2023-11-07  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_15p1 for changeset d23f72517e07
	[f67d129d3e36] [tip] <1.9>

	* NEWS, configure, configure.ac:
	Merge sudo 1.9.15p1 from tip.
	[d23f72517e07] [SUDO_1_9_15p1] <1.9>

	* NEWS, configure, configure.ac:
	Sudo 1.9.15p1
	[9aae361b70ef]

	* plugins/sudoers/sudoers.h:
	Correct the order of the strings in SUDOERS_CONTEXT_INITIALIZER.

	Fixes GitHub issue #325, a bug introduced in sudo 1.9.15.
	[0266ed6c95f9]

2023-11-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	In the sudo 1.9.14p3 section, "Python python" should be "Python
	plugin".
	[dee39187deda]

	* .hgtags:
	Added tag SUDO_1_9_15 for changeset 277833c12efb
	[3517bf78fcf5] <1.9>

	* MANIFEST, NEWS, config.h.in, configure, configure.ac,
	include/sudo_compat.h, include/sudo_util.h, lib/util/hexchar.c,
	lib/util/regress/hexchar/hexchar_test.c, lib/util/term.c,
	logsrvd/iolog_writer.c, logsrvd/tls_init.c,
	plugins/python/pyhelpers.c, plugins/python/python_convmessage.c,
	plugins/python/python_loghandler.c,
	plugins/python/python_plugin_common.c,
	plugins/python/regress/testhelpers.c,
	plugins/python/sudo_python_module.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
	plugins/sudoers/lookup.c, plugins/sudoers/match_command.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/cvtsudoers/test31.sh,
	plugins/sudoers/regress/cvtsudoers/test32.sh,
	plugins/sudoers/regress/cvtsudoers/test35.sh,
	plugins/sudoers/regress/cvtsudoers/test36.sh,
	plugins/sudoers/regress/cvtsudoers/test39.sh,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/testsudoers/test20.sh,
	plugins/sudoers/regress/testsudoers/test21.sh,
	plugins/sudoers/regress/testsudoers/test22.sh,
	plugins/sudoers/regress/testsudoers/test23.sh,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoreplay.c,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c,
	src/exec_monitor.c, src/exec_nopty.c, src/exec_ptrace.c,
	src/exec_pty.c:
	Merge sudo 1.9.15 from tip.
	[277833c12efb] [SUDO_1_9_15] <1.9>

	* NEWS:
	Sudo now logs the submitenv in the JSON logs.
	[c1a5e609352f]

	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in:
	Document special cases for AIX-style shared libraries.

	The shared object is a member of an archive file that is specified
	in parentheses.
	[bb9a50249072]

2023-11-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in:
	Add sudoers plugin Debug example and x-ref sudoers man page for
	details.
	[ef23f00ac8ad]

	* docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in:
	The HP-UX getgrouplist() code has been disabled due to bugs.
	[0bc060c69389]

2023-11-03  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/sudo_conf.c:
	sudo_conf_debug_files: special handling of DSO members for AIX

	When matching debug files for AIX-style DSOs like
	sudoers.a(sudoers.so) we want to match on the full name, the name
	without the member and on the member itself. This makes it possible
	to use the existing examples in the sudo.conf fiile on AIX.
	[2ec138dbc507]

	* plugins/sudoers/pwutil.c:
	sudo_set_grlist and sudo_set_gidlist: set auth registry based on
	username

	Previously we used the global registry but since we have the user's
	passwd info we should use that when storing the group and gid lists.
	[71b6647d4cb0]

2023-11-02  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/parse_ldif.c:
	role_to_sudoers: only try to reuse a privilege if one is present
	[91207af2554c]

	* plugins/sudoers/defaults.c:
	store_plugin: avoid potential NULL deref in boolean context

	Coverity CID 330466
	[5c7ebbaf83c4]

	* plugins/sudoers/sudoreplay.c, src/conversation.c:
	Avoid passing sudo_term_is_raw() -1 for the fd.

	Coverity CID 330472 Coverity CID 330468
	[b28a472152ab]

	* logsrvd/sendlog.c:
	fmt_info_messages: bump info_msgs_size for submitenv
	[e36bfd74abb9]

	* NEWS:
	Better log message when rejecting a setid command in intercept mode.
	[06d161998e22]

	* plugins/sudoers/logging.c, plugins/sudoers/lookup.c,
	plugins/sudoers/match_command.c, plugins/sudoers/parse.h,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Move the check for running setid commands in intercept mode to
	later.

