2022-01-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* .hgtags:
	Added tag SUDO_1_9_9 for changeset 296f4f986a7a
	[cba838829505] [tip] <1.9>

	* NEWS, config.h.in, configure, configure.ac, include/sudo_compat.h,
	logsrvd/tls_init.c, plugins/sudoers/regress/fuzz/fuzz_policy.c:
	Merge sudo 1.9.9 from tip.
	[296f4f986a7a] [SUDO_1_9_9] <1.9>

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
	"plain text" -> "plaintext" for consistency.
	[6cbefac27286]

2022-01-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* po/ro.mo, po/ro.po:
	Updated translations from translationproject.org
	[c264de490846]

	* INSTALL.configure:
	Sync with autoconf git.
	[efd6e2df1b4f]

	* scripts/mkdep.pl:
	Fix potential infinite loop when trying to format long lines.
	[e17a3b7b657b]

2022-01-20  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	Document how commands are passed to the shell for the -i and -s
	options. The concatenation of command and arguments and escaping of
	special characters was not documented. Text adapted from GitHub
	issue #121 from Kris Rinzwind
	[852f803234af]

	* docs/TROUBLESHOOTING.md:
	Also mention no_new_privs error in the troubleshooting guide.
	[70cc0679098f]

	* INSTALL.md, docs/TROUBLESHOOTING.md, docs/sudo.conf.man.in,
	docs/sudo.conf.mdoc.in, docs/sudo.man.in, docs/sudo.mdoc.in,
	docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
	docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.mdoc.in, docs/visudo.man.in,
	docs/visudo.mdoc.in:
	Replace uid and gid with user-ID and group-ID in more places.
	[2b6bc95509fd]

2022-01-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* INSTALL.md:
	PAM is enabled on NetBSD by default too.
	[3bc31511f687]

	* INSTALL.md, README.LDAP.md, docs/HISTORY.md,
	docs/TROUBLESHOOTING.md, docs/UPGRADE.md:
	Use the Oxford comma consistently, it is helpful in technical
	documents.
	[3df4b26d035e]

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	Document the error message when no_new_privs is set.
	[492a154dec10]

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in:
	Sudo now recovers from sudoers syntax errors.
	[77d457c4e722]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	docs/sudo.conf.man.in, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.mdoc.in, docs/sudo_logsrv.proto.man.in,
	docs/sudo_logsrv.proto.mdoc.in, docs/sudo_logsrvd.conf.man.in,
	docs/sudo_logsrvd.conf.mdoc.in, docs/sudo_plugin.man.in,
	docs/sudo_plugin.mdoc.in, docs/sudo_plugin_python.man.in,
	docs/sudo_plugin_python.mdoc.in, docs/sudoers.ldap.man.in,
	docs/sudoers.ldap.mdoc.in, docs/sudoers.man.in,
	docs/sudoers.mdoc.in, docs/sudoreplay.man.in,
	docs/sudoreplay.mdoc.in, docs/visudo.man.in, docs/visudo.mdoc.in,
	examples/sudo.conf.in, examples/sudo_logsrvd.conf:
	Use the Oxford comma consistently, it is helpful in technical
	documents.
	[e8d29c772963]

	* INSTALL.md:
	Mention docker configuration.
	[8312350518cb]

	* plugins/sudoers/ldap_util.c:
	Quiet a cppcheck false positive.
	[023468af3269]

	* docs/CONTRIBUTING.md:
	Mention https://www.sudo.ws/security/fuzzing/ in the fuzzing
	section.
	[87767f7b89ad]

	* plugins/sudoers/sssd.c:
	Fix logic inversion when setting negated flag.
	[3e4051bc9f30]

	* src/sudo.c:
	Quiet a PVS-Studio format string warning.
	[77e953f3c46f]

2022-01-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Regen .pot files.
	[b999972bc90d]

	* NEWS:
	Bug #1016, #1017 and negated sudoUser in LDAP.
	[4ec54e728437]

	* plugins/sudoers/defaults.c:
	Don't set/run early Defaults if a custom defaults_list is specified.
	Defaults settings passed in by the front end are already "early" so
	there is no need to treat any of them as special.

