Project import
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..df9b15b
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,110 @@
+#
+#    Copyright (c) 2010-2011 Nest, Inc.
+#    All rights reserved.
+#
+#    This document is the property of Nest. It is considered
+#    confidential and proprietary information.
+#
+#    This document may not be reproduced or transmitted in any form,
+#    in whole or in part, without the express written permission of
+#    Nest.
+#
+#    Description:
+#      This file is the makefile for the "Super User Do" (sudo) utility.
+#
+
+BuildConfigSpecialized	:= No
+BuildProductSpecialized	:= No
+
+include pre.mak
+
+PackageName		:= sudo
+
+PackageExtension	:= tar.gz
+PackageSeparator	:= -
+
+PackagePatchArgs	:= -p1
+
+PackageArchive		:= $(PackageName).$(PackageExtension)
+PackageSourceDir	:= $(PackageName)$(PackageSeparator)$(PackageVersion)
+
+PackageBuildMakefile	= $(call GenerateBuildPaths,Makefile)
+
+CleanPaths		+= $(PackageLicenseFile)
+
+all: $(PackageDefaultGoal)
+
+# Generate the package license contents.
+
+$(PackageSourceDir)/LICENSE: source
+
+$(PackageLicenseFile): $(PackageSourceDir)/LICENSE
+	$(copy-result)
+
+# Extract the source from the archive and apply patches, if any.
+
+$(PackageSourceDir): $(PackageArchive) $(PackagePatchPaths)
+	$(expand-and-patch-package)
+
+# Prepare the sources.
+
+.PHONY: source
+source: | $(PackageSourceDir)
+
+# Patch the sources, if necessary.
+
+.PHONY: patch
+patch: source
+
+# Generate the package build makefile.
+
+$(PackageBuildMakefile): | $(PackageSourceDir) $(BuildDirectory) $(ResultDirectory)
+	$(Verbose)cd $(BuildDirectory) && \
+	$(CURDIR)/$(PackageSourceDir)/configure \
+	CC="$(CC)" AR=$(AR) RANLIB=$(RANLIB) STRIP=$(STRIP) \
+	INSTALL="$(INSTALL) $(INSTALLFLAGS)" \
+	sudo_cv_uid_t_len=10 \
+	--build=$(HostTuple) \
+	--host=$(TargetTuple) \
+	--enable-shared \
+	--enable-fast-install \
+	--without-lecture \
+	--with-logging="syslog" \
+	--without-sendmail \
+	--without-insults \
+	--without-ldap \
+	--disable-pam-session \
+	--without-pam \
+	--prefix=/usr \
+	--sysconfdir=/etc \
+	--localstatedir=/var
+
+# Configure the source for building.
+
+.PHONY: configure
+configure: source $(PackageBuildMakefile)
+
+# Build the source.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: build
+build: configure
+	$(Verbose)unset MAKEFLAGS && \
+	$(MAKE) $(JOBSFLAG) -C $(BuildDirectory) all
+
+# Stage the build to a temporary installation area.
+#
+# We have to unset MAKEFLAGS since they confuse the package build otherwise.
+
+.PHONY: stage
+stage: build | $(ResultDirectory)
+	$(Verbose)unset MAKEFLAGS && \
+	$(MAKE) $(JOBSFLAG) -C $(BuildDirectory) DESTDIR=$(ResultDirectory) install
+
+clean:
+	$(Verbose)$(RM) $(RMFLAGS) -r $(PackageSourceDir)
+	$(Verbose)$(RM) $(RMFLAGS) -r $(BuildDirectory)
+	$(Verbose)$(RM) $(RMFLAGS) -r $(ResultDirectory)
+
+include post.mak
diff --git a/sudo-1.7.4p4/ChangeLog b/sudo-1.7.4p4/ChangeLog
new file mode 100644
index 0000000..d5247b7
--- /dev/null
+++ b/sudo-1.7.4p4/ChangeLog
@@ -0,0 +1,24861 @@
+2010-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	When matching the runas user and runas group (-u and -g command line
+	options), keep track of runas group and runas user matches
+	separately. Only return a positive match if we have a match for
+	both runas user and runas group (if specified).
+	[68d30216c13a]
+
+2010-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, parse.c:
+	Do not return -1 on error from the display functions; the call
+	expects a return value >= 0.
+	[e50e6ae4d06d]
+
+	* ldap.c:
+	display_bound_defaults now returns a count so make the stub return
+	0, not 1.
+	[97293ced4908]
+
+2010-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* get_pty.c:
+	It looks like AIX doesn't need to push STREAMS modules for ptys.
+	[62c281fcd4ad]
+
+2010-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Install sudoers file from the build dir not hte src dir.
+	[a26afd8db531]
+
+2010-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	If runas_pw changes, reset the stashed runas aux group vector.
+	Otherwise, if runas_default is set in a per-command Defaults
+	statement, the command runs with root's aux group vector (i.e. the
+	one that was used when locating the command).
+	[24a695707b67]
+
+	* Makefile.in:
+	Add target to generate sudoers file Remove generated sudoers file as
+	part of distclean
+	[448627fc35b6]
+
+2010-08-23  millert  <millert@rh4-x86.home.courtesan.com>
+
+	* exec.c:
+	When not logging I/O install a handler for SIGCONT and deliver it to
+	the command upon resume. Fixes bugzilla #431
+	[e84690aa67bd]
+
+2010-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't need to fork and wait when compiled with --disable-pam-session
+	[2ae1bbe4437a]
+
+2010-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lbuf.c:
+	Convert a remaining puts() and putchar() to use the output function.
+	[d68c213feb0f]
+
+2010-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Replace sudoers with sudoers.in in DISTFILES
+	[616509f85d6c]
+
+	* env.c:
+	Set dupcheck to TRUE when setting new HOME value if !env_reset but
+	always_set_home is true. Prevents a duplicate HOME in the
+	environment (old value plus the new one) introduced in 9f97e4b43a4b.
+	[2672ae047984]
+
+	* configure, configure.in, sudoers, sudoers.in:
+	Substitute sysconfdir in the installed sudoers file to get the
+	correct path for sudoers.d.
+	[ab14a68e546f]
+
+2010-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* boottime.c, get_pty.c:
+	Fix typos that prevented compilation on Irix; Friedrich Haubensak
+	[a3e6c5a66890]
+
+2010-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	If the user hits ^C while a password is being read, error out before
+	reading any further passwords in the pam conversation function.
+	Otherwise, if multiple PAM auth methods are required, the user will
+	have to hit ^C for each one.
+	[c8f6bc58fd86]
+
+2010-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec.c:
+	Fix waitpid() loop termination condition.
+	[97719b3259f2]
+
+	* exec_pty.c:
+	Use sudo_waitpid() instead of bare waitpid()
+	[624a40269189]
+
+2010-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Set pp_kit_version and strip off patchlevel
+	[814c87778567]
+
+	* sudo.pp:
+	Better handling of versions with a patchlevel. For rpm and deb, use
+	the patchlevel+1 as the release. For AIX, use the patchlevel as the
+	4th version number. For the rest, just leave the patchlevel in the
+	version string.
+	[d18ef30f0a72]
+
+2010-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c:
+	For non-standalone auth methods, stop reading the password if the
+	user enters ^C at the prompt.
+	[59d2b1328d1e]
+
+	* check.c:
+	When removing/resetting the timestamp file ignore the tty ticket
+	contents.
+	[8b285f601ec0]
+
+2010-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* UPGRADE:
+	Fix typo
+	[0f443aa22e96]
+
+2010-08-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	Do not produce a warning for "sudo -k" if the ticket file does not
+	exist.
+	[eeaaa73d7f5b]
+
+2010-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure:
+	Add cross-compile defaults for remaining AC_TRY_RUN usage.
+	[fb88d22eabc6]
+
+2010-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, config.h.in, configure, configure.in, snprintf.c:
+	Use AC_CHECK_MEMBER in SUDO_SOCK_SA_LEN Use AC_TYPE_LONG_LONG_INT
+	and AC_CHECK_SIZEOF([long int]) instead of rolling our own.
+	[5e7cc557a46e]
+
+2010-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* .hgtags:
+	Added tag SUDO_1_7_4 for changeset 2920a3b9d568
+	[e929004d5102]
+
+	* pp:
+	Debian: Remove dots from decoded release number AIX: looser matching
+	of file command output for AIX 5.1
+	[2920a3b9d568] [SUDO_1_7_4]
+
+	* .hgtags:
+	Added tag SUDO_1_7_4 for changeset 0d844aa34c1d
+	[cf65ddcec602]
+
+2010-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec_pty.c:
+	exec_monitor is static
+	[0d844aa34c1d]
+
+	* pp:
+	Update to latest version
+	[7b8a00defbd6]
+
+2010-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Let pp determine pp_aix_version itself.
+	[c5ee7944af03]
+
+	* INSTALL, config.h.in, configure, configure.in, mkpkg, sudo.c:
+	Add support for Ubuntu admin flag file and enable it when building
+	Ubuntu packages.
+	[2d97501cda0c]
+
+	* sudo.pp, sudoers:
+	Add commented out SuSE-like targetpw settings
+	[f4ad331ace46]
+
+	* configure, configure.in:
+	Only try to use +DAportable for non-GCC on hppa Check the value of
+	$pic_flag insteaf of whether the compiler is ANSI C when detecting
+	the HP-UX bundled C compiler.
+	[654da0091c16]
+
+	* configure, configure.in:
+	Prevent configure from adding the -g flag unless in devel mode
+	[e3c11f228c56]
+
+2010-07-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Go back to sudo-flavor to match existing packages and only use an
+	underscore for those that need it.
+	[1f78ecf3b990]
+
+	* sudo.pp:
+	Use sudo_$flavor instead of sudo-$flavor since that causes the least
+	amount of trouble for the various package managers.
+	[7e1e07115788]
+
+	* mkpkg:
+	Fix handling of the ldap flavor Remove destdir unless --debug was
+	specified Make distclean before running configure if there is a
+	Makefile present
+	[2bde3925346d]
+
+	* configure, configure.in:
+	Back out version change in 5baf2187a138
+	[bbc3a81afbba]
+
+	* mkpkg:
+	Pass extra args on to configure on HP-UX, if we don't have the HP C
+	compiler, disable zlib to prevent gcc from finding it in
+	/usr/local/lib.
+	[87201c7f1116]
+
+	* configure, configure.in, mkpkg:
+	Use the HP ANSI C compiler on HP-UX if possible
+	[5baf2187a138]
+
+	* sudoreplay.c:
+	Some getline() implementations (FreeBSD 8.0) do not ignore the
+	length pointer when the line pointer is NULL as they should.
+	[8652300785ed]
+
+	* sudoreplay.c:
+	Don't need to check for *cp being non-zero, isdigit() will do that.
+	[107301a99b6a]
+
+	* sudoreplay.c:
+	Add setlocale() so the command line arguments that use floating
+	point work in different locales. Since sudo now logs the timing
+	data in the C locale we must Parse the seconds in the timing file
+	manually instead of using strtod(). Furthermore, sudo 1.7.3 logged
+	the number of seconds with the user's locale so if the decimal point
+	is not '.' try using the locale-specific version.
+	[2b8ed181e37c]
+
+	* exec.c:
+	Do I/O logging in the C locale so the floating point numbers in the
+	timing file are not locale-dependent.
+	[18abbca14078]
+
+	* sudoreplay.c:
+	Use errorx() not error() for thingsthat don't set errno.
+	[a2e7c6793d26]
+
+2010-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Add Tru64 kit support
+	[40e2d21aa17f]
+
+	* pp:
+	Better support for 1.2.3 style versions in Tru64 kits
+	[f7133199a711]
+
+	* pp:
+	Remove apparently unnecessary use of sudo
+	[a667a69eeab0]
+
+	* Makefile.in:
+	Create timedir as part of install-dirs target.
+	[a2e394d694dd]
+
+	* exec_pty.c:
+	Handle ENXIO from read/write which can occur when reading/writing a
+	pty that has gone away. Fixes bugzilla 422
+	[142f4c2efa17]
+
+	* pwutil.c:
+	sudo_pwdup() was not expanding an empty pw_shell to _PATH_BSHELL
+	[82e5e46bf458]
+
+	* mkpkg:
+	platform is a pp flag not a variable
+	[9d0ab9b9bf0c]
+
+	* Makefile.in, mkpkg, sudo.pp:
+	Add simple arg parsing for mkpkg so we can set debug, flavor or
+	platform.
+	[8142ab01ccd9]
+
+	* pp:
+	Make rpm backend work on AIX 5.x
+	[2467a79d0b4d]
+
+2010-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers:
+	Add commented out Defaults entry for log_output
+	[b3fe97e59ae0]
+
+2010-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Install binary files with -b~ to make a backup. Fixes "text file
+	busy" error on HP-UX during install.
+	[3563e3e0163a]
+
+	* install-sh:
+	"mv -f" on HP-UX doesn't unlink the destination first so add an
+	explicit rm before moving the temporary into place.
+	[3994af813c88]
+
+	* configure, configure.in:
+	Some more ${foo} -> $(foo) conversion for consistent Makefiles.
+	[c214d50c32ec]
+
+2010-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pathnames.h.in:
+	Add missing include of maillock.h for Solaris
+	[343f04b7a581]
+
+	* NEWS, TROUBLESHOOTING, UPGRADE, configure, configure.in,
+	sample.syslog.conf, sudoers.cat:
+	Change the default syslog facility from local2 to authpriv (or auth
+	if the operating system doesn't support authpriv).
+	[949f39cf4a59]
+
+	* Makefile.in, configure, configure.in, sudo.pp:
+	Install sudoers as /etc/sudoers on RPM and debian systems where the
+	package manager will not replace a user-modified configuration file.
+	This fixes upgrades from the vendor sudo packages.
+	[74c7ff01e880]
+
+	* pp:
+	RPM: use %config(noreplace) instead of %config for volatile This
+	results in the new file being installed with a .rpmnew suffix
+	instead of the file being replaced and the old one renamed with a
+	.rpmsave suffix.
+	[166133a4fb9e]
+
+2010-07-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* boottime.c, mkstemps.c:
+	Include time.h for struct timeval.
+	[50446e0b8398]
+
+	* exec_pty.c:
+	The return value of strsignal() may be const and should be treated
+	as const regardless.
+	[c035b17b50e3]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention that 127.0.0.1 will not match, nor will localhost unless
+	that is the actual host name.
