This should avoid false positives on other compilers.

The sudo front-end can use this to determine where the list of files
to edit begins.

The log message contains user-controlled strings that could include
things like terminal control ...

This is expected to fix GitHub issue #231.

Use either 4n, when the body is expected to wrap or the width of
the longest tag when no wrapping...

The script that generates the web version of this file doesn't
expect options to include whitespace.

The fix_install script can't deal with whitespace in options.

Also add line breaks when there are multiple authors.

If we cannot remove the directory tree that may indicate a file or
directory mode problem.

Set mode to iolog_dirmode, not iolog_filemode

We use "--" to separate the editor and arguments from the files to edit.
If the editor arguments ...

Previously we were using 504 and 1016 which still produces the
correct result since padding is do...

It makes more sense to verify that val_len > 1 before using it.
This is not a problem in practice...

Now that lbuf length is unsigned the earlier check for len == 0 is
sufficient.

This causes the macro to evaluate to false even for valid TSIDs.

The numeric fields in struct sudo_lbuf are now unsigned so that
wraparound is defined, this make ...

We don't write Unicode to the log.json file, only 8-bit ASCII.

Checking for ep < pathend should be a bit clearer than ep != '\0'
and has the advantage of workin...

This fixes a bug introduced in sudo 1.9.12.

Prevent integer underflow due to environment variable

Gaurd against replacing quotes when the environment variable
val_len is 1.

Adjust bound parsing to match this.

Not the other way around.

Also use prefix for group plugin fallback path section in sudoers manual.

Also use the new dictionaries in the Makefile fuzz target.

We don't need to special-case FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
now that we use the glibc ...

This results in better coverage for progname.c.

We don't want to fuzz the function replacements themselves as this
can skew the coverage reports.

The debug code is disable when fuzzing is enabled to avoid coverage
issues.

Also check VAR=val format in validate_env_vars() and add an error
message if insert_env_vars() fa...

The previous fix for this was incomplete.

Also avoid appending to errbuf if it is already full.

This should help clarify the difference between "sudo -k" and "sudo -K".

This is to prevent the fuzzers from running out of memory.

Fix false detection of init.d/service status.

Some Linux distros do not include /bin/ed by default.

Just use sudo instead of @pam_service@.

Document the changes to AIX plugins in docs/UPGRADE.md and regenerate
configure using the latest ...

This is consistent with how sudo's Makefile builds the tarball.

The sudo.conf file is considered a trusted source of information
and these checks suffer from TOC...

This removes the need to use the -brtl linker flag which can cause
problems when there are both a...

The sudo.conf file is considered a trusted source of information
and these checks suffer from TOC...

If the .so file is missing but the .a file exists, try to dlopen()
the AIX .a file using the .so ...

Replace MANDOCPROG with "mandoc" now that MANDOCPROG has been removed.

debug_return_int use error

Use Ar markup when referring to the command and args.

Even though we don't need to read the actual char to know its length,
we do need to consume it to...

Add regess to verify check_pattern() via sudo_regex_compile().

This is implementation-specific behavior--some regcomp(3) will
reject duplicate repetition charac...

Fix a bug in escaped control character handling.
Roll back changes to buffer if sudo_json_add_val...

Inspired by GitHub PR #221

Remove extraneous information describing how sudo may exec the
command directly, this is already ...

Working around the warning would result in more fragile code.

Since rc is initialized to SUDO_RC_ERROR there is no need to set
it to SUDO_RC_ERROR again on fai...

privs. Previously, only root or a user with the ability to run any
command as either root or the...

The CODEOWNERS file is not present in the release tarball so we can
use that when determining wha...