	Checking for setid commands in intercept mode after command matching
	allows us to log a proper error message. Previously, we simply
	ignored setid commands when matching and the only indication of why
	was in the debug logs.
	[b07b8fcff911]

	* plugins/sudoers/timestamp.c:
	timestamp_open: add some debugging
	[dc7070cbadd9]

2023-10-31  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/auth/sia.c:
	sudo_sia_begin_session: add missing struct sudoers_context * arg.
	[4caf619af53b]

	* plugins/sudoers/auth/kerb5.c:
	verify_krb_v5_tgt: auth name must be const to match struct
	sudo_auth.
	[e4d6a0b15003]

	* .circleci/config.yml:
	Disable PAM before enabling Kerberos V.
	[55523956e9ff]

	* .circleci/config.yml, docker/debian/latest/Dockerfile,
	docker/debian/testing/Dockerfile, docker/fedora/latest/Dockerfile,
	docker/fedora/rawhide/Dockerfile, docker/ubuntu/devel/Dockerfile,
	docker/ubuntu/latest/Dockerfile, docker/ubuntu/rolling/Dockerfile:
	Add Kerberos V build and test to CI.
	[7cf8ab128064]

2023-10-31  Renato Botelho  <garga@FreeBSD.org>

	* plugins/sudoers/auth/kerb5.c:
	Add missing sudoers_context to verify_krb_v5_tgt()

	Commit 244017495421 added ctx variable to log_warningx() call but
	that variable was not declared in that context, breaking the build.
	[7b89c1b61e19]

2023-10-30  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po:
	Updated translations from translationproject.org
	[2a5a4f1350ee]

2023-10-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* logsrvd/logsrvd.c:
	Set the open file descriptor limit to the maximum allowed value.

	Each connection can require up to 9 descriptors.
	[72b6593b631d]

2023-10-23  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	Mention new Indonesian translation and sudo_logsrvd fd limit change.
	[753002967fc0]

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/ro.mo, plugins/sudoers/po/ro.po,
	plugins/sudoers/po/ru.mo, plugins/sudoers/po/ru.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/sv.mo, plugins/sudoers/po/sv.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/hr.mo,
	po/hr.po, po/ja.mo, po/ja.po, po/sr.mo, po/sr.po, po/zh_CN.mo,
	po/zh_CN.po:
	Updated translations from translationproject.org
	[619098603afe]

	* docs/CONTRIBUTORS.md:
	Add Andika Triwidada
	[7e6293a4a00a]

	* MANIFEST, po/id.mo, po/id.po:
	New Indonesian translation from translationproject.org
	[568e33cb694c]

2023-10-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	Mention GitHub issue #318
	[4b4c1d8da478]

	* plugins/sudoers/env.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Avoid a double-free in fuzz_policy caused by the early
	env_init(NULL).

	This adds an env_free() function to explicitly free both the old and
	new copies of the environment. It is really only needed by
	fuzz_policy, which calls the policy module multiple times.
	[9cb4400fe76c]

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c,
	logsrvd/iolog_writer.c, logsrvd/sendlog.c, plugins/sudoers/iolog.c,
	plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h:
	Store submitenv in eventlog and pass it to sudo_logsrvd.
	[3ef684a6f888]

2023-10-21  Todd C. Miller  <Todd.Miller@sudo.ws>

	* include/sudo_eventlog.h, lib/eventlog/eventlog.c,
	lib/eventlog/eventlog_free.c, lib/eventlog/parse_json.c,
	lib/iolog/iolog_loginfo.c, logsrvd/iolog_writer.c,
	logsrvd/sendlog.c, plugins/sudoers/iolog.c,
	plugins/sudoers/log_client.c, plugins/sudoers/logging.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/sudoreplay.c:
	struct eventlog: rename argv/env to runargv/runenv.

	This matches the JSON logs.
	[df2ac695bcf7]

	* plugins/sudoers/logging.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	struct sudoers_user_context: rename env_vars to env_add
	[f57859bca061]

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c:
	Only log the run environment for commands that are allowed.

	It may not be available otherwise and unless the command is being
	run it has no real meaning.
	[98b79f16e06e]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.c:
	Free the private copy of the environment in sudoers_check_cmnd().

	This reverts 5118eb5797fb, which had the side-effect of the PAM
	session code running with the run environment instead of the
	invoking user's environment. Issue #318
	[6b4abada2e55]

2023-10-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/iolog/iolog_swapids.c:
	iolog_swapids: short circuit if effective ids match iolog ids.
	[6871a2a50eae]

	* lib/iolog/iolog_mkdirs.c, logsrvd/iolog_writer.c:
	logsrvd: display error string in message if iolog_mkpath() fails
	[4a601c7e1248]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.15
	[39ac757a80c9]

2023-10-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sudoers.in:
	Add example for disabling intercept/log_subcmds for certain
	commands.
	[52d01bcd6e3a]

	* lib/util/mksiglist.c, lib/util/mksigname.c:
	Use NSIG instead of nitems(array) for the loop bound.

	This matches the sudo_sys_siglist[] and sudo_sys_signame[]
	declarations.
	[d515abb232ae]

	* plugins/sudoers/tsdump.c:
	tsdump: fix compiler warnings
	[4e5d80f29845]

2023-10-17  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/eventlog/regress/logwrap/check_wrap.c, lib/util/mksiglist.c,
	lib/util/mksigname.c, logsrvd/sendlog.c,
	plugins/python/regress/iohelpers.c, plugins/sudoers/tsdump.c:
	Avoid using %zu or %zd with printf() and fprintf().