+	[e9977ec7ac4f]
+
+	* Makefile.in:
+	fix typo
+	[f216d653404d]
+
+	* Makefile.in, NEWS, README, UPGRADE, WHATSNEW:
+	Rename WHATSNEW -> NEWS
+	[f3ce0a462ca0]
+
+	* pp:
+	Updated pp with latest patches
+	[cded68af5ba0]
+
+	* WHATSNEW, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+	If pam is in use, wait until the process has finished before calling
+	pam_close_session().
+	[fb3d7de50a05]
+
+	* sudoers.cat, sudoers.man.in:
+	regen sudoers manual
+	[7498a058eeb1]
+
+	* UPGRADE, sudoers, sudoers.pod:
+	Add commented out line to add HOME to env_keep and add a warning to
+	the note about the HOME change in UPGRADE.
+	[0f7e08f09b9f]
+
+2010-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Add LINE_MAX define for those without it.
+	[6248dd44573c]
+
+	* WHATSNEW:
+	Mention that tty_tickets is now the default.
+	[4cf26eaee5ba]
+
+	* INSTALL, UPGRADE, config.h.in, configure, configure.in, defaults.c,
+	sudoers.cat, sudoers.man.in, sudoers.pod:
+	The tty_tickets option is now on by default.
+	[73dd2b82a3a9]
+
+	* WHATSNEW:
+	Mention that AIX authdb support has been fixed.
+	[9331829dc276]
+
+	* aix.c:
+	setauthdb() only sets the "old" registry if it was set by a previous
+	call to setauthdb(). To restore the original value, passing NULL
+	(or an empty string) to setauthdb() is sufficient.
+	[d956fd763521]
+
+2010-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention new handling of HOME in always_set_home and set_home
+	descriptions.
+	[a69c9bed3164]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	fix typo
+	[9b90bb3e9187]
+
+	* UPGRADE, WHATSNEW, env.c, sudo.cat, sudo.man.in, sudo.pod:
+	Reset HOME when env_reset is enabled unless it is in env_keep
+	[18223dfd1ac3]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	The default for set_logname has been "true" for some time now.
+	[9f97e4b43a4b]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Document that MAIL it set in env_reset mode.
+	[dcf9ad98079e]
+
+	* boottime.c:
+	Add missing include of time.h
+	[57bee414982d]
+
+	* defaults.c, sudo.c:
+	Check return value of setdefs() but don't stop setting defaults if
+	we hit an unknown one.
+	[a42cb2d6b7ed]
+
+	* logging.c:
+	Fix check for dup2() return value.
+	[916cd7fdeba7]
+
+	* visudo.c:
+	Treat an unknown defaults entry as a parse error.
+	[1f94675835d9]
+
+	* env.c:
+	Check KEPT_MAIL not DID_MAIL when determining whether to set MAIL in
+	-i and env_reset mode.
+	[aa6657ccfe01]
+
+	* env.c:
+	Add PYTHONUSERBASE to initial_badenv_table
+	[93058374f0d9]
+
+	* WHATSNEW, aclocal.m4, config.h.in, configure, configure.in, env.c,
+	pathnames.h.in, sudo.cat, sudo.man.in, sudo.pod:
+	If env_reset is enabled, set the MAIL environment variable based on
+	the target user unless MAIL is explicitly preserved in sudoers.
+	[d903c904dcd4]
+
+2010-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pp:
+	decode debian code names
+	[2df0ecbc23b4]
+
+	* WHATSNEW:
+	fix typo
+	[b66a95fa1869]
+
+2010-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Add entry about SuSE bash script fix.
+	[04af78fa281c]
+
+	* sudo.c:
+	Restore RLIMIT_NPROC after the uid switch if it appears that
+	runas_setup() did not do it for us. Fixes a bash script problem on
+	SuSE with RLIMIT_NPROC set to RLIM_INFINITY.
+	[bb14802d48b1]
+
+2010-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkpkg, pp, sudo.pp:
+	Restore the dot removal in the os version reported by polypkg. Adapt
+	mkpkg and sudo.pp to the change.
+	[83c7870130fe]
+
+2010-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Mention polypkg
+	[c5f6e40bbb58]
+
+	* README, WHATSNEW:
+	Update for sudo 1.7.4
+	[0c688f1f8160]
+
+	* INSTALL:
+	document --with-pam-login
+	[33ca3f6308ae]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	The tag is NOSETENV, not UNSETENV. From Petr Uzel.
+	[95f37e63ca15]
+
+2010-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pp:
+	Include flavor in solaris package name
+	[b6d56ccf367e]
+
+	* mkpkg:
+	Older shells don't support IFS= so set explictly to space, tab,
+	newline.
+	[336925525e17]
+
+	* mkpkg:
+	Use '=' not '==' in test
+	[98c692271cfd]
+
+	* mkpkg:
+	Fix typo that prevented debian from matching
+	[af4deec35e37]
+
+	* mkpkg:
+	Add missing prefix setting for debian
+	[d0c1941cb6ec]
+
+	* sudo.pp:
+	Use tab indents to reduce the chance of problem with <<- Uncomment
+	some env_keep lines for RHEL, SLES and Debian to more closely match
+	the vendor sudoers files.
+	[74ba26566cdc]
+
+	* sudo.pp:
+	Fix indentation Fix the debian %set section, pp does not set
+	pp_deb_distro Uncomment %sudo line in sudoers for debian Add pam.d
+	to %files for debian Remove the /etc/sudo-ldap.conf symlink on
+	debian for ldap flavor
+	[f15ff41b5afd]
+
+	* sudoers:
+	Add commented out env_keep entries, sample Aliases and a %sudo line
+	for debian.
+	[8264e4ed42dc]
+
+	* configure, configure.in:
+	Remove check for egrep; configure has its own
+	[27b3d85ebf4f]
+
+	* configure.in:
+	Use enable_zlib instead of enableval for consistency
+	[4a15cfd43d3e]
+
+2010-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkpkg:
+	Enable zlib for linux distros
+	[fcab91448bb0]
+
+	* mkpkg:
+	Add ldap flavor to default build
+	[e35a577c8994]
+
+	* mkpkg, sudo.pp:
+	Simplify rpm linux distro settings
+	[f30547765636]
+
+	* UPGRADE, aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+	sudoers.cat:
+	Move time stamp files from /var/run/sudo to /var/{db,lib,adm}/sudo.
+	[8c9440423d98]
+
+	* Makefile.in, mkpkg, sudo.pp:
+	Add ldap "flavor" for debian, controlled by the SUDO_FLAVOR
+	environment variable.
+	[9f418defc08a]
+
+	* sudo.pp:
+	Create sudo group on debian
+	[4b0cc7b8b0b5]
+
+	* mkpkg, sudo.pp:
+	Add debian 4/5/6 and use the dot when doing version matches
+	[d5184f0a1efc]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Remove spurious "and"; from debian
+	[8b9f2a5937bc]
+
+	* aclocal.m4, configure:
+	Use a loop when searching for mv, sendmail and sh
+	[a1c7d19721a4]
+
+	* aclocal.m4, configure, configure.in, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+	Substitute the value of EDITOR into the sudoers and visudo manuals.
+	[f00dc9343f94]
+
+2010-07-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkpkg, pp, sudo.pp:
+	Initial debian 4.0 support
+	[6d73c000723f]
+
+	* mkpkg:
+	Some platforms need -fPIE instead of -fpie
+	[8533a29633e8]
+
+	* Makefile.in:
+	Add packaging bits to DISTFILES
+	[dea9f374f28b]
+
+	* auth/pam.c:
+	Only set PAM_RHOST for Solaris, where it is needed to avoid a bug.
+	On Linux it causes a DNS lookup via libaudit.
+	[22e04d2f5f0f]
+
+	* sudo.psf:
+	We now use pp to generate HP-UX packages
+	[6c9f8ae6bc11]
+
+2010-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Fix indentation
+	[e52e9e6338d5]
+
+	* INSTALL, Makefile.in:
+	isntall-man -> install-doc
+	[02cc8198ea7a]
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Bump version to 1.7.4
+	[df6ce4ea908a]
+
+	* INSTALL.binary, Makefile.binary.in, Makefile.in:
+	Remove remaining bits of the old binary package
+	[8d4f82c23c22]
+
+	* sudo.pp:
+	Use http://rc.quest.com/topics/polypkg/ for packaging
+	[d71793085629]
+
+	* Makefile.in, mkpkg, pp:
+	Use http://rc.quest.com/topics/polypkg/ for packaging
+	[675e505758c5]
+
+	* install-sh:
+	Just ignore the -c option, it is the default Add support for -d
+	option
+	[2adfb3a63231]
+
+	* env.c, logging.c, pathnames.h.in:
+	Use _PATH_STDPATH instead of _PATH_DEFPATH
+	[2c22d54a1f02]
+
+	* Makefile.in:
+	Do not strip binaries.
+	[bc84682b372c]
+
+	* INSTALL, configure, configure.in:
+	Add --insults=disabled configure option to allow people to build in
+	insult support but have the insults disabled unless explicitly
+	enabled in sudoers.
+	[6d9f40db9cca]
+
+2010-07-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudoreplay.c:
+	Fix K&R compilation
+	[e44d3be7ab85]
+
+2010-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, config.h.in, configure, configure.in, env.c, sudo.c,
+	sudo.h:
+	Add support for a sudo-i pam.d file to be used for "sudo -i".
+	Adapted from a RedHat patch.
+	[2984c3831d88]
+
+	* Makefile.in:
+	Fix installation of sudo_noexec.so
+	[d1f7ca8331b6]
+
+	* Makefile.in, config.h.in, configure, configure.in, missing.h,
+	mkstemp.c, mkstemps.c, sudo_edit.c:
+	Use mkstemps() instead of mkstemp() in sudoedit. This allows
+	sudoedit to preserve the file extension (if any) which may be used
+	by the editor (like emacs) to choose the editing mode.
+	[46399679d9ae]
+
+2010-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	TLS_CACERT is now an alias for TLS_CACERTFILE. OpenLDAP uses
+	TLS_CACERT, not TLS_CACERTFILE in its ldap.conf. Other LDAP client
+	code, such as nss_ldap, uses TLS_CACERTFILE. Also document why you
+	should avoid disabling TLS_CHECKPEER is possible.
+	[1d626a5cf8c0]
+
+2010-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Add suport for negated user/host/command lists in a Defaults entry.
+	E.g. Defaults:!baduser noexec
+	[24f07a805dce]
+
+2010-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.pod:
+	fix typo.
+	[d5f2922cecf2]
+
+2010-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* .hgtags:
+	Added tag SUDO_1_7_3 for changeset 72fd1f510a08
+	[cc8b2277e17e]
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Sudo 1.7.3 GA
+	[72fd1f510a08] [SUDO_1_7_3]
+
+	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, boottime.c, check.c,
+	defaults.c, env.c, exec.c, exec_pty.c, fileops.c, find_path.c,
+	fnmatch.c, get_pty.c, getcwd.c, getdate.c, getdate.y, getline.c,
+	getspwuid.c, glob.c, goodpath.c, gram.c, gram.y, interfaces.c,
+	iolog.c, lbuf.c, ldap.c, logging.c, match.c, parse.c, parse_args.c,
+	pwutil.c, set_perms.c, snprintf.c, sudo.c, sudo_edit.c, sudo_nss.c,
+	sudoreplay.c, term.c, testsudoers.c, tgetpass.c, toke.c, toke.l,
+	tsgetgrpw.c, visudo.c:
+	Include strings.h even if string.h exists since they may define
+	different things. Fixes warnings on AIX and others.
+	[7c6de7fb5dba]
+
+	* env.c:
+	Do not rely on env.env_len when unsetting a variable, just use the
+	NULL terminator.
+	[faf088613ce5]
+
+	* env.c:
+	In unsetenv() check for NULL or empty name as per POSIX 1003.1-2008
+	[47f8dfcc7a48]
+
+2010-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Mention that multiple URI lines are merged into a single one.
+	[1dc0ac5929bf]
+
+	* WHATSNEW:
+	Document AIX fixes
+	[be36e8a6dddd]
+
+2010-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c, sudo.h:
+	For env_init() just use environ not the envp from main().
+	[d4f3e374caeb]
+
+2010-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Update version to 1.7.3rc1
+	[fe43fe79070d]
+
+	* TODO:
+	fqdn issue is resolved
+	[f35cb63eb74b]
+
+	* env.c:
+	In unsetenv(), assign ep in the for loop instead of doing it
+	earlier. This version of the code does not change env.envp in
+	between when ep is assigned and when it is used but older versions
+	(e.g. 1.7.2) do.
+	[a4cd29c862c9]
+
+	* aix.c:
+	Use S_REGISTRY instead of S_AUTHSYSTEM as the argument to
+	getuserattr() when fetching the administrative domain to be used by
+	setauthdb(). This was suggested by AIX support and is consistent
+	with what OpenSSH does.
+	[d3109706ec85]
+
+	* vasgroups.c:
+	Use warningx() instead of log_error() since the latter is not
+	available to visudo or testsudoers. This does mean that they don't
+	end up in syslog.
+	[0174e89f983b]
+
+	* sudo.c:
+	Defer call to sudo_nonunix_groupcheck_cleanup() until after we have
+	closed the sudoers sources. From Quest sudo.
+	[c1b33e3e0f9e]
+
+	* pwutil.c:
+	Ignore case when matching user/group names in the cache. From Quest
+	sudo.
+	[72df368a8a0e]
+
+2010-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, selinux.c:
+	Add check for setkeycreatecon() when --with-selinux is specified.
+	[24144c52c0cc]
+
+	* configure, configure.in:
+	Bump version to 1.7.3b5 Error out if libaudit.h is missing or
+	ununable when --with-linux-audit was specified
+	[215c7653d9bc]
+
+	* aix.c:
+	K&R function declaration for aix_setauthdb()
+	[82da12d222a6]
+
+	* env.c, sudo.c, sudo.h:
+	If env_init() was called implicitly via getenv(), setenv() or
+	putenv() just use the specified envp instead of mallocing a new
+	copy. This prevents an infinite loop on OpenBSD which calls
+	getenv() from malloc() to get MALLOC_OPTIONS.
+	[8e82ce63f774]
+
+	* ldap.c:
+	Add support for multiple URI lines by joining the contents and
+	passing the result to ldap_initialize.
