Fixes CVE-2019-14287.
Found by Joe Vennix from Apple Information Security.

Also adjust testsudoers/test5 which relied upon gid -1 parsing.

Also fix broken tty labeling when running a command in a pty.
Includes a fix for a typo introduce...

Also be more extact with error return values

If there is no installed nroff/mandoc they will need to install groff
or heirloom doctools to for...

We want to use clang on systems where clang is the system compiler.
It is less common to have cla...

Also add deb package names for pam and ldap devel on Linux.

Only the ALL keyword should be compared case-sensitive.

It also uses strerror(errno) for PAM_SYSTEM_ERR.

It is legal to pass pam_strerror() a NULL handle.

Previously, one had to use the -d option to override the I/O log directory.

This prevents the password and PAM prompts from being redirected.
Bug #895

We already support group IDs but the user ID was missing.
From sudo-1.8.23-ldapsearchuidfix.patch...

From sudo-1.8.23-fix-double-quote-parsing-for-Defaults-values.patch in RHEL 7.

Otherwise, we may override the limits set by PAM.
Bug #894

We now include the long and short hostname in sudo parser container.

Previously, we just used the file name without $(srcdir).

The "SIG" prefix is not used so, e.g. SIGTERM -> "TERM".
This makes the I/O log files portable fr...

Strings in struct utmp/utmpx are not guaranteed to be NUL-terminated.

Otherwise we may get the version from the installed libsudo_util.so.

Fixes a warning on newer versions of gcc.

We still want to match the command even if it doesn't exist so that the
NOPASSWD flag on sudoers ...

is present. Bug #828.

By default, sudo relies soley on group permissions to read sudoers
to make it possible to store s...

The web and pdf pages will substitute /usr/local/libexec for $noexec_file.
Also do substitution o...

Otherwise, the default value is substituted into the Makefiles and
documentation which may not ma...

We can use this instead of casting the result of size_t to int.
Also change checks for snprintf()...

That way the user's editor config files are used by the editor.

Also strongly discourage the disabling of env_reset.

The PAM session is opened with PAM_SILENT so last login info is not printed.
It is dangerous to p...

Text was adapted from what is already present in the UPGRADE file.
Also mark set_home and always_...

Sudo only shipped .cat pages for Irix, which lacked nroff.
Irix is long dead and there are multip...

It is already the default in the package script.

Users that are able to edit sudoers can grant themselves permissions
so the fact that visudo runs...

The description in the editor option was incorrect and didn't mention env_keep.
Reported by Sande...

Refer to sudoers.tmp as a temporary file, not a lock file.
Reported by Sander Bos

For requiretty it is enough to check that /dev/tty is available.
If sudo can't get the tty from t...

We don't care whether sudo was able to get the tty name from the kernel.
All that really matters ...

The secure_path option affects the resolution of unqualified commands
as well as the environment ...

Use the singular "they" instead of he/she.
Add back missing text in description of variables star...

Otherwise, if the -h option is specified sudo will print the local
host name instead of the host ...

happen when /proc is not accessible.