE_SIZE_T (calls SUDO_CHECK_TYPE)
36484: 	[c589a515a99a]
36485: 
36486: 1995-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
36487: 
36488: 	* TROUBLESHOOTING:
36489: 	Initial revision
36490: 	[f42f1baba3a8]
36491: 
36492: 	* sudo.c:
36493: 	now do set_perms(PERM_ROOT) before the getpwuid() in load_global()
36494: 	to work around a problem is trusted hpux shadow passwords. yuck.
36495: 	[ae1f13b54687]
36496: 
36497: 	* parse.yacc:
36498: 	backed out a change in malloc/realloc
36499: 	[ab868db0ad69]
36500: 
36501: 	* parse.yacc:
36502: 	now include stdlib.h
36503: 	[957eef0631eb]
36504: 
36505: 	* visudo.c:
36506: 	now do an freopen() of the stmp file so that yyin will always point
36507: 	to the same thing. This is important for flex since we are doing a
36508: 	YY_NEWFILE
36509: 	[44558922fd3e]
36510: 
36511: 	* parse.yacc:
36512: 	replaced yywrap() with parser_cleanup() since yywrap() needs to be
36513: 	in parse.lex to be able to use YY_NEW_FILE. sigh.
36514: 	[12dd09921074]
36515: 
36516: 	* parse.lex:
36517: 	now have a rule that matches anything that doesn't match an
36518: 	explicite rule. well, you know what i mean (. matches anything not
36519: 	yet matched). However, this means that there is input still queued
36520: 	up so we need to do a YY_NEW_FILE; in yywrap. So, yywrap has moved
36521: 	into parse.lex and it calls parser_cleanup() which is most of the
36522: 	old yywrap() sigh.
36523: 	[7f4042bc48d6]
36524: 
36525: 	* SUPPORTED:
36526: 	no longer used
36527: 	[8f220be4da94]
36528: 
36529: 	* getcwd.c, getwd.c:
36530: 	moved compat.h to be the last include file
36531: 	[9f3a65e2d485]
36532: 
36533: 	* parse.yacc:
36534: 	fixed type of aliascmp() args
36535: 	[1c27eb989bdf]
36536: 
36537: 	* find_path.c:
36538: 	NULL -> '\0'
36539: 	[5c8d8cf1692e]
36540: 
36541: 	* parse.yacc:
36542: 	added casts to lfind and lsearch args for irix
36543: 	[61027ddeecf8]
36544: 
36545: 	* Makefile.in:
36546: 	bsdinstall -> install-sh
36547: 	[61de6612c5a5]
36548: 
36549: 	* INSTALL:
36550: 	added info about make realclean
36551: 	[29c6324d727f]
36552: 
36553: 	* Makefile.in:
36554: 	updated VERSION added dependencies for visudo.cat
36555: 	[09077d7229d4]
36556: 
36557: 	* version.h:
36558: 	-> pl5b1
36559: 	[5d21c7ad1a41]
36560: 
36561: 	* sudo.c:
36562: 	took out -l
36563: 	[fc1478d81b38]
36564: 
36565: 	* Makefile.in:
36566: 	now there is a real visudo.man and visudo.cat
36567: 	[58aeac43a6dd]
36568: 
36569: 	* sudo.man:
36570: 	took out visudo stuff
36571: 	[4a6ac4393343]
36572: 
36573: 	* visudo.man:
36574: 	Initial revision
36575: 	[cba348843db8]
36576: 
36577: 	* parse.c, parse.lex, parse.yacc:
36578: 	updated copyright
36579: 	[ffa16b70944a]
36580: 
36581: 	* README:
36582: 	updated for pl5
36583: 	[a26e423e9e5f]
36584: 
36585: 	* sudo.man:
36586: 	updated Nieusma & Hieb email addresses
36587: 	[f0083e71989d]
36588: 
36589: 	* INSTALL:
36590: 	updated to include options.h and OPTIONS
36591: 	[ee59e2b76c94]
36592: 
36593: 	* CHANGES, TODO:
36594: 	updated
36595: 	[51e011ad5220]
36596: 
36597: 	* BUGS:
36598: 	eliminated bug #1 (yay)
36599: 	[e7e88515494e]
36600: 
36601: 	* configure.in:
36602: 	sunos no longer gets linked statically
36603: 	[2e5b3ff3108f]
36604: 
36605: 1995-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
36606: 
36607: 	* parse.lex:
36608: 	prototype now uses __P()
36609: 	[68ecdcab4c70]
36610: 
36611: 	* parse.lex:
36612: 	make fill() non-ansi
36613: 	[d6509972260b]
36614: 
36615: 	* parse.c:
36616: 	made -v (validate) work
36617: 	[13c9d520638c]
36618: 
36619: 	* logging.c:
36620: 	now gives host
36621: 	[f04859cdba5a]
36622: 
36623: 	* find_path.c:
36624: 	don't check for execute/statable if fq or relative path given
36625: 	[4bbe851f3973]
36626: 
36627: 	* parse.c:
36628: 	added a cast
36629: 	[345c308f72f3]
36630: 
36631: 	* visudo.c:
36632: 	now include ctype.h for islower and tolower macros
36633: 	[582c0aa332d5]
36634: 
36635: 	* goodpath.c:
36636: 	moved _S_IFMT & _S_ISREG to compat.h
36637: 	[828e4ca4e7b4]
36638: 
36639: 	* sudo.c:
36640: 	moved a set of parens
36641: 	[5783474ecf37]
36642: 
36643: 	* strdup.c:
36644: 	now include compat.h
36645: 	[75e2036b94af]
36646: 
36647: 	* emul/search.h:
36648: 	void * -> VOID *
36649: 	[cedcfaf04161]
36650: 
36651: 	* parse.yacc:
36652: 	now cast malloc & realloc return vals added search for HAVE_LSEARCH
36653: 	now use strcmp if no strcasecmp available
36654: 	[d6a42bc3d4ae]
36655: 
36656: 	* lsearch.c:
36657: 	void * -> VOID *
36658: 	[886adc44f607]
36659: 
36660: 	* config.h.in:
36661: 	removed HAVE_FLEX added VOID added HAVE_DIRENT_H, HAVE_SYS_NDIR_H,
36662: 	HAVE_SYS_DIR_H, HAVE_NDIR_H added HAVE_LSEARCH
36663: 	[3b50d7fb4349]
36664: 
36665: 	* compat.h:
36666: 	added _S_IFMT, _S_IFREG, and S_ISREG
36667: 	[73d506c7d53c]
36668: 
36669: 	* aclocal.m4:
36670: 	took out SUDO_PROG_INSTALL 1.x to 2.x changes added echo and results
36671: 	to most SUDO_* macros
36672: 	[8442155f5936]
36673: 
36674: 	* Makefile.in:
36675: 	no more -I.
36676: 	[63462f195bd4]
36677: 
36678: 	* configure.in:
36679: 	various 1.x ro 2.x autoconf changes now check for strcasecmp now use
36680: 	AC_INSTALL_PROG instead of custom one added check for fully woorking
36681: 	void implementation
36682: 	[5ac6b6e6230f]
36683: 
36684: 	* Makefile.in:
36685: 	added lsearch & search.h visudo links into $(LIBOBJS)
36686: 	[bc119cda4598]
36687: 
36688: 	* aclocal.m4:
36689: 	partial 1.x to 2.x changes added SUDO_FULL_VOID
36690: 	[1194d01fa5c5]
36691: 
36692: 	* visudo.c:
36693: 	whatnow_help was prototyped to be static be was not declared as such
36694: 	[0f85489dd426]
36695: 
36696: 	* configure.in:
36697: 	autoconf 2.x changes took out HAVE_FLEX (no longer used) added check
36698: 	for dirent/dir/ndir.h
36699: 	[7408f3854948]
36700: 
36701: 	* parse.c:
36702: 	now use groovy gnu autoconf macro AC_HEADER_DIRENT
36703: 	[e465db9f5dfa]
36704: 
36705: 	* getcwd.c, getwd.c:
36706: 	MAXPATHLEN -> MAXPATHLEN+1
36707: 	[714d87424e21]
36708: 
36709: 	* emul/search.h, lsearch.c:
36710: 	Initial revision
36711: 	[55d79482c535]
36712: 
36713: 1995-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
36714: 
36715: 	* parse.yacc:
36716: 	eliminated bison warnings
36717: 	[61ca0a96da22]
36718: 
36719: 	* parse.lex:
36720: 	added missing case
36721: 	[6be0f849747c]
36722: 
36723: 	* visudo.c:
36724: 	now iincludes signal.h
36725: 	[221e0fcc144f]
36726: 
36727: 	* parse.yacc:
36728: 	only clear data structures on a parse error
36729: 	[7b1c0f1a4527]
36730: 
36731: 	* visudo.c:
36732: 	whatnow() now gives help on invalid input
36733: 	[e5a4cd88c587]
36734: 
36735: 	* visudo.c:
36736: 	added a whatnow() function (sort of like mh)
36737: 	[932d9b145f1c]
36738: 
36739: 	* parse.yacc:
36740: 	kill_aliases -> reset_aliases yywrap() now cleans up by calling
36741: 	reset_aliases() and clearing top took reset stuff out of yyerror()
36742: 	since it doesn't beling there (and doesn't work anyway). errorlineno
36743: 	is now initially set to -1 so we can set it to the first error that
36744: 	occurrs (it was getting set to the last)
36745: 	[2f71f95a974c]
36746: 
36747: 	* parse.lex:
36748: 	added a void cast
36749: 	[18ae6042dce4]
36750: 
36751: 	* visudo.c:
36752: 	rewrote from scratch based on 4.3BSD vipw.c
36753: 	[2f6814f18576]
36754: 
36755: 1995-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
36756: 
36757: 	* sudo.c, sudo.h:
36758: 	removed ocmnd
36759: 	[a31735f41ad4]
36760: 
36761: 	* sudo.h:
36762: 	no more sudo_realpath() and find_path() changed params
36763: 	[8e85c3b39159]
36764: 
36765: 	* sudo.c:
36766: 	find_path() changed since no more realpath()
36767: 	[b25366c7f2ee]
36768: 
36769: 	* parse.yacc:
36770: 	on error, errorlineno is set to the line where the error occurred
36771: 	added kill_aliases() to free the aliases struct now clean up in
36772: 	yyerror() so we can reparse cleanly
36773: 	[2342f578c27a]
36774: 
36775: 	* options.h, parse.c:
36776: 	no more USE_REALPATH
36777: 	[cfc59babeaff]
36778: 
36779: 	* logging.c:
36780: 	changed to use new find_path()
36781: 	[91c7a38e7751]
36782: 
36783: 	* find_path.c:
36784: 	removed all the realpath() stuff
36785: 	[cc21a43a8562]
36786: 
36787: 	* Makefile.in:
36788: 	sudo_realpath.c -> sudo_goodpath.c
36789: 	[03a9b1ddec2f]
36790: 
36791: 	* visudo.c:
36792: 	now works correctly with utk parser
36793: 	[08aa554a0ce8]
36794: 
36795: 	* goodpath.c:
36796: 	Initial revision
36797: 	[1ea607e1ffb2]
36798: 
36799: 	* sudo_realpath.c:
36800: 	eliminated a compiler warning
36801: 	[198bcccc55b6]
36802: 
36803: 	* sudo.c:
36804: 	elinated compiler warning
36805: 	[e2384f9a878b]
36806: 
36807: 	* sudo_realpath.c:
36808: 	added sudo_goodpath()
36809: 	[43878c4cc540]
36810: 
36811: 	* sudo.h:
36812: 	added prototype for sudo_goodpath
36813: 	[23e8627a2265]
36814: 
36815: 	* parse.c:
36816: 	added support for /sys/dir.h
36817: 	[eca897087741]
36818: 
36819: 	* options.h:
36820: 	USE_REALPATH turned off
36821: 	[620ac8b63d85]
36822: 
36823: 	* find_path.c:
36824: 	added calls to sudo_goodpath()
36825: 	[ad170904fbcd]
36826: 
36827: 	* configure.in:
36828: 	added check for dirent.h
36829: 	[7964a8c26855]
36830: 
36831: 	* config.h.in:
36832: 	added HAVE_DIRENT_H
36833: 	[1f785fec7e19]
36834: 
36835: 	* configure.in:
36836: 	added in linux shadow pass stuff 
36837: 	[e585a5785f50]
36838: 
36839: 1995-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
36840: 
36841: 	* visudo.c:
36842: 	added back host, user, cmnd, parse_error
36843: 	[0ec19f3d64f4]
36844: 
36845: 	* visudo.c:
36846: 	added in utk changes plus some minor cosmetic changes
36847: 	[c5c1921c8a58]
36848: 
36849: 	* sudo.c, sudo_realpath.c:
36850: 	added void casts for printf's
36851: 	[9c6ff11c0082]
36852: 
36853: 	* options.h:
36854: 	added a define of USE_REALPATH
36855: 	[db3711c9efc5]
36856: 
36857: 	* configure.in:
36858: 	there is no more visudoers/Makefile
36859: 	[36e1bc1f78d0]
36860: 
36861: 	* Makefile.in:
36862: 	added in utk changes (visudo is now built from the toplevel)
36863: 	[76203d4b345d]
36864: 
36865: 	* find_path.c:
36866: 	added (void) casts to printf's
36867: 	[dd5cb1e060ac]
36868: 
36869: 	* parse.c, parse.lex, parse.yacc, sudo.h, sudo_realpath.c:
36870: 	merged in utk changes
36871: 	[35563307fd8e]
36872: 
36873: 1995-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
36874: 
36875: 	* find_path.c:
