2016-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/policy.c:
	hook_version and hook_type are unsigned so use 0, not -1 in the
	final (empty) entry. Quiets a warning on Solaris Studio 12.2.
	[4947de8e35b7]

2016-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS, config.h.in, configure, configure.ac,
	plugins/sudoers/auth/pam.c:
	Work around an ambiguity in the PAM spec with respect to the
	conversation function. It is not clear whether the "struct
	pam_message **msg" is an array of pointers or a pointer to an array.
	Linux-PAM and OpenPAM use an array of pointers while Solaris/HP-
	UX/AIX uses a pointer to an array. Bug #726.
	[d2b926e2f7d6]

2016-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/eo.mo,
	po/eo.po, po/it.mo, po/it.po, po/ja.mo, po/ja.po, po/ru.mo,
	po/ru.po, po/sr.mo, po/sr.po:
	sync with translationproject.org
	[271c6738213d]

2016-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Bug #738
	[9e7974480cdc]

2016-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po, po/nb.mo,
	po/nb.po:
	sync with translationproject.org
	[6aa32f6e5240]

	* lib/util/regress/fnmatch/fnm_test.in:
	Better test for negated character classes.
	[635e3c17bca1]

	* lib/util/regress/fnmatch/fnm_test.in:
	Add test for negated character class
	[0d813e098864]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/pl.mo,
	po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo,
	po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[9398ffdc7719]

	* NEWS:
	sync
	[a27a7d40491e]

	* lib/util/fnmatch.c:
	Fix negation of character classes.
	[aed07c013a41]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Fix the check for whether a user is allowed to lists another user's
	privileges. The "matched" variable is not boolean, it can also have
	the value UNSPEC so we need to check explicitly for true. Bug #738
	[e8ed706fda03]

	* plugins/sudoers/auth/pam.c:
	Log the number of PAM messages in the conversation function at debug
	level.
	[3f16eea5875f]

2016-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.ac:
	Don't check for posix_spawn() or posix_spawnp() if we were unable to
	find spawn.h. This should only be a problem on systems with broken
	headers. Bug #730
	[5e5b0646dca4]

2016-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	update for 1.8.16
	[bad5e6534f39]

	* doc/CONTRIBUTORS, plugins/sudoers/sudoers2ldif:
	Fix documented bug with duplicate role names and turn on perl
	warnings. Based on a diff from Aaron Peschel
	[344a1c1f5c93]

2016-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>

	* lib/util/aix.c:
	Add declaration of getauthdb() for AIX 5.1
	[f758960bcfd6]

2016-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[e61e1241f15f]

	* plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po:
	sync with translationproject.org
	[2f3dea24199b]

	* INSTALL:
	Add a note that --with-solaris-audit is only for Solaris 11 and
	above. Bug #737
	[6722331c2830]

2016-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.ac:
	Remove last remnants of the deprecated --with-stow option.
	[8616d6de7ecd]

	* src/Makefile.in:
	src/load_plugins.c needs _PATH_SUDO_CONF so allow it to be
	overridden via the Makefile like other consumers of _PATH_SUDO_CONF.
	Bug #735
	[10148ef883ec]

2016-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.ac, include/sudo_util.h, lib/util/aix.c,
	lib/util/getgrouplist.c, plugins/sudoers/pwutil.c,
	plugins/sudoers/pwutil.h, plugins/sudoers/pwutil_impl.c,
	plugins/sudoers/set_perms.c, src/sudo.c:
	Add an administrative domain to the passwd/group cache key for AIX
	which can have different name <-> ID mappings depending on whether
	the database is local, LDAP, etc.
	[5319c11aefe9]

	* mkpkg, sudo.pp:
	Fedora dropped "core" from the name some time ago so just match on
	f[0-9] for the rpm distro name provided by pp. Since the version
	numbers of Fedora and RHEL are so different switch to defining
	variables to indicate which features should be enabled. Works for
	Fedora 23.
	[4ec50b352293]

2016-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>

	* mkpkg, sudo.pp:
	Treat fedora core like centos/rhel for package building.
	[0dfc607d07a1]

2016-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/regress/iolog_path/check_iolog_path.c,
	plugins/sudoers/regress/parser/check_fill.c:
	Plug some memory leaks in the tests.
	[ce76ba538867]

