If the Defaults name matched but the binding does not, we can simply
leave it be. Fixes a proble...

We convert the global Defaults to a host-based one with a single
"ALL" member. Later, when we si...

When logging terminal input, if log_passwords is false and any
of the regular expressions in the ...

If a password regex is found in the tty output, tty input will be
replaced with '*' chars until a...

That way we can tell what to do in callbacks for lists.

When logging terminal input, if log_passwords is disabled and any
of the regular expressions in t...

The concatenation of command and arguments and escaping of special
characters was not documented....

Defaults settings passed in by the front end are already "early"
so there is no need to treat any...

They are not used outside of defaults.c.

Based on a diff from Simon Lees

On some systems, such as Solaris, the max length of a directory
entry is filesystem-dependent. W...

Fixes compilation with musl libc.

Fixes a problem where sudo could reduce the max stack size on some
systems if the original limit ...

This flag disables set-user-ID at execve(2) time and may be set by
default for some containers. ...

This makes it possible to use a different PAM configuration for
when "sudo -A" is used. The main...

AUTH_NONINTERACTIVE was being stored in the wrong variable.

Remove enum match_result as it is no longer used.

In the past, some PAM modules assumed that PAM_TTY was set and would
misbehave (or crash) if not....

For "sudo -n" we only want to reject a command if user input is
actually required. In the case o...

If a host is specified for the input file, cvtsudoers will bind
global Defaults to that host and ...

Typo

This may return in a future release in a different form.

GitHub expects it to be in the top-level directory.

If a host is specified with a sudoers file, we have to treat Defaults
as Defaults@host checking f...

binding) to override a prior Defaults setting with a binding.

We don't need to allocate new space for the binding list,
just the members of the list.

Previously, these were only settable via command line options.

Current versions of sudo use many APIs that are not present on
Solaris 10. If you want a sudo So...

For extra paranoia, verify that the directory we created is still
a directory before we fchown() it.

Bug #1014

This also allows us to make path const as it should be.

The switch() in the sudo_ldap_set_options_table() function needed to be
updated to treat CONF_DER...

This makes things look better on GitHub and we can use the
markdown version directly in the new s...

Allow sudo -g anyone and sudo -u anyone -g anytwo

When only the user (ALL) is specified explicitly, and the group is implied, only sudo -u works. ...

Fixes out of tree builds on systems without sys_siglist[] or
sys_signame[]. GitHub issue #123.

When merging rules, if one list would be overridden by another,
remove the overridden rule and co...

We can get EPERM on Linux with SELinux. GitHub issue #122.

The "-l logfile" option can be used to store a log of what
actions cvtsudoers took when merging m...

The warning that need_comma is always false is correct but in this
case it is better to use a con...

Coverity CID 241233

Previously, we checked that the previous entry's binding pointer
was not the same while freeing. ...

If a hostname is specified with the sudoers file, it will be used to
make the Defaults setting ho...

If a hostname is specified with the sudoers file, it will be used to
make the userspec host-speci...