	Otherwise, we end up running the early defaults callbacks before
	sudoers has been parsed. This means that, for instance, it is not
	possible to disable the fqdn flag before its callback is run if sudo
	is build with the --with-fqdn option. Bug #1016.
	[8c6eaa503793]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h:
	Mark is_early_default(), run_early_defaults(), set_early_default()
	static. They are not used outside of defaults.c.
	[1045e8c7a92e]

	* plugins/sudoers/sssd.c:
	Add support in SSSD for negated users.
	[bca3d02cdd8b]

	* docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	plugins/sudoers/ldap.c:
	Add support in the LDAP filter for negated users. Based on a diff
	from Simon Lees
	[e1d48d44229e]

2022-01-12  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/mkdir_parents.c:
	Use PATH_MAX, not NAME_MAX+1 for the directory entry length. On some
	systems, such as Solaris, the max length of a directory entry is
	filesystem-dependent. We could use fpathconf() and dynamically
	allocate the name but it is simpler to just use PATH_MAX here.
	[d1a097783717]

	* plugins/python/python_plugin_common.c:
	Only emulate Py_FinalizeEx for Python 3.[0-5].
	[b314942c0f2f]

	* lib/util/getcwd.c, lib/util/mkdir_parents.c:
	Use POSIX NAME_MAX, not the obsolete MAXNAMLEN define. Fixes
	compilation with musl libc.
	[a1609b2d968f]

2022-01-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/limits.c:
	When applying fallback limits, make sure we don't reduce rlim_max.
	Fixes a problem where sudo could reduce the max stack size on some
	systems if the original limit was higher than the fallback limit,
	but not unlimited/infinity.
	[1fef77204f17]

	* src/limits.c:
	Don't modify the stack limit if it is >= SUDO_STACK_MIN.
	[b9e473780083]

	* plugins/sudoers/Makefile.in:
	The pre-install target requires visudo, add an explicit dependency.
	[b5b073d2fc9b]

2022-01-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/sudo.c:
	If sudo is not set-user-ID root, check for the no_new_privs flag on
	Linux. This flag disables set-user-ID at execve(2) time and may be
	set by default for some containers. GitHub issue #129.
	[462249058274]

2022-01-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/sudoers.man.in, docs/sudoers.mdoc.in,
	plugins/sudoers/auth/pam.c, plugins/sudoers/def_data.c,
	plugins/sudoers/def_data.h, plugins/sudoers/def_data.in,
	plugins/sudoers/policy.c, plugins/sudoers/sudoers.h,
	src/parse_args.c:
	Add pam_askpass_service sudoers setting for "sudo -A". This makes it
	possible to use a different PAM configuration for when "sudo -A" is
	used. The main use case is to only use PAM modules that can interact
	with the askpass program. GitHub issue #112.
	[5f59bc3f9d81]

2022-01-07  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/iolog/iolog_loginfo.c:
	Improve debugging info when fdopen() fails.
	[0d9711d8564a]

2022-01-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/sssd.c:
	sss_sudo_free_values() checks for NULL, no need to do it manually.
	[ccf012907a01]

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
	Quiet a clang analyzer false positive.
	[90b6791616b0]

2022-01-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/getdate.c, plugins/sudoers/getdate.y:
	Quiet a clang analyzer false positive.
	[3c66e9be5f24]

	* plugins/sudoers/auth/sudo_auth.c:
	Fix return value for non-interactive mode for non-standalone auth
	methods. AUTH_NONINTERACTIVE was being stored in the wrong variable.
	[199a180e7fab]

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/ko.mo, plugins/sudoers/po/ko.po, po/fi.mo,
	po/fi.po, po/ko.mo, po/ko.po, po/tr.mo, po/tr.po:
	Updated translations from translationproject.org
	[032877650fe6]

	* plugins/sudoers/cvtsudoers_merge.c:
	defaults_var_matches() should return bool, not enum match_result.
	Remove enum match_result as it is no longer used.
	[6559769ddcd1]

	* plugins/sudoers/audit.c, plugins/sudoers/auth/sudo_auth.c:
	Quiet two PVS-studio warnings.
	[3a7c89cff3d6]

	* plugins/sudoers/auth/pam.c:
	Remove PAM_TTY workaround for old, buggy PAM modules. In the past,
	some PAM modules assumed that PAM_TTY was set and would misbehave
	(or crash) if not. This was primarily obsolete versions of Linux-
	PAM, so it should now be safe to remove this. Setting PAM_TTY to an
	empty string can cause its own set of issues. GitHub issue #74
	[491cb67ea43b]

2022-01-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	Mention fix for Bug #956 and GitHub issue #83.
	[8692b9985381]

	* plugins/sudoers/auth/API, plugins/sudoers/auth/afs.c,
	plugins/sudoers/auth/aix_auth.c, plugins/sudoers/auth/bsdauth.c,
	plugins/sudoers/auth/dce.c, plugins/sudoers/auth/fwtk.c,
	plugins/sudoers/auth/pam.c, plugins/sudoers/auth/securid5.c,
	plugins/sudoers/auth/sia.c, plugins/sudoers/auth/sudo_auth.c,
	plugins/sudoers/auth/sudo_auth.h, plugins/sudoers/check.c,
	plugins/sudoers/logging.c, plugins/sudoers/sudoers.h:
	Push non-interactive mode checking down into the auth methods. For
	"sudo -n" we only want to reject a command if user input is actually
	required. In the case of PAM at least, we may not need to interact
	with the user. Bug #956, GitHub issue #83
	[bc9653ffe82f]