	* plugins/sudoers/toke_util.c:
	If realloc of sudoerslval.command.args fails, reset
	sudoerslval.command.args as well as arg_len and arg_size after
	freeing sudoerslval.command.args.
	[6481bad56e6a]

	* src/exec_pty.c:
	When freeing the iobs after pty tear-down, also free the associated
	event structures. Quiets a memory leak warnings from address
	sanitizer and valgrind.
	[f19c689a2ded]

2016-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/iolog.c:
	iolog_compress should be bool, not int
	[b437123a242b]

	* plugins/sudoers/visudo.c:
	Quiet address sanitizer leak detector.
	[b7ce672331f6]

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/env.c,
	plugins/sudoers/gc.c, plugins/sudoers/sudoers.h:
	Simple garbage collection (really a to-be-freed list) for the
	sudoers plugin. Almost identical to what sudo.c uses. Currenly only
	the environment strings are collected at exit time which is enough
	to quiet address sanitizer's leak detector.
	[47f32e047b1a]

	* src/sudo.c:
	Rename gc_cleanup to gc_run and remove I/O plugins from the plugin
	list when freeing them.
	[ea640f0b46f9]

	* src/sudo.c:
	Free up the garbage via an atexit() handler instead of requiring a
	call to gc_exit.
	[cc9c96d88595]

	* src/sudo_edit.c:
	Plug a memory leak in sudo_edit.
	[cab9a13a669b]

2016-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>

	* INSTALL:
	mention --enable-asan
	[ee2bc0f60c8b]

	* plugins/sudoers/auth/sudo_auth.c:
	Try to deconfuse static analyzers a bit.
	[7e728c76f5df]

	* plugins/sudoers/sssd.c:
	Avoid possible NULL deref found by clang analyzer.
	[8bb3cbfe0446]

	* config.h.in, configure, configure.ac:
	Add --enable-asan configure flag to enable address sanitizer
	[8aae250fb68e]

	* src/sudo.c, src/sudo_plugin_int.h, src/ttyname.c:
	Add support for garbage collecting info passed to the plugin before
	exit to appease address sanitizer's leak detector (and valgrind's
	leak checker). We can't free these sooner since the plugin may be
	using the memory. For plugin API 2.0 it should be make clear that
	the plugin must make a copy of the data in the arrays passed in to
	the plugin's open() function. Only enabled if NO_LEAKS is defined.
	[8458bcb165d8]

	* plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/fwtk.c, plugins/sudoers/auth/pam.c,
	plugins/sudoers/auth/securid5.c, plugins/sudoers/auth/sia.c,
	plugins/sudoers/auth/sudo_auth.c:
	auth_getpass() returns a dynamically allocated copy of the plaintext
	password which needs to be freed after checking (and clearing) it.
	[28d2c83c3ac4]

	* src/sudo.c:
	Remove sudo_fatalx() calls from format_plugin_settings().
	[96a18a3ccc49]

	* plugins/sudoers/sssd.c:
	fn_free_result() (aka sss_sudo_free_result() in sss_sudo.c) handles
	a NULL poiner so there's no need to check before calling it. Add
	missing initialization of sss_sudo_result to NULL in
	sudo_sss_setdefs().
	[fa1c8eaed6ac]

	* plugins/sudoers/sssd.c:
	Add missing return when user is not found in sudo_sss_result_get().
	Previously we fell through to the default case which just logged a
	debug message and returned so this just avoids the extra (generic)
	debug message.
	[68c2201f3a85]

2016-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>

	* lib/util/gettime.c:
	Fix a warning on AIX.
	[4ebc19a143ff]

	* src/sudo.c:
	Pass updated user_env_out, not envp, to the I/O open function.
	[f02e6f32f189]

	* src/sudo.c:
	Pass updated argv/envp to the I/O open function like the plugin API
	documents.
	[ff9f4fae5cf3]

2016-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/iolog.c:
	Add check for I/O log file handle being NULL. This could only happen
	if the front-end calls iolog_open with argc == 0 but actually runs a
	command.
	[5113a3c04494]

2016-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/pwutil.c:
	Additional debugging for pwutil functions.
	[908b83c3acbb]