+	[b4e10b2ffdb1]
+
+2010-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, set_perms.c, sudo_nss.c:
+	Bracket initgroups with calls to aix_setauthdb() and
+	aix_restoreauthdb()
+	[363dbe449f1c]
+
+	* aix.c:
+	Include compat.h before alloc.h to get __P
+	[819a2667ffd7]
+
+	* auth/aix_auth.c:
+	Include usersec.h for authenticate() prototype
+	[2b8dd2b67131]
+
+	* aix.c:
+	Add missing includes Add missing trailing NUL in userinfo string
+	[8deaedf44943]
+
+2010-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, history.pod:
+	Mention when LDAP was incorporated.
+	[4e6c8ec4f67c]
+
+2010-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+	not covered by _ALL_SOURCE.
+	[3657f1b181b9]
+
+	* pwutil.c:
+	Include usersec.h on AIX to get IDtouser() prototype.
+	[11483bbe15c7]
+
+	* configure.in:
+	Define _LINUX_SOURCE_COMPAT on AIX for strsignal() prototype, it is
+	not covered by _ALL_SOURCE.
+	[fd48e6e2136b]
+
+2010-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* iolog.c:
+	Add a cast to quiet a compiler warning.
+	[51e9d419bd83]
+
+	* boottime.c:
+	Use memset() instead of zero_bytes() since we don't include sudo.h
+	[f310b2123ba9]
+
+	* Makefile.in:
+	getline.o is already in LIB_OBJS, do not need it in COMMON_OBJS
+	[c8750c2d75ab]
+
+	* getdate.c, getdate.y:
+	Quiet a compiler warning.
+	[9f231be15958]
+
+	* defaults.c, sudo.c:
+	Call set_fqdn() after sudoers has parsed instead of inline as a
+	callback.
+	[26d413ddb6dd]
+
+	* WHATSNEW:
+	Do not call set_fqdn() until sudoers parses (where is gets run as a
+	callback).
+	[582453a993a1]
+
+	* sudo.c:
+	Do not call set_fqdn() until sudoers parses (where is gets run as a
+	callback). Otherwise, if sudo is built --with-fqdn the fqdn will be
+	set even if !fqdn is set in sudoers.
+	[aa01e867d1bb]
+
+	* configure, configure.in, sudo.cat, sudo.man.in, sudoers.cat,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	sudoreplay.cat, sudoreplay.man.in, visudo.cat, visudo.man.in:
+	Bump version to 1.7.3b4
+	[c1c5a73766b6]
+
+	* WHATSNEW:
+	mention the change in tty ticket behavior when there is no tty
+	[93ddde63e453]
+
+	* TODO:
+	remove done items
+	[9601b2e8dcef]
+
+	* aix.c:
+	Remove comment; NAME in usrinfo should be user name.
+	[eb46f1e8ea08]
+
+	* check.c:
+	Do not update tty ticket if there is no tty.
+	[e64e8c8f2286]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	No longer need to use -- with the -s flag
+	[e45c18dd79dc]
+
+	* Makefile.in:
+	Add missing $(srcdir) to sudo.man.in target
+	[2bd89f6ca9f3]
+
+	* Makefile.in:
+	Do not rely on BSD make's $>
+	[cb328b82cb92]
+
+	* configure, configure.in:
+	Set timedir to /var/db/sudo for darwin to match Apple sudo's
+	location
+	[860c7f1b001f]
+
+2010-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in:
+	Move aix.o from SUDO_OBJS to COMMON_OBJS
+	[f8a9bdf346c1]
+
+	* config.h.in, configure, configure.in, defaults.c, iolog.c,
+	sudoreplay.c:
+	Check for zlib.h in addition to libz.
+	[fb77e44d5196]
+
+	* Makefile.in, exec.c, exec_pty.c, sudo.h, sudo_exec.h:
+	Move functions and symbols shared between exec.c and exec_pty.c into
+	sudo_exec.h.
+	[e798d945424e]
+
+	* sudo.h:
+	Add missing prototypes for aix_setauthdb and aix_restoreauthdb
+	[8bc2af6d4e17]
+
+	* Makefile.in:
+	Comment out rules to build .man.in and .cat files unless --with-
+	devel
+	[81d6726a19ab]
+
+	* aix.c, pwutil.c, set_perms.c, sudo.h:
+	Fix AIX compilation problems.
+	[7d95f73eca42]
+
+	* sudo.c:
+	Cast isalnum() arg to unsigned char.
+	[5fff9a81af00]
+
+	* WHATSNEW:
+	Add Linux audit support.
+	[e59e0670ba79]
+
+	* sudo.c:
+	Quote any non-alphanumeric characters other than '_' or '-' when
+	passing a command to be run via the shell for the -s and -i options.
+	[d35a3f4cb3c0]
+
+	* sudo.c:
+	Add missing braces that broke -i mode.
+	[7fe124b078ec]
+
+	* linux_audit.c:
+	Fix linux_audit_command() return value
+	[0c582476181c]
+
+2010-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, linux_audit.c, linux_audit.h:
+	Add Linux audit support.
+	[b207dc9960de]
+
+2010-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, audit.c, bsm_audit.c, config.h.in, configure, configure.in,
+	logging.h, selinux.c:
+	Add Linux audit support.
+	[26ae31d7ff93]
+
+2010-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	Sync sudoreplay with trunk
+	[65b780cccfa5]
+
+	* exec_pty.c:
+	Remove an XXX
+	[8304ac649241]
+
+	* aix.c, configure, configure.in, pwutil.c, set_perms.c, sudo.h:
+	Set usrinfo for AIX Set adminstrative domain for the process when
+	looking up user's password info and when preparing for execve().
+	[52b48cbe97fd]
+
+	* ldap.c, parse.c:
+	Better prefix determination now that we can't rely on len==0 to tell
+	the beginning on an entry.
+	[32f1875d9605]
+
+	* WHATSNEW, ldap.c, sudoers.ldap.cat, sudoers.ldap.man.in,
+	sudoers.ldap.pod:
+	Add support for multiple sudoers_base entries in ldap.conf. From
+	Joachim Henke
+	[3c0b59fce7b4]
+
+	* configure, configure.in:
+	Remove duplicate setsid check
+	[7712d6d52da1]
+
+	* Makefile.in, config.h.in, configure, configure.in, exec_pty.c,
+	logging.c, missing.h, setsid.c:
+	Move setsid emulation into setsid.c
+	[f24743c9e4e9]
+
+	* exec_pty.c, logging.c, selinux.c, sudo.c, tgetpass.c:
+	Check for dup2() failure.
+	[b1b6ba761b61]
+
+	* config.h.in, configure, configure.in:
+	Remove dup2 check, it is not optional.
+	[cfbe5f3b5956]
+
+2010-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Add mbr_check_membership support and SELinux fixes
+	[af1936a7cf2f]
+
+	* Makefile.in:
+	Sync SRCS and DISTFILES with reality
+	[0971b5dcb1be]
+
+	* INSTALL:
+	Update OS specific notes. Delete some really ancient ones and move
+	older ones to the end of the list.
+	[872dd8b437a8]
+
+	* README:
+	Bump for sudo 1.7.3 Merge some changes from trunk
+	[a3088c75bf22]
+
+	* selinux.c, sudo.c:
+	Call selinux_restore_tty() as part of cleanup() so it gets called
+	from error()/errorx()
+	[0197c07d4c1e]
+
+	* compat.h:
+	No longer use SA_NOCLDSTOP
+	[73ca654cd3f8]
+
+	* interfaces.h, match.c:
+	Move union sudo_in_addr_un into interfaces.h
+	[c84bda7c332a]
+
+	* pathnames.h.in:
+	Update copyright year
+	[94871f44206b]
+
+	* HISTORY, LICENSE, aix.c, alias.c, alloc.h, boottime.c, bsm_audit.h,
+	compat.h, defaults.c, defaults.h, env.c, fileops.c, find_path.c,
+	gettime.c, gram.y, history.pod, lbuf.h, license.pod, logging.c,
+	match.c, missing.h, nanosleep.c, parse.h, set_perms.c,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+	sudoreplay.c, term.c, tgetpass.c, toke.l, visudo.c, visudo.cat,
+	visudo.man.in, visudo.pod:
+	Update copyright year
+	[4cfb47c799b8]
+
+	* Makefile.in:
+	Remove varsub as part of clean
+	[61f04a21b0bb]
+
+	* match.c:
+	Quiet a compiler warning.
+	[06d8cfe916c8]
+
+	* getdate.c, getdate.y:
+	Quiet a compiler warning.
+	[473d2b7d44a1]
+
+	* ldap.c, sudo.h:
+	Make the remaining functions in ldap.c static
+	[ba555565b30a]
+
+	* ldap.c:
+	Make private functions static. Diff from Joachim Henke
+	[1603035b1863]
+
+	* schema.ActiveDirectory:
+	Updates from Alain Roy to provide better examples for importing the
+	schema and to fix problems caused by Windows validating attributes
+	which have not yet been added before committing the changes.
+	[83f11ae00f19]
+
+2010-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in, sudo.cat, sudoers.cat:
+	Generate .cat files directly from .man.in instead of .man using
+	default values in configure.in
+	[0a92b41c5ce5]
+
+2010-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in, sudo.c, sudo_usage.h.in:
+	Print configure args with verbose version information.
+	[ca4a5fcf0af8]
+
+	* visudo.c:
+	Remove tfd from struct sudoersfile; it is not used. Add prev pointer
+	to struct sudoersfile. Declare list of sudoersfile using TQ_DECLARE.
+	Use tq_append to append sudoers entries to the tail queue.
+	[344c631d0d43]
+
+2010-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Describe tty timestamp improvements
+	[136b0f832903]
+
+	* toke.c, toke.l:
+	A comment character may not be part of a command line argument
+	unless it is quoted with a backslash. Fixes parsing of:
+	testuser ALL=NOPASSWD: /usr/bin/wl #comment foo bar closes bz #441
+	[2a0c82ffedde]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[c9fddd23c7e1]
+
+	* sudoers.pod:
+	Make this read a little bit better when passwd_timeout is 0.
+	[51644950823f]
+
+	* Makefile.in:
+	Use the --file argument to config.status instead of setting
+	CONFIG_FILES
+	[fc2b42c60b5d]
+
+	* sudo.man.pl, sudo.pod:
+	Attempt to handle a default password prompt timeout of zero more
+	gracefully.
+	[478b8e720993]
+
+	* toke.c, toke.l:
+	Do not override value of keepopen global, instead restore it to the
+	value we pushed onto the stack when popping.
+	[dc370d57a668]
+
+	* exec.c, exec_pty.c, logging.c, mon_systrace.c, tgetpass.c:
+	Use SA_INTERRUPT in sa_flags
+	[3845c6637361]
+
+	* getdate.c, getdate.y, ldap.c, sudoreplay.c:
+	Silence some compiler warnings
+	[112ac65afd0c]
+
+2010-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec.c, exec_pty.c, sudo.c, sudo.h:
+	Implement background mode. If I/O logging we use pipes instead of a
+	pty.
+	[8d448eaf2aaa]
+
+	* compat.h, exec.c, exec_pty.c, mksiglist.c, strsignal.c, tgetpass.c:
+	Move compat definition of NSIG to compat.h
+	[cae72a4c9dec]
+
+	* tgetpass.c:
+	Ignore SIGPIPE for "sudo -S"
+	[c6595c8527c4]
+
+	* tgetpass.c:
+	Properly handle TGP_ECHO again. Print a newline if the user
+	interrupted password input.
+	[15acbe4fb535]
+
+	* exec_pty.c:
+	Use POSIX tcgetpgrp() instead of BSD TIOCGPGRP ioctl
+	[dd041fc9554c]
+
+2010-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* exec.c, exec_pty.c, selinux.c, sudo.c, sudo.h:
+	Return an error from selinux_setup() instead of exiting. Call
+	selinux_setup() from exec_setup().
+	[b518225cafba]
+
+	* compat.h:
+	Add definition of WCOREDUMP for systems without it. This is known
+	to work on AIX and SunOS 4, but may be incorrect on other systems
+	that lack WCOREDUMP.
+	[365e56db7cd5]
+
+	* check.c, compat.h, config.h.in, configure, configure.in, iolog.c,
+	nanosleep.c, sudo_edit.c, visudo.c:
+	Replace timerfoo macros with timevalfoo since the timer macros are
+	known to be busted on some systems.
+	[4bb5228606c5]
+
+	* toke.c, toke.l:
+	If a file in a #includedir has improper permissions or owner just
+	skip it. This prevents packages that incorrectly install a file
+	into /etc/sudoers.d from breaking sudo so easily. Syntax errors in
+	#includedir files still result in a parse error (for now).
+	[b7fb75eddb77]
+
+	* TODO, auth/pam.c, exec.c, exec_pty.c, set_perms.c, sudo.c, sudo.h:
+	Defer call to pam_close_session() until after the command finishes
+	if there is a monitor process.
+	[0a39c8e6a81b]
+
+	* WHATSNEW, def_data.c, def_data.h, def_data.in, exec.c, sudoers.cat,
+	sudoers.man.in, sudoers.pod:
+	Add use_pty sudoers option to force use of a pty even when not
+	logging I/O.
+	[aea971f1456a]
+
+	* env.c, sudo.c, sudo.h:
+	Instead of trying to keep the global environment in sync with our
+	private copy, provide our own getenv() that returns values from the
+	private environment and use env_get() to pass the environment in to
+	run_command().
+	[58c85c5695dc]
+
+	* set_perms.c:
+	Fix typo
+	[0f677fcdde04]
+
+2010-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	Rename pty.c -> get_pty.c
+	[39137dcc4420]
+
+	* iolog.c:
+	Add #define for maximum session id
+	[2a487437f013]
+
+	* Makefile.in, configure, configure.in, exec.c, exec_pty.c, iolog.c,
+	selinux.c, sudo.c, sudo.h, sudo_edit.c:
+	Split exec.c into exec.c and exec_pty.c Pass a flag in to
+	sudo_execve to indicate whether we need to wait for the command
+	to finish (fork + execve vs. execve).
+	[b197515585db]
+
+	* Makefile.in, configure, configure.in, get_pty.c, pty.c:
+	Rename pty.c -> get_pty.c
+	[c0e5270bb28a]
+
+	* aclocal.m4, configure, configure.in:
+	Fix --without-iologdir
+	[dcd6c5907b10]
+
+2010-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* iolog.c:
+	Only use I/O input log file if def_log_input is set and output file
+	if def_log_output is set.
+	[96cdd49be996]
+
+2010-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse_args.c, sudo.c:
+	Include sudo_usage.h after sudo.h now that it has function
+	prototypes to guarantee that __P is defined.