2022-01-03  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/sudoers1,
	plugins/sudoers/regress/cvtsudoers/sudoers2,
	plugins/sudoers/regress/cvtsudoers/sudoers3,
	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.out.ok:
	userspec_overridden: fix checks when there is more than one userspec
	[199996d29f50]

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.out.ok,
	plugins/sudoers/regress/cvtsudoers/test36.sh:
	Fix merging of global/ALL entries when each input file has a host.
	If a host is specified for the input file, cvtsudoers will bind
	global Defaults to that host and change host "ALL" in a userspec to
	the host name. However, if all the input files have matching hosts
	we can simplify the merged file by converting back to ALL after
	resolving conflicts.
	[bfdb2edfca71]

	* LICENSE.md:
	Welcome to 2022.
	[039e8c0efd7e]

	* docs/Makefile.in:
	LICENSE.md moved to the top-level src dir.
	[b1c2687eef9d]

2021-12-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* Merge pull request #127 from Tyler887/main

	Typo
	[c4780c2a3056]

2021-12-22  Tyler887  <tylermageeshields@gmail.com>

	* INSTALL.md:
	Typo
	[b650bec9f275]

2021-12-22  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS, docs/UPGRADE.md, plugins/sudoers/policy.c, src/selinux.c,
	src/sudo.c:
	Back out changes to enable SELinux by default. This may return in a
	future release in a different form.
	[73e46fbe5c27]

	* LICENSE.md, MANIFEST, README.md, docs/LICENSE.md:
	Move LICENSE.md out of docs and back to the top-level. GitHub
	expects it to be in the top-level directory.
	[3c62dd396aff]

2021-12-20  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test35.out.ok,
	plugins/sudoers/regress/cvtsudoers/test35.sh:
	cvtsudoers: fix a regression when merging matching Defaults. If a
	host is specified with a sudoers file, we have to treat Defaults as
	Defaults@host checking for duplicates.
	[9db413953938]

2021-12-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	add_defaults: add defs == NULL check to quiet coverity false
	positive
	[a534eee04069]

2021-12-17  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test34.sh:
	When merging Defaults, allow a subsequent global Defaults (no
	binding) to override a prior Defaults setting with a binding.
	[0be52fa6d4d8]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	add_defaults: defs can never be NULL
	[9ba97823b757]

	* plugins/sudoers/cvtsudoers_merge.c:
	Plug memory leak when making a default host-specific. We don't need
	to allocate new space for the binding list, just the members of the
	list.
	[5667d09136f2]

2021-12-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, examples/Makefile.in, examples/cvtsudoers.conf:
	Add an example cvtsudoers.conf file.
	[aa738148e712]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h:
	Add group_file, match_local, and passwd_file to cvtsudoers.conf.
	Previously, these were only settable via command line options.
	[a7a8b0af3c42]

2021-12-12  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/TROUBLESHOOTING.md:
	Remove question about running Solaris 11 binaries on Solaris 10.
	Current versions of sudo use many APIs that are not present on
	Solaris 10. If you want a sudo Solaris 10 binary, build it on
	Solaris 10, not 11.
	[0346a46cf595]

	* MANIFEST, plugins/sudoers/regress/cvtsudoers/test34.out.ok,
	plugins/sudoers/regress/cvtsudoers/test34.sh:
	Add simple test for cvtsudoers merge functionality.
	[fda86b17249a]

	* plugins/sudoers/po/cs.mo, plugins/sudoers/po/cs.po,
	plugins/sudoers/po/de.mo, plugins/sudoers/po/de.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fr.mo, plugins/sudoers/po/fr.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	plugins/sudoers/po/zh_TW.mo, plugins/sudoers/po/zh_TW.po, po/cs.mo,
	po/cs.po, po/de.mo, po/de.po, po/eo.mo, po/eo.po, po/fr.mo,
	po/fr.po, po/hr.mo, po/hr.po, po/ja.mo, po/ja.po, po/pl.mo,
	po/pl.po, po/sr.mo, po/sr.po, po/uk.mo, po/uk.po, po/zh_CN.mo,
	po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[edfdaac9b1e7]

	* MANIFEST, plugins/sudoers/po/es.mo, plugins/sudoers/po/es.po:
	Add sudoers Spanish translation from translationproject.org
	[502d45c0af5f]

2021-12-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	Bugs #1013 and #1014
	[1a7b533c5829]

	* lib/util/mkdir_parents.c:
	sudo_mkdir_parents: make sure the path we created is a directory For
	extra paranoia, verify that the directory we created is still a
	directory before we fchown() it.
	[75c23aaa9fca]