	* config.h.in, configure, configure.ac, lib/util/aix.c:
	When calling setauthdb(), save the old registry value so we can
	restore it properly. Previously we were setting the registry to
	unrestricted instead of actually restoring it.
	[5a2921412663]

	* plugins/sudoers/sudoers.c:
	Use SUDOERS_DEBUG_UTIL not SUDO_DEBUG_UTIL in the plugin.
	[79b012777e71]

2016-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>

	* lib/util/sudo_debug.c:
	When parsing debug entries, don't make a lower value override a
	higher one. For example, for "pcomm@debug,all@warn" the "all@warn"
	should not set pcomm to "warn" when it is already at "debug".
	[031037a56e51]

2016-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/policy.c:
	Set sudoedit_checkdir=false in command_details when it is disabled
	in sudoers.
	[811dd43b29f5]

	* include/sudo_compat.h, lib/util/strtobool.c, plugins/sudoers/ldap.c,
	plugins/sudoers/sssd.c, src/sudo_edit.c:
	Update copyright year
	[5ec484920763]

	* src/sudo_edit.c:
	If the user runs "sudoedit /" we will receive ENOENT from openat(2)
	and sudoedit will try to create a file with the null string. If path
	is empty, open the cwd instead so sudoedit can give a sensible error
	message.
	[fc39d5804f1f]

	* lib/util/strtobool.c:
	Log an error for invalid boolean strings.
	[004afa5e05c5]

	* src/sudo.c:
	Fix off by one error in new SET_FLAG macro.
	[5bdce4edf8b9]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the race with sudoedit_checkdir in 1.8.15.
	[cb7aed3367e9]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in:
	Document sudoedit_checkdir
	[89f2452272ad]

2016-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/sudo_edit.c:
	There are no systems that support O_SEARCH/O_PATH that do not also
	support O_DIRECTORY so simplify the definition of DIR_OPEN_FLAGS a
	bit.
	[a48f11ea53b3]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[8ae4d883ac59]

	* NEWS, doc/UPGRADE:
	Add 1.8.16 changes
	[8d3a3f5cdf59]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/defaults.c,
	src/sudo.c:
	Make sudoedit_checkdir the default and update the documentation
	accordingly.
	[84bbc1b73411]

	* src/sudo.c:
	Add a SET_FLAG macro to simplify parsing command details boolean
	flags. Previously, flags were only set and never cleared even if the
	boolean value was false. This was not a problem as there were no
	default flags for the plugin to enable. That will change in the
	future.
	[75f24ca13f41]

2016-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/sudo_edit.c:
	Need to be root when switching to a different user.
	[06d5f010b607]

	* src/sudo_edit.c:
	Use O_SEARCH on systems without O_PATH if present. It can be used
	for a similar purpose.
	[3f559a389bf9]

	* config.h.in, configure, configure.ac, src/sudo_edit.c:
	Use faccessat(2) for directory writability instead of doing the
	checks manually where possible. This also allows us to remove the
	#ifdef __linux__ bits since we no longer use fstat(2) on Linux with
	an O_PATH fd.
	[fe50d0c1f1b9]

2016-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add "I/O LOG FILES" section to the manual and move many of the
	details from the log_input and log_output descriptions to it.
	[a604903f5ae3]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Use "Nm sudoers" when talking about the plugin and "Em sudoers" when
	talking about the sudoers file.
	[727a68b02de7]

2016-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>

	* lib/zlib/zlib.exp:
	Remove gzopen_w which is only defined on Windows.
	[a73236903e7b]

	* config.h.in, configure, configure.ac, include/sudo_compat.h:
	Work around the buggy pread(2) on 32-bit HP-UX 11.00 by using
	pread64() on that platform.
	[31c4be934115]

2016-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/ldap.c, plugins/sudoers/match.c,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/sssd.c, plugins/sudoers/testsudoers.c:
	Add support for matching the entire netgroup tuple (user, host,
	domain).
	[9f694ba7c86d]

	* plugins/sudoers/ldap.c:
	Use asprintf() to generate the netgroup filter instead of using lots
	of concatenation.
	[f8290c040aea]

	* lib/util/util.exp.in:
	Add missing sudo_debug_exit_ssize_t_v1 symbol.
	[9407fb25dfa4]