36876: 	now check to see that what we are trying to run is a file (or a link
36877: 	to a file, we do a stat(2) so there is no diff)
36878: 	[05889c4bcace]
36879: 
36880: 1995-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
36881: 
36882: 	* CHANGES:
36883: 	updated
36884: 	[3e8047bb26fb]
36885: 
36886: 	* Makefile.in:
36887: 	aclocal.m4 -> acsite.m4 make realclean updated for new autoconf 
36888: 	[0bdbaa7c4c7d]
36889: 
36890: 	* sudo.man:
36891: 	added myself as maintainer
36892: 	[77a9d75aab84]
36893: 
36894: 1995-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
36895: 
36896: 	* sudo.c:
36897: 	changed setegid -> setgid
36898: 	[7f4788d73b6f]
36899: 
36900: 1995-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
36901: 
36902: 	* configure.in:
36903: 	fixed the test for irix 5.x to skip bad libs
36904: 	[bfef896de013]
36905: 
36906: 	* aclocal.m4:
36907: 	now initialize OS and OSREV
36908: 	[cc302756e440]
36909: 
36910: 1995-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
36911: 
36912: 	* configure.in:
36913: 	irix5 changes
36914: 	[ac985b23f5f2]
36915: 
36916: 	* configure.in:
36917: 	AC_WITH -> AC_ARG_WITH changes other misc changes for autoconf 2.1
36918: 	compatibility
36919: 	[0cf8c92a06d7]
36920: 
36921: 1995-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
36922: 
36923: 	* visudo.c:
36924: 	use YY_NEW_FILE, not yyrestart since OSF flex doesn't do the righ
36925: 	thing wrt yyrestart (grrrr)
36926: 	[18e8eabfbb82]
36927: 
36928: 1995-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
36929: 
36930: 	* Makefile.in:
36931: 	added visudoers/compat.h to DISTFILES
36932: 	[db23b574b034]
36933: 
36934: 	* configure.in:
36935: 	fixed an echo
36936: 	[7cbc0462b89d]
36937: 
36938: 	* sudo.c:
36939: 	added ocmnd declaration adjusted for find_path()'s new parameters
36940: 	[d929cd156474]
36941: 
36942: 	* sudo.h:
36943: 	added ocmnd extern adjusted find_path() prototype
36944: 	[e0004daf5d3c]
36945: 
36946: 	* parse.c:
36947: 	cmndcmp() now takes 3 arguments and checks against the qualified as
36948: 	well as the unqualified pathname. more code that should use
36949: 	cmndcmp() but did not, now does
36950: 	[6f70a8c17bee]
36951: 
36952: 	* options.h:
36953: 	added to a comment
36954: 	[7a78680426b2]
36955: 
36956: 	* logging.c:
36957: 	changed to use new find_path() parameter passing
36958: 	[840981d30db4]
36959: 
36960: 	* find_path.c:
36961: 	find_path() now takes 2 copyout parameters (one for the qualified
36962: 	pathname and one for the unqualified pathname). The third parameter
36963: 	may be NULL.
36964: 	[851503b005e9]
36965: 
36966: 	* configure.in:
36967: 	no longer munge pathnames.h
36968: 	[427d8796c5a9]
36969: 
36970: 	* pathnames.h.in:
36971: 	changed _PATH_* to use _SUDO_PATH_* (which are defined in config.h)
36972: 	as a result, pathnames.h does not need to be run through configure
36973: 	and the user can override the configured values easily.
36974: 	[2e378f2ebe88]
36975: 
36976: 	* config.h.in:
36977: 	added _SUDO_PATH_* entries
36978: 	[0857de7cebab]
36979: 
36980: 	* aclocal.m4:
36981: 	_PATH* -> _SUDO_PATH_*
36982: 	[7601193f56cc]
36983: 
36984: 	* Makefile.in:
36985: 	updated DISTFILES and HDRS .o's now depend on config.h
36986: 	[39d8601965cf]
36987: 
36988: 1995-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
36989: 
36990: 	* compat.h:
36991: 	removed extraneous #endif
36992: 	[27d4c5f2ce7e]
36993: 
36994: 	* aclocal.m4:
36995: 	added SUDO_PROG_MV
36996: 	[76dda3bdd816]
36997: 
36998: 	* configure.in:
36999: 	added SUDO_PROG_MV added riscos and isc os types took out
37000: 	-DSHORT_MESSAGE from --with-csops since it is now the default
37001: 	[68c206ad976e]
37002: 
37003: 	* sudo.c:
37004: 	move the include of id.h to compat.h now includes options.h
37005: 	[45a1eaafb3a8]
37006: 
37007: 	* sudo.h:
37008: 	moved compatibility #defines to compat.h
37009: 	[0eee27057698]
37010: 
37011: 	* pathnames.h.in:
37012: 	added _PATH_MV
37013: 	[e830797ab320]
37014: 
37015: 	* config.h.in:
37016: 	move __P to compat.h
37017: 	[188e12e0ba93]
37018: 
37019: 	* getcwd.c, getwd.c, putenv.c:
37020: 	now includes compat.h
37021: 	[c72cb6d73981]
37022: 
37023: 	* compat.h:
37024: 	Initial revision
37025: 	[d4d2f359ae03]
37026: 
37027: 1995-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
37028: 
37029: 	* sudo.h:
37030: 	pull user-configurable stuff out and put in options.h
37031: 	[ef929467b070]
37032: 
37033: 1995-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
37034: 
37035: 	* parse.lex, parse.yacc, visudo.c:
37036: 	now includes options.h
37037: 	[e36d7c82add1]
37038: 
37039: 	* check.c, find_path.c, logging.c, parse.c, sudo_realpath.c,
37040: 	sudo_setenv.c:
37041: 	now includes options.h
37042: 	[f186ba03de07]
37043: 
37044: 	* Makefile.in:
37045: 	added visudoers/options.h
37046: 	[e5350c476494]
37047: 
37048: 	* OPTIONS, options.h:
37049: 	Initial revision
37050: 	[9b6b5001e318]
37051: 
37052: 	* Makefile.in:
37053: 	added OPTIONS and options.h
37054: 	[25448341e16a]
37055: 
37056: 	* logging.c:
37057: 	changed #ifdef's to use LOGGING and SLOG_SYSLOG/SLOG_FILE
37058: 	[5dd6385dd1d3]
37059: 
37060: 	* check.c, sudo.h:
37061: 	changed PASSWORD_TIMEOUT to minutes
37062: 	[0ec6aab98738]
37063: 
37064: 1994-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
37065: 
37066: 	* visudo.c:
37067: 	now only do Editor +line_num if line_num != 0
37068: 	[b69f04b5e3c7]
37069: 
37070: 1994-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
37071: 
37072: 	* visudo.c:
37073: 	now use mv if rename(2) fails
37074: 	[83210dca1bab]
37075: 
37076: 	* BUGS:
37077: 	added a visudo bug
37078: 	[d61a806f9aa7]
37079: 
37080: 	* check.c:
37081: 	expanded comment
37082: 	[641f2cba94cb]
37083: 
37084: 1994-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
37085: 
37086: 	* check.c:
37087: 	fixed user_is_exempt to return 0 if EXEMPTGROUP is not set
37088: 	[7a11135039a8]
37089: 
37090: 1994-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
37091: 
37092: 	* sudo.c:
37093: 	added mips & isc support
37094: 	[e258dc053119]
37095: 
37096: 	* parse.c:
37097: 	added support for non-root owned sudoers file
37098: 	[fea07e65a0fc]
37099: 
37100: 	* check.c:
37101: 	added exempt group support
37102: 	[928fb4bd9ad5]
37103: 
37104: 	* sudo.h:
37105: 	added set_perms() support added SUDOERS_OWNER so can have non-root
37106: 	own sudoers file added exempt group support added isc support
37107: 	[61c578d31fc1]
37108: 
37109: 	* visudo.c:
37110: 	now copy sudoers to temp file via read/write (not stdio) now chown
37111: 	new sudoers file to SUDOERS_OWNER
37112: 	[a5176c59df70]
37113: 
37114: 1994-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
37115: 
37116: 	* configure.in:
37117: 	added skey support
37118: 	[35a8d2fabdb7]
37119: 
37120: 	* sudo_realpath.c:
37121: 	be_* -> setperms()
37122: 	[a1631d686e1c]
37123: 
37124: 	* sudo.h:
37125: 	fixed typo added set_perms support added skey support added
37126: 	seteuid()/setegid() emulation for AIX
37127: 	[c0c8d6771406]
37128: 
37129: 	* sudo.c:
37130: 	be_* -> setperms() now check to make sure sudoers file is owned by
37131: 	root nread/write by only root
37132: 	[13ab1e261f1a]
37133: 
37134: 	* logging.c, parse.c:
37135: 	be_* -> setperms()
37136: 	[21499d845c8f]
37137: 
37138: 	* check.c:
37139: 	be_* -> set_perms() added skey support
37140: 	[df51b56871c1]
37141: 
37142: 1994-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
37143: 
37144: 	* Makefile.in:
37145: 	++version
37146: 	[3c1abbe4e43c]
37147: 
37148: 	* version.h:
37149: 	++
37150: 	[1d2f9b540a95]
37151: 
37152: 1994-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
37153: 
37154: 	* sudo.c:
37155: 	now sets IFS
37156: 	[eabbb41b9f08]
37157: 
37158: 	* insults.h:
37159: 	fixed typo
37160: 	[c7997f19216e]
37161: 
37162: 1994-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
37163: 
37164: 	* config.h.in:
37165: 	added HAVE_SKEY
37166: 	[da948ec4186b]
37167: 
37168: 1994-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
37169: 
37170: 	* CHANGES:
37171: 	updated
37172: 	[f4b55ab007ea]
37173: 
37174: 	* Makefile.in:
37175: 	++version
37176: 	[0489068b8c95]
37177: 
37178: 	* version.h:
37179: 	++
37180: 	[d189faedf423]
37181: 
37182: 	* sudo.c:
37183: 	now bail if ARgv[1] > MAXPATHLEN
37184: 	[0cea8ecc9dc2]
37185: 
37186: 	* configure.in:
37187: 	added function check for tcgetattr(3)
37188: 	[e03289b22c2f]
37189: 
37190: 	* config.h.in:
37191: 	only define HAVE_TERMIOS_H if you have tcgetattr(3)
37192: 	[757eab83d1a2]
37193: 
37194: 	* config.h.in:
37195: 	added check for tcgetattr
37196: 	[c5ae92715930]
37197: 
37198: 1994-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
37199: 
37200: 	* CHANGES:
37201: 	updated
37202: 	[cbc419883108]
37203: 
37204: 1994-09-22  Todd C. Miller  <Todd.Miller@courtesan.com>
37205: 
37206: 	* parse.lex:
37207: 	now only include unistd.h for linux
37208: 	[e9adeab95ef0]
37209: 
37210: 1994-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
37211: 
37212: 	* Makefile.in:
37213: 	added visudo.8 generation
37214: 	[d6a3f0f887f8]
37215: 
37216: 	* configure.in:
37217: 	added -Wl,-bI:./aixcrypt.exp to aix flags
37218: 	[72594a21edcf]
37219: 
37220: 1994-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
37221: 
37222: 	* BUGS:
37223: 	added one
37224: 	[9993a349e096]
37225: 
37226: 	* CHANGES:
37227: 	updated
37228: 	[297b31ec4cdd]
37229: 
37230: 	* README:
37231: 	added mailing list info
37232: 	[10372f94a2b2]
37233: 
37234: 	* parse.yacc:
37235: 	now use sudolineno instead of yylineno fixed bison warnings
37236: 	[25a83e62057b]
37237: 
37238: 	* configure.in:
37239: 	now use -no_library_replacement for osf don't make a static binary
37240: 	for hpux >= 9.0
37241: 	[1fa7b892f1a3]
37242: 
37243: 	* tgetpass.c:
37244: 	added string.h/strings.h inclusion
37245: 	[71faa98fc0a1]
37246: 
37247: 	* config.h.in:
37248: 	added ssize_t def
37249: 	[406284bd1ac0]
37250: 
37251: 	* parse.lex:
37252: 	added inclusion of string.h/strings.h
37253: 	[6985b1df5d09]
37254: 
37255: 	* aclocal.m4:
37256: 	fixed uname | sed (needed to quote the '[')
37257: 	[4cd2d3415c1a]
37258: 
37259: 	* parse.lex:
37260: 	replaced yylineno with sudolineno fixed bison syntax errors
37261: 	[0bd31a5fab26]
37262: 
37263: 	* visudo.c:
37264: 	changed yylineno to sudolineno since yylineno cannot be counted
37265: 	upon.
