2013-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS, configure, configure.in:
	Update for sudo 1.8.6p8
	[1d2d78415eed]

	* plugins/sudoers/auth/passwd.c, plugins/sudoers/auth/secureware.c:
	Check for crypt() returning NULL. Traditionally, crypt() never
	returned NULL but newer versions of eglibc have a crypt() that does.
	Bug #598
	[887b9df243df]

2013-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/ttyname.c:
	AIX may have a 64-bit pr_ttydev that we need to convert to 32-bit
	before we try to match it against st_rdev.
	[5dab449fb962]

	* src/ttyname.c:
	Break out of the loop if sudo_ttyname_scan() returns non-NULL. Fixes
	a problem finding the tty name when it is not in /dev/pts.
	[6c205d087fa0]

2013-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/check.c:
	Completely ignore time stamp file if it is set to the epoch,
	regardless of what gettimeofday() returns.
	[ebd6cc75020f]

	* plugins/sudoers/check.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h:
	Store the session ID in the tty ticket file too. A tty may only be
	in one session at a time so if the session ID doesn't match we
	ignore the ticket.
	[049a12a5cc14]

	* configure, configure.in:
	Sudo 1.8.6p7
	[3334bc872111]

	* NEWS:
	Update for Sudo 1.8.6p7
	[3b853ddc529c]

2013-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Add Sudo 1.8.6p7
	[77480be0f378]

2013-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Clarify ttyname changes.
	[9963ed81732d]

	* NEWS:
	Add 1.8.6p6
	[162ea7fae117]

	* src/ttyname.c:
	Remove ttyname() fall back code on systems where we can query the
	kernel for the tty device via /proc or sysctl(). If there is no
	controlling tty, it is better to just treat the tty as unknown
	rather than to blindly use what is hooked up to std{in,out,err}.
	[2f3225a2a4a4]

2013-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/iolog.c:
	Add __dso_public to extern declaration of declaration to match
	actual definition.
	[e16ecb5c6677]

	* configure, configure.in:
	Sudo 1.8.6p5
	[8d7c8bd159c5]

	* NEWS:
	Add 1.8.6p5
	[1cb9b7c4f626]

2013-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/visudo.c:
	Fix potential stack overflow due to infinite recursion in alias
	cycle detection. From Daniel Kopecek.
	[77f2228877bc]

2013-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>

	* compat/getgrouplist.c, config.h.in, configure, configure.in:
	Use _getgroupsbymember() on Solaris to get the groups list. Fixes
	performance problems with the getgroupslist() compat on Solaris
	systems with network-based group databases.
	[6ab76bea5ea4]

2013-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/sudo.c:
	Add missing call to save_signals().
	[708b8db3b30e]

2013-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.in:
	Use -fstack-protector-all in preference to -fstack-protector where
	supported.
	[52ac4eadf5c9]

2013-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.in:
	Only test for -fstack-protector and -fvisibility=hidden on GNU
	compatible compilers.
	[5f31c5b4edc9]

2013-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Add Sudo 1.8.6p4
	[88358d481baa]

	* configure, configure.in:
	Sudo 1.8.6p4
	[e8032237c4b1]

	* common/Makefile.in, compat/Makefile.in, configure, configure.in,
	plugins/sample/Makefile.in, plugins/sample_group/Makefile.in,
	plugins/sudoers/Makefile.in, plugins/system_group/Makefile.in,
	src/Makefile.in:
	Break out stack smashing protector options into SSP_CFLAGS and
	SSP_LDFLAGS so we can use it everywhere (unlike LT_LDFLAGS).
	[9c3662776afa]

2013-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/CONTRIBUTORS, plugins/sudoers/redblack.c:
	In rbrepair(), make sure we never try to change the color of the
	sentinel node, which is the first entry, not the root. From Michael
	King
	[24ebb817e1ee]

2012-12-27  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.in:
	Disable PIE on FreeBSD/ia64, otherwise sudo will segfault.
	[ce07ef64d410]

2012-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/visudo.c:
	Avoid NULL deref for unknown Defaults in strict mode.
	[4c2d9717d91e]