	This prevents problems on systems where the system printf(3) is not
	C99-compliant. We use our own snprintf() on such systems so that is
	safe.
	[7ff250c66e05]

	* plugins/sudoers/sudo_printf.c, src/conversation.c:
	Use vsnprintf() instead of vfprintf() for sudo_printf() to avoid
	problems on systems where the system printf(3) is not C99-compliant.
	We use our own snprintf() on such systems.
	[053c94c3db03]

	* include/sudo_compat.h, lib/util/getdelim.c, lib/util/realpath.c,
	lib/util/regress/getdelim/getdelim_test.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	strlcpy_expand_host, sudo_getdelim, sudo_realpath: add restrict
	qualifier
	[8669d4d9b4d9]

	* NEWS:
	Fixed GitHub issue #312.
	[b6e269e7eeaa]

2023-10-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/term.c:
	Better handling of multiple sudo processes modifying terminal
	settings. 1. Lock the terminal before tcgetattr/tcsetattr 2. Don't
	restore terminal settings if changed by another process 3. Don't set
	terminal to raw mode if it is already raw GitHub issue #312
	[8d5664300c7e]

2023-10-16  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* plugins/sudoers/prompt.c, plugins/sudoers/strlcpy_unesc.c,
	plugins/sudoers/sudoers.h:
	Add restrict to strlcpy and expand_prompt
	[b26d50f82d2f]

2023-10-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_pty.c:
	Add a little extra debugging info.
	[b2533548f50b]

2023-10-15  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* lib/util/regress/hexchar/hexchar_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c, lib/util/sudo_conf.c:
	Swap calloc arguments to use them properly.
	[1d4877da5233]

2023-10-14  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_ptrace.c:
	ptrace_intercept_execve: make flags unsigned to match
	command_details
	[97ee796e74ec]

2023-10-13  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* include/sudo_util.h, src/exec_ptrace.h:
	Specify 1U over 1 for bitmaps
	[8eaecce2e3c6]

2023-10-12  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/parse.h,
	plugins/sudoers/sudoers.h:
	Fix spelling: resistent -> resistant
	[df6b986b8d31]

2023-10-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .gitignore, .hgignore:
	Add plugins/sudoers/tsgetusershell.c to ignore files.
	[5e9538b2aaae]

2023-10-02  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/mkdefaults:
	Fix compatibility with older versions of (new) awk.

	Do not rely on awk supporting "-f -" to read the program from stdin.
	Avoid using POSIX character classes in regular expressions.
	[0e67e9ba4ddf]

2023-10-02  Alexander F. Rødseth  <alexander.fet.rodseth@schibsted.com>

	* plugins/sudoers/visudo.c:
	Add Orbiton ("o") to the list of editors that supports +lineno
	[28e192d4be9b]

	* plugins/sudoers/visudo.c:
	Sort the list of editors that supports +lineno
	[6467309f5ac3]

2023-09-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudoers.man.in, docs/sudoers.mdoc.in:
	Mention potential problems with log_subcmds and intercept.
	[9c93f9315924]

	* src/sudo.c:
	Add more user info to the list of objects to be garbage-collected at
	exit.
	[caeb35967cd2]

2023-09-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/python/pyhelpers.c, plugins/python/pyhelpers.h:
	Use long, not long long, when getting/setting numeric attributes.

	We use int or long, not long long, in the Python plugin.
	[d1008ce69cf6]

	* plugins/sudoers/file.c:
	sudo_file_open: initialize parser before calling open_sudoers().

	Otherwise, the parser_conf settings in the context passed to
	sudo_file_open() will not be honored by open_sudoers(). Affected
	settings include ignore_perms, sudoers mode, uid and gid.
	[21e56d49521a]

	* lib/eventlog/parse_json.c, lib/iolog/iolog_legacy.c,
	lib/iolog/iolog_timing.c, logsrvd/iolog_writer.c,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_local.c, logsrvd/sendlog.c,
	plugins/sudoers/defaults.c, plugins/sudoers/iolog.c,
	plugins/sudoers/log_client.c:
	Add casts when storing values in a struct timespec.

	Fixes -Wconversion warnings on some 32-bit systems where time_t is
	still 32-bit.
	[b090ed40a1d0]

2023-09-27  Rose  <83477269+AtariDreams@users.noreply.github.com>

	* lib/util/roundup.c:
	Use U, not UL, for 32-bit platforms

	size_t is an unsigned int on 32-bit platforms, not an unsigned long.
	[9f4a9b73c954]

2023-09-26  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/match_digest.c:
	digest_matches: actually use fd2 in place of fd as needed.
	[9db51e4a8521]

	* plugins/sudoers/match_digest.c:
	digest_matches: if fd argument is -1, try to open path before
	failing
	[5b323859cbd0]