37266: 	[38c30104d0ae]
37267: 
37268: 	* TODO:
37269: 	updated
37270: 	[5d4746f1a752]
37271: 
37272: 	* parse.c:
37273: 	added code to support command listings
37274: 	[030172e133fd]
37275: 
37276: 	* sudo.c:
37277: 	added code for -l flag
37278: 	[801dbbc82778]
37279: 
37280: 	* sudo.man:
37281: 	fixed typo added info for -l flag
37282: 	[8916ca945d65]
37283: 
37284: 	* configure.in:
37285: 	AC_SSIZE_T -> SUDO_SSIZE_T
37286: 	[c61f7f47013f]
37287: 
37288: 	* aclocal.m4:
37289: 	added SUDO_SSIZE_T
37290: 	[0ccdb77be84d]
37291: 
37292: 	* sudo.h:
37293: 	added MODE_LIST
37294: 	[9b2bd844c76c]
37295: 
37296: 	* configure.in:
37297: 	added AC_SSIZE_T
37298: 	[35cca208f9b5]
37299: 
37300: 	* find_path.c, sudo_realpath.c:
37301: 	readlink() is now declared as returning ssize~_t
37302: 	[0640a08d1407]
37303: 
37304: 	* configure.in:
37305: 	added -laud for OSF c2
37306: 	[b7539c905efc]
37307: 
37308: 1994-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
37309: 
37310: 	* Makefile.in, visudo.c:
37311: 	changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
37312: 	[067fd9bcb5e1]
37313: 
37314: 	* config.h.in, parse.lex, parse.yacc, pathnames.h.in:
37315: 	changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.edu
37316: 	[fc46e7c7110a]
37317: 
37318: 	* check.c, find_path.c, getcwd.c, getwd.c, insults.h, logging.c,
37319: 	parse.c, putenv.c, strdup.c, sudo.c, sudo.h, sudo_realpath.c,
37320: 	sudo_setenv.c, tgetpass.c, version.h:
37321: 	changed sudo-bugs.cs.colorado.edu -> sudo-bugs@cs.colorado.ed
37322: 	[d1d4fbc53a98]
37323: 
37324: 1994-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
37325: 
37326: 	* Makefile.in:
37327: 	++version
37328: 	[b7066d97633f]
37329: 
37330: 	* version.h:
37331: 	++
37332: 	[65ec69d88110]
37333: 
37334: 	* logging.c:
37335: 	added host to alertmail messages
37336: 	[d973c19ce777]
37337: 
37338: 	* CHANGES, TODO:
37339: 	udpated
37340: 	[5a65eb16faeb]
37341: 
37342: 	* logging.c:
37343: 	fixed logging problem where mail would not say which user it was
37344: 	[35723edcc5d2]
37345: 
37346: 	* configure.in:
37347: 	added -laud for gcc if osf & c2
37348: 	[18f1e0ae5548]
37349: 
37350: 	* check.c:
37351: 	moved set_auth_parameters to sudo.c
37352: 	[d23112fe01db]
37353: 
37354: 	* sudo.c:
37355: 	added set_auth_parameters for osf
37356: 	[eb70f65214ac]
37357: 
37358: 	* configure.in:
37359: 	cleaned up -static stuff
37360: 	[01e9575f0422]
37361: 
37362: 	* Makefile.in:
37363: 	++version
37364: 	[7ac3bff5c770]
37365: 
37366: 	* version.h:
37367: 	++
37368: 	[10a4ff478469]
37369: 
37370: 	* sudo.c:
37371: 	changed setenv() to sudo_setenv()
37372: 	[40a78abb9946]
37373: 
37374: 	* check.c:
37375: 	fixed osf problem
37376: 	[3d69b118efb8]
37377: 
37378: 	* configure.in:
37379: 	added OSF C2 stuff
37380: 	[38cff3ad4093]
37381: 
37382: 	* CHANGES:
37383: 	updated
37384: 	[cd341dd0581a]
37385: 
37386: 	* check.c:
37387: 	added osf auth support & removed some extra spaces
37388: 	[a448cdd81514]
37389: 
37390: 	* INSTALL, SUPPORTED:
37391: 	added osf C2 stuff
37392: 	[f70484796146]
37393: 
37394: 1994-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
37395: 
37396: 	* TODO:
37397: 	added 2 suggestions
37398: 	[695fbdbd86e6]
37399: 
37400: 	* Makefile.in:
37401: 	removed README.v1.3.1 and added VERSION stuff
37402: 	[f69403eb04c6]
37403: 
37404: 	* version.h:
37405: 	pl1
37406: 	[21580c0f8cb1]
37407: 
37408: 1994-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
37409: 
37410: 	* version.h:
37411: 	1.3.1final
37412: 	[630114970298]
37413: 
37414: 	* Makefile.in:
37415: 	added HISTORY
37416: 	[901bff251614]
37417: 
37418: 	* sudo.man:
37419: 	mention HISTPRY file
37420: 	[86dbcfd4326e]
37421: 
37422: 	* sudo.c:
37423: 	use sizeof instead of a constant in 1 place
37424: 	[d819604c68ca]
37425: 
37426: 	* parse.yacc:
37427: 	added unistd.h
37428: 	[6f9500f9fe7e]
37429: 
37430: 	* parse.lex:
37431: 	added unistd.h
37432: 	[468b81a276eb]
37433: 
37434: 	* README:
37435: 	udpated
37436: 	[7e275618923a]
37437: 
37438: 	* HISTORY:
37439: 	Initial revision
37440: 	[5db1b0a3939b]
37441: 
37442: 1994-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
37443: 
37444: 	* version.h:
37445: 	++
37446: 	[7dfbb4a810bb] [SUDO_1_3_1]
37447: 
37448: 	* CHANGES:
37449: 	updated
37450: 	[7820ee610bf8]
37451: 
37452: 	* sudo_setenv.c:
37453: 	added unistd.h include
37454: 	[30cf2b654525]
37455: 
37456: 1994-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
37457: 
37458: 	* sudo.c:
37459: 	added sys/time.h for AIX
37460: 	[199fc8caf3a3]
37461: 
37462: 1994-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
37463: 
37464: 	* configure.in:
37465: 	added check for -lsocket and sys/sockio.h
37466: 	[f9abfbb31031]
37467: 
37468: 	* config.h.in:
37469: 	took out libshadow check and added in sys/sockio.h check
37470: 	[0c4b0393ac80]
37471: 
37472: 	* sudo.c:
37473: 	now include sockio.h instead of ioctl.h if it exists "sudo -" now
37474: 	gets a better error message
37475: 	[53041bea5483]
37476: 
37477: 	* sample.sudoers:
37478: 	now has a dir and subnet entry
37479: 	[56b820f65438]
37480: 
37481: 1994-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
37482: 
37483: 	* sudo.c:
37484: 	removed if_ether.h
37485: 	[b4f64507493e]
37486: 
37487: 	* TODO:
37488: 	added an item
37489: 	[ea2a1bb6922a]
37490: 
37491: 	* sudo.man:
37492: 	added network and ip addresses to man page
37493: 	[01c85016511f]
37494: 
37495: 	* sudo.c:
37496: 	no error if can't get interfaces or netmask since networking may not
37497: 	be in the kernel.
