The available size passed to strlcpy() was computed incorrectly.
Switch to updating the length af...

Originally, there was a flag in the ServerHello message to indicate
that the client should verify...

This more closely matches the options used by the macOS version of sudo.

We need this even though we will be calling mkdtemp() since the
umask affects the mode of any par...

Previously, they were simply treated as "=" for non-lists.

Otherwise libtool may ignore the options when linking.

We must use X509_STORE_CTX_get_error() and X509_verify_cert_error_string()
instead of the generic...

This can't happen in practice since we never set EVLOG_RAW
without passing in a reason. Coverity...

Also silence a PVS Studio false positive.

OpenSSL returns an error for SSL_accept() if TLS_client_method()
was used to generate the context...

This works around an issue on SCO which uses inline functions in
the header files which call the ...

getutline() advances the file pointer until it matches or reaches EOF. pututline() starts from t...

This prevents the va_copy compat #define from being used if
sudo_compat.h is somehow included bef...

closefrom_fallback() from closing too many file descriptors.

For sudo-formatted logs, this is a record with "EXIT=number" and
potentially "SIGNAL=name" after ...

This causes sudo_logsrvd to log a record with the exit status or
terminating signal in response t...

This option defaults to off.

This is intended to provide a more useful error message if the
user defines a module which confli...

On systems where getgroups() returns results based on more than
just the per-process group vector...

The style checks now include "referenced manual not found" warnings
which is not helpful.

Avoids a spurious test failure on Solaris 9

Fixes compilation on Solaris 9.

This doesn't currently matter since the progname and the ": " are
stored in separate messages. F...

JSON doesn't (portably) support octal numbers with a leading zero.

This is now defined in logsrvd_conf.c which removes a dependency
on another compilation unit for ...

We now hook the warn functions so the messages are logged.
The messages still show up in the debu...

Also fix fuzz_logsrvd_conf link error.

We can use sudo_warn_set_conversation() to set a conversation
function that either writes to a lo...

There is a crash when "group: compat" is used in /etc/nsswitch.conf
that I haven't been able to d...

Fixes a bug where we would not insert a journal file that failed
to relay into the queue because ...

Add some function argument names. Also use struct nss_db_state *
instead of void * in nss_db_roo...

This only affects builds with a static libsudo_util.
Also fix a warning on HP-UX about main not b...

We need to leave room for the terminating NULL in gr_mem.
It is possible for gbm->numgids > gbm->...

In selinux_edit_copy_tfiles() when there is only one file and the open()
fails then number of ar...

The caller will display the warning (using errno) so there is no
need to do it twice.

The default value for the I/O log directory is set at build time.

On Darwin, shared modules and shared libraries are not interchangable
and since we preload sudo_n...

This quiets warnings about LDAP and audit libraries being deprecated.
We will use them until they...

There should be a more specific message, usually with an error
string, displayed earlier.

Fixes a compilation problem on FreeBSD.

This is something that should have been removed as part of the local
I/O logging refactor.

This should only be set for signals that terminate the process.
Fixes a bug where the sudo front-...

The description in the Runas_Spec section incorrectly stated that
the -g option could not be used...

We now display this along with the summary info at the end.

Square bracket quotes are used, no need for shell-style double quotes.

This makes it a lot easier to see what features have been enabled.

Otherwise the commit point messages won't be accurate when restarting.

Useful for testing the ability of the server to handle restarted log
transfers.

We treat an error from the relay as fatal and must stop processing
data from both client and rela...

This got broken a while ago when evlog in struct connection_closure
was changed to a pointer.

Otherwise flags fields like "volatile,ignore-other" will be ignored
by the Debian and BSD back ends.

GitHub issue #101

For sudo_logsrvd, this is the relay connect_timeout setting.
For sudoers, this is the log_server_...

Coverity CID 221591

This is the amount of time to wait before trying to resend a
journal to the relay server after a ...

Also attempt to retry messages that could not be relayed periodically.