	* docs/sudo.man.in, docs/sudo.mdoc.in:
	In SECURITY NOTES, clarify that PATH may be overridden by the
	policy. Bug #1014
	[4f7035d6b921]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, include/sudo_util.h, lib/util/Makefile.in,
	lib/util/mkdir_parents.c, lib/util/mkdirat.c, logsrvd/logsrvd.c,
	plugins/sudoers/timestamp.c, scripts/mkdep.pl:
	Avoid TOCTOU in sudo_mkdir_parents() using openat(2) and mkdirat(2).
	This also allows us to make path const as it should be.
	[46db77e4afb8]

	* plugins/sudoers/ldap_conf.c, plugins/sudoers/sudo_ldap_conf.h:
	Sudo parsed "deref" and "tls_reqcert" in ldap.conf but didn't set
	the options. The switch() in the sudo_ldap_set_options_table()
	function needed to be updated to treat CONF_DEREF_VAL and
	CONF_REQCERT_VAL data types as int. Fix from Dennis Filder. Bug
	#1013.
	[5f5bdf9010d7]

2021-12-10  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/SECURITY.md:
	Minor formatting tweak so we can import into the sudo web site.
	[220c647b6635]

	* plugins/sudoers/defaults.c, plugins/sudoers/pwutil_impl.c:
	Fix CodeQL "Multiplication result converted to larger type"
	warnings.
	[a17db0b94018]

2021-12-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/SECURITY.md:
	Surround email addresses with angle brackets, not square backets.
	[b9514c0165f2]

2021-12-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/sr.mo, plugins/sudoers/po/sr.po, po/fa.mo,
	po/fa.po, po/fi.mo, po/fi.po, po/ja.mo, po/ja.po, po/sr.mo,
	po/sr.po, po/zh_CN.mo, po/zh_CN.po, po/zh_TW.mo, po/zh_TW.po:
	Updated translations from translationproject.org
	[b2815226875b]

	* plugins/sudoers/po/sudoers.pot, po/sudo.pot:
	Update .pot files for 1.9.9
	[e4e903808160]

2021-12-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* README.LDAP.md, docs/CONTRIBUTING.md, docs/TROUBLESHOOTING.md,
	docs/UPGRADE.md:
	Minor formatting tweaks.
	[eee91b1fc68c]

2021-12-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* INSTALL, INSTALL.md, MANIFEST, README, README.LDAP, README.LDAP.md,
	README.md, docs/CONTRIBUTING.md, docs/CONTRIBUTORS,
	docs/CONTRIBUTORS.md, docs/HISTORY, docs/HISTORY.md, docs/LICENSE,
	docs/LICENSE.md, docs/Makefile.in, docs/TROUBLESHOOTING,
	docs/TROUBLESHOOTING.md, docs/UPGRADE, docs/UPGRADE.md, etc/sudo-
	logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	Convert README and docs files to markdown. This makes things look
	better on GitHub and we can use the markdown version directly in the
	new sudo web site.
	[1cdcbce74a73]

2021-12-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/SECURITY.md:
	Policy -> Disclosure Policy
	[13f278869e03]

	* Merge pull request #124 from juspence/main

	Allow sudo -g anyone and sudo -u anyone -g anytwo
	[1a000f5aaba1]

2021-12-04  juspence  <87657842+juspence@users.noreply.github.com>

	* plugins/sudoers/sudoers.in:
	Allow sudo -g anyone and sudo -u anyone -g anytwo

	When only the user (ALL) is specified explicitly, and the group is
	implied, only sudo -u works. Specifying both the user and group,
	like (ALL:ALL), is required to:

	1) Use sudo -g by itself (with no -u user) 2) Use sudo -u and -g
	together, with a -g group that is different from the -u user's
	primary group
	[ca31aaa0b074]

2021-12-02  Todd C. Miller  <Todd.Miller@sudo.ws>

	* lib/util/Makefile.in:
	Add build dir to include search path for mksiglist.h and mksigname.h
	Fixes out of tree builds on systems without sys_siglist[] or
	sys_signame[]. GitHub issue #123.
	[fccd76813052]

2021-11-29  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, plugins/sudoers/cvtsudoers_merge.c,
	plugins/sudoers/regress/cvtsudoers/sudoers1,
	plugins/sudoers/regress/cvtsudoers/sudoers2,
	plugins/sudoers/regress/cvtsudoers/sudoers3:
	cvtsudoers: better merging of lists that are not exact duplicates
	When merging rules, if one list would be overridden by another,
	remove the overridden rule and continue merging.
	[19dc52bd9c6f]

2021-11-28  Todd C. Miller  <Todd.Miller@sudo.ws>

	* NEWS:
	Update NEWS with latest changes.
	[fafe74e0b20f]

2021-11-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/edit_open.c:
	dir_is_writable: don't treat EPERM from faccessat() as a fatal
	error. We can get EPERM on Linux with SELinux. GitHub issue #122.
	[25bbc56b2f6d]