37498: 	[50b8890e2134]
37499: 
37500: 	* parse.c:
37501: 	nwo check for interfaces == NULL
37502: 	[dc1b3eef0db2]
37503: 
37504: 	* parse.c:
37505: 	fixed a bug that caused directory specs in a Cmnd_Alias to fail if
37506: 	the last entry in the spec failed (ie: it was only looking at the
37507: 	last entry). CLeaned things up by adding the cmndcmp() function--all
37508: 	neat & tidy
37509: 	[007e93578e5e]
37510: 
37511: 	* CHANGES:
37512: 	added one
37513: 	[40e8a2cef497]
37514: 
37515: 1994-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
37516: 
37517: 	* sudo.c:
37518: 	now do two passes to skip bogus interfaces (lo0, etc)
37519: 	[465e30aecaf7]
37520: 
37521: 	* parse.lex, parse.yacc, visudo.c:
37522: 	added include of netinet/in.h
37523: 	[11e3816ed362]
37524: 
37525: 	* logging.c, sudo_realpath.c, sudo_setenv.c:
37526: 	added ninclude of netinet/in.h
37527: 	[daccfa40fe1e]
37528: 
37529: 	* check.c, find_path.c, getcwd.c, getwd.c:
37530: 	added include of netinet/in.h
37531: 	[0222f95e06ad]
37532: 
37533: 	* version.h:
37534: 	++
37535: 	[d6b0cfa35a38]
37536: 
37537: 	* sudo.h:
37538: 	added interfaces global
37539: 	[ba52fa8ad75e]
37540: 
37541: 	* parse.c:
37542: 	now uses new interfaces global
37543: 	[17473ad5ecba]
37544: 
37545: 	* sudo.c:
37546: 	now ip addresses are gleaned fw/o dns
37547: 	[8828bb2007e0]
37548: 
37549: 1994-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
37550: 
37551: 	* sudo.c:
37552: 	added load_ip_addrs() to load the ip_addrs global var
37553: 	[60c825f04238]
37554: 
37555: 	* parse.c:
37556: 	added hostcmp() to compare hostnames, ip addrs, and network addrs
37557: 	[ab0e40e37537]
37558: 
37559: 	* sudo.h:
37560: 	added ip_addrs def added load_ip_addrs prototype
37561: 	[c41c565d0777]
37562: 
37563: 1994-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
37564: 
37565: 	* CHANGES:
37566: 	updated
37567: 	[2a128dbe9bcb]
37568: 
37569: 	* Makefile.in:
37570: 	removed multiple entries in DISTFILES
37571: 	[2490f4f371e6]
37572: 
37573: 	* visudo.c:
37574: 	ansified the !STDC_HEADERS decls
37575: 	[646ba06d17ae]
37576: 
37577: 	* find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c:
37578: 	don't do malloc decl if gnuc
37579: 	[f1bad1925f98]
37580: 
37581: 	* sudo.c:
37582: 	can't use getopt(3) since it munges args to the command to be run as
37583: 	root don't do malloc decl if gnuc
37584: 	[38e78f6da14e]
37585: 
37586: 	* find_path.c, getcwd.c, getwd.c, putenv.c, strdup.c, sudo.c,
37587: 	sudo_realpath.c, sudo_setenv.c:
37588: 	ansi-fied !STDC_HEADER function prottypes
37589: 	[51d8cad89976]
37590: 
37591: 	* getcwd.c, getwd.c:
37592: 	added missing paren
37593: 	[6a1fae70e27e]
37594: 
37595: 	* Makefile.in:
37596: 	added putenv.c to DISTFILES
37597: 	[a5e4523eabbb]
37598: 
37599: 	* sudo_setenv.c:
37600: 	added params to func decls when STDC_HEADERS is not defined now can
37601: 	count on putenv() being there
37602: 	[fd587796189b]
37603: 
37604: 	* sudo_realpath.c:
37605: 	took out errno decl since sudo.h does it for us fixed up a next cc
37606: 	warning added params to func decls when STDC_HEADERS is not defined
37607: 	[70fa5152ace6]
37608: 
37609: 	* sudo.h:
37610: 	took out environ extern added local declaratio of putenv() if local
37611: 	version is needed
37612: 	[a84bae6c020d]
37613: 
37614: 	* find_path.c, getcwd.c, getwd.c, strdup.c, sudo.c:
37615: 	added params to func decls when STDC_HEADERS is not defined
37616: 	[f406f0e47ac0]
37617: 
37618: 	* config.h.in:
37619: 	added memcpy check check to see that ansi vs bsd macros are ntot
37620: 	already defiend before defining (ie: avoid redefinition)
37621: 	[879ae026e19f]
37622: 
37623: 	* configure.in:
37624: 	removed fluff setenv check plus check w/ replace for putenv if also
37625: 	no setenv
37626: 	[e3c03814ad4b]
37627: 
37628: 	* putenv.c:
37629: 	Initial revision
37630: 	[3cff63e2dc1b]
37631: 
37632: 1994-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
37633: 
37634: 	* sudo_setenv.c:
37635: 	Initial revision
37636: 	[4d637631fa6b]
37637: 
37638: 	* sudo.h:
37639: 	rm'd s realp[ath added sudo_realpath and sudo_setenv
37640: 	[07ba001ff57e]
37641: 
37642: 	* sudo.c:
37643: 	now use sudo_setenvc
37644: 	[fd81e04d5ef0]
37645: 
37646: 	* configure.in:
37647: 	added puteenv and setenv, removed realpath
37648: 	[27bfacfb513b]
37649: 
37650: 	* config.h.in:
37651: 	added putenv & setenv
37652: 	[515f14eaf6e4]
37653: 
37654: 	* Makefile.in:
37655: 	added sudo_setenv
37656: 	[217731a717c5]
37657: 
37658: 	* version.h:
37659: 	++
37660: 	[eadb346d7129]
37661: 
37662: 1994-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
37663: 
37664: 	* configure.in:
37665: 	added MAN_POSTINSTALL and /usr/share/catman for irix
37666: 	[2a9496c1bdba]
37667: 
37668: 	* Makefile.in:
37669: 	added MAN_POSTINSTALL
37670: 	[89b0d4695529]
37671: 
37672: 	* CHANGES:
37673: 	added
37674: 	[48c021ba8a70]
37675: 
37676: 	* sudo.man:
37677: 	added SUDO_* plus new options
37678: 	[c0759cff5683]
37679: 
37680: 	* CHANGES:
37681: 	added one
37682: 	[7d44a3922d56]
37683: 
37684: 	* configure.in:
37685: 	took out shadow lib
37686: 	[07cf3de18701]
37687: 
37688: 	* TODO:
37689: 	adde done
37690: 	[a27a578e8afe]
37691: 
37692: 	* visudo.c:
37693: 	now use yyrestart() if flex now reset yylineno to 0
37694: 	[77d67ce0b677]
37695: 
37696: 	* Makefile.in:
37697: 	support for installing a cat page instead of a man page if no nroff
37698: 	[44671c0fc0fa]
37699: 
37700: 	* configure.in:
37701: 	now defines HAVE_FLEX fixed up man stuff so that it looks for nroff
37702: 	to determine whether or not to install a cat or man page
37703: 	[0562d069c135]
37704: 
37705: 	* config.h.in:
37706: 	added HAVE_FLEX
37707: 	[c5490bae39d3]
37708: 
37709: 	* sudo.c:
37710: 	not set ret to MODE_RUN initially
37711: 	[88b4983c195b]
37712: 
37713: 	* find_path.c:
37714: 	made command (and therefor cmnd dynamically allocated)
37715: 	[95b82e32b6de]
37716: 
37717: 	* TODO:
37718: 	did #8
37719: 	[fb6f41308cdf]
37720: 
37721: 	* version.h:
37722: 	++
37723: 	[14112ecab5ae]
37724: 
37725: 	* sudo_realpath.c:
37726: 	changed bufs from MAXPATHLEN to MAXPATHLEN+1
37727: 	[0ad4f34e55c0]
37728: 
37729: 	* sudo.h:
37730: 	added MODE_ removed validate_only and added remove_timestamp()
37731: 	[dd5f99c57728]
37732: 
37733: 	* sudo.c:
37734: 	usage() now takes an int (exit value) added parse_args() to parse
37735: 	command line arguments moved call to find_path() from load_globals
37736: 	to new function load_cmnd() removed validate_only global -- now use
37737: 	the concept of "modes" added -h and -k options
37738: 	[c3887090b28a]
37739: 
37740: 	* parse.c:
37741: 	no longer use global validate_only now checks for command called
37742: 	"validate" removed check for non-fully qualified commands since that
37743: 	is done by find_path
37744: 	[7d56fbd26369]
37745: 
37746: 	* find_path.c:
37747: 	changed MAXPATHLEN r to MAXPATHLEN+1
37748: 	[a86e8664d971]
37749: 
37750: 	* find_path.c:
37751: 	fixed off by one error with MAXPATHLEN and fixed a comment
37752: 	[58adcef8c981]
37753: 
37754: 	* check.c:
37755: 	check_timestamp no longer runs reminder(), it is implied in the
37756: 	return val added remove_timestamp()
37757: 	[42ab5a77066f]
37758: 
37759: 	* CHANGES:
37760: 	updated
37761: 	[8e69b31df024]
37762: 
37763: 1994-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
37764: 
37765: 	* BUGS:
37766: 	fixed on
37767: 	[bc34f1ac4280]
37768: 
37769: 	* sudo_realpath.c:
37770: 	took out old_errno
37771: 	[a168d00a0768]
37772: 
37773: 	* CHANGES:
37774: 	updated
37775: 	[04ba80922df7]
37776: 
37777: 1994-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
37778: 
37779: 	* logging.c:
37780: 	moved send_mail to after syslog
37781: 	[4d4188087834]
37782: 
37783: 	* sudo.c:
37784: 	now set SUDO_ envariables
37785: 	[e5963f1bd3bb]
37786: 
37787: 1994-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
37788: 
37789: 	* version.h:
37790: 	++
37791: 	[2a4534845d8c]
37792: 
37793: 	* sudo_realpath.c:
37794: 	now print error if chdir fails
37795: 	[0d75c8973d49]
37796: 
37797: 	* find_path.c:
37798: 	removed an XXX
37799: 	[e2077bcb35aa]
37800: 
37801: 1994-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
37802: 
37803: 	* CHANGES:
37804: 	updated
37805: 	[e30a2b39b41a]
37806: 
37807: 	* configure.in:
37808: 	no more static binaries for aix
37809: 	[77a0beb6bd80]
37810: 
37811: 1994-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
37812: 
37813: 	* INSTALL:
37814: 	fixed typo
37815: 	[ba5e0d391bc4]
37816: 
37817: 	* sudo_realpath.c:
37818: 	took out stuff not needed for sudo now does be_root/be_user itself
37819: 	now uses cwd global
37820: 	[4f6d4641d793]
37821: 
37822: 	* version.h:
37823: 	+=2
37824: 	[97da927b297c]
37825: 
37826: 	* logging.c, sudo.c:
37827: 	be_root/be_user is now down in sudo_realpath()
37828: 	[f331662fa50f]
37829: 
37830: 	* logging.c, sudo.h:
37831: 	now works with 4.2BSD syslog (blech)
37832: 	[98e39d89dd36]
37833: 
37834: 	* find_path.c:
37835: 	now use sudo_realpath()
37836: 	[ab436a8ebd02]
37837: 
37838: 	* config.h.in:
37839: 	took out realpth() stuff since we now use sudo_realpath()
37840: 	[8de5ef9f6044]
37841: 
37842: 	* configure.in:
37843: 	ultrix enhanced sec
37844: 	[815fb7fffcc0]
37845: 
37846: 	* SUPPORTED:
37847: 	added ultrix enhanced sec.