+	[c67b77f8d6b1]
+
+2010-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Do signal setup after turning off echo, not before. If we are using
+	a tty but are not the foreground pgrp this will generate SIGTTOU so
+	we want the default action to be taken (suspend process). Use an
+	array for signals received instead of a single variable so we don't
+	lose any when there are multiple different signals.
+	[de356064ea01]
+
+	* defaults.h, lbuf.h, sudo.h:
+	Reorg function prototypes a bit
+	[5c40f58bb28e]
+
+	* Makefile.in, parse_args.c, sudo.c, sudo.h, sudo_usage.h.in:
+	Move argument parsing into parse_args.c
+	[fad7b8737c12]
+
+	* Makefile.in, config.h.in, configure, configure.in, missing.h,
+	mksiglist.c, mksiglist.h, siglist.in, strsignal.c:
+	Build our own sys_siglist for systems that lack it.
+	[3b5f671936dc]
+
+	* exec.c, iolog.c, missing.h, sudo_edit.c:
+	K&R fixes
+	[dad62986f2fe]
+
+	* exec.c, pty.c, sudo.c, sudo.h, sudo_edit.c:
+	Log sudoedit sessions as well; adapted from trunk
+	[2c5d9695022b]
+
+	* configure:
+	regen
+	[9b319e89a6c4]
+
+	* INSTALL, Makefile.in, WHATSNEW, aclocal.m4, configure, configure.in,
+	def_data.c, def_data.h, def_data.in, defaults.c, exec.c, gram.c,
+	gram.h, gram.y, iolog.c, parse.c, parse.h, pathnames.h.in, pty.c,
+	script.c, selinux.c, sudo.c, sudo.h, sudoers.cat, sudoers.man.in,
+	sudoers.pod, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+	sudoreplay.pod, term.c:
+	Merge I/O logging changes from trunk. Disabling I/O log support at
+	compile time does not currently work. Sudoedit is not yet hooked up
+	to I/O logging.
+	[968c2c74c69b]
+
+2010-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in:
+	Add --enable-warnings configure option
+	[19cf967c36d1]
+
+	* check.c, lbuf.h, script.c, sudo.c, sudo_nss.c:
+	Fix K&R compilation issues on HP-UX.
+	[c01a547cdcf8]
+
+	* lbuf.c, lbuf.h, ldap.c, parse.c, sudo.c, sudo_nss.c:
+	Pass in output function to lbuf_init() instead of writing to stdout.
+	A side effect is that the usage info can now go to stderr as it
+	should. Add support for embedded newlines in lbuf and use that
+	instead of multiple calls to lbuf_print.
+	[596a427ff873]
+
+	* configure, configure.in, sudo.man.pl, sudoers.man.pl:
+	Use numeric registers to handle conditionals instead of trying to do
+	it all with text processing.
+	[31570c372e0e]
+
+	* sudoers.pod:
+	Document per-command SELinux settings
+	[bbce5acad1be]
+
+	* sudo.pod:
+	timestamp -> time stamp
+	[d7335ce6286f]
+
+	* tsgetgrpw.c:
+	Set close on exec flag in private versions of setpwent() and
+	setgrent().
+	[954814bdbd56]
+
+	* logging.c:
+	Make send_mail() take a printf-style argument list
+	[0783ad585062]
+
+	* Makefile.binary.in, Makefile.in, aclocal.m4, acsite.m4,
+	config.guess, config.h.in, config.sub, configure, configure.in,
+	ltmain.sh, m4/libtool.m4, m4/ltoptions.m4, m4/ltsugar.m4,
+	m4/ltversion.m4, m4/lt~obsolete.m4:
+	Update to autoconf 2.65 and libtool 2.2.6b
+	[3544dd2f1a94]
+
+	* boottime.c:
+	Don't use TRUE/FALSE which may not be defined.
+	[8649bf22b3b2]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Document new tty_ticket behavior
+	[0663e0390338]
+
+	* find_path.c, sudo.c, sudo.h, visudo.c:
+	Make find_path() a little more generic by not checking def_foo
+	variables inside it. Instead, pass in ignore_dot as a function
+	argument.
+	[16c3f27cd9b9]
+
+	* check.c:
+	Store info from stat(2)ing the tty in the tty ticket when tty
+	tickets are in use. If the tty lives on a devpts (Linux) or devices
+	(Solaris) filesystem, stash the ctime in the tty ticket file, as it
+	is not updated when the tty is written to. This helps us determine
+	when a tty has been reused without the user authenticating again
+	with sudo.
+	[f9aec9ab9054]
+
+	* boottime.c, check.c, sudo.h:
+	get_boottime() now fills in a timeval struct
+	[dbd2003659c0]
+
+2010-06-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, compat.h, config.h.in, configure, configure.in, fileops.c,
+	gettime.c, sudo.h, sudo_edit.c, visudo.c:
+	Use timeval directly instead of converting to timespec when dealing
+	with file times and time of day.
+	[c85bf3e41839]
+
+	* auth/pam.c:
+	Fix OpenPAM detection for newer versions.
+	[67f29a0703d0]
+
+	* vasgroups.c:
+	Sync with Quest sudo git repo
+	[2680ad9762c2]
+
+	* aclocal.m4, configure, configure.in:
+	HP-UX ld uses +b instead or -R or -rpath Fix typo in libvas check
+	libvas may need libdl for dlopen() Add missing template for
+	ENV_DEBUG Adapted from Quest sudo
+	[6c886eb9070a]
+
+	* README.LDAP:
+	Fix typos; from Quest Sudo
+	[cf258fc69f1a]
+
+	* Makefile.in, configure.in:
+	Use value of SHELL from configure in Makefile
+	[08aaf12221d6]
+
+2010-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Handle duplicate variables in the environment. For unsetenv(), keep
+	looking even after remove the first instance. For sudo_putenv(),
+	check for and remove dupes after we replace an existing value.
+	[086c6397d8cd]
+
+2010-04-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Fix a crash when checking a sudoers file that has aliases that
+	reference themselves. Based on a diff from David Wood.
+	[5efc702a3b35]
+
+2010-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c:
+	Fix use after free in error message when a duplicate alias exists.
+	[9eaac49bd22b]
+
+2010-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Set errorfile to the sudoers path if we set parse_error manually.
+	This prevents a NULL dereference in printf() when checking a sudoers
+	file in strict mode when alias errors are present.
+	[b4eed2f0615d]
+
+2010-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, sudoers.cat, sudoers.man.in, sudoers.pod:
+	Fix typo
+	[57198cae9cf5]
+
+2010-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	Qualify the command even if it is in the current working directory,
+	e.g. "./foo" instead of just returning "foo". This removes an
+	ambiguity between real commands and possible pseudo-commands in
+	command matching.
+	[fb4d571495fa]
+
+2010-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Add a note about the security implications of the fast_glob option.
+	[84f8097553d9]
+
+	* memrchr.c:
+	Remove duplicate includes
+	[3e8d90f4c30f]
+
+2010-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix installation of sudoers.ldap in "make install" when --with-ldap
+	was specified without a directory. From Prof. Dr. Andreas Mueller
+	[5177a284b9ff]
+
+2010-03-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	When doing a glob match, short circuit if gl.gl_pathc is 0. From
+	Mark Kettenis.
+	[549f8f7c2463]
+
+2010-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Use parent process group id instead of parent process id when
+	checking foreground status and suspending parent. Fixes an issue
+	when running commands under /usr/bin/time and others.
+	[eac86126e335]
+
+	* env.c:
+	In setenv(), if the var is empty, return 1 and set errno to EINVAL
+	instead of returning EINVAL directly.
+	[d202091ec15e]
+
+2010-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Check for pseudo-command by looking at the first character of the
+	command in sudoers instead of checking the user-supplied command for
+	a slash.
+	[88f3181692fe]
+
+2010-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.l:
+	Avoid a duplicate fclose() of the sudoers file.
+	[164d39108dde]
+
+	* toke.l:
+	Fix size arg when realloc()ing include stack. From Daniel Kopecek
+	[8900bccef219]
+
+2010-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c, config.h.in, configure, configure.in:
+	Use setrlimit64(), if available, instead of setrlimit() when setting
+	AIX resource limits since rlim_t is 32bits.
+	[2cbb14d98fc1]
+
+	* logging.c:
+	Fix use after free when sending error messages. From Timo Juhani
+	Lindfors
+	[caf183fd9d94]
+
+2010-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog, Makefile.in:
+	Generate the ChangeLog as part of "make dist" instead of having it
+	in the repo.
+	[836c31615859]
+
+2010-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Generate correct ChangeLog for 1.7 branch.
+	[586dd90b8878]
+
+2010-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.binary.in, Makefile.in, aix.c, alias.c, alloc.c, alloc.h,
+	auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+	auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+	closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+	emul/charclass.h, emul/timespec.h, env.c, error.c, error.h,
+	fileops.c, find_path.c, getcwd.c, getprogname.c, getspwuid.c,
+	gettime.c, goodpath.c, gram.c, gram.y, ins_2001.h, ins_classic.h,
+	ins_csops.h, ins_goons.h, insults.h, interfaces.c, interfaces.h,
+	isblank.c, lbuf.c, lbuf.h, ldap.c, list.c, list.h, logging.c,
+	logging.h, match.c, memrchr.c, missing.h, mkinstalldirs, mkstemp.c,
+	mon_systrace.c, nanosleep.c, parse.c, parse.h, pathnames.h.in,
+	pty.c, pwutil.c, redblack.c, redblack.h, sample.pam, sample.sudoers,
+	sample.syslog.conf, script.c, selinux.c, sesh.c, set_perms.c,
+	sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+	strlcpy.c, strsignal.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+	sudo_edit.c, sudo_noexec.c, sudo_nss.c, sudo_nss.h, sudo_usage.h.in,
+	sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+	sudoers2ldif, sudoreplay.c, sudoreplay.man.in, sudoreplay.pod,
+	term.c, testsudoers.c, tgetpass.c, timestr.c, toke.c, toke.l,
+	utimes.c, visudo.c, visudo.man.in, visudo.pod, zero_bytes.c:
+	Remove CVS $Sudo$ tags.
+	[de683a8b31f5]
+
+2009-12-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_usage.h.in:
+	make this match sudoers SYNOPSIS
+	[c74ba66944c2]
+
+	* lbuf.c, parse.c:
+	Print a newline between Runas and Command-specific defaults in sudo
+	-l.
+	[b5bdfcc9ce4b]
+
+	* term.c:
+	Use SET and CLR macros in term_raw
+	[50ca42609d6c]
+
+	* sudoreplay.c:
+	Set stdin to non-blocking mode early instead of in check_input. Use
+	term_raw instead of term_cbreak since the data we get has already
+	been expanded via OPOST.
+	[51c47e803d62]
+
+2009-12-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c, term.c:
+	Enable/disable all postprocessing instead of just nl->crnl
+	processing since things like tab expansion matter too. However, if
+	stdout is a tty leave postprocessing on in the pty since we run into
+	problems doing it only on the real stdout with .e.g nvi.
+	[62666e309673]
+
+2009-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	If tty_tickets is enabled and there is no tty, prompt for a
+	password. Do not lecture user for "sudo -k command" if user has a
+	timestamp.
+	[5880200c5f6b]
+
+	* INSTALL:
+	Document missing options: --with-efence and --with-bsm-audit
+	[d83afcdf9ff3]
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.ldap.pod, sudoers.man.in, sudoers.pod,
+	sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod, visudo.cat,
+	visudo.man.in, visudo.pod:
+	username -> user name groupname -> group name hostname -> host name
+	[10c85646f45d]
+
+	* INSTALL, README.LDAP, sudoers.pod:
+	filename -> file name like the rest of the docs
+	[1ef8ab5a9018]
+
+2009-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix printing of entries with multiple host entries on a single line.
+	[226ceaf91d8d]
+
+2009-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Mention that targetpw affects the timestamp file name.
+	[a26e22e4f72e]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, script.c,
+	sudoers.pod:
+	Add compress_transcript option.
+	[6e94f8cb9dfb]
+
+2009-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	bump to 1.7.3b2
+	[906d7e347d15]
+
+	* pwutil.c, set_perms.c, sudo.c, sudo_nss.c:
+	Better split of membership vs. traditional group check in
+	user_in_group(). Allow user_ngroups to be < 0 if getgroups() fails.
+	[6ebc55d4716b]
+
+2009-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Fix pasto and add default return value.
+	[7973b5e4599c]
+
+	* check.c, match.c, pwutil.c, sudo.h:
+	refactor group member checking into user_in_group()
+	[48ca8c2eddf8]
+
+	* check.c, config.h.in, configure, configure.in, match.c, sudo.c,
+	sudo.h:
+	Add support for mbr_check_membership() as present in darwin.
+	[5501aed02b9f]
+
+2009-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Rename label to be accurate
+	[3af17dd960f7]
+
+	* Makefile.in, boottime.c, check.c, config.h.in, configure,
+	configure.in, sudo.h:
+	Treat timestamp files from before we booted as old. Idea from and
+	Apple patch.
+	[5c96e484c05a]
+
+2009-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo.pod, sudo_usage.h.in:
+	Allow the -u flag to be used in conjunction with the -v flag as per
+	older versions of sudo.
+	[591e9fc13c1a]
+
+	* logging.c:
+	fix typo in last commit
+	[4fd0c692dcf0]
+
+2009-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Convert fmt_first and fmt_confd into macros.
+	[32e870158b29]
+
+	* sudoers.pod:
+	timeouts can be floats now
+	[89de639a9679]
+
+	* WHATSNEW, def_data.c, def_data.h, def_data.in, defaults.c,
+	defaults.h, mkdefaults:
+	Add support for floating point timeout values (e.g. 2.5 minutes).
+	[210ffa291733]
+
+2009-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	The -L flag will be removed in sudo 1.7.4
+	[ffd026084333]
+
+2009-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Fix a bug due to order of operators.
+	[938d34464283]
+
+2009-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	cmnd_matches() already deals with negation so _cmndlist_matches()
+	does not need to do so itself. Fixes a bug with negated entries in
+	a Cmnd_List.
+	[71c845f6ce73]
+
+2009-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't exit() from open_sudoers, just return NULL for all errors.
+	[8cfa832f972a]
+
+	* script.c:
+	Can't rely on the shell sending us SIGCONT when transitioning from
+	backgroup to foreground process.