2012-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/audit.c, plugins/sudoers/logging.c,
	plugins/sudoers/logging.h, plugins/sudoers/sudoers.c:
	Do not inform the user that the command was not permitted by the
	policy if they do not successfully authenticate. This is a
	regression introduced in sudo 1.8.6.
	[e5c1e760954e]

	* src/parse_args.c:
	The -a option should be #ifdef HAVE_BSD_AUTH_H, not -A.
	[4e112e7da105]

2012-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/CONTRIBUTORS, plugins/sudoers/sudo_nss.c:
	Allow sudo to be build with sss support without also including ldap
	support. From Stephane Graber.
	[7e0bd9191589]

2012-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/exec_pty.c:
	Fix running commands that need the terminal in the background when
	I/O logging is enabled. E.g. "sudo vi &". When the command is
	foregrounded, it will now resume properly.
	[c30ec73a5da8]

2012-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/Makefile.in:
	Fold preinstall into install-plugin and pass the path to the plugin
	binary to the preinstall command.
	[994f8f58495e]

2012-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/Makefile.in:
	Add preinstall target that runs SUDO_PREINSTALL_CMD. Used to fixup
	the rpath in HP-UX SOM shared libraries for the LDAP libs.
	[685796ea58fe]

	* NEWS, configure, configure.in:
	sudo 1.8.6p3
	[97fef3d9ed65]

2012-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/fixman.sh:
	Don't use embedded newline when matching, use \n. This got expanded
	at some point. Bug #573
	[6652f834b8f5]

	* plugins/sudoers/sudoreplay.c:
	Fall back on lstat(2) if d_type in struct dirent is DT_UNKNOWN. Not
	all file systems support d_type. Bug #572
	[8b861c62945f]

	* plugins/sudoers/sudoreplay.c:
	Avoid calling fclose(NULL) in the error path when we cannot open an
	I/O log file.
	[9401d5c4bb05]

2012-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS, configure, configure.in:
	Sudo 1.8.6p2
	[6e32496280f2]

	* src/exec.c:
	When setting the signal handler for SIGTSTP to the default value in
	non-I/O log mode, store the old handler value for when we restore it
	after resume.
	[242628694e42]

2012-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Mention support for SUCCESS=return in /etc/nsswitch.conf
	[ef1f35aa0863]

	* NEWS, configure, configure.in:
	sudo 1.8.6p1
	[73a5e1f004b3]

2012-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/env.c:
	Avoid setting LOGNAME, USER and USERNAME variables twice when
	set_logname is enabled.
	[0de4f5fbd1d4]

	* plugins/sudoers/env.c:
	Fix duplicate detection in sudo_putenv(), do not prune out the
	variable we just set when overwriting an existing instance. Fixes
	bug #570
	[854ee714c831]

	* plugins/sudoers/env.c:
	Add some debuggging
	[a25cd3305823]

2012-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/sudo_nss.c:
	Disable word wrap in list mode when stdout is a pipe to make "sudo
	-l | grep ..." more useful. Adapted from a diff by Daniel Kopecek.
	[65ade04511fd]

	* common/lbuf.c:
	Print a trailing newline in lbuf_print() when there is not enough
	space to do word wrapping and the lbuf does not end with a newline.
	[c0200e19cd09]

	* plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
	Add support for [SUCCESS=return] in nsswitch.conf; from Daniel
	Kopecek
	[5c480316e3ce]

	* MANIFEST:
	Add sssd.c
	[9cadd014ef97]

2012-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/po/da.mo, plugins/sudoers/po/fi.mo,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/sl.mo,
	plugins/sudoers/po/uk.mo, src/po/fi.mo, src/po/hr.mo, src/po/it.mo,
	src/po/ru.mo, src/po/sl.mo, src/po/uk.mo, src/po/vi.mo:
	regen .po files
	[62423d4d143d]

	* MANIFEST, plugins/sudoers/po/vi.mo:
	Add Vietnamese sudoers translation from translationproject.org
	[33666a605525]

	* NEWS:
	mention PIE
	[05032e5304c6]

	* MANIFEST, plugins/sudoers/po/vi.po:
	Add Vietnamese sudoers translation from translationproject.org
	[015c2204bae2]

2012-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>

	* Makefile.in, compat/Makefile.in, mkdep.pl:
	Add missing signame dependency
	[e493bfb01929]

