This setting is an argument to the sudoers plugin, similar to how
sudoers_file, sudoers_mode, sud...

For compound privilege specs, don't throw away the entire thing if
we have a syntax error, only t...

A valid line in sudoers must end in a newline or EOF.
Previously, it was possible (though not doc...

The ERROR token is now only used for errors detected by the lexer
and for which we've already pri...

A syntax error on the last line of a sudoers file with no trailing
newline is now recoverable.

This way we get consistent 4-digit version numbers even for macOS
verions like 10.3 or 11.0 where...

"sw_vers -productName" now returns "macOS", not "Mac OS X"

Otherwise, we can include the wrong file when doing an out-of-source
build when configured using ...

Now that sudo_dso_public is defined in config.h we don't need sudo_compat.h
before including the ...

memset_s() (and all of Annex K) is likely to be removed from the
a future version of the standard.

This results in better error messages when there is a parse error

Use ntuples instead of tuple_last
Strip leading and trailing double quotes using a single gsub()
...

Also fixes a false positive from the clang analyzer.

We now parse the entire line before reading the include file. This
is less surprising behavior a...

We currently just discard the line with the error.

Older systems may still have libssl1.0.0, not libssl1.1.

We use this even if the compiler has symbol visibility support so
we will notice mismatches betwe...

There is nothing dynamic in this file.

This fixes building the python plugin on systems where the compiler
doesn't support symbol hiding...

In this case, just use the full openssl libs to get the sha2 functions.

This fixes the missing HAVE_GSSAPI_GSSAPI_H define in config.h.in.
TODO: replace shadow_funcs var...

We will need them if there is an error parsing sudoers and leaving
them unset can result in NULL ...

When sudoers is loaded as a policy plugin, it will be loaded
automatically as an audit plugin. L...

hppa64 and ia64 use PIC by default

We support linking against static openssl libs too.

RedHat dropped the word "server" from the release name in redhat-release
which results in the awk...

These don't translate well and look odd in many fonts.

Note that clang 10 has support for -Wimplicit-fallthrough in C code
but doesn't recognize lint-st...

This led to a regression when the iolog_file setting ends in six or
more X's or when the I/O logs...

This is a regression introduced in sudo 1.9.0.

Also add new Romanian translation

The /opt/csw version, if it exists, may be a 32-bit version which
we can't link with. Also handl...

This can happen on systems with a gcc packages that was built on
and older versions of the OS whe...

Otherwise we may get other flags used to build python that conflict
with what sudo uses.

No longer prefer the Solaris Studio C compiler over gcc, it causes
issues with the Python plugin.

This is only used when logging events from plugins other than sudoers,
such as an approval plugin...

Use BSM audit on Illumos, which lacks Solaris audit.

In sudoers_policy_close() only warn about being unable to run the
command if we actually opened t...

If a policy or approval plugin denies the command, command_details
will not have been filled out.

The file name in struct userspec was not set for the LDAP and SSSD
backends. There is no actual ...