+	[3c6c5b6cb4b3]
+
+	* toke.c, toke.l:
+	Add missing extern def for parse_error
+	[45b7b59d03b7]
+
+2009-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Avoid a parse error when #includedir doesn't find any files. Closes
+	bug #375
+	[1ce1b850e9e6]
+
+	* Makefile.in:
+	Include sudo.man.pl and sudoers.man.pl in the distribution tarball.
+	[6a22e32da108]
+
+2009-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Start command out in foreground mode if stdout is a tty. Works
+	around issues with some curses-based programs that don't handle
+	tcsetattr getting interrupted by a signal. Still allows us to avoid
+	hogging the tty if the command is part of a pipeline.
+	[1c32f2b94769]
+
+	* script.c, sudo.c, sudo.h, sudoreplay.c, term.c, tgetpass.c:
+	Use a socketpair to pass signals from parent to child. Child will
+	now pass command status change info back via the socketpair. This
+	allows the parent to distinguish between signals it has been sent
+	directly and signals the command has received. It also means the
+	parent can once again print the signal notifications to the tty so
+	all writes to the pty master occur in the parent. The command is
+	now always started in background mode with tty signals handled by
+	the parent.
+	[c6790b82986d]
+
+2009-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix a few typos in the descriptions; from Jeff Makey Only do the
+	check for krb5_get_init_creds_opt_free() taking two arguments if we
+	find krb5_get_init_creds_opt_alloc(). Otherwise we will get a false
+	positive when using our own krb5_get_init_creds_opt_free which takes
+	only a single argument.
+	[845a9ff6f93d]
+
+2009-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Remove a spurious comma in the kerb5 bits.
+	[3433eab083db]
+
+	* auth/kerb5.c:
+	Call krb5_get_init_creds_opt_init() in our emulated
+	krb5_get_init_creds_opt_alloc() for MIT kerberos.
+	[7ffb40bf43e9]
+
+2009-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	Add HAVE_ZLIB
+	[9297bde61ecc]
+
+	* script.c:
+	Need to ignore SIGTT{IN,OU} in child when running the command in the
+	background. Also some minor cleanup.
+	[dc208d982319]
+
+2009-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Instead of calling sigsuspend when waiting for SIGUSR[12] from
+	parent, install the signal handlers w/o SA_RESTART and let them
+	interrupt waitpid().
+	[759c7d18203b]
+
+	* script.c:
+	Pass along SIGHUP and SIGTERM from parent to child.
+	[035b0e254568]
+
+	* script.c:
+	Close unused bits of script_fds in processes that don't need them.
+	Restore default SIGCONT handler in child.
+	[e037378ab0c1]
+
+	* script.c:
+	Update foreground/background status in SIGCONT handler in parent
+	process.
+	[3f7f91333264]
+
+2009-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Defer setting terminal into raw mode until just before we fork() and
+	only do it if sudo is the foreground process. If we get SIGTT{IN,OU}
+	and sudo is already in the foreground be sure to set raw mode before
+	continuing the child.
+	[1102ef40832c]
+
+2009-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Fix handling of SIGTTOU/SIGTTIN in program being run. We now only
+	give the command the controlling tty if the main sudo process is the
+	foreground process.
+	[cf3a91cb5682]
+
+	* script.c:
+	Don't bother with sudo_waitpid() here for now.
+	[9086de480c2d]
+
+	* script.c:
+	fix non-zlib case
+	[a258bff0f9a6]
+
+2009-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Remove non-wroking code that crept into rev 1.55
+	[2802dd55cff5]
+
+2009-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in, script.c, sudoreplay.c:
+	First pass at zlib support for transcript data files
+	[5d10260807da]
+
+	* Makefile.in:
+	remove vestiges of ZLDFLAGS
+	[1fa0caf1c0fb]
+
+	* script.c:
+	Add missing variable declaration for when TIOCSCTTY is not defined.
+	Need to include sys/termio.h for TIOCSCTTY on some systems.
+	[ee7f41ac2709]
+
+	* script.c:
+	when resuming command, send SIGCONT to its pgrp not just pid
+	[5cd63c1d565b]
+
+	* selinux.c:
+	remove unused variable
+	[df67df4be228]
+
+	* script.c:
+	include selinux.h for is_selinux_enabled() proto
+	[85ebaa880cc1]
+
+	* script.c:
+	Don't use log_error() in the child process.
+	[def65fe2a433]
+
+	* script.c:
+	Do I/O in parent instead of child since the parent can have both
+	/dev/tty as well as the pty fds open. The child just sets things up
+	and waits for its grandchild and writes the signal description to
+	the pty master if the command was killed by a signal.
+	[95e473208982]
+
+2009-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* missing.h, sudo.h:
+	Move two struct forward declarations from sudo.h to missing.h
+	[90ad28294a8c]
+
+	* script.c:
+	Make comment at the top of script_exec() match reality.
+	[c5042d27dbe0]
+
+	* sudo.c:
+	if neither stdin nor stdout is a tty, check stderr
+	[c532ff20c8d8]
+
+	* Makefile.in:
+	Add back dependecy of gram.h on gram.y
+	[c58382b7fcca]
+
+	* script.c:
+	Make transcript mode work as long as we can figure out our tty, even
+	if it is not stdin. We'd like to use /dev/tty but that won't be
+	valid after the setsid().
+	[7b8bba8d99e7]
+
+2009-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, pty.c:
+	Add support for IRIX-style dynamic ptys
+	[bedc9bac44c1]
+
+	* Makefile.in, alloc.h, getline.c, sudo.h, sudoreplay.c:
+	Move alloc.c protos into alloc.h
+	[b6a90649617d]
+
+	* missing.h:
+	Move prototypes for missing libc functions to missing.h
+	[dda9ae1ccaf8]
+
+	* Makefile.in, sudo.h, sudoreplay.c:
+	Move prototypes for missing libc functions to missing.h
+	[7483166b577b]
+
+2009-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	Disable transcript support if no tcsetpgrp until we support older
+	BSD-style job control.
+	[27ac1d8163df]
+
+	* configure, configure.in, pty.c, script.c:
+	Break out pty code into pty.c
+	[e85509b25d41]
+
+	* compat.h, config.h.in, configure, configure.in:
+	add killpg macro if no killpg function
+	[3a125f4a51f0]
+
+	* config.h.in, configure, configure.in, script.c:
+	Push ptem and ldterm for STERAMS-based systems when allocating a
+	pty.
+	[36bb39b30ff2]
+
+2009-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Sprinkle some more O_NOCTTY and call grantpt() before unlockpt()
+	[d94bd5c9bf4e]
+
+	* script.c:
+	Call tcgetpgrp() in the parent, not the child and have the child
+	spin until it is granted. Fixes a race on darwin.
+	[6e8d435339ce]
+
+	* script.c:
+	Only use TIOCNOTTY in the non-setsid case. If no TIOCSCTTY, just
+	reopen slave.
+	[0bdc63c019ca]
+
+2009-10-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	In script mode, if the command is killed by a signal, print the
+	signal description as well as a core dump notification like the
+	shell does.
+	[9df61738df07]
+
+	* Makefile.in, config.h.in, configure, configure.in, strsignal.c,
+	sudo.h:
+	Add check for strsignal() and a simple implementation if it is not
+	there but sys_siglist is
+	[61421a188ef4]
+
+	* script.c:
+	Add missing WUNTRACED and store the signal that stopped the
+	grandchild in suspended, not signo.
+	[df65042b200e]
+
+	* script.c:
+	g/c unused code
+	[40d8cb5c9203]
+
+	* script.c:
+	Associate the grandchild's pgrp with the tty instead of the child's
+	and just get suspend notifications via SIGCHLD instead of directly.
+	This fixes a hang with programs that try to set terminal attributes
+	and is more consistent with how the shell handles things.
+	[6865abff7e94]
+
+2009-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Move setpgid() of child into the parent side of the fork() where it
+	belongs.
+	[3defa782777c]
+
+2009-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	fix typo
+	[b6a612b3622c]
+
+	* script.c:
+	Run command in its own pgrp (like the shell does) for easier
+	signalling. No need to relay SIGINT or SIGQUIT to parent, just send
+	to grandchild. Don't want grandchild stopped events in the child
+	(only termination). Flush output after suspending grandchild before
+	signalling parent.
+	[db556bf2176f]
+
+	* script.c:
+	Back out revision 1.34; the problem lies elsewhere.
+	[85f590a03275]
+
+	* script.c:
+	Don't set stdout to blocking mode when flushing remaining output.
+	It can cause us to hang when trying to exit. Need to investigate
+	why.
+	[6f803a3e33ca]
+
+	* script.c:
+	Handle SIGTTOU and remove some debugging.
+	[52d17279053e]
+
+	* term.c:
+	Back out revision 1.10 as the signal that interrupts us may be
+	SIGTTOU or SIGTTIN which the caller must handle.
+	[7e2fa9107975]
+
+	* script.c:
+	Apparently we need to send SIGSTOP to the command as well as ourself
+	when we get SIGTSTP, the kernel doesn't automatically stop the
+	process for us.
+	[1a936e9309c4]
+
+	* script.c:
+	Use an extra process to act as the glue bewteen the sessions
+	associated with the user's controlling tty (what the shell uses) and
+	the tty that sudo is using to do its logging. Basically, this means
+	that if we get, e.g. SIGTSTP from the process sudo is running, we
+	relay the signal to the parent so it's shell can do the job control.
+	[6dd296988060]
+
+	* term.c:
+	Handle getting/setting terminal attributes when the fd is in non-
+	blocking mode.
+	[ae5ae535ea7b]
+
+2009-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c, sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	Add support for pausing and changing the speed in interactive mode.
+	[72a2063780a7]
+
+	* script.c:
+	Already define O_NOCTTY in compat.h, don't need it here
+	[b5d80ed3e5ce]
+
+2009-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Add missing protos
+	[c4cb4e7f4d8a]
+
+2009-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Always update the stashed mtime of the temp file instead of using
+	what we have for the original because the time resolution of the
+	filesystem the temporary is on may not match that of the filesystem
+	that holds the original. Should fix bz #371 found by Philippe Levan.
+	[c86ca4bec60c]
+
+	* sudoreplay.c:
+	Use cbreak mode instead of raw mode and add signal handlers to
+	restore the tty on interrupt.
+	[84dd283da41c]
+
+	* script.c, sudo.h, term.c:
+	Retain NL to NLCR conversion on the real tty and skip it on the pty
+	we allocate. That way, if stdout is not a pty there are no extra
+	carriage returns.
+	[32e4f570414e]
+
+	* script.c:
+	Fix log_output(); just pass in a string and a length.
+	[ca980cc0a3fb]
+
+2009-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	do not use errno when complaining out lack of a tty
+	[8f9b8c55ab8e]
+
+2009-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudoreplay.c, term.c:
+	Instead of messing with line endings, just set terminal to raw mode
+	in sudoreplay.
+	[90943fa87acb]
+
+	* term.c:
+	When copying the terminal attributes to the pty, be sure not to set
+	ONLCR. This prevents extra carriage returns from ending up in the
+	script output file.
+	[e6b5475ac2aa]
+
+	* script.c:
+	Convert a do {} while into a while
+	[e461310d2c77]
+
+	* Makefile.in:
+	Use if then instead of test && when installing binaries that may not
+	exist.
+	[ad4f9490d971]
+
+	* script.c:
+	Add O_NOCTTY when opening a tty device. Explicitly disconnect from
+	old tty before associatng with new one.
+	[0e0ca634b80c]
+
+	* script.c, selinux.c, sudo.c, sudo.h:
+	First cut at refactoring some of the selinux code so it can be used
+	in conjunction with sudo's transcript support.
+	[779b0d8f9d29]
+
+2009-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in:
+	Fix default case of transcript_enabled being unset.
+	[f8aa96186e6b]
+
+	* script.c, sudoreplay.c:
+	Use _PATH_SUDO_TRANSCRIPT instead of _PATH_SUDO_SESSDIR
+	[2844a7a851fa]
+
+	* INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.c:
+	Hook up --disable-transcript and --enable-transcript=DIR
+	[b3fa7e6b2480]
+
+2009-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in, pathnames.h.in:
+	_PATH_SUDO_SESSDIR -> _PATH_SUDO_TRANSCRIPT Add --enable-
+	transcript=DIR option to specify the directory
+	[b0bb76d43cda]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[c7a8a0a9027c]
+
+	* configure, configure.in, sudoers.man.pl, sudoers.pod:
+	Substitute in default value for secure_path
+	[c8f9ac6dbf93]
+
+	* sudo.pod:
+	Mention that the password must be followed by a newline with the -S
+	option.
+	[2fc589a3ee7e]
+
+2009-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Go back to dropping out of the select() loop when the process dies;
+	Linux ptys apparently don't behave the same as BSD in regards to
+	select(). No need to flush remaining output to the transcript, only
+	to stdout. Add back code to check the master pty for additional data
+	when we exit the main select loop.
+	[abed9a9cbc6b]
+
+2009-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Add getline.o to COMMON_OBJS
+	[04ef7643cbc2]
+
+	* Makefile.in:
+	sudoreplay depends on libsudo.a
+	[142bd0472631]
+
+	* Makefile.in:
+	More pwutil.o into COMMON_OBJS
+	[4a016b933629]
+
+	* pwutil.c, testsudoers.c, tsgetgrpw.c:
+	Remove my_* redirection in pwutil.c for testsudoers and just use the
+	normal libc get{pw,gr}* names.
+	[9b76d637d86b]
+
+	* sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	More time and date examples
+	[c6ee0175ec56]
+
+	* Makefile.in, configure, configure.in, nanosleep.c, sudoreplay.c:
+	Move nanosleep() emulation into its own file Check librt.a for
+	nanosleep if we don't find it in libc
+	[4da0cc26aad7]
+
+	* Makefile.in, configure, configure.in:
+	Build libsudo with the common bits and link things against that.
+	[2b53bc0b081a]
+
+	* script.c:
+	Fix final flush.
+	[6da287d833da]
+
+	* script.c:
+	Keep reading from the pty master -> log file until read returns <=
+	0. Do our best to write everything to stdout when flushing any
+	remaining bits.
+	[2a45d4ae280c]
+
+	* sudoreplay.c:
+	Use unbuffered I/O when writing to stdout and make sure we write the
+	entire buffer.