	* src/exec.c, src/ttyname.c:
	Silence compiler warnings.
	[1c5374b66d9b]

	* MANIFEST, compat/Makefile.in, compat/sig2str.c, compat/strsigname.c,
	config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
	src/exec.c, src/exec_pty.c:
	Replace strsigname() with sig2str(), emulating it as needed.
	[1e348cca1fa6]

	* config.h.in, configure, configure.in, src/utmp.c:
	Use fseeko() for legacy utmp handling if available.
	[b4bbd8d2c0e9]

2012-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>

	* compat/strsigname.c, config.h.in, configure, configure.in:
	Detect sys_sigabbrev[] and use it in place of sys_signame[] if
	present. For some reason glibc does not declare sys_sigabbrev so we
	must add an extern definition of our own.
	[b38f3fbd7078]

	* compat/strsignal.c, compat/strsigname.c:
	Handle NULL entries in sys_siglist and sys_signame.
	[a388959d9654]

	* compat/mksiglist.c, compat/mksiglist.h, compat/mksigname.c,
	compat/mksigname.h, compat/strsignal.c, compat/strsigname.c:
	Convert my_sys_sig{list,name} -> sudo_sys_sig{list,name}
	[711e41aba59a]

2012-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	sync
	[5a2522488754]

	* src/exec.c:
	Pass on SIGTSTP to the command if it was sent by a user process (not
	the kernel or the terminal) when we are not I/O logging and set the
	default SIGTSTP handler when we re-send the signal to ourself,
	restoring our handler after we resume.
	[4259c47e31c0]

	* src/exec.c:
	Shells typically change their process group when they start up so
	that they can implement job control. Most well-behaved shells
	change the pgrp back to its original value before suspending so we
	must not try to restore in that case, lest we race with the child
	upon resume, potentially stopping sudo with SIGTTOU while the
	command continues to run. Some shells, such as pdksh, just suspend
	the shell by sending SIGSTOP to themselves without restoring the
	pgrp. In this case we need to change the pgrp back for them. Should
	fix bug #568
	[6ac6751ffd17]

2012-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>

	* MANIFEST, compat/Makefile.in, compat/mksigname.c,
	compat/mksigname.h, compat/strsignal.c, compat/strsigname.c,
	config.h.in, configure, configure.in, include/missing.h, mkdep.pl,
	src/exec.c, src/exec_pty.c:
	Use strsigname() to print signal names in the debug output. If the
	system has no strsigname(), use our own.
	[0735f18906b9]

2012-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/regress/testsudoers/test5.inc,
	plugins/sudoers/regress/testsudoers/test5.sh:
	Remove generated file and change path for temporary include file.
	[4e9fa830c6b5]

	* plugins/sudoers/Makefile.in:
	When running regress tests, list pass/fail rate for each dir
	(testsudoers and visudo) instead of the total. Also prevent the
	result files from clobbering each other by keeping them in the
	relevant directories.
	[6aac53baff7d]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Don't print an error message in yyerror() if open_sudoers() fails,
	we've already printed an error message. Also restore the check for
	sudoers_warnings in yyerror().
	[aa6036df5fb2]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/toke.c, plugins/sudoers/toke.h,
	plugins/sudoers/toke.l:
	Avoid printing the >>> parse error <<< message for testsudoers when
	the -t flag is specified.
	[76f3433c8992]

2012-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/parse.c:
	Fix NULL deref when an entry has no Runas_Entry
	[4b14983ff6e7]

	* plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	src/po/ja.mo, src/po/ja.po, src/po/pl.mo, src/po/pl.po,
	src/po/zh_CN.mo, src/po/zh_CN.po:
	sync with translationproject.org
	[440e9c9b37de]

	* NEWS:
	sync
	[3142ba2dce60]

	* plugins/sudoers/check.c:
	Correct the check_user() comment header.
	[73da30308fff]

	* plugins/sudoers/auth/sudo_auth.c:
	Change a log_fatal() into log_error() when no auth methods are
	configured. The caller already checks the return value.
	[05f5c39793a7]

	* plugins/sudoers/logging.c:
	Add missing debug_return
	[3a76bb7c2fe7]