2021-11-24  Todd C. Miller  <Todd.Miller@sudo.ws>

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: add -l option to log merge actions The "-l logfile"
	option can be used to store a log of what actions cvtsudoers took
	when merging multiple files. For example, which aliases were
	renamed, which entries were overriden or removed as duplicated.
	[fa96976882aa]

	* NEWS, configure, configure.ac:
	Sudo 1.9.9
	[dad415a982bc]

2021-11-21  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, docs/CONTRIBUTORS, po/fa.mo, po/fa.po:
	New Persian (Farsi) translation from translationproject.org
	[3665533a7219]

2021-11-20  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers_csv.c:
	Quiet a PVS Studio warning. The warning that need_comma is always
	false is correct but in this case it is better to use a consistent
	construct so that if the code is re-ordered no bugs are introduced.
	[5109a34444f5]

	* lib/util/getentropy.c:
	Pass correct size to free_zero(). Coverity CID 241233
	[2ba51f57deb5]

	* plugins/sudoers/alias.c, plugins/sudoers/cvtsudoers.c,
	plugins/sudoers/cvtsudoers_csv.c, plugins/sudoers/cvtsudoers_json.c,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/defaults.c,
	plugins/sudoers/fmtsudoers_cvt.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.y, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/parse_ldif.c:
	Add reference counting to Defaults bindings. Previously, we checked
	that the previous entry's binding pointer was not the same while
	freeing. However, to be able to merge Defaults records we cannot
	rely on Defaults entries with the same binding being immediately
	adjacent. This removes the prev_binding checks in favor of a
	reference count which allows us to plug the memory leak in
	cvtsudoers when merging Defaults.
	[0a789516622b]

2021-11-19  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, plugins/sudoers/Makefile.in, plugins/sudoers/alias.c,
	plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers.h,
	plugins/sudoers/cvtsudoers_merge.c, plugins/sudoers/parse.h:
	cvtsudoers: merge aliases when multiple sudoers files are specified
	Duplicate aliases are remove. If there are conflicting alias names,
	the conflicts are renamed by appending a numerical suffix. For
	example, if there are two SERVERS Host_Aliases, the second one will
	be renamed to SERVERS_1.
	[d9b602626b8c]

	* plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: merge Defaults when multiple sudoers files are specified
	If a hostname is specified with the sudoers file, it will be used to
	make the Defaults setting host-specific, if possible. Duplicate
	Defaults settings are removed and conflicts are warned about. It is
	not possible to resolve all conflicts automatically.
	[756b05304ccb]

	* plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: merge userspecs when multiple sudoers files are
	specified If a hostname is specified with the sudoers file, it will
	be used to make the userspec host-specific, if possible. Duplicate
	userspecs are removed but conflicting entries are not currently
	pruned.
	[643b533bb4f4]

	* docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in:
	Document how to merge sudoers files with cvtsudoers.
	[241c3786f5a8]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h,
	plugins/sudoers/regress/fuzz/fuzz_sudoers.c, plugins/sudoers/sssd.c:
	init_parse_tree() now takes ownership of lhost and shost, if any.
	This means that lhost and shost in struct sudoers_parse_tree are no
	longer const and that free_parse_tree() will free lhost/shost. The
	only consumer that passed in lho.st/shost was the SSSD back-end
	which has been updated to avoid a double-free.
	[650bb75666fb]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/cvtsudoers_merge.c:
	cvtsudoers: use init_parse_tree() to initialize a parse tree. Also
	free the parse tree before exit.
	[9d8f8bb88192]

	* MANIFEST, Makefile.in, etc/macos-background.png, etc/sudo-
	logsrvd.pp, etc/sudo-python.pp, etc/sudo.pp:
	Add a background image for the macOS installer.
	[39889307b278]

	* scripts/pp:
	Update PolyPkg
	[44b1d08be1b0]

2021-11-18  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/mkpkg:
	mkpkg: handle a macOS SDK that just uses the major version. For
	example, MacOSX11.sdk instead of MacOSX11.3.sdk.
	[ce41fc5aa672]

	* lib/util/Makefile.in:
	Add missing dependencies for timegm.
	[b20c4936504b]

2021-11-16  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers.c:
	Add support for specifying the hostname as a prefix to the sudoers
	file. If present, the host name is copied into the struct
	sudoers_parse_tree.
	[e87e11cccb6e]

2021-11-11  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/cvtsudoers.c:
	cvtsudoers: parse multiple sudoers files and store them in a tail
	queue In the future the parsed files will be merged before they are
	output.
	[89c77b3f4157]

	* plugins/sudoers/cvtsudoers.c, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.h:
	Add sudoers_parse_tree_list, a tail queue of struct
	sudoers_parse_tree. This will be used to store multiple parse trees
	and merge them into a single sudoers_parse_tree.
	[073ada18f18b]