	* plugins/sudoers/regress/cvtsudoers/test31.sh,
	plugins/sudoers/regress/cvtsudoers/test32.sh,
	plugins/sudoers/regress/cvtsudoers/test35.sh,
	plugins/sudoers/regress/cvtsudoers/test36.sh,
	plugins/sudoers/regress/cvtsudoers/test39.sh,
	plugins/sudoers/regress/testsudoers/test20.sh,
	plugins/sudoers/regress/testsudoers/test21.sh,
	plugins/sudoers/regress/testsudoers/test22.sh,
	plugins/sudoers/regress/testsudoers/test23.sh,
	plugins/sudoers/regress/testsudoers/test24.sh,
	plugins/sudoers/regress/testsudoers/test25.sh,
	plugins/sudoers/regress/testsudoers/test26.sh,
	plugins/sudoers/regress/testsudoers/test27.sh,
	plugins/sudoers/regress/testsudoers/test28.sh,
	plugins/sudoers/regress/testsudoers/test29.sh,
	plugins/sudoers/regress/testsudoers/test30.sh,
	plugins/sudoers/regress/testsudoers/test31.sh:
	Add missing execute bit on some test scripts.
	[07af3341fc1a]

2023-09-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sudoers.h:
	max_groups in sudoers_plugin_settings is no longer used.
	[99848d0ee951]