2012-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Make the capitalization consistent for .Ss and .Sx
	[5c5735ee4b2f]

	* doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh, doc/sudo.cat,
	doc/sudo.man.in, doc/sudo.mdoc.in:
	Add COMMAND EXECUTION section that describes how sudo runs the
	command, the extra sudo processes and signal handling.
	[dff2d88e984e]

2012-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>

	* Makefile.in:
	Happy Easter
	[4b9d697c6b83]

2012-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>

	* compat/Makefile.in:
	Don't echo the awk command when building siglist.in
	[21daa72921e6]

	* doc/fixman.sh, doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Cosmetic changes.
	[19259528e9ad]

	* doc/Makefile.in:
	The HISTORY, LICENSE and CONTRIBUTORS files are not longer
	generated.
	[ea6ac9e981e6]

	* MANIFEST, plugins/sudoers/po/da.po, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/hr.po, plugins/sudoers/po/it.mo,
	plugins/sudoers/po/it.po, plugins/sudoers/po/sl.po,
	plugins/sudoers/po/uk.po, src/po/de.mo, src/po/de.po, src/po/fi.po,
	src/po/hr.po, src/po/it.po, src/po/ru.po, src/po/sl.po,
	src/po/uk.po, src/po/vi.po:
	Sync with translationproject.org and add Italian sudoers
	translation.
	[9276740aea59]

2012-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Expand description of fqdn to talk about systems where the hosts
	file is searched before DNS.
	[4ee812ca6116]

2012-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/Makefile.in:
	For cat pages there is nothing to make unless DEVEL is set.
	[fab4a5b68708]

	* configure, configure.in, doc/Makefile.in:
	Always use mandoc to format cat pages and remove now-extraneous
	nroff configure tests.
	[5747f4ed5762]

	* pp:
	sync polypkg from git
	[89ddf6ea3e3f]

	* plugins/sudoers/sudoers.c:
	Use AI_FQDN instead of AI_CANONNAME if available since "canonical"
	is not always the same as "fully qualified".
	[7c1d9c098386]

2012-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.mdoc.in:
	Fix some typos. Describe error messages not related to policy
	permissions.
	[f5ebf9030d85]

	* plugins/sudoers/defaults.c, plugins/sudoers/defaults.h,
	plugins/sudoers/visudo.c:
	Add new check_defaults() function to check (but not update) the
	Defaults entries. Visudo can now use this instead of
	update_defaults to check all the defaults regardless instead of just
	the global Defaults entries.
	[3fa879ce1b65]

2012-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Document sudoers log format.
	[08998a7061ab]

	* NEWS:
	Update for sudo 1.8.5p3
	[6e102a5d4e8d]

	* src/load_plugins.c:
	Add missing check for I/O plugin API version when checking for the
	presence of I/O plugin hooks.
	[ef05c7eeaf81]

	* src/hooks.c:
	Can't call debug code in the process_hooks_xxx functions() since
	ctime() may look up the timezone via the TZ environment variable.
	[2179fb26bd8e]

2012-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/exec_common.c, src/sesh.c, src/utmp.c:
	Include signal.h before sudo_exec.h since it uses sigset_t * in the
	fork_pty prototype.
	[94fc0d859600]

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in, doc/sudoreplay.cat,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
	doc/visudo.man.in, doc/visudo.mdoc.in:
	Remove OPTIONS section; options now go inside DESCRIPTION
	[a619fc58a746]

	* plugins/sudoers/po/sudoers.pot, src/po/sudo.pot:
	regen
	[44719d80bc06]

	* MANIFEST, NEWS, plugins/sudoers/po/da.mo, plugins/sudoers/po/da.po,
	plugins/sudoers/po/eo.mo, plugins/sudoers/po/eo.po,
	plugins/sudoers/po/fi.mo, plugins/sudoers/po/fi.po,
	plugins/sudoers/po/hr.mo, plugins/sudoers/po/hr.po,
	plugins/sudoers/po/ja.mo, plugins/sudoers/po/ja.po,
	plugins/sudoers/po/pl.mo, plugins/sudoers/po/pl.po,
	plugins/sudoers/po/sl.mo, plugins/sudoers/po/sl.po,
	plugins/sudoers/po/uk.mo, plugins/sudoers/po/uk.po,
	plugins/sudoers/po/zh_CN.mo, plugins/sudoers/po/zh_CN.po,
	src/po/da.mo, src/po/da.po, src/po/hr.mo, src/po/hr.po,
	src/po/sl.mo, src/po/sl.po, src/po/vi.mo, src/po/vi.po:
	Sync with translationproject.org and add new Slovenian translation.
	[34b4b966bbac]