	* docs/CONTRIBUTING.md:
	Fix formatting of links.
	[df50208b3f70]

	* MANIFEST, docs/CONTRIBUTING.md:
	Add contributing guide.
	[a99f3a0757f6]

	* .github/workflows/codeql-analysis.yml:
	Create codeql-analysis.yml
	[efab25dab29c]

2021-11-10  Todd C. Miller  <Todd.Miller@sudo.ws>

	* MANIFEST, docs/SECURITY.md:
	Add security doc, inspired by the Microsoft template.
	[0a8012f8ee35]

	* .gitignore, .hgignore, INSTALL, MANIFEST, Makefile.in, README,
	configure, configure.ac, doc/CONTRIBUTORS, doc/HISTORY, doc/LICENSE,
	doc/Makefile.in, doc/TROUBLESHOOTING, doc/UPGRADE,
	doc/cvtsudoers.man.in, doc/cvtsudoers.mdoc.in, doc/fixman.sh,
	doc/fixmdoc.sed, doc/schema.ActiveDirectory, doc/schema.OpenLDAP,
	doc/schema.iPlanet, doc/schema.olcSudo, doc/sudo.conf.man.in,
	doc/sudo.conf.man.in.sed, doc/sudo.conf.mdoc.in, doc/sudo.man.in,
	doc/sudo.man.in.sed, doc/sudo.mdoc.in, doc/sudo_logsrv.proto.man.in,
	doc/sudo_logsrv.proto.mdoc.in, doc/sudo_logsrvd.conf.man.in,
	doc/sudo_logsrvd.conf.mdoc.in, doc/sudo_logsrvd.man.in,
	doc/sudo_logsrvd.mdoc.in, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudo_plugin_python.man.in,
	doc/sudo_plugin_python.mdoc.in, doc/sudo_sendlog.man.in,
	doc/sudo_sendlog.mdoc.in, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.mdoc.in, doc/sudoers.man.in,
	doc/sudoers.man.in.sed, doc/sudoers.mdoc.in,
	doc/sudoers_timestamp.man.in, doc/sudoers_timestamp.mdoc.in,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.man.in,
	doc/visudo.mdoc.in, docs/CONTRIBUTORS, docs/HISTORY, docs/LICENSE,
	docs/Makefile.in, docs/TROUBLESHOOTING, docs/UPGRADE,
	docs/cvtsudoers.man.in, docs/cvtsudoers.mdoc.in, docs/fixman.sh,
	docs/fixmdoc.sed, docs/schema.ActiveDirectory, docs/schema.OpenLDAP,
	docs/schema.iPlanet, docs/schema.olcSudo, docs/sudo.conf.man.in,
	docs/sudo.conf.man.in.sed, docs/sudo.conf.mdoc.in, docs/sudo.man.in,
	docs/sudo.man.in.sed, docs/sudo.mdoc.in,
	docs/sudo_logsrv.proto.man.in, docs/sudo_logsrv.proto.mdoc.in,
	docs/sudo_logsrvd.conf.man.in, docs/sudo_logsrvd.conf.mdoc.in,
	docs/sudo_logsrvd.man.in, docs/sudo_logsrvd.mdoc.in,
	docs/sudo_plugin.man.in, docs/sudo_plugin.mdoc.in,
	docs/sudo_plugin_python.man.in, docs/sudo_plugin_python.mdoc.in,
	docs/sudo_sendlog.man.in, docs/sudo_sendlog.mdoc.in,
	docs/sudoers.ldap.man.in, docs/sudoers.ldap.mdoc.in,
	docs/sudoers.man.in, docs/sudoers.man.in.sed, docs/sudoers.mdoc.in,
	docs/sudoers_timestamp.man.in, docs/sudoers_timestamp.mdoc.in,
	docs/sudoreplay.man.in, docs/sudoreplay.mdoc.in, docs/visudo.man.in,
	docs/visudo.mdoc.in, etc/codespell.skip:
	Rename "doc" directory to "docs" for better GitHub compatibility.
	[1268c3ae0916]

	* lib/util/Makefile.in:
	Use $(SED), not sed, when generating mksiglist.h/mksigname.h
	[7a7b636a3f32]

	* configure, configure.ac, lib/iolog/Makefile.in,
	lib/util/Makefile.in, logsrvd/Makefile.in,
	plugins/sudoers/Makefile.in:
	Add configure check for sha1sum and use "openssh dgst -sha1" if
	missing. Only needed when building the seed corpus zip files.
	[3c74ceba0446]

	* include/sudo_compat.h:
	sudo_compat.h: include unistd.h regardless of OS type This helps to
	avoid issues with mismatched headers and libraries.
	[4a22435a2832]