37848: 	[6466766c8062]
37849: 
37850: 	* INSTALL:
37851: 	updated
37852: 	[d681a634297a]
37853: 
37854: 	* check.c:
37855: 	ultrix enhanced security suport
37856: 	[f10c8decbcc2]
37857: 
37858: 	* Makefile.in:
37859: 	added sudo_realpath.c
37860: 	[6b9bcd3be022]
37861: 
37862: 	* CHANGES:
37863: 	updated
37864: 	[2fa8084c1b53]
37865: 
37866: 	* tgetpass.c:
37867: 	increased passwd len to 24 for c2 security
37868: 	[ec64838be62d]
37869: 
37870: 	* BUGS:
37871: 	updated BUGS
37872: 	[ca00d8fec2ce]
37873: 
37874: 1994-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
37875: 
37876: 	* check.c:
37877: 	now use user global var
37878: 	[568769719013]
37879: 
37880: 	* configure.in:
37881: 	took out -ls
37882: 	[490a44180d5f]
37883: 
37884: 1994-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
37885: 
37886: 	* configure.in:
37887: 	added AFS libs
37888: 	[4fb40c8c01ba]
37889: 
37890: 	* sudo.h:
37891: 	user is now a char * added epasswd
37892: 	[27a919fafdfb]
37893: 
37894: 	* sudo.c:
37895: 	added tzset() to load_globals added epasswd (encrypted password)
37896: 	global made user dynamically allocated
37897: 	[b99ef9bdbfce]
37898: 
37899: 	* configure.in:
37900: 	added tzset test
37901: 	[27592dd1214b]
37902: 
37903: 	* config.h.in:
37904: 	added HAVE_TZSET
37905: 	[b13f4213f3d0]
37906: 
37907: 	* check.c:
37908: 	cleaned up encrypted passwd grab somewhat
37909: 	[c8ba9a4db38a]
37910: 
37911: 	* configure.in:
37912: 	fixed AFS typo
37913: 	[2bfcbce237b6]
37914: 
37915: 	* INSTALL:
37916: 	added AFS not
37917: 	[80c67329393c]
37918: 
37919: 	* CHANGES:
37920: 	udpated
37921: 	[2f09ecdd5d31]
37922: 
37923: 	* logging.c:
37924: 	can now log to both syslog & a file
37925: 	[4d5c0932bc01]
37926: 
37927: 	* sudo.h:
37928: 	added BOTH_LOGS
37929: 	[623c539be824]
37930: 
37931: 	* CHANGES:
37932: 	updated
37933: 	[a1c7f5ef3616]
37934: 
37935: 	* configure.in:
37936: 	--with-AFS
37937: 	[28718d8f5daf]
37938: 
37939: 	* config.h.in:
37940: 	added HAVE_AFS
37941: 	[2e32bb4e63e4]
37942: 
37943: 	* check.c:
37944: 	added afs changes
37945: 	[fe4d0ff320a2]
37946: 
37947: 	* sudo.h:
37948: 	removed AFS stuff :-)
37949: 	[a40387e6fa27]
37950: 
37951: 	* tgetpass.c:
37952: 	include sys/select for AIX
37953: 	[f32c5a8f2c84]
37954: 
37955: 	* sudo.h:
37956: 	added AFS
37957: 	[da2ab3dd0348]
37958: 
37959: 	* version.h:
37960: 	++
37961: 	[452d4dfe25af]
37962: 
37963: 1994-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
37964: 
37965: 	* CHANGES, SUPPORTED:
37966: 	updated
37967: 	[e7dfe6f23a37]
37968: 
37969: 	* logging.c:
37970: 	can now have MAILER undefined
37971: 	[1d33b98b35e1]
37972: 
37973: 	* INSTALL:
37974: 	new sub-note about MAILER
37975: 	[d35c636a0574]
37976: 
37977: 	* sudo.man:
37978: 	added blurb about password timeout
37979: 	[70c2ee50de20]
37980: 
37981: 	* configure.in:
37982: 	convex c2 changes
37983: 	[367138a6232e]
37984: 
37985: 	* aclocal.m4:
37986: 	took out duplicate define of _CONVEX_SOURCE
37987: 	[647182138450]
37988: 
37989: 	* Makefile.in:
37990: 	added OSDEFS
37991: 	[7fdcd50602d1]
37992: 
37993: 	* config.h.in:
37994: 	added spaces
37995: 	[f2b8a05e48f3]
37996: 
37997: 	* tgetpass.c:
37998: 	added a goto if fgets fails
37999: 	[68a6586d9c45]
38000: 
38001: 	* sudo.h:
38002: 	use __hpux not hpux convex c2 stuff
38003: 	[5c377a8d5f34]
38004: 
38005: 	* sudo.c:
38006: 	use __hpux not hpux
38007: 	[9363bc0f9f9e]
38008: 
38009: 	* logging.c:
38010: 	convex c2 stuff
38011: 	[ea5630975ac4]
38012: 
38013: 	* config.h.in:
38014: 	define ansi-ish cpp os defines if non-ansi are defined for hpux &
38015: 	convex
38016: 	[664f53a5e786]
38017: 
38018: 	* INSTALL:
38019: 	updated to say we support sonvex C2
38020: 	[5f2f8b87013e]
38021: 
38022: 	* check.c:
38023: 	added convex c2 support
38024: 	[9a665d4918fa]
38025: 
38026: 1994-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
38027: 
38028: 	* tgetpass.c:
38029: 	no more ioctl never returns NULL uses fgets() and select() to
38030: 	timeout
38031: 	[b333e6d63e97]
38032: 
38033: 1994-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
38034: 
38035: 	* configure.in:
38036: 	things were testing -n "$GCC" instead of -z "$GCC"
38037: 	[059a9b15ede2]
38038: 
38039: 	* tgetpass.c:
38040: 	now works + uses fgets()
38041: 	[353d7ebcb7bb]
38042: 
38043: 1994-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
38044: 
38045: 	* tgetpass.c:
38046: 	select doesn't seem to recognize a single '\n' as input waiting so
38047: 	we can;t use it, sigh.
38048: 	[f76e3218b835]
38049: 
38050: 1994-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
38051: 
38052: 	* PORTING:
38053: 	updated tgetpass() blurb
38054: 	[95baac736b49]
38055: 
38056: 	* configure.in:
38057: 	added --with-getpass
38058: 	[42ac0bdf58ed]
38059: 
38060: 	* Makefile.in:
38061: 	added tgetpass stuff
38062: 	[e2b38c635663]
38063: 
38064: 	* tgetpass.c:
38065: 	now uses stdio
38066: 	[36af8ff66e35]
38067: 
38068: 	* version.h:
38069: 	++
38070: 	[4e81c9db19bd]
38071: 
38072: 1994-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
38073: 
38074: 	* PORTING:
38075: 	updated ,.
38076: 	[54f523770a05]
38077: 
38078: 	* config.h.in:
38079: 	added USE_GETPASS && HAVE_C2_SECURITY
38080: 	[86b355cb2953]
38081: 
38082: 	* configure.in:
38083: 	fixed a test aded --with-C2 and --with-tgetpass
38084: 	[abf6181588ef]
38085: 
38086: 	* check.c:
38087: 	added hpux C2 shit
38088: 	[20d4177ffa88]
38089: 
38090: 	* Makefile.in:
38091: 	took out tgetpass.*
38092: 	[cc82fd9984b4]
38093: 
38094: 	* INSTALL:
38095: 	added C2 blurb
38096: 	[1d2bfc35e4b6]
38097: 
38098: 1994-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
38099: 
38100: 	* configure.in:
38101: 	no termio(s) for ultrix since it is broken
38102: 	[d3e82e835350]
38103: 
38104: 	* check.c:
38105: 	added a space (yeah, anal)
38106: 	[05e4b31ca68c]
38107: 
38108: 	* realpath.c, sudo_realpath.c:
38109: 	fixed it (duh, rtfm)
38110: 	[f13097cb8cb6]
38111: 
38112: 1994-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
38113: 
38114: 	* config.h.in:
38115: 	took out bsd signal stuff for irix
38116: 	[e179cdafc97a]
38117: 
38118: 	* visudo.c:
38119: 	comments in #endif
38120: 	[e3a629190f5e]
38121: 
38122: 	* configure.in:
38123: 	don't define BSD signals for irix
38124: 	[3ce57bffb7f0]
38125: 
38126: 	* TODO:
38127: 	did some...
38128: 	[274241cd0f74]
38129: 
38130: 	* CHANGES:
38131: 	updated
38132: 	[8f29fc755faf]
38133: 
38134: 	* realpath.c, sudo_realpath.c:
38135: 	took out unneeded code by changing where a strings was terminated
38136: 	[b5564d62d30e]
38137: 
38138: 1994-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
38139: 
38140: 	* realpath.c, sudo_realpath.c:
38141: 	fix bug where /dirname would return NULL
38142: 	[b85f470daf26]
38143: 
38144: 	* sudo.h:
38145: 	move __P to config.h
38146: 	[7763c0ff3f28]
38147: 
38148: 	* getcwd.c, getwd.c, realpath.c, sudo_realpath.c:
38149: 	added errno definition
38150: 	[4cc9d2d9782a]
38151: 
38152: 	* config.h.in:
38153: 	added __P
38154: 	[ca06f5aa58f3]
38155: 
38156: 	* config.h.in:
38157: 	added HAVE_FCHDIR
38158: 	[206d714641e0]
38159: 
38160: 	* strdup.c:
38161: 	now include stdio
38162: 	[0d8458da0e1d]
38163: 
38164: 	* realpath.c, sudo_realpath.c:
38165: 	now works if no fchdir
38166: 	[e035911b6722]
38167: 
38168: 	* visudo.c:
38169: 	define SA_RESETHAND to null if not defined
38170: 	[afec03e84342]
38171: 
38172: 	* configure.in:
38173: 	added check & replace
38174: 	[c1a65481441c]
38175: 
38176: 	* configure.in:
38177: 	took out -static for nextstep -- it doesn't work
38178: 	[fa1a1a611743]
38179: 
38180: 1994-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
38181: 
38182: 	* logging.c:
38183: 	moved #endif to where it belongs
38184: 	[07d3a8972097]
38185: 
38186: 	* SUPPORTED:
38187: 	correction
38188: 	[0c1ecba3e5a3]
38189: 
38190: 	* configure.in:
38191: 	now checks for strdup realpath getcwd bzero
38192: 	[f029a1917515]
38193: 
38194: 	* config.h.in:
38195: 	emulate bzero
38196: 	[d792352e44a3]
38197: 
38198: 	* visudo.c:
38199: 	added posic signals
38200: 	[2ed0005f90fc]
38201: 
38202: 	* tgetpass.c:
38203: 	bzero cast
38204: 	[6d91b1a1526f]
38205: 
38206: 	* logging.c:
38207: 	added posix signals
38208: 	[67ede9c22a05]
38209: 
38210: 	* configure.in:
38211: 	removed BROKEN_GETPASS added new srcs toreplace missing functions
38212: 	[cf44274bb1c8]
38213: 
38214: 	* config.h.in:
38215: 	added posix signal stuff
38216: 	[a3c1c98fe8ef]
38217: 
38218: 	* Makefile.in:
38219: 	added new srcs
38220: 	[b6a079afee47]
38221: 
38222: 	* visudo.c:
38223: 	updated useag
38224: 	[589ed091c44f]
38225: 
38226: 	* tgetpass.c:
38227: 	now uses posix signals