	* common/alloc.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
	plugins/sudoers/linux_audit.c, plugins/sudoers/sudoers.c,
	plugins/sudoers/testsudoers.c:
	Reduce the number of "internal error, foo overflow" messages that
	need to be translated.
	[93ffa2b3d53f]

	* NEWS:
	Mention HP-UX reboot fix.
	[1e39b5aa32ac]

	* INSTALL, NEWS, common/sudo_debug.c, configure, configure.in,
	doc/CONTRIBUTORS, include/sudo_debug.h, mkdep.pl, pathnames.h.in,
	plugins/sudoers/Makefile.in, plugins/sudoers/sssd.c,
	plugins/sudoers/sudo_nss.c, plugins/sudoers/sudoers.c:
	Support for using SSSD (http://fedorahosted.org/sssd/) as a sudoers
	data source. From Daniel Kopecek and Pavel Brezina.
	[3f85e95d6928]

2012-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>

	* common/sudo_conf.c, src/load_plugins.c:
	If sudo.conf contains an I/O plugin but no policy plugin, use
	sudoers for the policy plugin. If a policy plugin is specified
	without an I/O plugin, only the policy plugin will be loaded.
	[ea192df2439d]

	* doc/Makefile.in, doc/sudoers.man.in:
	Do not modify the .Os section when building the .man.in file from
	.mdoc.in.
	[a9f9628e147f]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Add a note about wildcards matching multiple words and include an
	example. Also mention that for sudoedit, a wildcard in command line
	args does not match a slash.
	[fcb9fbac14e0]

2012-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/exec_pty.c, src/sudo_exec.h:
	Fix a comment, update a variable name in a prototype; all cosmetic.
	[e89f10cbd6e1]

	* plugins/sudoers/iolog.c:
	Cast 2nd argument of lseek() to off_t if it is a constant for
	systems with 64-bit off_t but without a proper lseek() prototype.
	[d8779da135d0]

	* compat/getline.c, plugins/sudoers/check.c, plugins/sudoers/env.c,
	plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/visudo.c:
	Fix some warnings from clang checker-267
	[1e44ef7860b5]

	* plugins/sample/sample_plugin.c:
	Fix memory leak found by clang checker-267
	[f8a43617fdfb]

2012-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/exec.c, src/exec_pty.c, src/sudo.h, src/sudo_exec.h:
	If we receive a signal from the command we executed, do not forward
	it back to the command. This fixes a problem with BSD-derived
	versions of the reboot command which send SIGTERM to all other
	processes, including the sudo process. Sudo would then deliver
	SIGTERM to reboot which would die before calling the reboot() system
	call, effectively leaving the system in single user mode.
	[4ffab9ab9e98]

2012-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/fixman.sh, doc/fixmdoc.sh:
	Remove section about Solaris 10 on other systems. Add missing
	sudoers.man.in bit to fixman.sh.
	[176559199ba7]

2012-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in:
	Expand section on Solaris privileges.
	[3a1bfa2f1743]

	* NEWS:
	Expand a bit on the Solaris priv set changes.
	[bffb78b4a520]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/visudo.c:
	The second argument to init_parser() is now bool.
	[fb727a4fb651]

	* plugins/sudoers/gram.c, plugins/sudoers/gram.y:
	Fix printing of parse error message to stderr.
	[dea6b420b84f]