2021-11-09  Todd C. Miller  <Todd.Miller@sudo.ws>

	* plugins/sudoers/visudo.c:
	install_sudoers: fix return value when there is no temp file to
	install This can happen when no changes were made. Also preserve the
	edited temp file on error if we are unable to move it into place.
	[01c1052ac874]

	* plugins/python/regress/testdata/check_multiple_approval_plugin_and_a
	rguments.stdout:
	Bump plugin version in test data to 1.18.
	[138b9f6a6143]

	* plugins/sudoers/defaults.c:
	free_defs_val: free rlimits like strings (which they are).
	[ade32de829cb]

	* plugins/sudoers/visudo.c:
	Rename {check,set}_perms variable to {check,set}_mode. Avoids a name
	clash with the set_perms() function.
	[a2dfa0d36690]

	* src/edit_open.c:
	Avoid symbol name clash with is_writable() function variable. Rename
	"is_writable" variable to "writable".
	[a52bd106933b]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document new resource limit settings.
	[022e51bff860]

	* doc/UPGRADE:
	Mention that the core dump size resource limit now defaults to 0.
	[22997e8008c9]

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	include/sudo_plugin.h, src/exec.c:
	Document resource limit support in command_info[] and Bump plugin
	API minor. This is supported beginning with sudo 1.9.9 and plugin
	API 1.17.
	[2004a71a11b3]

2021-11-08  Todd C. Miller  <Todd.Miller@sudo.ws>

	* config.h.in, configure, configure.ac, plugins/sudoers/defaults.c,
	src/limits.c:
	Use strtoul() on systems without strtoull(). We can assume that
	systems without strtoull() have 32-bit resource limits.
	[59c1be5a0387]

	* src/exec.c, src/limits.c, src/sudo.c, src/sudo.h:
	Add front-end support for setting resouce limits. The special value
	"user" means preserve the invoking user's limit. The value "default"
	means don't override the default limit for the user as assigned by
	the system (PAM, loging.conf, userdb, etc).
	[7ad6961d5d72]

	* plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/defaults.c,
	plugins/sudoers/defaults.h, plugins/sudoers/mkdefaults,
	plugins/sudoers/policy.c:
	Add basic support for setting resource limits in sudoers. The
	default for rlimit_core is "0,0" Resource limits are passed back to
	the front-end in command_info[] when set.
	[298d5e228635]

	* src/edit_open.c:
	switch_user_nonfatal: only define if using faccessat()
	[1a6b2c0240f5]

2021-11-06  Todd C. Miller  <Todd.Miller@sudo.ws>

	* doc/visudo.man.in, doc/visudo.mdoc.in, plugins/sudoers/visudo.c:
	visudo: add -O and -P options to check/set owner and permissions.
	This can be used in conjunction with the -c option to check that the
	sudoers file ownership and permissions are correct. Bug #1007
	[1f20721148b0]

2021-11-05  Todd C. Miller  <Todd.Miller@sudo.ws>

	* doc/UPGRADE:
	UPGRADE: mention SELinux behavior change.
	[0b8cef633225]

	* src/selinux.c, src/sudo.h, src/sudo_edit.c:
	Rename selinux_setcon -> selinux_setexeccon
	[50bde2e4d922]

	* src/selinux.c:
	In the SELinux role is "unconfined_r", disable SELinux support. We
	only want to apply SELinux to confined users. This is a bit of a
	hack as unconfined_r is specific to the targeted policy.
	[aaa8ee97f31e]

	* src/exec_monitor.c, src/exec_nopty.c, src/selinux.c, src/sudo.c,
	src/sudo.h, src/sudo_edit.c:
	Separate out the code to compute the context from selinux_setup().
	This makes it possible to determine whether we really need to
	execute the command via the sesh helper. What was left of
	selinux_setup() is now selinux_relabel_tty() and
	selinux_audit_role_change().
	[687a81e59fdd]

	* plugins/sudoers/policy.c, src/selinux.c, src/sudo.c:
	Pass status of selinux sudoers setting to front-end as selinux-rbac.
	The front-end uses this to decide whether or not to enable SELinux.
	If selinux-rbac is true _or_ if it is not present and selinux_role
	or selinux_type are set, SELinux support is enabled. Previously,
	SELinux support was only enabled if a role was specified.
	[2f21ae08ebbd]

	* src/edit_open.c:
	dir_is_writable: add fallback if changing UIDs fails The SELinux
	policy may not allow uid/gid changes which will break the
	writability checks and cause sudoedit to fail.
	[5c5928a0c314]

2021-11-04  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/mkpkg:
	Build python package on Fedora
	[7261434fc60c]

2021-11-01  Todd C. Miller  <Todd.Miller@sudo.ws>

	* src/selinux.c:
	Make get_exec_context static, it is unused outside selinux.c.
	[be59f91e53dd]

	* doc/sudo.conf.mdoc.in:
	Fix lint warning: skipping paragraph macro: Pp before Bd
	[f84297a652d8]

