Build container descriptions are in the new docker directory.

It now prints runchroot and runcwd (falling back on cwd).
As a result, submithost is now printed ...

Can be disabled via --disable-hardening.

Can be disabled via --disable-hardening.

There is no case where we should fail to find an editor just because
the values of EDITOR, VISUAL...

Avoids extraneous output in the fuzzer.

This makes it possible to parse sudoers without using quiet mode,
resulting in better coverage.

Also undo a change to fuzz_sudoers.c that snuck in to the last commit.

Excessive output makes the fuzzer runs much less efficient.

It is possible for the buffer offset to be zero when the length is
non-zero. The proper value to...

This avoids relying on /dev/fd which may not exist in a chroot jail.
Adapted from a change in Ope...

FreeBSD returns EMLINK and NetBSD returns EFTYPE instead of ELOOP.
This is only used to present t...

For example "cvtsudoers -m cmd=/bin/ls" would only display entries
that would allow /bin/ls to be...

These are based on the code in testsudoers.

Quiets a cppcheck warning; mksiglist.c already has this fixed.

Coverity CID 188804

There are no remaining unchecked snprintf() that can actually overflow.

We make a copy of the directory so there's no real reason that
parameter can't be const.

sudo_rcstr_alloc() takes a length (not a size) parameter so when
calling snprintf() we need to ad...

This string is primarily used for warning messages.
Also check the snprintf() return value to avo...

Otherwise we end up with zero-length files in the incoming queue
dir and may end up relaying one ...

It is only the alias and defaults warnings we need to suppress.

There is no need to send the log ID for each sub-command.

Plugs a small memory leak in intercept mode if the log server sends
the log ID again for sub-comm...

Some fuzzing inputs cause a huge number of warnings and displaying
them all can result in the fuz...

This helps prevent the fuzzer from going off the rails.

Fixes a potential crash for "sudo -i" when the target user has bash
as the shell (which needs the...

It should not be possible to reach this point with a command defined
but argv[] empty but it does...

There's no point in warning about the same problem multiple times.
This implementation assumes a ...

Make the zero length check explicit so as not to confuse static
(or human) analyzers.

This has been possible with sudoers file entries since sudo 1.9.0
but no corresponding change was...

This is consistent with how sudo formatted time stamps prior to
the logging code being split off ...

Old versions of strftime(3) didn't guarantee to NUL-terminate the buffer
so we explicitly clear t...

Avoids compiler warnings with OpenSSL 3.0. EVP_MD_CTX_new() is
only available for OpenSSL 1.1 an...

Sometime second granularity is not enough.

On the HP-UX build machines these are named libssl_pic.a and
libcrypto_pic.a to avoid conflicting...

Fixes a warning on OpenSSL 3.0 and plugs a memory leak of dhparams
on config reload.

This was missed in the previous set of changes, resulting in a crash
for LDAP and SSSD rules that...

Fixes a fuzzer link error when building with ldap if the ldap libs
are not in the default library...

Since -lssl depends on -lcrypto, -lcrypto must be listed after -lssl.
Fixes linking of non-dynami...

We should only get a HelloResponse from sudo at this point.

The operation should simply be set to true/false.
Also treat a NULL file as coming from the front...

If static objs are disabled we need to add explicit dependencies for
.o files. The OpenBSD libto...

The OpenSSL pkgconfig files only include -L paths, not -R paths.
Using SUDO_APPEND_LIBPATH ensure...

This can be used to find the correct openssl pkg-config file
if it is not named "openssl" (also l...

yyerror() must be extern void
declare tokens with type instead of using separate %type lines

Copy pasta is not always the best kind of pasta.

execvpe() is a GNU extension also found on *BSD (but not macOS).

We want to use PATH from the current value of the environment, not
the initial value of PATH when...

Currently, PATH traversal is handled by sudoers which uses
the original PATH, not the one updated...

The configure check for alloca() was removed long ago but this got
missed.

We want to treat it as an array of bytes, not an array of tokens.
Coverity CID 240011

SELinux policy will prevent the inherited socket from sudo from
being used and may also restrict ...

Protobuf doesn't have a 128-bit type so use two u64s.
We now support partial reads of the token.

Also add regression test.

Sending the secret out of band, before the message size is read,
should make it harder to mount a...

We know the length of what we are receiving so just loop until
we have it all, get EOF or an error.

We use -Wc,-fstack-clash-protection as the linker flag to prevent
libtool from removing it from t...

If the command is not accepted we don't rebuild command_info[] and
must not free it. It will be ...