	* plugins/sudoers/check.c, plugins/sudoers/defaults.c,
	plugins/sudoers/match.c, plugins/sudoers/parse.c,
	plugins/sudoers/parse.h, plugins/sudoers/sudoers.c,
	plugins/sudoers/sudoers.h, plugins/sudoers/testsudoers.c:
	If a command matches using an empty Runas_List (i.e. Runas_List is
	present but empty) and the -u option was not specified, set runas_pw
	to user_pw instead of using runas_default. This is intended to be
	used in conjunction with the Solaris Privilege Set support for rules
	that grant privileges without changing the user.
	[e84a081f3c11]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.mdoc.in,
	plugins/sudoers/gram.c, plugins/sudoers/gram.h,
	plugins/sudoers/gram.y, plugins/sudoers/match.c,
	plugins/sudoers/parse.c, plugins/sudoers/sudoers_version.h:
	Add support for parsing an empty Runas_List, which only allows the
	command to be run as the invoking user. This can be used in
	conjunction with the Solaris Privilege Set support to grant
	privileges without changing the user.
	[dc34373792fc]

2012-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/fixman.sh:
	Fix HP-UX, just use ".TH name section" like the vendor manuals.
	[559738237c92]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix compilation on Solaris
	[2d310302207c]

	* .hgignore, MANIFEST, doc/Makefile.in, doc/fixman.sh, doc/fixmdoc.sh,
	doc/sudo.man.sh, doc/sudo.mdoc.sh, doc/sudoers.man.sh,
	doc/sudoers.mdoc.sh:
	Generate a sed script file when munging *.mdoc or *.man instead of
	passing sed expressions on the command line. Older seds do not
	support \n in a replacement so generate and run a sed script
	instead.
	[0bcce3f1ca18]

	* doc/Makefile.in, doc/sudo.man.in, doc/sudo_plugin.man.in,
	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.man.in,
	doc/visudo.man.in:
	Use "Sudo VERSION" as the 4th arg to .TH instead of just "VERSION"
	[fe0f10b63776]

2012-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>

	* src/exec.c:
	When checking whether a signal is user-generated, compare si_code
	against SI_USER instead of <= 0 since on HP-UX, terminal-related
	signals get a code of 0.
	[4e9021243343]

	* src/sudo.c:
	SuSE Enterprise Linux uses RLIMIT_NPROC and _SC_CHILD_MAX
	interchangably. This causes problems when setting RLIMIT_NPROC to
	RLIM_INFINITY due to a bug in bash where bash tries to honor the
	value of _SC_CHILD_MAX but treats a value of -1 as an error, and
	uses a default value of 32 instead.

	Previously, we just checked RLIMIT_NPROC and, if it was unlimited,
	restored the previous value of RLIMIT_NPROC. However, that makes it
	impossible to set nproc to unlimited. We now only restore the nproc
	resource limit if sysconf(_SC_CHILD_MAX) is negative. In most
	cases, pam_limits will set RLIMIT_NPROC for us.
	[cb71cc8d0b08]

2012-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/ldap.c:
	Active Directory apparently requires that tenths of a second be
	present in a date so append .0 to the "now" value in the time
	filter. Also remove space for the global AND from TIMEFILTER_LENGTH
	since it was not being used consistently. Buffers of
	TIMEFILTER_LENGTH now need to account for the terminating NUL byte.
	[d28619ff6e45]

	* plugins/sudoers/toke.c, plugins/sudoers/toke.l:
	Fix SELinux build
	[cc0d1f4e851b]

2012-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>

	* MANIFEST:
	Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
	were not being kept in sync.
	[fc3ad1847cb1]

	* doc/HISTORY, doc/Makefile.in, doc/contributors.pod, doc/history.pod,
	doc/license.pod:
	Remove pod versinons of HISTORY, CONTRIBUTORS and LICENSE as they
	were not being kept in sync.
	[950363dffe3a]

2012-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/logging.c:
	Fix printing of the permission denied message to standard error when
	a user is not allowed to run a command. This got broken by the
	recent logging changes.
	[b7af63da3ca1]

	* plugins/sudoers/sudoers_version.h:
	Bump grammar version for Solaris privs.
	[2a2baf024477]

	* doc/schema.ActiveDirectory:
	Fix errors introduced when sudoNotBefore, sudoNotAfter and sudoOrder
	were added. From David Hicks.
	[3fc432a8edb4]

2012-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/Makefile.in:
	Remove lex.yy.c when building toke.c
	[72bb9e62b289]

	* doc/Makefile.in:
	Fix building docs in a build dir.
	[7a6f435af022]