+	[f39ef9844a47]
+
+2009-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Only use max_wait if it is non-zero
+	[f6c10604d2e8]
+
+	* getdate.c, getdate.y, getline.c:
+	Need compat.h here
+	[5d6722e225a0]
+
+	* sudoreplay.c:
+	Fix nanosleep emulation
+	[34e5e5d72a76]
+
+	* script.c:
+	Fix comment after #endif
+	[bd1347718b25]
+
+	* sudoreplay.c:
+	Add protos for missing libc bits
+	[644f496427a2]
+
+	* configure, configure.in:
+	add missing line continuation char
+	[db13c0d402cd]
+
+	* config.h.in, configure, configure.in, getline.c:
+	Implement getline() in terms of fgetln() if we have it.
+	[3ab786eaadc5]
+
+	* sudoreplay.c:
+	Print year when formatting log line
+	[90be669e3443]
+
+	* sudoreplay.pod:
+	Document cwd, attempt to document time/date formats.
+	[6290fb9b65c6]
+
+	* sudoreplay.c:
+	Fix getline return value check.
+	[d696d6657261]
+
+	* Makefile.in, config.h.in, configure, configure.in, getline.c,
+	sudoreplay.c:
+	Use getline() if the system has it, else use provide our own for
+	sudoreplay.
+	[afca1d6fbe5e]
+
+	* script.c:
+	Refactor code to update output and timing files.
+	[361491332b1a]
+
+2009-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Make sudo_getln() behave more like glibc getline.
+	[40c9f2ea29e6]
+
+	* script.c:
+	When flushing remaining output, also update timing file.
+	[5a9a5a627549]
+
+	* sudoreplay.c:
+	Use get_timestr() and make the -l output look like the regular sudo
+	log.
+	[452ba9d436c9]
+
+	* logging.c, sudo.h, timestr.c:
+	Make get_timestr() take a time_t so we can use it properly in
+	sudoreplay.
+	[82e67cc53c9c]
+
+	* script.c:
+	Create session dir earlier now that we update the seq number early.
+	[797fe8d6dc61]
+
+2009-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Use fromdate and todate as the keywords instead of from and to; the
+	short forms will still be accepted.
+	[d14d9b116df4]
+
+	* sudoreplay.c:
+	Fix reading long liensin sudo_getln()
+	[58dadd74118c]
+
+	* script.c, sudoreplay.c:
+	Log the cwd in the script log file. Add sudo_getln() to read
+	arbitrarily long lines.
+	[faceb802ab8f]
+
+	* Makefile.in, logging.c, sudo.h, timestr.c:
+	Move get_timestr() into its own source file so sudoreplay can use
+	it.
+	[99b054bfa20a]
+
+2009-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Add to and from perdicates (date ranges); needs documentation
+	[1d629174dcf4]
+
+2009-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, getdate.c, getdate.y:
+	Fix warning and add generated getdate.c
+	[b877a86b5a03]
+
+	* Makefile.in, getdate.y:
+	Add getdate.y to be used for sudoreplay date parsing.
+	[b8e26fbb7a40]
+
+2009-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	Check more than just the first character of a predicate
+	[4fe53728adb1]
+
+	* sudoreplay.cat, sudoreplay.man.in, sudoreplay.pod:
+	Add examples, sort predicates
+	[70f8075cbccc]
+
+	* Makefile.in, sudoreplay.c, sudoreplay.cat, sudoreplay.man.in,
+	sudoreplay.pod:
+	Implement search expressions in sudoreplay similar in concept to
+	what find or tcpdump uses. TODO: date ranges
+	[f7ce4fb4cf3a]
+
+2009-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Remove vhangup as it was hanging up the wrong tty. Should really
+	vhangup in the child after it as set its tty.
+	[2eed9df73010]
+
+	* sudoers.pod:
+	Fix cut at documenting transcript support.
+	[e6c533a5568a]
+
+	* logging.c:
+	ID= -> TSID= for transcript ID
+	[1bf755a35333]
+
+2009-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Move fast_glob description to where it belongs in sorted order
+	[5901cfb0d25f]
+
+	* def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+	parse.c, parse.h, sudo.c:
+	Rename script -> transcript
+	[e06cf823122c]
+
+2009-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	Add timeradd and timersub for those without them
+	[929f8aa06c2b]
+
+	* script.c:
+	Sanity check sessid before using it.
+	[aa8ca5211d43]
+
+	* sudo.c:
+	Only set the session id if we are running a command or editing a
+	file.
+	[7205d717c098]
+
+	* script.c:
+	Actually. qsort is fine since most versions fal back to a cheaper
+	sort when the number of elements to sort is small (like in our
+	case).
+	[d11c7cd352fe]
+
+	* config.h.in, configure, configure.in, script.c:
+	Check for dup2 and use dup instead if we don't have it.
+	[98bd89830f8a]
+
+	* script.c, sudo.c, sudo.h:
+	Move the code to dup2 the script fds to low numbered descriptors
+	into script_duplow() and fix the fd sorting.
+	[9453fdc5fba6]
+
+	* script.c, sudo.c, sudo.h:
+	Move script_setup() back to immediately before we drop privs and
+	call the new script_nextid() in its place, which will set
+	sudo_user.sessid for the logging functions.
+	[8434d0c8ff08]
+
+2009-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Install sudoreplay
+	[6acf2cdb4d3f]
+
+	* sudoreplay.c:
+	remove unused variable
+	[2316360bb992]
+
+2009-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, script.c, sudo.c, sudo.h:
+	Log the session ID, if there is one. Currently logs ID=XXXXXX,
+	perhaps should be SESSIONID or SESSID.
+	[53976905b0a6]
+
+	* Makefile.in, configure, configure.in, sudoreplay.cat,
+	sudoreplay.man.in, sudoreplay.pod:
+	Add sudoreplay docs
+	[da4f14f0e64c]
+
+	* sudoreplay.c:
+	add -V (version) flag
+	[b5e743639ee3]
+
+	* sudoreplay.c:
+	Hook up max_wait.
+	[2ec5697a92ba]
+
+	* script.c, sudoreplay.c:
+	Use base36 number for the ID and store script files with paths like
+	/var/log/sudo-session/00/00/00{,.tim,.scr}. This gives us 36^6
+	(2,176,782,336) unique IDs.
+	[6aab019d07aa]
+
+2009-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in:
+	Add check for regcomp
+	[44c3ebd7ff34]
+
+	* sudoreplay.c:
+	Add support for selecting by pattern and tty when listing.
+	[66189f840c52]
+
+2009-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoreplay.c:
+	The beginnings of a list mode.
+	[8d0150b4a52c]
+
+2009-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fix pasto
+	[616b4640b8a8]
+
+	* Makefile.in, config.h.in, configure.in:
+	Add scaffolding for building sudoreplay
+	[a32958505dbe]
+
+	* sudoreplay.c:
+	include error.h first arg to nanotime is const
+	[fe5a7bb31bc5]
+
+	* sudoreplay.c:
+	Initial cut at sudoreplay; replay a sudo session.
+	[f149fba372bd]
+
+2009-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* script.c:
+	Fix wait() usage and use correct wait status.
+	[f4745ed7ad05]
+
+	* sudo.c, sudo.h, tgetpass.c:
+	Add protos for term_* to sudo.h
+	[14fe1abd7e7b]
+
+	* script.c:
+	Fix detection of the child process exiting. Since the child is in
+	its own session we should only ever get SIGCHLD for that process but
+	better safe than sorry.
+	[7edfdadd8505]
+
+	* config.h.in:
+	Add UNIX98 pty support.
+	[82f4b53a0e8f]
+
+	* configure, configure.in, script.c:
+	Add UNIX98 pty support.
+	[795b8bb0a3a1]
+
+2009-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* term.c:
+	For raw mode, don't bother clearing BRKINT or PARMRK and clear IUCLC
+	if it is defined.
+	[40f8b83baf69]
+
+	* auth/pam.c:
+	Set PAM_RUSER and PAM_RHOST early so they can be used during
+	authentication. Based on a patch from Jamie Beverly.
+	[3d567b453a6a]
+
+	* match.c:
+	Close dir before returning if strlcpy() reports overflow. From
+	Martynas Venckus.
+	[6a82f96473e5]
+
+	* config.h.in, configure, configure.in, script.c:
+	On Linux, the openpty proto libes in pty.h
+	[98643a018d1c]
+
+	* script.c:
+	Call vhangup on exit if the system has it Use setpgrp() if no
+	setsid()
+	[3a9e13149829]
+
+2009-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	Add checks for revoke and vhangup if we don't have openpty
+	[fcb04572e994]
+
+	* script.c:
+	Session logging guts that got forgotten in the previous commit.
+	[c2af08a63ea9]
+
+	* Makefile.in, aclocal.m4, compat.h, config.h.in, configure,
+	configure.in, def_data.c, def_data.h, def_data.in, gram.c, gram.h,
+	gram.y, parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, term.c,
+	tgetpass.c:
+	First cut at session logging for sudo. Still need to write
+	get_pty() for Unix 98 and old-style BSD ptys. Also needs
+	documentation and general cleanup.
+	[77e3f5e25738]
+
+2009-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo_edit.c:
+	Fix a bug introduced with def_closefrom. The value of def_closefrom
+	already includes the +1.
+	[7291c136300d]
+
+2009-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Generate sudo distributions with pax in ustar mode. No longer need
+	to use a temp file or have the source dir name match the version.
+	[9778177a8272]
+
+2009-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Fix expansion of %h in #include names. Fixes bugzilla 363
+	[6e346879ba24]
+
+2009-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkdefaults:
+	If no arg assume def_data.in
+	[c1dd28c0e675]
+
+	* README, WHATSNEW:
+	Update for 1.7.2
+	[f5ad45f69f05] [SUDO_1_7_2]
+
+	* ChangeLog:
+	sync
+	[6283549396ff]
+
+2009-06-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Add missing single quotes around a colon in Runas_Spec definition.
+	From Elias Benali.
+	[ccc6ee4fca83]
+
+2009-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudoers.man.in:
+	regen
+	[546e75304ebf]
+
+	* redblack.c:
+	In rbrepair, re-color the root or the first non-block node we find
+	to be black. Re-coloring the root is probably not needed but won't
+	hurt.
+	[34d01ebe241b]
+
+	* sudo.cat, sudoers.cat:
+	regen
+	[bebf5a39f54f]
+
+2009-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* redblack.c:
+	When repairing the tree, don't touch the root node.
+	[9841f0d5d789]
+
+2009-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Protect call to setegid in runas_setup with #ifdef HAVE_SETEUID.
+	Reported by Josef Schmid.
+	[ed044b1eb879]
+
+2009-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Document that we accept env_pam-style environment files
+	[e3b545456352]
+
+	* env.c:
+	Adapt to accept pam_env-style /etc/environment which allows shell-
+	style lines such as: export EDITOR="/usr/bin/vi"
+	[752eb75bf007]
+
+	* sudoers.pod:
+	Make it clear that env_delete only works when !env_reset. From Lo??c
+	Minier
+	[3bd3f8e351ba]
+
+2009-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod:
+	Add non-unix group bits, adapted from Quest
+	[8ce427de8dea]
+
+	* Makefile.in:
+	build the .cat page in the current working dir, not the src dir
+	[00e87a307674]
+
+	* env.c:
+	Return EINVAL in setenv() if var is NULL or the empty string to
+	match glibc behavior.
+	[23fd7c247142]
+
+2009-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Use AS_HELP_STRING for AC_ARG_WITH and AC_ARG_ENABLE
+	[fedd4a3e2a85]
+
+2009-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[7b9f461a40b3]
+
+2009-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Document --with-libvas and --with-libvas-rpath
+	[a071e6d96c89]
+
+2009-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, sudoers.ldap.pod:
+	For netscape-derived LDAP SDKs the cert and key paths may be a
+	directory or a file. However, version 5.0 of the SDK only seems to
+	support using a directory. If ldapssl_clientauth_init fails and the
+	cert or key paths look like they could be files, strip off the last
+	path element and try again.
+	[ac4e49d83043]
+
+	* Makefile.in:
+	Add non-Unix group .o to COMMON_OBJS and substitute in path to flex.
+	[4547cc1a335f]
+
+2009-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in, match.c, sudo.c, vasgroups.c:
+	Update non-Unix group support from Quest, as reworked by me.
+	[1abafce29dc6]
+
+	* toke.c:
+	regen
+	[01bfca9148b7]
+
+	* toke.l:
+	Add support for escaped hex chars in names, e.g. \x20 for space.
+	[3c7be8e58a39]
+
+2009-05-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, aclocal.m4, alias.c, auth/aix_auth.c,
+	auth/pam.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c, env.c,
+	fileops.c, glob.c, gram.y, interfaces.c, lbuf.c, ldap.c, logging.c,
+	logging.h, match.c, parse.c, parse.h, pathnames.h.in, pwutil.c,
+	set_perms.c, sudo.c, sudo.h, sudo.pod, sudo_nss.c, sudo_nss.h,
+	sudo_usage.h.in, sudoers.ldap.pod, sudoers.pod, testsudoers.c,
+	tgetpass.c, toke.l, visudo.c:
+	Update copyright years.
+	[e615f676c764]
+
+2009-05-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c, lbuf.c:
+	Minor fixes for Minix-3
+	[898c510d23f9]
+
+2009-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Handle getgroups() returning 0. Also add missing check for
+	HAVE_GETGROUPS.
+	[d73b958f9ffd]
+
+2009-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, config.h.in, configure, configure.in, sudo.c,
+	version.h, visudo.c:
+	Replace version.h with PACKAGE_VERSION set via AC_INIT in configure.
+	[5050579a264d]
+
+2009-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Remove group setting code in setusercontext case, we will do it
+	ourselves later on in runas_setup. Set the gid after
+	initgroups/setgroups is called, since on Mac OS X it seems to change
+	the egid.
+	[09dc21d8b42d]
+
+2009-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, config.h.in, match.c, nonunix.h, sudo.c,
+	vasgroups.c:
+	Initial bits of non-unix group support using Quest Authentication
+	Services
+	[1eecab0ff27e]
+
+	* toke.c, toke.l:
+	Accept %:foo as a non-Unix group
+	[4c4b5dd899a6]
+
+	* toke.c, toke.l:
+	Allow user/group to be double quoted in the case of non-Unix groups
+	which contain spaces.
+	[47a3d568b7e8]
+
+2009-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Don't allow the user to specify the default runas user if their
+	sudoers entry only allows them to run as a group.
+	[4d726177227c]
+
+2009-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Must call audit_success before we change uids.