	* include/sudo_conf.h, include/sudo_debug.h, include/sudo_event.h,
	include/sudo_eventlog.h, include/sudo_fatal.h, include/sudo_json.h,
	include/sudo_util.h, lib/eventlog/eventlog.c,
	lib/eventlog/eventlog_conf.c, lib/eventlog/eventlog_free.c,
	lib/eventlog/logwrap.c, lib/eventlog/parse_json.c,
	lib/eventlog/parse_json.h,
	lib/eventlog/regress/eventlog_store/store_json_test.c,
	lib/eventlog/regress/eventlog_store/store_sudo_test.c,
	lib/eventlog/regress/logwrap/check_wrap.c,
	lib/eventlog/regress/parse_json/check_parse_json.c,
	lib/fuzzstub/fuzzstub.c, lib/iolog/host_port.c,
	lib/iolog/hostcheck.c, lib/iolog/iolog_clearerr.c,
	lib/iolog/iolog_close.c, lib/iolog/iolog_conf.c,
	lib/iolog/iolog_eof.c, lib/iolog/iolog_filter.c,
	lib/iolog/iolog_flush.c, lib/iolog/iolog_gets.c,
	lib/iolog/iolog_json.c, lib/iolog/iolog_legacy.c,
	lib/iolog/iolog_loginfo.c, lib/iolog/iolog_mkdirs.c,
	lib/iolog/iolog_mkdtemp.c, lib/iolog/iolog_mkpath.c,
	lib/iolog/iolog_nextid.c, lib/iolog/iolog_open.c,
	lib/iolog/iolog_openat.c, lib/iolog/iolog_path.c,
	lib/iolog/iolog_read.c, lib/iolog/iolog_seek.c,
	lib/iolog/iolog_swapids.c, lib/iolog/iolog_timing.c,
	lib/iolog/iolog_util.c, lib/iolog/iolog_write.c,
	lib/iolog/regress/fuzz/fuzz_iolog_json.c,
	lib/iolog/regress/fuzz/fuzz_iolog_legacy.c,
	lib/iolog/regress/fuzz/fuzz_iolog_timing.c,
	lib/iolog/regress/host_port/host_port_test.c,
	lib/iolog/regress/iolog_filter/check_iolog_filter.c,
	lib/iolog/regress/iolog_mkpath/check_iolog_mkpath.c,
	lib/iolog/regress/iolog_path/check_iolog_path.c,
	lib/iolog/regress/iolog_timing/check_iolog_timing.c,
	lib/logsrv/log_server.pb-c.c, lib/protobuf-c/protobuf-c.c,
	lib/ssl_compat/ssl_compat.c, lib/util/aix.c, lib/util/arc4random.c,
	lib/util/arc4random_buf.c, lib/util/arc4random_uniform.c,
	lib/util/basename.c, lib/util/cfmakeraw.c, lib/util/closefrom.c,
	lib/util/digest.c, lib/util/digest_gcrypt.c,
	lib/util/digest_openssl.c, lib/util/dup3.c, lib/util/event.c,
	lib/util/event_poll.c, lib/util/event_select.c,
	lib/util/explicit_bzero.c, lib/util/fatal.c, lib/util/fchmodat.c,
	lib/util/fchownat.c, lib/util/fnmatch.c, lib/util/freezero.c,
	lib/util/fstatat.c, lib/util/getaddrinfo.c, lib/util/getdelim.c,
	lib/util/getentropy.c, lib/util/getgrouplist.c,
	lib/util/gethostname.c, lib/util/getopt_long.c, lib/util/gettime.c,
	lib/util/getusershell.c, lib/util/gidlist.c, lib/util/glob.c,
	lib/util/gmtime_r.c, lib/util/hexchar.c, lib/util/inet_ntop.c,
	lib/util/inet_pton.c, lib/util/isblank.c, lib/util/json.c,
	lib/util/key_val.c, lib/util/lbuf.c, lib/util/localtime_r.c,
	lib/util/locking.c, lib/util/logfac.c, lib/util/logpri.c,
	lib/util/memrchr.c, lib/util/mkdir_parents.c, lib/util/mkdirat.c,
	lib/util/mksiglist.c, lib/util/mksigname.c, lib/util/mktemp.c,
	lib/util/mmap_alloc.c, lib/util/multiarch.c, lib/util/nanosleep.c,
	lib/util/openat.c, lib/util/parseln.c, lib/util/pipe2.c,
	lib/util/pread.c, lib/util/progname.c, lib/util/pw_dup.c,
	lib/util/pwrite.c, lib/util/rcstr.c, lib/util/reallocarray.c,
	lib/util/regex.c, lib/util/regress/closefrom/closefrom_test.c,
	lib/util/regress/digest/digest_test.c,
	lib/util/regress/fnmatch/fnm_test.c,
	lib/util/regress/fuzz/fuzz_sudo_conf.c,
	lib/util/regress/getdelim/getdelim_test.c,
	lib/util/regress/getgrouplist/getgids.c,
	lib/util/regress/getgrouplist/getgrouplist_test.c,
	lib/util/regress/glob/globtest.c,
	lib/util/regress/hexchar/hexchar_test.c,
	lib/util/regress/json/json_test.c,
	lib/util/regress/mktemp/mktemp_test.c,
	lib/util/regress/multiarch/multiarch_test.c,
	lib/util/regress/open_parent_dir/open_parent_dir_test.c,
	lib/util/regress/parse_gids/parse_gids_test.c,
	lib/util/regress/progname/progname_test.c,
	lib/util/regress/regex/regex_test.c,
	lib/util/regress/strsig/strsig_test.c,
	lib/util/regress/strsplit/strsplit_test.c,
	lib/util/regress/strtofoo/strtobool_test.c,
	lib/util/regress/strtofoo/strtoid_test.c,
	lib/util/regress/strtofoo/strtomode_test.c,
	lib/util/regress/strtofoo/strtonum_test.c,
	lib/util/regress/sudo_conf/conf_test.c,
	lib/util/regress/sudo_parseln/parseln_test.c,
	lib/util/regress/tailq/hltq_test.c,
	lib/util/regress/uuid/uuid_test.c, lib/util/roundup.c,
	lib/util/secure_path.c, lib/util/setgroups.c, lib/util/sha2.c,
	lib/util/sig2str.c, lib/util/snprintf.c, lib/util/str2sig.c,
	lib/util/strlcat.c, lib/util/strlcpy.c, lib/util/strndup.c,
	lib/util/strnlen.c, lib/util/strsignal.c, lib/util/strsplit.c,
	lib/util/strtobool.c, lib/util/strtoid.c, lib/util/strtomode.c,
	lib/util/strtonum.c, lib/util/sudo_conf.c, lib/util/sudo_debug.c,
	lib/util/sudo_dso.c, lib/util/sys_siglist.h, lib/util/sys_signame.h,
	lib/util/term.c, lib/util/timegm.c, lib/util/ttyname_dev.c,
	lib/util/ttysize.c, lib/util/unlinkat.c, lib/util/utimens.c,
	lib/util/uuid.c, logsrvd/iolog_writer.c, logsrvd/logsrv_util.c,
	logsrvd/logsrvd.c, logsrvd/logsrvd.h, logsrvd/logsrvd_conf.c,
	logsrvd/logsrvd_journal.c, logsrvd/logsrvd_local.c,
	logsrvd/logsrvd_queue.c, logsrvd/logsrvd_relay.c,
	logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	logsrvd/regress/logsrvd_conf/logsrvd_conf_test.c, logsrvd/sendlog.c,
	logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
	logsrvd/tls_init.c, plugins/audit_json/audit_json.c,
	plugins/group_file/getgrent.c, plugins/group_file/group_file.c,
	plugins/group_file/plugin_test.c, plugins/python/pyhelpers.c,
	plugins/python/pyhelpers.h, plugins/python/python_plugin_common.c,
	plugins/python/regress/check_python_examples.c,
	plugins/python/regress/iohelpers.h,
	plugins/python/regress/testhelpers.h,
	plugins/python/sudo_python_debug.c,
	plugins/python/sudo_python_debug.h, plugins/sample/sample_plugin.c,
	plugins/sample_approval/sample_approval.c, plugins/sudoers/alias.c,
	plugins/sudoers/audit.c, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/kerb5.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/rfc1938.c,
	plugins/sudoers/auth/secureware.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/b64_decode.c, plugins/sudoers/b64_encode.c,
	plugins/sudoers/boottime.c, plugins/sudoers/bsm_audit.c,
	plugins/sudoers/canon_path.c, plugins/sudoers/check.c,
	plugins/sudoers/check_aliases.c, plugins/sudoers/check_util.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/digestname.c,
	plugins/sudoers/display.c, plugins/sudoers/editor.c,
	plugins/sudoers/env.c, plugins/sudoers/env_pattern.c,
	plugins/sudoers/exptilde.c, plugins/sudoers/file.c,
	plugins/sudoers/filedigest.c, plugins/sudoers/find_path.c,
	plugins/sudoers/fmtsudoers.c, plugins/sudoers/fmtsudoers_cvt.c,
	plugins/sudoers/gc.c, plugins/sudoers/gentime.c,
	plugins/sudoers/getdate.c, plugins/sudoers/getdate.y,
	plugins/sudoers/getspwuid.c, plugins/sudoers/goodpath.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/group_plugin.c, plugins/sudoers/insults.h,
	plugins/sudoers/interfaces.c, plugins/sudoers/iolog.c,
	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/ldap.c,
	plugins/sudoers/ldap_conf.c, plugins/sudoers/ldap_innetgr.c,
	plugins/sudoers/ldap_util.c, plugins/sudoers/linux_audit.c,
	plugins/sudoers/locale.c, plugins/sudoers/log_client.c,
	plugins/sudoers/log_client.h, plugins/sudoers/logging.c,
	plugins/sudoers/lookup.c, plugins/sudoers/match.c,
	plugins/sudoers/match_addr.c, plugins/sudoers/match_command.c,
	plugins/sudoers/match_digest.c, plugins/sudoers/parse.h,
	plugins/sudoers/parse_ldif.c, plugins/sudoers/parser_warnx.c,
	plugins/sudoers/pivot.c, plugins/sudoers/policy.c,
	plugins/sudoers/prompt.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/redblack.c,
	plugins/sudoers/regress/check_symbols/check_symbols.c,
	plugins/sudoers/regress/editor/check_editor.c,
	plugins/sudoers/regress/env_match/check_env_pattern.c,
	plugins/sudoers/regress/exptilde/check_exptilde.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/regress/fuzz/fuzz_stubs.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c,
	plugins/sudoers/regress/fuzz/fuzz_sudoers_ldif.c,
	plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/parser/check_addr.c,
	plugins/sudoers/regress/parser/check_base64.c,
	plugins/sudoers/regress/parser/check_digest.c,
	plugins/sudoers/regress/parser/check_fill.c,
	plugins/sudoers/regress/parser/check_gentime.c,
	plugins/sudoers/regress/serialize_list/check_serialize_list.c,
	plugins/sudoers/regress/starttime/check_starttime.c,
	plugins/sudoers/regress/unescape/check_unesc.c,
	plugins/sudoers/resolve_cmnd.c, plugins/sudoers/serialize_list.c,
	plugins/sudoers/set_perms.c, plugins/sudoers/sethost.c,
	plugins/sudoers/solaris_audit.c, plugins/sudoers/sssd.c,
	plugins/sudoers/starttime.c, plugins/sudoers/strlcpy_unesc.c,
	plugins/sudoers/strlist.c, plugins/sudoers/strvec_join.c,
	plugins/sudoers/stubs.c, plugins/sudoers/sudo_nss.c,
	plugins/sudoers/sudo_printf.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_cb.c,
	plugins/sudoers/sudoers_ctx_free.c, plugins/sudoers/sudoers_debug.c,
	plugins/sudoers/sudoers_debug.h, plugins/sudoers/sudoers_hooks.c,
	plugins/sudoers/sudoreplay.c, plugins/sudoers/testsudoers.c,
	plugins/sudoers/testsudoers_pwutil.c,
	plugins/sudoers/testsudoers_pwutil.h, plugins/sudoers/timeout.c,
	plugins/sudoers/timestamp.c, plugins/sudoers/timestr.c,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l,
	plugins/sudoers/toke_util.c, plugins/sudoers/tsdump.c,
	plugins/sudoers/tsgetgrpw.c, plugins/sudoers/unesc_str.c,
	plugins/sudoers/visudo.c, plugins/sudoers/visudo_cb.c,
	plugins/system_group/system_group.c, src/apparmor.c,
	src/conversation.c, src/copy_file.c, src/edit_open.c,
	src/env_hooks.c, src/exec.c, src/exec_common.c,
	src/exec_intercept.c, src/exec_iolog.c, src/exec_monitor.c,
	src/exec_nopty.c, src/exec_preload.c, src/exec_ptrace.c,
	src/exec_pty.c, src/get_pty.c, src/hooks.c, src/intercept.pb-c.c,
	src/limits.c, src/load_plugins.c, src/openbsd.c, src/parse_args.c,
	src/preload.c, src/preserve_fds.c,
	src/regress/net_ifs/check_net_ifs.c,
	src/regress/noexec/check_noexec.c,
	src/regress/ttyname/check_ttyname.c, src/selinux.c, src/sesh.c,
	src/signal.c, src/solaris.c, src/sudo.c, src/sudo.h,
	src/sudo_edit.c, src/sudo_intercept.c, src/sudo_intercept_common.c,
	src/sudo_noexec.c, src/suspend_parent.c, src/tgetpass.c,
	src/ttyname.c, src/utmp.c:
	Use #include <foo.h> instead of #include "foo.h" in most cases.