38228: 	[30f74964074f]
38229: 
38230: 	* PORTING:
38231: 	updated sto reflect major changes
38232: 	[bcfc309e017b]
38233: 
38234: 	* CHANGES, TODO:
38235: 	updated
38236: 	[23aacbd54278]
38237: 
38238: 	* tgetpass.c:
38239: 	uses sysconf() if available
38240: 	[a27431c90bab]
38241: 
38242: 	* sudo.h:
38243: 	added PASSWORD_TIMEOUT + prototypes for new functions
38244: 	[d7473c2f77c4]
38245: 
38246: 	* realpath.c, sudo_realpath.c:
38247: 	for those w/o this in libc
38248: 	[1e47aa7a9d46]
38249: 
38250: 	* getcwd.c, getwd.c:
38251: 	Initial revision
38252: 	[c90dea57a84f]
38253: 
38254: 	* find_path.c:
38255: 	rewrote to use realpath(3) - nis now all my code
38256: 	[d2c3bb8fb37d]
38257: 
38258: 	* config.h.in:
38259: 	added HAVE_REALPATH
38260: 	[02c10352a8c7]
38261: 
38262: 	* check.c:
38263: 	now use tgetpass
38264: 	[b5c021fc179f]
38265: 
38266: 	* Makefile.in:
38267: 	added LIBOBJS use tgetpass.c
38268: 	[230a7b3eeaa3]
38269: 
38270: 1994-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
38271: 
38272: 	* tgetpass.c:
38273: 	works now :-)
38274: 	[025e7a3875ba]
38275: 
38276: 	* tgetpass.c:
38277: 	Initial revision
38278: 	[3316ab33b230]
38279: 
38280: 	* pathnames.h.in:
38281: 	added /dev/tty
38282: 	[29242585e53f]
38283: 
38284: 1994-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
38285: 
38286: 	* version.h:
38287: 	incremented
38288: 	[f2e54b48280f]
38289: 
38290: 	* sudo.c:
38291: 	always use getcwd
38292: 	[c6068e8a4029]
38293: 
38294: 	* config.h.in:
38295: 	added check for getwd
38296: 	[ab1e102ad673]
38297: 
38298: 	* configure.in:
38299: 	replace strdup & realpath & getcwd if missing
38300: 	[b0eb14f2a1c3]
38301: 
38302: 	* pathnames.h.in:
38303: 	added _PATH_PWD
38304: 	[309d2388f69a]
38305: 
38306: 	* aclocal.m4:
38307: 	added SUDO_PROG_PWD
38308: 	[e16e85deb96c]
38309: 
38310: 	* strdup.c:
38311: 	Initial revision
38312: 	[810efdc15007]
38313: 
38314: 	* realpath.c, sudo_realpath.c:
38315: 	Initial revision
38316: 	[d85eee438e09]
38317: 
38318: 1994-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
38319: 
38320: 	* configure.in:
38321: 	quoted quare brackets
38322: 	[d0e7ca111d98]
38323: 
38324: 1994-06-02  Todd C. Miller  <Todd.Miller@courtesan.com>
38325: 
38326: 	* sudo.c:
38327: 	no need to strdup() a constant
38328: 	[a8c44712df9a]
38329: 
38330: 	* CHANGES:
38331: 	updated
38332: 	[71364129cca0]
38333: 
38334: 	* sudo.man:
38335: 	added validate
38336: 	[0bb198095a26]
38337: 
38338: 	* sudo.c:
38339: 	added -v to usage
38340: 	[31ea71f11dbb]
38341: 
38342: 	* parse.c, sudo.c, sudo.h:
38343: 	added validate_only stuff
38344: 	[9bcd853d3c90]
38345: 
38346: 1994-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
38347: 
38348: 	* configure.in:
38349: 	now finds sed
38350: 	[6374bb0d3f28]
38351: 
38352: 	* aclocal.m4:
38353: 	$OSREV is now an int
38354: 	[ace0666d66cf]
38355: 
38356: 1994-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
38357: 
38358: 	* configure.in:
38359: 	added mtxinu to caser
38360: 	[73a776887b16]
38361: 
38362: 	* sudo.h:
38363: 	added EXEC macro
38364: 	[2e8eb28b710a]
38365: 
38366: 	* sudo.c:
38367: 	now use the EXEC nmacro now only do a gethostbyname() if FQDN is set
38368: 	[56afb4f658d5]
38369: 
38370: 	* logging.c:
38371: 	changed mail_argv[] def now use EXEC() macro
38372: 	[ddcabd28edb1]
38373: 
38374: 	* check.c:
38375: 	took out crypt() definition
38376: 	[0e657724cf5f]
38377: 
38378: 	* version.h:
38379: 	upped the version
38380: 	[62c5d66119fc]
38381: 
38382: 	* configure.in:
38383: 	always look for -lnsl
38384: 	[d7b594f0313b]
38385: 
38386: 	* aclocal.m4:
38387: 	added an echo
38388: 	[1caae3491dc5]
38389: 
38390: 	* sudo.h:
38391: 	SHORT_MESSAGE is now the default
38392: 	[cfce35c3119a]
38393: 
38394: 	* config.h.in:
38395: 	fixed typo
38396: 	[6499a564bf75]
38397: 
38398: 	* configure.in:
38399: 	added missing AC_DEFINE(SVR4) for solaris
38400: 	[feef0b17b94f]
38401: 
38402: 	* sudo.man:
38403: 	documented the -v flag
38404: 	[a6429f2bc2cf]
38405: 
38406: 	* SUPPORTED:
38407: 	updated
38408: 	[088886e79540]
38409: 
38410: 	* check.c:
38411: 	proto-ized crypt()
38412: 	[801e4ff5b121]
38413: 
38414: 	* config.h.in:
38415: 	added LIBSHADOW undef
38416: 	[8df588e9ee2b]
38417: 
38418: 	* configure.in:
38419: 	nwo set OS to be lowercase
38420: 	[561ebed833e4]
38421: 
38422: 1994-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
38423: 
38424: 	* configure.in:
38425: 	now use SUDO_OSTYPE to set $OS
38426: 	[0e60aee23098]
38427: 
38428: 	* aclocal.m4:
38429: 	now use uname to determine os
38430: 	[99705e58d400]
38431: 
38432: 	* visudo.c:
38433: 	added prototypes & moved sig handler around
38434: 	[1f0bc8d23b51]
38435: 
38436: 	* sudo.h:
38437: 	added prototyppes
38438: 	[be3935a2b163]
38439: 
38440: 	* check.c, logging.c, sudo.c:
38441: 	added prototypes
38442: 	[2079b4605ab8]
38443: 
38444: 	* parse.c:
38445: 	added comment
38446: 	[a34d147d8399]
38447: 
38448: 	* config.h.in:
38449: 	nwo use _BSD_SIGNALS not _BSD_COMPAT
38450: 	[63663195f047]
38451: 
38452: 	* aixcrypt.exp:
38453: 	Initial revision
38454: 	[890aed08357e]
38455: 
38456: 	* Makefile.in:
38457: 	added aixcrypt.exp
38458: 	[1005a183105f]
38459: 
38460: 	* parse.lex, parse.yacc:
38461: 	moved config.h to top of includes
38462: 	[9569c49aa5f3]
38463: 
38464: 1994-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
38465: 
38466: 	* find_path.c:
38467: 	now don't bitch if get EACCESS (treat like EPERM)
38468: 	[dbeffb638de4]
38469: 
38470: 	* visudo.c:
38471: 	added -v flag and usage()
38472: 	[4d44ed60ed75]
38473: 
38474: 	* version.h:
38475: 	fixed a typo
38476: 	[cf3f9347ae41]
38477: 
38478: 	* sudo.c:
38479: 	cast Argv to a const for exec added -v flag
38480: 	[d11b6efc0e45]
38481: 
38482: 	* logging.c:
38483: 	mail_argv is now a const
38484: 	[93bb5d90bb6f]
38485: 
38486: 	* configure.in:
38487: 	only set RETSIGTYPE if it is not set already
38488: 	[c97aac260b77]
38489: 
38490: 	* aclocal.m4:
38491: 	now defines & STDC_HEADERS for Irix
38492: 	[9c2b24ad1fc5]
38493: 
38494: 	* Makefile.in:
38495: 	added version.h
38496: 	[9f79e880229a]
38497: 
38498: 	* insults.h, sudo.h:
38499: 	prevent multiple inclusion
38500: 	[d68c8a9243ce]
38501: 
38502: 	* version.h:
38503: 	Initial revision
38504: 	[dbb39c5ef8d9]
38505: 
38506: 	* parse.lex, parse.yacc:
38507: 	now includes config.h
38508: 	[f117e036a56b]
38509: 
38510: 	* aclocal.m4:
38511: 	now talks about sunos 4.x
38512: 	[c9054aa92d4e]
38513: 
38514: 	* visudo.c:
38515: 	calls to Exit now pass an arg
38516: 	[a92104670551]
38517: 
38518: 1994-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
38519: 
38520: 	* visudo.c:
38521: 	signal handler now takes an int argument
38522: 	[26f480c41523]
38523: 
38524: 	* CHANGES:
38525: 	updated
38526: 	[8c166a9d796b]
38527: 
38528: 	* sudo.c:
38529: 	ok, the getcwd() is now *really* done as the user
38530: 	[ab86cf85134a]
38531: 
38532: 	* configure.in:
38533: 	changed AIX STATIC_FLAGS
38534: 	[b9c0a3ba5663]
38535: 
38536: 	* aclocal.m4:
38537: 	solaris now defines SVR4
38538: 	[c3e20cac96f5]
38539: 
38540: 	* sudo.h:
38541: 	added cwd and fixed stupid core dump that makes no sense. sigh.
38542: 	[7a9755436dbb]
38543: 
38544: 	* sudo.c:
38545: 	moved getcwd stuff into load_globals
38546: 	[ec2bc90df1f3]
38547: 
38548: 	* parse.c:
38549: 	took out externs that are in suod.h
38550: 	[93c4b3f856d7]
38551: 
38552: 	* logging.c:
38553: 	moved cwd into load_globals
38554: 	[050de754d228]
38555: 
38556: 	* find_path.c:
38557: 	moved cwd stuff
38558: 	[22f3f3b4c34d]
38559: 
38560: 	* Makefile.in:
38561: 	fixed make distclean & realclean
38562: 	[c9964d89bcef]
38563: 
38564: 	* TODO:
38565: 	updated .,
38566: 	[e513581ef0e3]
38567: 
38568: 	* CHANGES:
38569: 	added solaris changes
38570: 	[505d930daf27]
38571: 
38572: 	* aclocal.m4:
38573: 	added solaris changes, need to rework
38574: 	[33f20fb16c49]
38575: 
38576: 	* configure.in:
38577: 	cleaned up for solaris
38578: 	[2fb8cfa05d0f]
38579: 
38580: 	* logging.c:
38581: 	reinstall reapchild signal handler for non-bsd signals
38582: 	[3d1dc545113d]
38583: 
38584: 	* sudo.h:
38585: 	took out getdtablesize() emulation for HP-UX (no longer needed)
38586: 	[1fc83d170f34]
38587: 
38588: 	* sudo.c:
38589: 	support for HAVE_SYSCONF
38590: 	[50ca2a7a224a]
38591: 
38592: 	* visudo.c:
38593: 	added <fcntl.h> for solaris & reorg'd the includes + minor prettying
38594: 	up /
38595: 	[0a570e826dd4]
38596: 
38597: 	* config.h.in:
38598: 	added HAVE_SYSCONF
38599: 	[2b9a9f3a4e94]
38600: 
38601: 1994-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
38602: 
38603: 	* configure.in:
38604: 	now tells you what os you are running /.