2016-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/ldap.c:
	In sudo_netgroup_lookup() only build up the search filter once
	instead of once per netgroup_base.
	[a03440237078]

	* plugins/sudoers/ldap.c:
	It is safe to pass ldap_msgfree() a NULL pointer.
	[abc2eaddbf83]

	* plugins/sudoers/ldap.c:
	On overflow, warn before freeing anything.
	[2e3bcfa4a8f9]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	Use user_runhost and user_srunhost instead of user_host and
	user_shost. Fixes "sudo -l -h other_host" for LDAP and sssd.
	[e1abfdc82242]

	* plugins/sudoers/match.c:
	Silence warning in digest_matches() on systems with no fexecve(2).
	[0cd3cc8fa195]

	* plugins/sudoers/sssd.c:
	Fix free() of invalid pointer introduced in the commit that stripped
	whitespace between a '!' and the name in a sudoOption.
	[4d2c1761c752]

	* plugins/sudoers/ldap.c:
	Fix free() of invalid pointer introduced in the commit that stripped
	whitespace between a '!' and the name in a sudoOption.
	[14391603a9e5]

	* src/sudo_edit.c:
	Add missing dfd argument to the version of
	sudo_edit_openat_nofollow() for systems without O_NOFOLLOW.
	[574e4a840879]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.in:
	Update description of sudoedit_checkdir. Reported by Sander Bos.
	[ee44e7255096]

	* src/sudo_edit.c:
	No need to check whether the fd we opened is really a directory in
	sudo_edit_open_nonwritable() since if not, the openat() will fail
	with ENOTDIR anyway.
	[b41c5b289f35]

2016-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/CONTRIBUTORS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, include/sudo_compat.h, src/sudo_edit.c:
	Rewritten sudoedit_checkdir support that checks all the dirs in the
	path and refuses to follow symlinks in writable directories. This is
	a better fix for CVE-2015-5602. Adapted from a diff by Ben
	Hutchings. Bug #707
	[c2e36a80a279]

2016-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>

	* MANIFEST, plugins/sudoers/po/ca.mo, plugins/sudoers/po/ca.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/ca.mo,
	po/ca.po, po/fi.mo, po/fi.po, po/hu.mo, po/hu.po, po/sr.mo,
	po/sr.po:
	sync with translationproject.org
	[94ffd6b18431]

	* configure, configure.ac, doc/sudo_plugin.cat,
	doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, include/sudo_plugin.h,
	plugins/sudoers/match.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, src/exec.c, src/exec_common.c,
	src/selinux.c, src/sesh.c, src/sudo.c, src/sudo.h, src/sudo_exec.h:
	Add support for using fexecve() if supported on commands that are
	checksummed.
	[397722cdd7ec]

2015-12-29  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/sudo_edit.c:
	Call openat() with the basename not the full path. From Ben
	Hutchings.
	[33272418bb10]

2015-12-24  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c:
	Fix compilation with --disable-shared
	[84c084618676]

2015-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/exec_common.c:
	Check for existing dso in LD_PRELOAD and only add it if it is not
	already present.
	[15042e8999f7]

2015-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Clarify when SIGINT and SIGQUIT are relayed by sudo to the command.
	[8efed5784393]

	* plugins/sudoers/group_plugin.c, plugins/sudoers/policy.c,
	plugins/sudoers/sudoers.h, src/load_plugins.c:
	Actually use the plugin_dir Path setting in sudo.conf.
	[bccc548127a2]

	* lib/util/sudo_conf.c:
	The Path setting for the plugin directory is "plugin_dir" not
	"plugin".
	[07c2677bbce5]

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in,
	lib/util/sudo_conf.c, src/exec_common.c:
	Allow sudo.conf Path settings to disable path names (by setting the
	value of NULL).
	[81a44e011a40]

2015-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/selinux.c, src/sudo.h:
	Change noexec flag in selinux_execve() from int to bool.
	[7cb872aac155]

	* src/exec_common.c, src/sudo_exec.h:
	Refactor code to set LD_PRELOAD (or the equivalent) in the
	environment into a preload_dso() function. Also avoid allocating a
	new copy of the environment array if the size of the array does not
	change.
	[72194b0b51f7]