	We rely on the include path to find many of these headers. It
	especially doesn't make sense to use #include "foo.h" for headers in
	the top-level include directory.
	[4a7d27e429e9]

	* .circleci/config.yml:
	Bump xcode to 14.2.0
	[f4775577c9b0]

2023-09-24  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/mkdefaults:
	Add support for "plugin" defaults type.
	[423dc640d220]

	* plugins/sudoers/mkdefaults:
	Support multiple input files.
	[1fff41f962f5]

2023-09-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_monitor.c, src/exec_pty.c:
	No need to loop reading from/writing to a blocking socketpair.

	This removes some infinite loops that can cause static analyzer
	warnings. The fds are not in non-blocking mode and we use
	restartable system calls so there is no need to loop.
	[132aad609392]

	* plugins/sudoers/check.c:
	check_user: fix return value for intercept mode

	Also use early return on error to quiet a PVS-Studio warning.
	[ecd721208013]

2023-09-21  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/exec_pty.c:
	Set ec->term_raw to false even if sudo_term_restore() fails.

	Either the fd is not a terminal or we don't have the controlling
	terminal. Either way, we can't know the current status of the
	terminal and will need to set to raw mode again (if possible). Also
	make sure to set ec->term_raw to false if sudo_term_raw() fails.
	[6287218771a9]

2023-09-20  Todd C. Miller  <Todd.Miller@sudo.ws>

	* pathnames.h.in, plugins/sudoers/env.c, plugins/sudoers/sudoers.c:
	Only define _PATH_ENVIRONMENT on systems where we use
	/etc/environment.
	[5a3752401dc9]

	* config.h.in, configure, configure.ac:
	Sudo assumes that a uid_t can be cast to unsigned int without
	problems.

	Add a configure check and error out if sizeof(uid_t) > 4.
	[4b7657e4ce3d]

	* docs/UPGRADE.md:
	Mention the time stamp and lecture file name changes in 1.9.15.
	[8c23b36928ad]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/iolog_path_escapes.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l:
	Replace '/' with '_' in paths using the user, group or host name.
	[2862df9bcab7]

2023-09-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* config.h.in, configure, configure.ac, m4/sudo.m4,
	plugins/sudoers/cvtsudoers_pwutil.c, plugins/sudoers/env.c,
	plugins/sudoers/iolog.c, plugins/sudoers/ldap.c,
	plugins/sudoers/policy.c, src/sudo.c, src/sudo_edit.c:
	Replace MAX_UID_T_LEN with calls to STRLEN_MAX_UNSIGNED.
	[f2f1ee9c5a16]

	* include/sudo_util.h, lib/eventlog/eventlog.c,
	lib/iolog/iolog_timing.c, lib/util/json.c, lib/util/lbuf.c,
	lib/util/sudo_debug.c, plugins/sudoers/cvtsudoers_ldif.c,
	plugins/sudoers/display.c, plugins/sudoers/fmtsudoers.c,
	plugins/sudoers/logging.c, src/exec_preload.c, src/limits.c:
	Add macros to determine the length of an integer type in string
	form.

	Adapted from answer #6 in:
	https://stackoverflow.com/questions/10536207/ansi-c-maximum-number-
	of-characters-printing-a-decimal-int
	[e62734abe89c]

2023-09-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/visudo.c:
	visudo: use verbose and strict in parser_conf

	Where the sudoers_context is available we can use the values of
	verbose and strict instead of passing around quiet and strict flags.
	[bc7a60ce0e36]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/callbacks.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/sudoers_cb.c:
	Rename callbacks.c -> sudoers_cb.c.
	[558d6896ebfa]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/visudo.c,
	plugins/sudoers/visudo_cb.c:
	Add a separate file for visudo callbacks.
	[72e491607a4e]

	* MANIFEST, plugins/sudoers/Makefile.in,
	plugins/sudoers/check_aliases.c, plugins/sudoers/defaults.c,
	plugins/sudoers/parse.h, plugins/sudoers/parser_warnx.c:
	Add parser_warnx() and parser_vwarnx() that displays file:line:col

	Used by defaults.c and check_aliases.c.
	[1b4eff914e92]

	* plugins/sudoers/sudoers.h, plugins/sudoers/visudo.c:
	Promote strict field in sudoers_parser_config from bool to int.

	This will be used by visudo to indicate when "visudo -s" is run.
	[d0f6c8c37e4a]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/find_path.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/resolve_cmnd.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Add resolve_cmnd(), a wrapper around find_path().

	This is a convenience function that sets PERM_RUNAS and calls
	find_path(). If the command is not found it will retry with
	PERM_USER instead.
	[c7831c462fb9]

	* src/exec_monitor.c:
	Wait on a socketpair for the parent to grant child the controlling
	tty.

	This upgrades the error pipe to a bi-directional socketpair that the
	parent will write to after it has granted the child process the
	controlling terminal. That fixes an issue where the child could end
	up in a tight CPU loop waiting on the parent which may not be
	scheduled immediately.
	[36e87999dae1]

2023-09-15  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sudoers.h:
	Undefine AUTH_{SUCCESS,FAILURE,ERROR} before defining them.