2021-10-31  Todd C. Miller  <Todd.Miller@sudo.ws>

	* doc/sudo_plugin.man.in, doc/sudo_plugin.mdoc.in,
	doc/sudo_plugin_python.man.in, doc/sudo_plugin_python.mdoc.in:
	Escape some minus signs ('-') as required by newer groff.
	[4a1a2d6d5c19]

	* MANIFEST, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/util/timegm.c,
	plugins/sudoers/Makefile.in, plugins/sudoers/gentime.c,
	plugins/sudoers/gmtoff.c, plugins/sudoers/parse.h, scripts/mkdep.pl:
	parse_gentime: use timegm() to generate time since the epoch The
	timegm() function is non-standard but widely available. Provide an
	implementation for those systems that lack it. Bug #1006
	[3ca20dfdb44c]

	* include/sudo_compat.h, lib/util/Makefile.in, scripts/mkdep.pl:
	Fix pasto in gmtime_r and localtime_r macros. Also add missing
	Makefile targets for them.
	[2310e188fdd4]

	* plugins/sudoers/gmtoff.c:
	Take daylight saving time into consideration when computing offset.
	Otherwise, the resulting time may be off by and hour, depending on
	whether DST is currently active compared to the target time.
	[20c60fe8e8fc]

2021-10-29  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/mkpkg:
	Back out f2d82771e7dd, arm64e on macOS is still in preview state.
	Until arm64e on macOS is finalized, continue to build arm64
	packages.
	[6c3bbd6ffc3a]

2021-10-27  Todd C. Miller  <Todd.Miller@sudo.ws>

	* scripts/mkpkg:
	Build arm64e ABI binaries on macOS 11 and above. We originally used
	arm64 here but the correct ABI is arm64e. The arm64 arch will be
	removed in a future release.
	[f2d82771e7dd]

	* logsrvd/logsrvd_local.c:
	Use iolog_openat() when opening the log.json file in the I/O log
	dir.
	[9041b20b8d01]

2021-10-26  Todd C. Miller  <Todd.Miller@sudo.ws>

	* logsrvd/tls_init.c:
	Use BIO_new_file() not BIO_new_fd() to read dhparams file. Older
	versions of OpenSSL and wolfSSL lack BIO_new_fd(). Also explicitly
	include openssl/bio.h and openssl/dh.h for wolfSSL.
	[8338f58d5ba0]

	* INSTALL, config.h.in, configure, configure.ac:
	wolfSSL not WolfSSL
	[4ee7f96ef87c]

	* .circleci/config.yml:
	Add wolfSSL variant to continuous integration tests.
	[dbbab23e069c]

	* docker/debian/latest/Dockerfile, docker/debian/testing/Dockerfile,
	docker/ubuntu/devel/Dockerfile, docker/ubuntu/latest/Dockerfile,
	docker/ubuntu/rolling/Dockerfile:
	Add libwolfssl-dev to Debian and Ubuntu Dockerfiles Fedora does not
	appear to have an official wolfssl package.
	[12c0feaa0ebb]

	* doc/sudoers.man.in, doc/sudoers.mdoc.in:
	White space in an include file path supported by sudo 1.9.1 or
	higher.
	[9a22034de181]

2021-10-25  Todd C. Miller  <Todd.Miller@sudo.ws>

	* INSTALL, config.h.in, configure, configure.ac,
	include/sudo_compat.h, lib/iolog/hostcheck.c,
	lib/util/digest_openssl.c, lib/util/getentropy.c, logsrvd/logsrvd.c,
	logsrvd/logsrvd.h, logsrvd/logsrvd_relay.c, logsrvd/sendlog.c,
	logsrvd/sendlog.h, logsrvd/tls_client.c, logsrvd/tls_common.h,
	logsrvd/tls_init.c, plugins/sudoers/log_client.c,
	plugins/sudoers/log_client.h:
	Add support for WolfSSL's OpenSSL compatibility layer. Based on
	changes from Hayden Roche
	[568557ecb77b]

	* lib/util/Makefile.in, plugins/sudoers/Makefile.in:
	regenerate dependencies
	[d36bf7724e49]

	* logsrvd/iolog_writer.c, logsrvd/logsrvd.c, logsrvd/logsrvd.h,
	logsrvd/logsrvd_conf.c, logsrvd/logsrvd_journal.c,
	logsrvd/logsrvd_local.c, logsrvd/logsrvd_queue.c,
	logsrvd/logsrvd_relay.c, logsrvd/regress/fuzz/fuzz_logsrvd_conf.c,
	logsrvd/sendlog.c, logsrvd/sendlog.h:
	Move include of log_server.pb-c.h into logsrvd.h and sendlog.h This
	way there is no include file order issue with the
	PROTOBUF_C_VERSION_NUMBER check.
	[23678487ffaf]