	* configure, configure.ac:
	Add missing square brackets in configure option descriptions.
	[6e25685c6349]

2015-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the names of the I/O log files and mention buffering.
	Document that I/O logs are in gzip format by default.
	[474838e7b365]

2015-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/env.c:
	Add BASHOPTS to initial_badenv_table[]; from Stephane Chazelas
	[f206a9089a69]

2015-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	When parsing sudoOptions that include an operator (!, +, +=, -=)
	strip out any whitespace on either side of the operator.
	[62041b5888e5]

2015-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/sudoers2ldif:
	Strip whitespace around '!', '=', '+=' and '-=' in Defaults entries.
	[dcc9d15b0f3c]

2015-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document the race condition between the digest check and command
	execution.
	[24a3d9215c64]

2015-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/ldap.c:
	When checking the query results, don't set user_matches in the
	netgroup pass unless sudo_ldap_check_non_unix_group() returns true.
	This was preventing the mail_no_user sudoOption from being
	effective.
	[31004144421b]

	* plugins/sudoers/ldap.c, plugins/sudoers/sssd.c:
	In list mode, we always want to clear FLAG_NO_USER and FLAG_NO_HOST
	regardless of whether or not there was an actual match. Otherwise,
	warning mail may be sent which is not what we want in list mode.
	This is consistent with what the sudoers file backend does.
	[2809338a7b21]

2015-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/toke.h, plugins/sudoers/toke_util.c:
	Use size_t for length parameters in the fill functions used by the
	lexer.
	[0428c9067182]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Use yy_size_t for digest_len since newer flex uses yy_size_t for
	yyleng. Old flex uses int for yyleng so we need to use a cast to
	avoid a sign compare warning.
	[4a3dc6fb8f99]

2015-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>

	* Makefile.in, README, configure, configure.ac,
	plugins/sudoers/regress/sudoers/test1.in, sudo.pp:
	Use https in sudo.ws urls
	[04e5177022d3]

	* doc/sudo.cat, doc/sudo.conf.cat, doc/sudo.conf.man.in,
	doc/sudo.conf.mdoc.in, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
	doc/visudo.man.in, doc/visudo.mdoc.in:
	Use https in urls.
	[855b05943b2d]

	* configure, configure.ac:
	sudo 1.8.16
	[b745f7031aeb]

	* plugins/sudoers/env.c:
	When preserving variables from the invoking user's environment, if
	there are duplicates only keep the first instance.
	[d4dfb05db5d7]

2015-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>

	* include/sudo_debug.h, lib/util/parseln.c, lib/util/sudo_debug.c,
	plugins/sudoers/timestamp.c:
	Add debug_return_ssize_t
	[d491ed281726]

	* plugins/sudoers/timestamp.c:
	Avoid compilation error on Solaris 10 with Stun Studio 12. Bug #727
	[facd8ff1ee6c]

2015-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po, po/da.mo,
	po/da.po:
	sync with translationproject.org
	[6711d740d3d0]

	* NEWS:
	Mention ssp configure fix.
	[92d64fd724cc]

2015-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/it.mo, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/nb.mo, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/nl.mo, plugins/sudoers/po/nl.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/pt_BR.mo, plugins/sudoers/po/pt_BR.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.mo, plugins/sudoers/po/vi.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/fr.mo, po/fr.po, po/it.mo,
	po/it.po, po/ja.mo, po/ja.po, po/nb.mo, po/nb.po, po/pl.mo,
	po/pl.po, po/pt_BR.mo, po/pt_BR.po, po/uk.mo, po/uk.po, po/vi.mo,
	po/vi.po, po/zh_CN.mo, po/zh_CN.po:
	sync with translationproject.org
	[9c8eb0062d8c]

	* configure, configure.ac:
	Don't use CPPFLAGS for the -fstack-protector check. Otherwise on
	systems with _FORTIFY_SOURCE support we'll get an error due to the
	lack of optimization flags. Bug #725
	[1a9f8571a82d]

	* configure, configure.ac:
	When checking for stack protector support we need to actually link
	the test program.
	[ab4f94aac7de]