	Quiets a warning on AIX where usersec.h defines AUTH_SUCCESS and
	AUTH_FAILURE. We avoided this problem in the past because the old
	values for AUTH_SUCCESS and AUTH_FAILURE match what AIX defines.
	[c37c51f861f1]

	* config.h.in, configure, configure.ac, lib/util/term.c, m4/sudo.m4,
	src/exec_pty.c:
	Only cast TIOCSWINSZ to int on systems that might require it (AIX).

	Otherwise we end up with a -Wconversion warning on systems where the
	ioctl() request argument is unsigned long.
	[a467e228981f]

	* plugins/sudoers/display.c, plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Promote verbose flag to int for display_privs and display_cmnd.

	A negative verbosity will prevent non-error output from being
	displayed.
	[c7646497b580]

2023-09-13  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/stubs.c:
	No need to include cvtsudoers.h here.
	[d838f2ed5483]

	* plugins/sudoers/match_command.c, plugins/sudoers/pivot.c,
	plugins/sudoers/pivot.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c,
	plugins/sudoers/stubs.c, plugins/sudoers/testsudoers.c:
	Remove pivot_get_root() and pivot_get_cwd().

	They are unnecessary since struct sudoers_pivot is not opaque. The
	implementation details are private to match_command.c.
	[ca522bffdf37]

	* plugins/sudoers/regress/iolog_plugin/check_iolog_plugin.c,
	plugins/sudoers/regress/parser/check_fill.c:
	Quiet some -Wconversion warnings in the tests.
	[ebe02fc397e7]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/editor.c, plugins/sudoers/find_path.c,
	plugins/sudoers/regress/editor/check_editor.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.h:
	Make flag in union sudo_defs_val bool to match how it is used.

	Adjust find_path()'s ignore_dot function argument to match.
	[52d5311ca360]

	* plugins/sudoers/audit.c, plugins/sudoers/bsm_audit.c,
	plugins/sudoers/bsm_audit.h, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h:
	Parse euid and egid from sudo front-end.

	These are needed by bsm_audit.c.
	[ca240f519b46]

	* plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/timestamp.c:
	Parse pid and ppid from sudo front-end.

	We can now use the stored ppid in ts_init_key().
	[4955c478f849]

	* plugins/sudoers/match_command.c, plugins/sudoers/pivot.c,
	plugins/sudoers/pivot.h, plugins/sudoers/regress/fuzz/fuzz_stubs.c,
	plugins/sudoers/stubs.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c:
	Use struct sudoers_pivot instead of defining sudoers_pivot_t.

	We want to pass around a pointer, not the struct itself.
	[8c6806cee428]

2023-09-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, plugins/sudoers/pivot.h:
	Don't expose the implementation of the pivot_root state.
	[1d1696c7ad78]

	* plugins/sudoers/match_command.c, plugins/sudoers/pivot.c,
	plugins/sudoers/regress/fuzz/fuzz_stubs.c, plugins/sudoers/stubs.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c:
	Don't expose the implementation of the pivot_root state.
	[efaa8955cbf0]

	* src/exec_ptrace.c:
	Only call ptrace_verify_post_exec() for intercept, not log_subcmds.

	This fixes a logic goof introduced in sudo 1.9.14.
	[49df34bb0494]

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in,
	plugins/sudoers/check.c, plugins/sudoers/timestamp.c,
	plugins/sudoers/timestamp.h:
	Use the user-ID instead of user-name for the timestamp and lecture
	file.

	This avoids problems if the user name itself contains a path
	separator.
	[c93459e59f30]

2023-09-10  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/Makefile.in:
	tsgetusershell.c: don't rely on GNU sed extensions.
	[65e7d8099122]

	* plugins/sudoers/testsudoers.c:
	testsudoers: add -S option to specify /etc/shells path.
	[2efe9b01120a]

	* Makefile.in, lib/util/getusershell.c, plugins/sudoers/Makefile.in,
	plugins/sudoers/pwutil_impl.c, plugins/sudoers/tsgetgrpw.h:
	Add testsudoers_setshellfile() and use it in testsudoers.
	[4065e0f1c9ac]

	* plugins/sudoers/Makefile.in:
	regen
	[044181c21564]

	* lib/util/Makefile.in, lib/util/getusershell.c:
	Remove unnecessary sudo_gettext.h include and add missing const.
	[ca4266370ff6]

2023-09-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/timestamp.h:
	Return AUTH_* flags from check_user() instead of 1/0/-1.
	[824e8943fa47]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c,
	plugins/sudoers/testsudoers_pwutil.h:
	Wrap valid_shell and add to sudo_pwutil_set_backend().

	This will make it possible to support a different getusershell()
	implementation for testsudoers in the future.
	[03da23d61efe]

	* plugins/sudoers/check_util.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/regress/fuzz/fuzz_policy.c,