38605: 	[06c6332a895b]
38606: 
38607: 	* aclocal.m4:
38608: 	took out extra ','
38609: 	[e8c75ce59f4a]
38610: 
38611: 1994-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
38612: 
38613: 	* config.h.in:
38614: 	added _BSD_COMPAT
38615: 	[73c5099806c2]
38616: 
38617: 	* aclocal.m4:
38618: 	fixed for irix5
38619: 	[1047d1f6c0eb]
38620: 
38621: 	* CHANGES:
38622: 	updated
38623: 	[1bc4969fee96]
38624: 
38625: 	* sudo.c:
38626: 	uid seinitialized to -2
38627: 	[8d7812b1878b]
38628: 
38629: 1994-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
38630: 
38631: 	* sudo.c:
38632: 	now removes LIBPATH for AIX
38633: 	[075392eb1dd9]
38634: 
38635: 1994-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
38636: 
38637: 	* configure.in:
38638: 	now uses ufc if it finds it
38639: 	[ab6ce30a5958]
38640: 
38641: 1994-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
38642: 
38643: 	* sudo.h:
38644: 	no longer define yyval & yylval since yacc does it
38645: 	[09d250aea50a]
38646: 
38647: 	* parse.lex:
38648: 	now defines yylval as extenr
38649: 	[8ec2b88952bc]
38650: 
38651: 	* configure.in:
38652: 	BROKEN_GETPASS is now an OPTION
38653: 	[3714f4bb8312]
38654: 
38655: 	* config.h.in:
38656: 	took out BROKEN_GETPASS
38657: 	[9c4f6aa50137]
38658: 
38659: 	* Makefile.in:
38660: 	took out big comment
38661: 	[4c13cff0e556]
38662: 
38663: 	* README:
38664: 	updated
38665: 	[b8b9902b620d]
38666: 
38667: 	* Makefile.in:
38668: 	took out README.beta
38669: 	[ed2cd861e82b]
38670: 
38671: 	* SUPPORTED:
38672: 	Initial revision
38673: 	[2fffc51e6606]
38674: 
38675: 	* INSTALL:
38676: 	now reference SUPPORTED .,
38677: 	[d112c30be1f2]
38678: 
38679: 	* config.h.in:
38680: 	now check for convex OR __convex__
38681: 	[a0e5701a3069]
38682: 
38683: 	* aclocal.m4:
38684: 	now check for convex or __convex__
38685: 	[5dae2bfbe3bc]
38686: 
38687: 	* Makefile.in:
38688: 	added dist target
38689: 	[400a54de57db]
38690: 
38691: 	* aclocal.m4:
38692: 	use __convex__
38693: 	[58a19470ed0b]
38694: 
38695: 	* find_path.c:
38696: 	now use _S_* stat stuff to be ansi-like
38697: 	[28cce560e048]
38698: 
38699: 	* INSTALL:
38700: 	updated for configure directions
38701: 	[a034ccc7c30a]
38702: 
38703: 	* Makefile.in:
38704: 	distclean now removes config.h and pathnames.h
38705: 	[300f2349b4ab]
38706: 
38707: 	* CHANGES:
38708: 	updated
38709: 	[646f7e9430c1]
38710: 
38711: 	* TODO:
38712: 	fixed typoe
38713: 	[70fd6361b2bc]
38714: 
38715: 	* visudo.c:
38716: 	updated version
38717: 	[cf13d87d789f]
38718: 
38719: 	* Makefile.in:
38720: 	updated version
38721: 	[8c5dacc27a7a]
38722: 
38723: 	* config.h.in, pathnames.h.in:
38724: 	added copyright header
38725: 	[747ce3d3d6b7]
38726: 
38727: 	* check.c, find_path.c, insults.h, logging.c, parse.c, parse.lex,
38728: 	parse.yacc, sudo.c, sudo.h:
38729: 	udpated version
38730: 	[4751c39bad18]
38731: 
38732: 	* visudo.c:
38733: 	udpated to use configure + pathnames.h
38734: 	[d45dff76a1cd]
38735: 
38736: 	* aclocal.m4:
38737: 	updated
38738: 	[f05a367a55be]
38739: 
38740: 	* Makefile.in, config.h.in, configure.in:
38741: 	updated
38742: 	[524778598879]
38743: 
38744: 	* sudo.h:
38745: 	now works with configure
38746: 	[83fc40e533f4]
38747: 
38748: 	* check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c:
38749: 	updated to work with configure + pathnames.h
38750: 	[cb67fa6ab52d]
38751: 
38752: 	* Makefile.in:
38753: 	added LEXLIB
38754: 	[f43cad4ab0a2]
38755: 
38756: 1994-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
38757: 
38758: 	* COPYING:
38759: 	updated gnu general licence to versio 2
38760: 	[2b0b56112ddc]
38761: 
38762: 	* config.h.in, pathnames.h.in:
38763: 	Initial revision
38764: 	[4b586f39ec2d]
38765: 
38766: 	* sudo.h:
38767: 	changed to work with configure
38768: 	[13f3506ddf16]
38769: 
38770: 1994-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
38771: 
38772: 	* Makefile.in, aclocal.m4, configure.in:
38773: 	Initial revision
38774: 	[a8636ae77371]
38775: 
38776: 	* visudo.c:
38777: 	now uses defines used by configure
38778: 	[de438d118993]
38779: 
38780: 1994-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
38781: 
38782: 	* find_path.c:
38783: 	sudo won't bitch about EPERM now, for real
38784: 	[ce26d9ef7e3f]
38785: 
38786: 1994-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
38787: 
38788: 	* logging.c:
38789: 	renamed exec_argv to eliminate a libc name clash with ksros
38790: 	[bcb4350d8411]
38791: 
38792: 	* CHANGES:
38793: 	corrected
38794: 	[dae68d422efd]
38795: 
38796: 	* logging.c, sudo.c, sudo.h:
38797: 	execve -> execv
38798: 	[40cc2c4bdb15]
38799: 
38800: 	* TODO:
38801: 	upated
38802: 	[9275a8b8fc45]
38803: 
38804: 	* PORTING:
38805: 	added 2 mroe items
38806: 	[6cbb5c56993c]
38807: 
38808: 	* CHANGES:
38809: 	updated
38810: 	[73f34f8e571a]
38811: 
38812: 	* sudo.h:
38813: 	added UMASK and mode_t declaration
38814: 	[7c2015e1d171]
38815: 
38816: 	* sudo.c:
38817: 	added UMASK
38818: 	[d37be7523680]
38819: 
38820: 	* logging.c:
38821: 	now opens log file with mode 077
38822: 	[0825cc3ee841]
38823: 
38824: 	* check.c:
38825: 	saved current umask ans restores it
38826: 	[659c1aaae8e8]
38827: 
38828: 	* sudo.h:
38829: 	added MAXLOGFILELEN
38830: 	[34331c7dee90]
38831: 
38832: 	* logging.c:
38833: 	split long log lines. FOr syslog, split into multiple entries, for a
38834: 	log file, indent the extra for readability
38835: 	[72c9e4cdba6e]
38836: 
38837: 1994-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
38838: 
38839: 	* CHANGES:
38840: 	added changes
38841: 	[81196833673d]
38842: 
38843: 	* sudo.h:
38844: 	MAXLOGLEN & MAXSYSLOGLEN are now different (as they should be)
38845: 	[1aa69e903840]
38846: 
38847: 1994-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
38848: 
38849: 	* TODO:
38850: 	added input from Brett M Hogden <hogden@rge.com>
38851: 	[80f01fc88ce9]
38852: 
38853: 1994-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
38854: 
38855: 	* sudo.c:
38856: 	added rmenv() to remove stuff from environ. can now uses execvp() OR
38857: 	execve() becuase of this.
38858: 	[e7fc2535bd67]
38859: 
38860: 	* logging.c:
38861: 	now uses execvp() OR execve()
38862: 	[56391aa1f99d]
38863: 
38864: 	* sudo.h:
38865: 	added USE_EXECVE
38866: 	[f21f38050b95]
38867: 
38868: 	* sudo.h:
38869: 	added environ
38870: 	[6b805e23c6f6]
38871: 
38872: 	* find_path.c:
38873: 	now ignore EPERM
38874: 	[c8fd7117a1d7]
38875: 
38876: 	* sudo.h:
38877: 	moved some func decls out of sudo.h and into sudo.c as statics /.
38878: 	[5f555c267d27]
38879: 
38880: 	* CHANGES:
38881: 	updated
38882: 	[431f478af320]
38883: 
38884: 	* sudo.h:
38885: 	took out Envp
38886: 	[6f722be7793d]
38887: 
38888: 1994-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
38889: 
38890: 	* BUGS:
38891: 	Initial revision
38892: 	[4a8ecf0da95c]
38893: 
38894: 1994-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
38895: 
38896: 	* CHANGES:
38897: 	added SECURE_PATH
38898: 	[1c72cb222609]
38899: 
38900: 	* sudo.c, sudo.h:
38901: 	added SECURE_PATH
38902: 	[5bf5357a63c5]
38903: 
38904: 	* sudo.h:
38905: 	added SECURE_PATH
38906: 	[3976a74405ac]
38907: 
38908: 	* INSTALL:
38909: 	added sample.sudoers note
38910: 	[1b395d29aaeb]
38911: 
38912: 	* sudoers:
38913: 	Initial revision
38914: 	[485888d07477]
38915: 
38916: 1994-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
38917: 
38918: 	* find_path.c:
38919: 	fixed typo
38920: 	[bfc3cc4d41ca]
38921: 
38922: 	* PORTING:
38923: 	took out SAVED_UID garbage
38924: 	[b7c2d3469661] [SUDO_1_3_0]
38925: 
38926: 	* INSTALL:
38927: 	mentioned HAL
38928: 	[253d6695df90]
38929: 
38930: 	* sudo.h:
38931: 	added HAL line
38932: 	[29ec1a4ac6de]
38933: 
38934: 	* insults.h:
38935: 	added HAL insults
38936: 	[7d7c96d77c74]
38937: 
38938: 	* TODO:
38939: 	updated
38940: 	[aa2ed9790586]
38941: 
38942: 	* logging.c:
38943: 	more verbose error if mailer not found
38944: 	[fca47fd00cb6]
38945: 
38946: 	* check.c:
38947: 	now do getpwent as root for soem shadow password systems (bsdi)
38948: 	[e0339e110d46]
38949: 
38950: 1994-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
38951: 
38952: 	* sudo.h:
38953: 	took out SAVED_UID garbade
38954: 	[fcb0e81dcdb5]
38955: 
38956: 	* sudo.c:
38957: 	took out SAVED_UID garbage since it don't work
38958: 	[507e9513e9c2]
38959: 
38960: 1994-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
38961: 
38962: 	* README:
38963: 	updated
38964: 	[d2b6b253dae5]
38965: 
38966: 	* insults.h:
38967: 	added a missing space :-)
38968: 	[8940ea991f87]
38969: 
38970: 	* sudo.c, sudo.h:
38971: 	took out multimax cruft
38972: 	[c2606b365181]
38973: 
38974: 	* INSTALL:
38975: 	minor update
38976: 	[05fb6ee73131]
38977: 
38978: 	* PORTING:
38979: 	finished
38980: 	[c4ac47c84dc5]
38981: 
38982: 	* sudo.c:
38983: 	fixed a typo + indentation
38984: 	[7eab40aae8fa]
38985: 
38986: 1994-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
38987: 
38988: 	* sudo.h:
38989: 	took outumoved some defines to the config file ,. ,.
38990: 	[defff05beb52]
38991: 
38992: 	* PORTING:
38993: 	Initial revision
38994: 	[c803e9127959]
38995: 
38996: 	* TODO:
38997: 	did #6
38998: 	[c6fa1c946c31]
38999: 
39000: 	* sudo.h:
39001: 	added HAS_SAVED_UID
39002: 	[6a88a39c0a07]
39003: 
39004: 	* sudo.c:
39005: 	put back AIX cruft
39006: 	[a24d2507ddd4]
39007: 
39008: 1994-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
39009: 
39010: 	* sudo.c:
39011: 	aix changes
39012: 	[1663915f754a]
39013: 
39014: 1994-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
39015: 
39016: 	* CHANGES:
39017: 	updated
39018: 	[a8cc73747cae]
39019: 
39020: 	* check.c, logging.c, parse.c, sudo.c, sudo.h:
39021: 	now is only root when abs necesary
39022: 	[3c9d12c5cdfe]
39023: 
39024: 	* check.c:
39025: 	added missing %s\n
39026: 	[609320b72d89]
39027: 
39028: 1994-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
39029: 
39030: 	* install-sh:
39031: 	Initial revision
39032: 	[b5bba140a175]
39033: 
39034: 	* TODO:
39035: 	updated
39036: 	[c9d2eba602af]
39037: 
39038: 	* CHANGES:
39039: 	updated
39040: 	[932f1fc3bb14]
39041: 
39042: 	* sudo.c:
39043: 	now removed _RLD_* for alphas
39044: 	[54a36e648158]
39045: 
39046: 	* INSTALL:
39047: 	updated for new config scheme
39048: 	[61c8ae800444]
39049: 
39050: 	* find_path.c:
39051: 	more verbose eror messages
39052: 	[b4fd123db42d]
39053: 
39054: 1994-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
39055: 
39056: 	* TODO:
39057: 	now have solaris
39058: 	[371002fbf266]
39059: 
39060: 	* sudo.h:
39061: 	define __svr4__ for SOLARIS
39062: 	[0b5cf5ed936d]
39063: 
39064: 	* check.c:
39065: 	added svr4 junk for shadow pws for solaris 2.x
39066: 	[91ed58f21618]
39067: 
39068: 	* check.c, sudo.c:
39069: 	took out setuid(0) and setreuid(udi) garbage. Its not needed since
39070: 	we start out setuid with the correct perms.
39071: 	[07689e782b0b]
39072: 
39073: 	* check.c, sudo.c, sudo.h:
39074: 	now use setreuid()
39075: 	[7d64d685d78e]
39076: 
39077: 1994-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
39078: 
39079: 	* sudo.man:
39080: 	revised AUTHORS secrtion & added ENV_EDITOR stuff to VARIABLES
39081: 	sectoin
39082: 	[b26967b1e19b]
39083: 
39084: 	* visudo.c:
39085: 	now uses ENV_EDITOR if you want to use the EDITOR envar
39086: 	[a4f8fcb9bd1d]
39087: 
39088: 	* sudo.h:
39089: 	now uses ENV_EDITOR if you want to use the EDITOR envar >> .
