Also add a "sudoerslex" prefix to the token debug info in
sudoers_trace_print().

The line counter is incremented when a newline is seen so the output
actually refers to the previ...

This may be either a plaintext password or a password prompt.
Either way it should not be modifie...

Starting with sudo 1.8.0 the plaintext password buffer is dynamically
sized so it is not safe to ...

The gcc front-end may accept -fstack-clash-protection even if the
machine-specific code does not ...

Previously, we only checked that linker accepted them.
GitHub issue #191

We no longer install the sample approval plugin.

Found by cppcheck.

If output is being written to a terminal in "raw" mode, we need to
add a carriage return after th...

Also use mention runas_default in other parts of the manual, use
@runas_default@ instead of root ...

GitHub issue #185

If sudo calls execve(2) directly the accept info will not be sent.
We also need the sudo front-en...

We don't need them and the missing prototype for crc32_combine_gen64()
issue has been fixed upstr...

A new line is started when RunAs changes which means we need to display
the command tags and opti...

We need to use list_pw if it is set instead of user_name.
GitHub issue #183

For example, if loading /usr/lib/libsss_sudo.so fails, try again
with /usr/lib/x86_64-linux-gnu/l...

GitHub issue #182.

This can be used when you only want to edit a single sudoers file
unless there is a pre-existing ...

If the empty string is specified in sudoers, no user args are allowed.
GitHub issue #182.

Avoids false positives from static analyzers that can't figure out
that the fd is always valid wh...

Fix a regression introduced in sudo 1.9.9 where the entire directory
path was created instead of ...

A future version of the plugin API will defer any such escaping
to the policy plugin so it can be...

Also no longer reject an InfoMessage with an unknown value_case,
just log and ignore it.

Otherwise the log server will reject the AcceptMessage because a
NULL string is not allowed.

If we are logging I/O but not terminal input/output (either because
no terminal is present or bec...

This will be shared with exec_nopty.c in the future to log
stdin/stdout/stderr without running th...

Fixes a test failure due to find_module having removed from setuptools.

GitHub issue #179

Both sudo_secure_open_file() and sudo_secure_open_dir() are now passed
a struct stat pointer like...

Using snprintf() for this is overkill, we need to do the same
length check either way.

Fixes Debian bug #1019428 and Ubuntu bug #1397663.

If log_input is set, log_{stdin,ttyin} will be set as well.
If log_output is set, log_{stdout,std...

We already had all the relevant fixes so this is just cosmetic.

From Li zeming.

This can be used as another indicator that a terminal is present
without having to open /dev/tty.

Also fix some other incorrect markup.

Makefile.in: replace `egrep` and fix target name

Also reword a few awkward phrases.

Also remove most uses of the deprecated Li macro which has no effect.

Renamed __malloc -> sudo_malloclike, __printflike -> sudo_printflike,
__printf0like -> sudo_print...

So log_parse_error() needs to check fmt for NULL before using it.

This fixes a problem where sub-commands were not being logged to
the remote log server, if config...

Quiets a spurious valgrind warning.

We now store the vector immediately after the string table.
It is possible for argv and its conte...

There is no reason to read these directly from the tracee
when we rely on /proc being mounted to ...