2015-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.ac:
	Preserve LDFLAGS when checking for stack protector as they may
	include rpath settings to allow the stack protector lib to be found.
	Avoid using existing CFLAGS since we don't want the compiler to
	optimize away the stack variable.
	[e6bc59225c06]

	* configure, configure.ac:
	Better configure test for -fstack-protector. Some gcc installations
	may be missing the ssp library even though the compiler supports it.
	[4ade5d1249f4]

2015-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/sudo_edit.c:
	Set errno to EISDIR instead of ENOTDIR if directory is writable
	since ENOTDIR can be a legitimate errno. This avoids a bogus
	"directory is writable" error in that case.
	[97ee37d905ce]

	* mkpkg:
	Fix the check for whether to include 32-bit arch in Mac OS X
	packages.
	[a76654512f6b]

2015-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	regen
	[58277a8f418b]

	* NEWS, src/sudo_edit.c:
	When creating a new file, sudoedit will now check that the file's
	parent directory exists before running the editor.
	[65bc45510fb2]

	* NEWS, doc/UPGRADE, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/match.c:
	Add always_query_group_plugin
	[7e9060d4c13a]

2015-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>

	* ABOUT-NLS, MANIFEST:
	Add ABOUT-NLS from GNU gettext.
	[971c168c065a]

	* NEWS, config.h.in, configure, configure.ac, doc/sudoers.cat,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers_version.h,
	src/sudo.c, src/sudo.h, src/sudo_edit.c:
	Add directory writability checks for sudoedit.
	[f5349d059a98]

2015-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Latest.
	[9aae49302c60]

	* src/conversation.c:
	Ignore the SUDO_CONV_PROMPT_ECHO_OK flag when echo is enabled. This
	was preventing a match of SUDO_CONV_PROMPT_ECHO_ON which resulted in
	a masked password instead of an echoed one.
	[53f6a78d79e3]

	* plugins/sudoers/auth/bsdauth.c:
	Repair challenge/response prompting for BSD authentication which got
	broken while it was converted to use the conversation function.
	[2d0b0cec5e4f]

	* plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h:
	Use the auth_getpass (and the plugin conversation fuction) for Tru64
	SIA. This prevents sudo from sleeping while holding the tty ticket
	lock.
	[9221eec812cf]

	* NEWS, doc/UPGRADE, plugins/sudoers/env.c:
	For env_reset, SHELL should be set based on the target user, not the
	invoking user unless preserved via env_keep.
	[b77adbc08c91]

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po:
	sync with translationproject.org
	[adb927ad5e86]

2015-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Hungarian and Slovak translations
	[d3b6acece125]

	* MANIFEST, doc/CONTRIBUTORS, plugins/sudoers/po/hu.mo,
	plugins/sudoers/po/hu.po, plugins/sudoers/po/sk.mo,
	plugins/sudoers/po/sk.po, po/sk.mo, po/sk.po:
	Add new Slovak and Hungarian translations from
	translationproject.org
	[132ec9b7a927]

2015-10-02  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/sudo_edit.c:
	Remove S_ISREG check from sudo_edit_open(), it is already done in
	the caller.
	[9fff8c0bb1f7]

	* src/sudo_edit.c:
	Open sudoedit files with O_NONBLOCK and fail if they are not regular
	files.
	[56b01164869c]

	* plugins/sudoers/logging.c, plugins/sudoers/visudo.c, src/tgetpass.c:
	It is possible for WIFSTOPPED to be true even if waitpid() is not
	given WUNTRACED if the child is ptraced. Don't exit the waitpid()
	loop if WIFSTOPPED is true, just in case.
	[a2cab04a03da]

2015-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/de.mo,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/it.mo,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/nb.mo,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pt_BR.mo,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/vi.mo,
	plugins/sudoers/po/zh_CN.mo, po/cs.mo, po/de.mo, po/fi.mo, po/fr.mo,
	po/gl.mo, po/it.mo, po/ja.mo, po/nb.mo, po/pl.mo, po/pt_BR.mo,
	po/uk.mo, po/vi.mo, po/zh_CN.mo:
	rebuild .mo files
	[676362ed6061]

	* plugins/sudoers/po/pt_BR.po, po/pt_BR.po:
	sync with translationproject.org
	[be932694e600]