	* doc/sudo.man.pl, doc/sudo.pod, doc/sudo_plugin.pod,
	doc/sudoers.ldap.pod, doc/sudoers.man.pl, doc/sudoers.pod,
	doc/sudoreplay.pod, doc/visudo.pod:
	Remove pod versions of the manual; we now use mdoc.
	[5c967d2dd5db]

	* MANIFEST, doc/Makefile.in, doc/sudo.man.sh, doc/sudo.mdoc.sh,
	doc/sudoers.man.sh, doc/sudoers.mdoc.sh:
	Add post-processing scripts to strip out login class, BSD auth,
	SELinux and privilege set bits when they are not supported.
	[d0d51f72f597]

	* NEWS, configure.in, doc/CONTRIBUTORS, doc/Makefile.in,
	doc/contributors.pod, doc/sudoers.cat, doc/sudoers.man.in,
	doc/sudoers.man.pl, doc/sudoers.mdoc.in, doc/sudoers.pod,
	plugins/sudoers/def_data.c, plugins/sudoers/def_data.h,
	plugins/sudoers/def_data.in, plugins/sudoers/gram.c,
	plugins/sudoers/gram.h, plugins/sudoers/gram.y,
	plugins/sudoers/parse.c, plugins/sudoers/parse.h,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h,
	plugins/sudoers/testsudoers.c, plugins/sudoers/toke.c,
	plugins/sudoers/toke.l, src/sudo.c, src/sudo.h:
	Merge in Solaris privilege support by Darren Moffat and John
	Zolnowsky
	[3aa0a64f2f5c]

2012-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/contributors.pod:
	Sync with CONTRIBUTORS file
	[9a0852306ad9]

	* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
	doc/sudoers.man.in, doc/sudoreplay.man.in:
	Regen .man.in files with my private mandoc.
	[dc3c9fc449eb]

	* doc/Makefile.in:
	add MANDOC variable
	[35527e66afc5]

2012-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.man.in, doc/sudo_plugin.man.in, doc/sudoers.ldap.man.in,
	doc/sudoers.man.in, doc/sudoreplay.man.in, doc/visudo.man.in:
	Regen .man.in files with hacked mandoc to avoid issues with historic
	nroff.
	[d45cfa7d665f]

2012-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.mdoc.in, doc/sudoers.mdoc.in:
	Fix groff warnings.
	[111d522ca807]

	* doc/Makefile.in:
	Fix dependencies for .man.in files.
	[aefeffe1af2b]

	* .hgignore:
	Add doc/*.mdoc to ignore file
	[1e4de6ef2ad8]

	* INSTALL, MANIFEST, NEWS, configure, configure.in, doc/Makefile.in,
	doc/sudo.cat, doc/sudo.man.in, doc/sudo.mdoc.in,
	doc/sudo_plugin.cat, doc/sudo_plugin.man.in,
	doc/sudo_plugin.mdoc.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.man.in, doc/sudoers.mdoc.in, doc/sudoreplay.cat,
	doc/sudoreplay.man.in, doc/sudoreplay.mdoc.in, doc/visudo.cat,
	doc/visudo.man.in, doc/visudo.mdoc.in:
	Build .man.in and .cat files from .mdoc.in files. Add new --with-man
	and --with-mdoc configure options.
	[c963fd7e8f80]

2012-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.mdoc.in, doc/sudo_plugin.mdoc.in, doc/sudoers.ldap.mdoc.in,
	doc/sudoers.mdoc.in, doc/sudoreplay.mdoc.in, doc/visudo.mdoc.in:
	Sudo manuals formatted in mdoc, to replace the pod versions.
	[e6dca4030451]

	* doc/sudo_plugin.cat, doc/sudo_plugin.man.in, doc/sudo_plugin.pod,
	doc/sudoers.cat, doc/sudoers.ldap.cat, doc/sudoers.ldap.man.in,
	doc/sudoers.ldap.pod, doc/sudoers.man.in, doc/sudoers.pod,
	doc/sudoreplay.cat, doc/sudoreplay.man.in, doc/sudoreplay.pod,
	doc/visudo.cat, doc/visudo.man.in, doc/visudo.pod:
	More minor costmetic fixes.
	[a7287a68385a]