39090: 	[028cc55c4328]
39091: 
39092: 1993-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
39093: 
39094: 	* INSTALL:
39095: 	rewrote most of this
39096: 	[a6750923f9c9]
39097: 
39098: 	* README:
39099: 	minor update + spell fix
39100: 	[a411717a7249]
39101: 
39102: 	* sudo.h:
39103: 	added all options that are in the Makefile
39104: 	[6db3b3b841b3]
39105: 
39106: 	* getpass.c:
39107: 	now use USE_TERMIO #define for sgi & hpux
39108: 	[b91f89ae6be1]
39109: 
39110: 	* TODO:
39111: 	todo: posix sigs
39112: 	[4548a56eb2ef]
39113: 
39114: 1993-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
39115: 
39116: 	* check.c, find_path.c:
39117: 	always include strings.h
39118: 	[1fc20bda92c0]
39119: 
39120: 	* visudo.c:
39121: 	added STATICEDITOR
39122: 	[0596f820716e]
39123: 
39124: 	* sudo.h:
39125: 	sgi has vi in /usr/bin too
39126: 	[94203b62bfd9]
39127: 
39128: 	* sudo.man:
39129: 	added VISUAL
39130: 	[87c2844c4cac]
39131: 
39132: 1993-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
39133: 
39134: 	* sudo.h:
39135: 	sue /usr/bin/vi on some systems
39136: 	[e3ad9190f35e]
39137: 
39138: 	* sudo.c:
39139: 	fixed warning (include strings.h)
39140: 	[0b896de4d8a0]
39141: 
39142: 	* sudo.man:
39143: 	added John_Rouillard@dl5000.bc.edu's changes (new features)
39144: 	[f41b4205a8cf]
39145: 
39146: 	* CHANGES:
39147: 	changes from John_Rouillard@dl5000.bc.edu
39148: 	[6bdef8e948d5]
39149: 
39150: 	* visudo.c:
39151: 	added EDITOR envar
39152: 	[5c4bf716de21]
39153: 
39154: 	* check.c, find_path.c, parse.c, sudo.c:
39155: 	added patches from John_Rouillard directory spec uses EDITOR
39156: 	[f62a435f8c41]
39157: 
39158: 1993-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
39159: 
39160: 	* getpass.c:
39161: 	added flush for hpux
39162: 	[07cfdd6a7b55]
39163: 
39164: 1993-11-30  Todd C. Miller  <Todd.Miller@courtesan.com>
39165: 
39166: 	* sudo.c:
39167: 	no longer assume malloc returns a char *
39168: 	[7480bd2756f3]
39169: 
39170: 	* sudo.c:
39171: 	alpha change to remove LD_-like thing fixed SHLIB_PATH stuff -- now
39172: 	gets removed correctly
39173: 	[8587166c6ac8]
39174: 
39175: 	* sudo.h:
39176: 	added STD_HEADERS macro
39177: 	[480f5a9a516c]
39178: 
39179: 	* sudo.c:
39180: 	now uses STD_HEADERS macor for ansi
39181: 	[c5018806fd59]
39182: 
39183: 	* find_path.c:
39184: 	now uses STD_HEADERS macro
39185: 	[ad821e0788ea]
39186: 
39187: 	* check.c:
39188: 	niceties for C compiler bitches -- no real change
39189: 	[0fc0b1a5fb64]
39190: 
39191: 1993-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
39192: 
39193: 	* visudo.c:
39194: 	now doesn't fclose a file never opened.
39195: 	[ee888ec9427d]
39196: 
39197: 1993-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
39198: 
39199: 	* sudo.man:
39200: 	added visudo line
39201: 	[698d51c66407]
39202: 
39203: 	* sudo.man:
39204: 	added error stuff added me in there...
39205: 	[d202fd34b906]
39206: 
39207: 	* CHANGES:
39208: 	noted insults
39209: 	[998a22c2230c]
39210: 
39211: 	* INSTALL:
39212: 	added blurb about reading stuff
39213: 	[e71db100798f]
39214: 
39215: 	* sudo.h:
39216: 	added insults
39217: 	[c110431cec56]
39218: 
39219: 	* insults.h:
39220: 	corrected somments and removed newlines
39221: 	[493706fd488c]
39222: 
39223: 	* check.c:
39224: 	now uses insults
39225: 	[6d23cf06a0ef]
39226: 
39227: 	* insults.h:
39228: 	Initial revision
39229: 	[83153c26b4a3]
39230: 
39231: 	* INSTALL:
39232: 	added dec syslog note
39233: 	[555437273237]
39234: 
39235: 	* sample.sudoers:
39236: 	added real stuff in there
39237: 	[53442a7fba78]
39238: 
39239: 	* TODO:
39240: 	added a todo
39241: 	[c630472bd4dc]
39242: 
39243: 	* TODO:
39244: 	added one
39245: 	[806464453284]
39246: 
39247: 1993-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
39248: 
39249: 	* sample.sudoers:
39250: 	Initial revision
39251: 	[7db0a9f1ca8f]
39252: 
39253: 	* sudo.man:
39254: 	updated with changes
39255: 	[d9bf254c6c08]
39256: 
39257: 	* sudo.man:
39258: 	Initial revision
39259: 	[dd6f11174ac6]
39260: 
39261: 	* indent.pro:
39262: 	Initial revision
39263: 	[dbfbb494fad9]
39264: 
39265: 	* CHANGES, COPYING, INSTALL, README, TODO:
39266: 	Initial revision
39267: 	[6d98f489a079]
39268: 
39269: 	* visudo.c:
39270: 	updated version number and took out jeff's old addr since it is no
39271: 	good
39272: 	[ee47c24818cb]
39273: 
39274: 	* check.c, find_path.c, logging.c, parse.c, parse.lex, parse.yacc,
39275: 	sudo.c, sudo.h:
39276: 	updated version number and took out jeff's email (since it is
39277: 	invalid)
39278: 	[54616458a52e]
39279: 
39280: 1993-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
39281: 
39282: 	* check.c:
39283: 	added fflush()
39284: 	[145c881f4fb4]
39285: 
39286: 1993-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
39287: 
39288: 	* find_path.c:
39289: 	now return NULL instead pfof exiting for nopnn-fatal errors
39290: 	[8bc74f8cb1ae]
39291: 
39292: 1993-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
39293: 
39294: 	* check.c:
39295: 	new banner
39296: 	[5387ab2af516]
39297: 
39298: 	* parse.lex:
39299: 	now sudo.h gets included first
39300: 	[2acb01c18e18]
39301: 
39302: 1993-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
39303: 
39304: 	* parse.lex:
39305: 	now can use flex
39306: 	[164d3839adf0]
39307: 
39308: 	* sudo.h:
39309: 	linux patch
39310: 	[f1b6b1b1a2ca]
39311: 
39312: 	* sudo.c:
39313: 	hpux 9 fix, removes SHLIB_PATH linux patch
39314: 	[67611dc1737f]
39315: 
39316: 	* check.c:
39317: 	linux diff
39318: 	[c24536682397]
39319: 
39320: 1993-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
39321: 
39322: 	* find_path.c:
39323: 	stat now ignores EINVAL
39324: 	[c7761a5dc642]
39325: 
39326: 1993-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
39327: 
39328: 	* find_path.c, sudo.c:
39329: 	now declare strdup as extern
39330: 	[6b7d6f8784b5]
39331: 
39332: 1993-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
39333: 
39334: 	* visudo.c:
39335: 	reformatted with indent + by hand
39336: 	[9d43084e4990]
39337: 
39338: 	* check.c, find_path.c, getpass.c, logging.c, parse.c, sudo.c, sudo.h:
39339: 	used indent to "fix" coding style
39340: 	[489ffacbdc70]
39341: 
39342: 	* find_path.c:
39343: 	now checks '.' or '.' or '' in PATH -- but does it LAST should maybe
39344: 	move the code that does this into the loop body. makes it messier
39345: 	tho. hmmm.
39346: 	[c4d22b48da9a]
39347: 
39348: 1993-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
39349: 
39350: 	* find_path.c:
39351: 	redid the fix for non-executable files in an easier to read way plus
39352: 	some minor aethetic changes
39353: 	[84fe337f1426]
39354: 
39355: 	* find_path.c:
39356: 	fixed bug with non-executable tings of same name in path introduced
39357: 	by checkig errno after stat(2).
39358: 	[c2a812cfcbc1]
39359: 
39360: 1993-09-05  Todd C. Miller  <Todd.Miller@courtesan.com>
39361: 
39362: 	* sudo.c:
39363: 	fixed off by one error
39364: 	[fabb7cee0041]
39365: 
39366: 	* find_path.c:
39367: 	now handles decending below '/' correctly
39368: 	[5d2ddfc0b220]
39369: 
39370: 	* sudo.c:
39371: 	now actually builds Envp instead of munging envp
39372: 	[bdc4b08f6898]
39373: 
39374: 1993-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
39375: 
39376: 	* parse.yacc:
39377: 	now includes sys/param.h
39378: 	[efbb494ab4de]
39379: 
39380: 	* visudo.c:
39381: 	now includes sys/param.h
39382: 	[ad6c91d59958]
39383: 
39384: 	* sudo.h:
39385: 	fixed ifndef -> ifdef
39386: 	[7aebe822d863]
39387: 
39388: 	* qualify.c:
39389: 	make more like find_path.c
39390: 	[853b2dab2e03]
39391: 
39392: 	* find_path.c:
39393: 	rewritten by millert
39394: 	[c6a043cc11b3]
39395: 
39396: 	* sudo.h:
39397: 	fixed MAXCOMMANDLENGTH now uses USE_CWD and NEED_STRDUP added info
39398: 	about new defines in the comment
39399: 	[39ffefce3aec]
39400: 
39401: 	* logging.c:
39402: 	now uses USE_CWD
39403: 	[fa0f3b118bb3]
39404: 
39405: 	* sudo.h:
39406: 	added delc for clean_envp() and Envp
39407: 	[a12034e300c2]
39408: 
39409: 	* sudo.c:
39410: 	now rips LD_* env vars out of envp and passed sanitized Envp to exec
39411: 	[d201a218e056]
39412: 
39413: 	* logging.c:
39414: 	now uses execve()
39415: 	[f3e01032cd33]
39416: 
39417: 	* find_path.c:
39418: 	ENOTDIR is ok now too (in case part of the path is bogus)
39419: 	[b5cbbb201bb5]
39420: 
39421: 	* qualify.c:
39422: 	now works correctly (ttaltotal rewrite)
39423: 	[0c25d64a5c68]
39424: 
39425: 	* parse.lex:
39426: 	now includes sys/param.h didn't match trailing / -- fix from
39427: 	rouilj@cs.umb.edu
39428: 	[b6363ba110af]
39429: 
39430: 1993-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
39431: 
39432: 	* sudo.c:
39433: 	moved around the #ifndef _AIX
39434: 	[7d4330950c20]
39435: 
39436: 	* check.c, logging.c, parse.c:
39437: 	Initial revision
39438: 	[c101e9572d7f]
39439: 
39440: 1993-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
39441: 
39442: 	* qualify.c:
39443: 	Initial revision
39444: 	[5a5f21d0e0bf]
39445: 
39446: 1993-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
39447: 
39448: 	* find_path.c:
39449: 	now works if you do sudo bin/test
39450: 	[07835120ce43]
39451: 
39452: 	* find_path.c:
39453: 	works
39454: 	[c3da8b5efa20]
39455: 
39456: 1993-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
39457: 
39458: 	* sudo.h:
39459: 	Initial revision
39460: 	[28a1caa38b72]
39461: 
39462: 	* visudo.c:
39463: 	Initial revision
39464: 	[0e5cd7c3cdbe]
39465: 
39466: 	* parse.lex, parse.yacc:
39467: 	Initial revision
39468: 	[5f2d0cccb06b]
39469: 
39470: 1993-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
39471: 
39472: 	* sudo.c:
39473: 	took out errno.h
39474: 	[7466431a2655]
39475: 
39476: 	* sudo.c:
39477: 	now spews error if exec fails and exits with -1
39478: 	[e5c41ea725c1]
39479: 
39480: 	* sudo.c:
39481: 	Initial revision
39482: 	[8aeabe39a0c2]
39483: 
39484: 	* find_path.c:
39485: 	now only execs files with (an) executable bit set.
39486: 	[0a451f9c0e58]
39487: 
39488: 	* find_path.c:
39489: 	Initial revision
39490: 	[02a534891a35]
39491: 
39492: 1993-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
39493: 
39494: 	* getpass.c:
39495: 	added nice comment
39496: 	[ea8b2aaa9389]
39497: 
39498: 	* getpass.c:
39499: 	now works on sgi's
39500: 	[bf2b7c6d0960]
39501: 
39502: 	* getpass.c:
39503: 	Initial revision
39504: 	[9f4de251c1b5]
39505: 

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>