2015-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>

	* config.h.in, configure, configure.ac, src/sudo_noexec.c:
	There's no point in trying to interpose protected versions of the
	exec family of functions. Many modern C libraries use hidden symbols
	for the functions and syscalls defined in libc such that they cannot
	be overridden inside libc itself. We have to just wrap all the exec
	variants plus system and popen.
	[30aa4bd6c15b]

	* doc/sudo.conf.cat, doc/sudo.conf.man.in, doc/sudo.conf.mdoc.in:
	List all the functions wrapped by sudo_noexec.so.
	[57a9db56f4e0]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	The section is now called "EXEC and NOEXEC" and it is above, not
	below.
	[9b0a2537f65d]

	* src/sudo_noexec.c:
	Also wrap popen(3).
	[a826cd7787e9]

	* src/sudo_noexec.c:
	Also interpose system(3). On glibc systems you cannot interpose the
	syscalls used internally by libc.
	[58a5c06b5257]

	* src/conversation.c:
	Set active debug instance to sudo_debug_instance() during the
	conversation function.
	[22fb750d92a9]

2015-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	LOGNAME and USERNAME are set the same way as USER
	[54f170cf2536]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	Document behavior when the command dies from a signal in EXIT
	STATUS.
	[3c93d682e5e6]

2015-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Bug #722
	[5cca49bb0e02]

	* src/sudo.c:
	When the command sudo is running is killed by a signal, sudo will
	now send itself the same signal with the default signal handler
	instead of exiting. The bash shell appears to ignore some signals,
	e.g. SIGINT, unless the command is killed by that signal. This makes
	the behavior of commands run under sudo the same as without sudo
	when bash is the shell. Bug #722
	[153f016db8f1]

2015-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Adjust set_logname description to new behavior when any of LOGNAME,
	USER or USERNAME are preserved.
	[89009c2dcf38]

	* NEWS, plugins/sudoers/env.c:
	If some, but not all, of the LOGNAME, USER or USERNAME environment
	variables have been preserved from the invoking user's environment,
	sudo will now use the preserved value to set the remaining variables
	instead of using the runas user. This ensures that if, for example,
	only LOGNAME is present in the env_keep list, that sudo will not set
	USER and USERNAME to the runas user.
	[54a60fe72b9a]

2015-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/auth/pam.c:
	Fix passing of the callback pointer to the conversation function.
	This was preventing the on_suspend and on_resume functions from
	being called on PAM systems.
	[611246ded4ff]

	* include/sudo_plugin.h:
	Explicitly mark large hex constants unsigned.
	[5b67b0090814]

	* plugins/sudoers/timestamp.c:
	Cast sizeof(entry) to off_t before making it a negative offset for
	lseek(). Fixes "sudo -k" on Solaris and probably others.
	[ed5d312f6baa]

2015-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add explicit mention of sudo's netgroup semantics since they differ
	from most other netgroup consumers.
	[0e9030f8cf56]

	* plugins/sudoers/po/fi.po, po/fi.po:
	sync with translationproject.org
	[f9236f25a616]

	* plugins/sudoers/check.c:
	Fix potential double free of the cookie when sudo is suspended at
	the password prompt.
	[cbecb3136155]

2015-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/cs.po, plugins/sudoers/po/zh_CN.po, po/cs.po,
	po/zh_CN.po:
	sync with translationproject.org
	[21138f16a3a6]

2015-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/de.po, plugins/sudoers/po/it.po,
	plugins/sudoers/po/ja.po, plugins/sudoers/po/nb.po,
	plugins/sudoers/po/pl.po, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/vi.po, po/de.po, po/fr.po, po/gl.po, po/it.po,
	po/ja.po, po/nb.po, po/pl.po, po/uk.po, po/vi.po:
	sync with translationproject.org
	[2d9f3e4c3ccf]

	* NEWS:
	Bug #719
	[cfa393164a0f]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in:
	SIGHUP is now relayed to the command. Bug #719
	[8db7c492c52a]

	* src/exec.c:
	When a terminal device is closed, SIGHUP is sent to the controlling
	process associated with that terminal. It is not sent to the entire
	process group so sudo needs to relay SIGHUP to the command when it
	is not being run in a new pty. Bug #719
	[b408a792f31a]