+	[04a9e6ce6e55]
+
+	* logging.c, set_perms.c, sudo.h, testsudoers.c:
+	Add option for set_perm to not exit on failure and use this in the
+	logging routines.
+	[833dce7b7f42]
+
+	* parse.c:
+	In -l mode, if the user is only allowed to run as a group, display
+	the user's name, not root's before the allowed group.
+	[ef92ff99d265]
+
+	* sudo.c:
+	Fix -g mode, broken by rev 1.503 which had the side effect of
+	setting the runas user to root unilaterally.
+	[50a2f7df4385]
+
+2009-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fileops.c:
+	When unlocking a file with fcntl, use F_SETLK, not F_SETLKW.
+	[30fbe832dcf3]
+
+	* pwutil.c:
+	Only cache by the method we fetched for pwd and grp lookups.
+	Previously we cached both by namd and id but this can cause problems
+	for entries that share the same id. Also add more info in the error
+	message in case the insert fails (which should now be impossible).
+	[ef95a4f0bab5]
+
+2009-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Add a clarification from Nick Sieger
+	[1eadad329561]
+
+2009-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Inline the setting of the environment string.
+	[9515d11c6295]
+
+2009-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	setenv(3) in Linux treats a NUL value as the empty string setenv(3)
+	in BSD doesn't return an error if the name has '=' in it, it just
+	treats the '=' as end of string.
+	[941260bf94d2]
+
+2009-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Not all systems have d_namlen
+	[e377b18d8e2d]
+
+2009-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix up some pod2html issues.
+	[823a1f10ab60]
+
+2009-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	Check for NULL ifa_addr and ifa_netmask. Adapted from a diff from
+	Quest Software.
+	[73de36653131]
+
+	* sudoers.pod:
+	Ignore files ending in '~' in sudo.d (emacs backup files)
+	[7871fad702db]
+
+	* toke.c, toke.l:
+	Ignore files ending in '~' in sudo.d (emacs backup files)
+	[53fded2a469f]
+
+2009-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod, toke.c, toke.l:
+	For #includedir, ignore any file containing a dot
+	[a7daa1bce6c2]
+
+	* Makefile.in, version.h:
+	Bump version
+	[ef60f14ffc44]
+
+	* gram.c, gram.y, parse.c, parse.h, sudo.c, sudo.h, sudoers.cat,
+	sudoers.man.in, sudoers.pod, testsudoers.c, toke.c, toke.l,
+	visudo.c:
+	Implement #includedir directive. Files in an includedir are not
+	edited by visudo unless they contain a syntax error.
+	[3923d85a6c79]
+
+	* ChangeLog:
+	sync
+	[8741ed61a78b] [SUDO_1_7_1]
+
+	* WHATSNEW:
+	Forgot umask_override
+	[7c86a21a5504]
+
+	* ChangeLog, TODO:
+	sync
+	[57339ca6bccf]
+
+2009-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Rewind stream if we fdopen sudoers since it may not be at the
+	beginning. Set the keepopen flag on already-open files too so the
+	lexer doesn't close them out from under us.
+	[61292d819aff]
+
+	* visudo.c:
+	Print the proper file name when there is a parse error in an include
+	file.
+	[b0e85d4aedde]
+
+2009-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	Sync
+	[997e5d485ea3]
+
+2009-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix a warning when --without-ldap is specified.
+	[d91fd9481b30]
+
+2009-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c, parse.h, visudo.c:
+	Store aliases that we remove during check_aliases in a freelist and
+	free them at the end so we don't leak memory.
+	[805e2272f6a3]
+
+2009-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Check aliases in -c mode too.
+	[9199e188d9f2]
+
+	* alias.c, parse.h, visudo.c:
+	Make alias_remove return the alias struct instead of freeing it
+	directly. Fixes a use after free in alias_remove_recursive, the only
+	consumer.
+	[a04b61804800]
+
+	* alias.c, match.c, parse.c, parse.h, visudo.c:
+	Rename find_alias -> alias_find for consistency.
+	[48b0a82924f3]
+
+2009-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	When checking for unused aliases, recurse if the alias points to
+	another alias.
+	[2d4d1a7f3a41]
+
+2009-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Back out rev 1.105 for now. Real ldapux_client.conf support will be
+	done later after some refactoring.
+	[8ad72e69b277]
+
+2009-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Treat ldap_hostport the same as "host" for ldapux.
+	[3281dcc66da8]
+
+	* configure, configure.in:
+	Only check for ldap_sasl_interactive_bind_s if we can find sasl.h.
+	Fixes compilation with ldapux.
+	[ca1ed585ef0e]
+
+2009-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fileops.c:
+	fix char subscript
+	[41e51f080d00]
+
+2009-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	remove errant carriage returns
+	[e9e258a31c7b]
+
+	* audit.c, env.c:
+	fix K&R compilation
+	[d182e8920f13]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[791a5cbf04e5]
+
+2009-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	Add missing HAVE_BSM_AUDIT
+	[49ad1bb96f04]
+
+	* WHATSNEW:
+	Add 1.7.1 features
+	[f107f1604c61]
+
+	* INSTALL:
+	Mention --with-netsvc
+	[d1e90d147795]
+
+	* sudoers.ldap.pod:
+	Document netsvc.conf support
+	[e78f8abce6af]
+
+	* configure, configure.in, pathnames.h.in, sudo.c, sudo_nss.c,
+	sudo_nss.h:
+	Add support for AIX netsvc.conf (like nsswitch.conf).
+	[1df56a84dee5]
+
+2009-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, env.c:
+	Add --enable-env-debug flag to enable environment sanity checks.
+	[128cdd8832e7]
+
+	* sudoers.ldap.pod, sudoers.pod:
+	Work around some pod2html issue.
+	[e733b9609bd2]
+
+2009-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Only sync environ for putenv, setenv, and unsetenv. We need to make
+	sure that sudo_putenv and sudo_setenv only modify env.envp, not
+	environ.
+	[be3ac732243c]
+
+2009-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Really fix UNSETENV_VOID
+	[08ab7e882507]
+
+	* env.c:
+	Fix unsetenv when UNSETENV_VOID
+	[d3038b3f2f15]
+
+	* aclocal.m4, configure:
+	Fix SUDO_FUNC_PUTENV_CONST
+	[de35569c572b]
+
+	* ldap.c:
+	tivoli-based ldap does not have ldapssl_err2string
+	[c63fd90d5e99]
+
+	* configure:
+	regen
+	[f38f1ee828ad]
+
+2009-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add support for Tivoli-based LDAP start TLS as seen in AIX.
+	Untested.
+	[8f8771829f85]
+
+	* env.c:
+	Add sanity checks for setenv/unsetenv
+	[adbd1d95856b]
+
+	* Makefile.in:
+	Include bsm_audit.h in the tarball
+	[4a4aa02b2c32]
+
+	* Makefile.in, version.h:
+	bump version for sudo 1.7.1
+	[362c71d21595]
+
+	* aclocal.m4, auth/aix_auth.c, config.h.in, configure, configure.in,
+	env.c, ldap.c, sudo.h:
+	Replace sudo_setenv/sudo_unsetenv with calls to setenv/unsetenv and
+	provide our own setenv/unsetenv/putenv that operates on own env
+	pointer. Make sync_env() inline in setenv/unsetenv/putenv functions.
+	[276edcd23032]
+
+2009-02-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Make "sudoedit -h" work as expected
+	[2bcbbb45d389]
+
+	* auth/pam.c:
+	Make sure def_prompt is always defined. This is a workaround for
+	pam configs that prompt for a password in the session but don't have
+	an auth line. A better fix is to expand the sudo prompt earlier and
+	set def_prompt to that when initializing.
+	[ee073c04aec3]
+
+	* sudo.pod:
+	Mention that the helper for -A may be graphical.
+	[b64a940c4082]
+
+	* TROUBLESHOOTING:
+	Document what happens if there is no tty.
+	[313d58a856a5]
+
+	* sudo.c:
+	cosmetic changes
+	[894f5e3b0c3e]
+
+	* term.c:
+	Fix term_restore
+	[6c6315ff14bc]
+
+	* sudo.c:
+	Fix "sudo -k" with no other args
+	[59e94dc419c6]
+
+2009-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.c, sudo.pod, sudo_usage.h.in:
+	Allow the -k flag to be specified in conjunction with a command or
+	another option that may require authentication.
+	[5960ff20355d]
+
+2009-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Remove unneeded AC_CANONICAL_TARGET; from Diego E. 'Flameeyes'
+	[e86ab69c4a57]
+
+	* Makefile.in:
+	Parallel make fix. From Diego E. 'Flameeyes'
+	[1289d7ee27db]
+
+2009-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+	Implement umask_override
+	[8b87a3f7c5aa]
+
+	* toke.c:
+	regen
+	[79d7ca9ac873]
+
+	* sudoers.pod, toke.l, visudo.c:
+	Implement %h escape in sudoers include filenames.
+	[a7f288dd64f0]
+
+	* audit.c:
+	Need to include compat.h
+	[c0dc07ce2f70]
+
+	* Makefile.in, audit.c, bsm_audit.c, bsm_audit.h, logging.h, sudo.c:
+	Make audit_success and audit_failure generic functions in
+	preparation for integrating linux audit support.
+	[7df020a8fd6f]
+
+	* term.c:
+	remove duplicate include
+	[1dfcd01a7e46]
+
+2009-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* bsm_audit.c:
+	Add missing include
+	[fb56e08c37ee]
+
+	* sudo.c:
+	May need to update the runas user after parsing command-based
+	defaults.
+	[246f130d7802]
+
+2009-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* glob.c:
+	Add missing pair of braces introduced with character class support.
+	[0e2afa2e03e9]
+
+2009-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, sudoers.pod, tgetpass.c:
+	Rename pwstars to pwfeedback
+	[a9f85a57ebac]
+
+2009-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* bsm_audit.c, bsm_audit.h:
+	Add const to make MacOS happy.
+	[4274432d6627]
+
+	* Makefile.in, auth/sudo_auth.c, bsm_audit.c, bsm_audit.h, configure,
+	configure.in, sudo.c:
+	Add bsm audit support from Christian S.J. Peron
+	[bef61cd8693d]
+
+	* term.c:
+	This is new code, no DARPA notice.
+	[ec6ad09b9c23]
+
+2009-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+	Rename simple_glob -> fast_glob
+	[68d9ed803cc1]
+
+	* match.c:
+	g/c unused var
+	[693fa0464eb6]
+
+	* def_data.c, def_data.h, def_data.in, match.c, sudoers.pod:
+	Add simple_glob option to use fnmatch() instead of glob(). This is
+	useful when you need to specify patterns that reference network file
+	systems.
+	[77ba634f6949]
+
+	* tgetpass.c:
+	add term_* proto
+	[520f5149d073]
+
+	* sudoers.pod:
+	mention glob()
+	[ddaab8e03c52]
+
+2009-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Delete any pwstars we wrote after the user hits return. That way
+	there is no record on screen as to the user's password length.
+	[fae25cda762b]
+
+2009-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* term.c:
+	Move terminal setting bits from tgetpass.c to term.c
+	[03d43325ee99]
+
+	* Makefile.in, def_data.c, def_data.h, def_data.in, sudoers.pod,
+	tgetpass.c:
+	Add pwstars sudoers option that causes sudo to print a star every
+	time the user presses a key.
+	[7aab417e184d]
+
+2009-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Fix up F<> brokenness for visudo.man.in and sudoers.ldap.man.in.
+	[64f70e879816]
+
+2009-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	For ldap_search_ext_s() the sizelimit param should be 0, not -1, to
+	indicate no limit. From Mark Janssen.
+	[e2c5732d54f5]
+
+2009-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Comments that begin with #- should not be parsed as uids.
+	[a72a50f12f41]
+
+2009-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Do not try to set the close on exec flag if we didn't actually open
+	sudoers.
+	[ece3ca256904]
+
+2008-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	regen
+	[e11f0e4c1bdd] [SUDO_1_7_0]
+
+2008-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sync
+	[5b8954462bb3]
+
+2008-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Return PAM_AUTH_ERR instead of PAM_CONV_ERR if user enters ^C at the
+	password prompt.
+	[8563601cb3de]
+
+	* configure, configure.in:
+	Don't try to build sudo_noexec.so on HP-UX with the bundled compiler
+	as it cannot generate shared objects.
+	[6d4262ef9669]
+
+	* emul/charclass.h, glob.c, lbuf.c, tgetpass.c:
+	K&R compilation fixes
+	[77921678d17c]
+
+	* parse.c:
+	Use tq_foreach_fwd when checking pseudo-commands to make it clear
+	that we are not short-circuiting on last match. When pwcheck is
+	'all', initialize nopass to TRUE and override it with the first non-
+	TRUE entry.
+	[96b209f4778f]
+
+2008-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Do not short circuit pseudo commands when we get a match since,
+	depending on the settings, we may need to examine all commands for
+	tags.
+	[fdbaf89d6f35]
+
+2008-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[1ecce7c1b841]
+
+	* sudoers.pod:
+	hostnames may also contain wildcards
+	[82b76695601c]
+
+	* Makefile.in:
+	remove stamp-* files and linux core files in clean target
+	[22003f091467]
+
+2008-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.h, config.h.in, configure, configure.in:
+	Use HAVE_SIA_SES_INIT instead of HAVE_SIA for Digital UNIX
+	[6905bede8410]
+
+2008-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	correctly enable SIA on Digital UNIX
+	[a51881d13995]
+
+	* TODO:
+	checkpoint
+	[af0fe8d94d42]
+
+	* ChangeLog:
+	sync
+	[831f623cf99c]
+
+2008-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.h, tgetpass.c:
+	Even if neither stdin nor stdout are ttys we may still have /dev/tty
+	available to us.
+	[20f306ba883b]
+
+2008-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[76d97c4c318f]
+
+	* sudoers.pod:
+	fix typos; Markus Lude
+	[bff8bc1e2066]
+
+	* ChangeLog:
+	sync
+	[f108552531cd]
+
+	* toke.c:
+	regen
+	[de828413c67e]
+
+	* toke.l:
+	Fix matching of a line that only consists of a comment char
+	[09c953d8d5ca]
+
+2008-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	MacOS pam will retry conversation function if it fails so just treat
+	^C as an empty password.
+	[d056058930bc]
+
+	* visudo.c:
+	When checking for alias use, also check defaults bindings.