2012-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo.pod:
	Minor cosmetic fixes.
	[9c48bdaf3946]

2012-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/logging.c, plugins/sudoers/po/sudoers.pot:
	Use "a password is required" instead of "password required" when the
	-n flag is used and we need to read a password.
	[a3c30fc41648]

2012-07-10  Todd C. Miller  <Todd.Miller@courtesan.com>

	* NEWS:
	Mention logging changes.
	[8238fd6e02e8]

	* plugins/sudoers/po/sudoers.pot:
	regen
	[e2cf634ba63b]

	* doc/sudoers.cat, doc/sudoers.man.in, doc/sudoers.pod:
	Document that other mail_* flags have precedence over mail_badpass.
	[9f4cc9188f40]

	* plugins/sudoers/auth/sudo_auth.c, plugins/sudoers/check.c,
	plugins/sudoers/logging.c, plugins/sudoers/logging.h,
	plugins/sudoers/sudoers.c, plugins/sudoers/sudoers.h:
	Move log_denial() calls and logic to log_failure(). Move
	authentication failure logging to log_auth_failure(). Both of these
	call audit_failure() for us.

	This subtly changes logging for commands that are denied by sudoers
	but where the user failed to enter the correct password.
	Previously, these would be logged as "N incorrect password attempts"
	but now are logged as "command not allowed". Fixes bug #563
	[cad35f0b3ad7]

2012-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>

	* common/aix.c:
	Do not set a resource limit to zero when we are unable to fetch a
	value from /etc/security/limits.
	[62bfb0a7895e]

2012-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>

	* sudo.pp:
	Add "Provides: sudo" to debian sudo-ldap package
	[beb8afa0beb2]

2012-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.in, zlib/Makefile.in:
	Define NO_VIZ for zlib when gcc doesn't support symbol visibility
	attributes.
	[9fdcbf526386]

	* configure, configure.in:
	Use the autoconf cache when checking for symbol export control
	support.
	[03c2cce8711f]

	* INSTALL, common/Makefile.in, compat/Makefile.in, configure,
	configure.in, mkpkg, plugins/sample/Makefile.in,
	plugins/sample_group/Makefile.in, plugins/sudoers/Makefile.in,
	plugins/system_group/Makefile.in, src/Makefile.in:
	Add configure check for building PIE executables instead of doing it
	in mkpkg.
	[02b5b78ef258]

	* sudo.pp:
	MacOS pp backend doesn't like modes longer than 4 characters.
	[01b49022bf01]

2012-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>

	* configure, configure.in:
	Add -Wc,-fstack-protector to LT_LDFLAGS instead of adding
	-fstack-protector to LDFLAGS so it doesn't get stripped out. Libtool
	will strip -fstack-protector from the linker flags and we always
	link with libtool.
	[0a0a0250ac2b]

2012-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>

	* doc/sudo.cat, doc/sudo.man.in, doc/sudo_plugin.cat,
	doc/sudo_plugin.man.in, doc/sudoers.cat, doc/sudoers.ldap.cat,
	doc/sudoers.ldap.man.in, doc/sudoers.man.in, doc/sudoreplay.cat,
	doc/sudoreplay.man.in, doc/visudo.cat, doc/visudo.man.in:
	Regen for sudo 1.8.6
	[1657ee28b496]

	* NEWS, doc/sudoers.ldap.pod:
	Document improved Tivoli Directory Server support.
	[fb411edf4687]

	* config.h.in, configure, configure.in, plugins/sudoers/ldap.c:
	Add support for ldaps using Tivoli LDAP libraries. Add ldap.conf
	option to specify Tivoli key db password. Allow TLS ciphers to be
	configured for Tivoli.
	[737e17c91e60]

2012-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>

	* plugins/sudoers/ldap.c:
	Tivoli Directory Server 6.3 libs always return a (bogus) error when
	setting LDAP_OPT_CONNECT_TIMEOUT.
	[504406637c38]

	* NEWS:
	Update
	[687a755604e8]

	* plugins/sudoers/ldap.c:
	Treat LDAP_OPT_CONNECT_TIMEOUT (Tivoli Directory Server 6.3) the
[--snip--]