+	[2647f82c7dbd]
+
+	* redblack.c:
+	unused var
+	[b7ff71c17c18]
+
+	* redblack.c:
+	Replace my rbdelete with Emin's version (which actually works ;-)
+	[21b133dd0c72]
+
+2008-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c:
+	malloc debugging
+	[0fb446fa3279]
+
+	* visudo.c:
+	malloc options in devel mode for visudo too
+	[98d06c6afeef]
+
+2008-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix compilation on non-C99; from Theo
+	[7c304e16c536]
+
+	* visudo.c:
+	fix check_aliases
+	[83f30a3b1765]
+
+	* alias.c:
+	when destroying an alias, free the correct data pointer
+	[6e1a8bd86c01]
+
+	* auth/sudo_auth.h:
+	add proto for aixauth_cleanup; from Dale King
+	[eba94ffc8f63]
+
+2008-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[409fa57fff83]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	standardize on the term 'option' for command line options (not flag)
+	[228caefc2e36]
+
+2008-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Add note on configuring HP-UX pam
+	[f7674a581baf]
+
+2008-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.c:
+	Move tty checks into check_user() so we only do them if we actually
+	need a password.
+	[7d997d7106d6]
+
+	* sudo.c:
+	Don't error out if no tty or askpass unless we actually need to
+	authenticate.
+	[9f23b83ed66c]
+
+2008-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	regen
+	[23f9aef32da6]
+
+	* pathnames.h.in, sudo.c:
+	s/overriden/overridden/; from Tobias Stoeckmann
+	[9f7459a8fac5]
+
+2008-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, visudo.c:
+	check sudoers owner and mode in strict mode
+	[a3468c5ac1c4]
+
+	* gram.c, toke.c:
+	regen
+	[7d6b515a5443]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	Update copyright years.
+	[52d340cb8cba]
+
+	* LICENSE, alias.c, alloc.c, auth/afs.c, auth/aix_auth.c,
+	auth/bsdauth.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/securid.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.h,
+	closefrom.c, compat.h, defaults.c, defaults.h, env.c, fileops.c,
+	gettime.c, gram.y, ins_csops.h, insults.h, interfaces.c,
+	interfaces.h, lbuf.c, license.pod, list.c, logging.c, logging.h,
+	parse.c, parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c,
+	sudo.c, sudo.pod, sudo_edit.c, sudo_nss.h, sudoers.pod,
+	testsudoers.c, toke.l, tsgetgrpw.c, utimes.c, version.h, visudo.c,
+	visudo.pod, zero_bytes.c:
+	Update copyright years.
+	[b4e6bf2beafa]
+
+	* emul/charclass.h, fnmatch.c, glob.c:
+	add my copyright
+	[28681385014a]
+
+2008-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	The loop in fill_cmnd() was going one byte too far past the end,
+	resulting in a NUL being written immediately after the buffer end.
+	[a5a49d603cd7]
+
+	* UPGRADE, WHATSNEW:
+	add sections on tgetpass changes
+	[2e6929b6a102]
+
+	* tgetpass.c:
+	Treat EOF w/o newline as an error.
+	[aa02b1db9240]
+
+2008-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix "sudo -v" when NOPASSWD is set.
+	[f4914711ea80]
+
+	* auth/bsdauth.c, auth/fwtk.c, auth/pam.c, auth/sudo_auth.c,
+	auth/sudo_auth.h:
+	No longer treat an empty password at the prompt as special. To quit
+	out of sudo you now need to hit ^C at the password prompt.
+	[980f760ad419]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[6ca21a2cd869]
+
+	* def_data.c, def_data.h, def_data.in, sudo.c, sudoers.pod:
+	Sudo will now refuse to run if no tty is present unless the new
+	visiblepw sudoers flag is set.
+	[0cc56943252e]
+
+2008-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c:
+	just use RLIM_INFINITY for RLIM_SAVED_MAX if RLIM_SAVED_MAX not
+	defined
+	[24fc6f712d5c]
+
+	* aix.c:
+	fix fallback value for RLIM_SAVED_MAX
+	[e09e04e1af89]
+
+	* auth/aix_auth.c, auth/sudo_auth.h:
+	Move clearing of AUTHSTATE into aixauth_cleanup.
+	[e14ae7bd259c]
+
+	* auth/aix_auth.c, env.c:
+	Unset AUTHSTATE after calling authenticate() as it may not be
+	correct for the user we are running the command as.
+	[d14f68f1b0ab]
+
+	* isblank.c:
+	Add isblank() function for systems without it. Needed for POSIX
+	character class matching in fnmatch.c and glob.c.
+	[16cba30b283f]
+
+2008-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	expound on sudo and cd
+	[8e0fa9033637]
+
+2008-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	regen
+	[40cf320a10fc]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[7cac761ae2c6]
+
+	* sudoers.pod:
+	mention defauts parse order
+	[4e2ce86d1394]
+
+2008-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, aclocal.m4, compat.h, configure:
+	Add isblank() function for systems without it. Needed for POSIX
+	character class matching in fnmatch.c and glob.c.
+	[a1ab55da8424]
+
+	* Makefile.in:
+	add emul/charclass.h to HDRS
+	[7e8a019dcaa4]
+
+2008-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	checkpoint
+	[afeb9bc1baed]
+
+	* defaults.c, parse.c, testsudoers.c, visudo.c:
+	Move update_defaults into defaults.c and call it properly from
+	visudo and testsudoers.
+	[f4dbb369461f]
+
+	* defaults.c, interfaces.c, pwutil.c, sudo.c, sudo_edit.c, tgetpass.c,
+	tsgetgrpw.c:
+	use zero_bytes() instead of memset() for consistency
+	[4cee0465f4a8]
+
+	* logging.c, mon_systrace.c, parse.c, sudo.c, sudo_edit.c, tgetpass.c,
+	visudo.c:
+	Zero out sigaction_t before use in case it has non-standard entries.
+	[120092225459]
+
+	* match.c:
+	quiet gcc
+	[098a1df49b23]
+
+	* match.c:
+	Short circuit glob() checks if basename(pattern) !=
+	basename(command). Refactor code that checks for a command in a
+	directory and use it in the glob case if the resolved pattern ends
+	in a '/'.
+	[3c46fd317acb]
+
+2008-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.h, parse.c, sudo.c, testsudoers.c, visudo.c:
+	Defer setting runas defaults until after runaspw/gr is setup.
+	[12e75ee49c0c]
+
+2008-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c, sudo.c, testsudoers.c:
+	Use MAXHOSTNAMELEN+1 when allocating host/domain name since some
+	systems do not include space for the NUL in the size. Also manually
+	NUL-terminate buffer from gethostname() since POSIX is wishy-washy
+	on this.
+	[7266ab3296a3]
+
+2008-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudoers.pod:
+	When setting the umask, use the union of the user's umask and the
+	default value set in sudoers so that we never lower the user's umask
+	when running a command.
+	[4e804b004e38]
+
+	* sudo.c:
+	Don't try to read from a zero-length sudoers file. Remove the bogus
+	Solaris work-around for EAGAIN. Since we now use fgetc() it should
+	not be a problem.
+	[bb8e5f68d944]
+
+2008-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	In update_defaults() check the return value of user*_matches against
+	ALLOW so we don't inadvertantly match on UNSPEC.
+	[4e422fa1527e]
+
+2008-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen man pages; no more hyphenation
+	[15de4fe2fe01]
+
+	* sudo.c:
+	Don't error out on a zero-length sudoers file. With the advent of
+	#include the user could create a situation where sudo is unusable.
+	[6eb461319fa5]
+
+2008-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c, config.h.in, configure, configure.in:
+	Newer heimdal has 2-argument krb5_get_init_creds_opt_free() like MIT
+	krb5. Really old heimdal has no krb5_get_init_creds_opt_alloc() at
+	all. Add configure tests to handle all the cases.
+	[4b554a98470d]
+
+2008-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	resort ENVIRONMENT
+	[f4f20f40653e]
+
+	* sudoers.pod:
+	document sudoers_locale
+	[0bffd2dbe806]
+
+	* sudo.pod, sudo_edit.c:
+	add SUDO_EDITOR variable that sudoedit uses in preference to VISUAL
+	or EDITOR
+	[0ef8cb248cee]
+
+	* toke.c, toke.l:
+	In fill_cmnd(), collapse any escaped sudo-specific characters.
+	Allows character classes to be used in pathnames.
+	[5685244c8e44]
+
+2008-10-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lbuf.c:
+	fix typo in non-C89 function declaration
+	[99a7113b3a05]
+
+	* sudoers.pod:
+	Mention POSIX characters classes now that out fnmatch() and glob()
+	support them.
+	[9c916f1230c3]
+
+	* sample.sudoers, sudoers.pod:
+	Replace [A-z] (which won't match in UTF8) with [A-Za-z] which is
+	locale agnostic.
+	[a60a62bec244]
+
+	* parse.h:
+	use __signed char if we are going to assign a negative value since
+	on Power, char is unsigned by default
+	[2877b319df17]
+
+	* config.h.in, configure, configure.in:
+	Add tests for __signed char and signed char.
+	[5eb874fdf1d4]
+
+	* aix.c:
+	Fix AIX limit setting. getuserattr() returns values in disk blocks
+	rather than bytes. The default hard stack size in newer AIX is
+	RLIM_SAVED_MAX. From Dale King.
+	[3db67415ecc3]
+
+2008-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/charclass.h, fnmatch.c, glob.c:
+	Add character class support to included glob(3) and fnmatch(3).
+	[6b5b4ad77899]
+
+2008-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/fnmatch.h:
+	Remove UCB advertising clause and some compatibility defines.
+	[2ade7bee74e1]
+
+2008-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Check EDITOR/VISUAL to make sure sudoedit is not re-invoking itself
+	or sudo. This allows one to set EDITOR to sudoedit without getting
+	into an infinite loop of sudoedit running itself until the path gets
+	too big.
+	[aa49ab68f82d]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, sudo.c:
+	Add sudoers_locale Defaults option to override the default sudoers
+	locale of "C".
+	[0639886a35bf]
+
+2008-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Set locale to system default except for during sudoers parse.
+	[016dd2736728]
+
+2008-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Redo change in 1.34 to use pointer arithmetic.
+	[f9e7b63bb450]
+
+2008-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Fix a dereference (read) of a freed pointer. Reported by Patrick
+	Williams.
+	[69877b633753]
+
+2008-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Set locale to "C" to avoid interpretation issues with character
+	ranges in sudoers. May want to make the locale a sudoers option in
+	the future.
+	[098a95de1746]
+
+2008-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	we no longer use setproctitle
+	[c7f20fb747ea]
+
+	* sudo.h:
+	remove #if 1
+	[a368ee6816c6]
+
+	* LICENSE, mkstemp.c:
+	Use my replacement mkstemp() from the mktemp package.
+	[d07c2beb0f9e]
+
+2008-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen with yacc skeleton bug fixed
+	[24784571cbb8]
+
+	* sudoers.pod:
+	Remove duplicate "as root". From Martin Toft.
+	[97241acfee5e]
+
+2008-07-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, sudo.c, sudo.h, testsudoers.c:
+	Flesh out the fake passwd entry used for running commands as a uid
+	not listed in the passwd database. Fixes an issue with some PAM
+	modules.
+	[a6648227f3f2]
+
+2008-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Error out in -i mode if the user has no shell. This can happen when
+	running commands as a uid with no password entry.
+	[0c174bef36ff]
+
+2008-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Better fix for line continuation inside double quotes. Now accepts
+	whitespace between the backslash and the newline like the main
+	lexer.
+	[64efcdf86d31]
+
+2008-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Fix line continuation in strings. It was only being honored if
+	preceded by whitespace.
+	[96c21271a3e4]
+
+2008-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, logging.c:
+	Replace the double fork with a fork + daemonize.
+	[328505441e67]
+
+2008-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	The -i flag should imply env_reset. This got broken in sudo 1.6.9.
+	[3caedfeaec87]
+
+	* logging.c, sudo.c, sudo_edit.c, visudo.c:
+	Change how the mailer is waited for. Instead of having a SIGCHLD
+	handler, use the double fork trick to orphan the child that opens
+	the pipe to sendmail. Fixes a problem running su on some Linux
+	distros.
+	[b59ce60a393d]
+
+2008-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix configure test for dirfd() on Linux where DIR is opaque.
+	[b8f729cdfecc]
+
+2008-06-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Get rid of the QNX TCSAFLUSH -> TCSADRAIN hack. If QNX still has
+	this problem we'll need to revisit this again.
+	[c17fee8ad530]
+
+2008-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Ignore SIGPIPE instead of blocking it when piping to the mailer. If
+	we only block the signal it may be delivered later when we unblock.
+	Also, there is no need to block SIGCHLD since we no longer do the
+	double fork. The normal SIGCHLD handler is sufficient.
+	[e94a49e992e5]
+
+2008-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Add description for NO_PAM_SESSION, from a redhat patch.
+	[b9e4c939ec09]
+
+2008-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Fix typos in -i usage
+	[2d7ce5de0235]
+
+2008-05-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Redo the test for dgettext() in a way that hopefully will work
+	around the libintl_dgettext() undefined problem.
+	[d27beb0cf85e]
+
+2008-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* schema.ActiveDirectory:
+	change filename in comment
+	[733da4ee9ac5]
+
+2008-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README.LDAP, sudoers.ldap.cat, sudoers.ldap.man.in,
+	sudoers.ldap.pod:
+	Reference schema.ActiveDirectory
+	[d6aec537800e]
+
+2008-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* schema.OpenLDAP, schema.iPlanet:
+	Mark sudoRunAs as deprecated.
+	[00c50df807af]
+
+	* schema.ActiveDirectory:
+	add sudoRunAsUser and sudoRunAsGroup
+	[19bcce6f72fb]
+
+	* schema.ActiveDirectory:
+	Active Directory schema by Chantal Paradis and Eric Paquet
+	[06a09c92c6a5]
+
+2008-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	remove an XXX that was fixed
+	[b88038062fa2]
+
+	* ChangeLog:
+	sync
+	[8fc27c17270e]
+
+	* parse.c:
+	Initialize tags to UNSPEC instead of def_* in "sudo -l" mode. This
+	fixes a problem where the tag value printed was influenced by
+	defaults set in the first pass through the parser.
+	[588ccd630367]
+
+2008-05-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudo.psf:
+	No point in packaging the TODO file
+	[9590248fffe1]
+
+	* ChangeLog:
+	sync
+	[152acf4c6813]
+
+2008-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, def_data.c, def_data.h, def_data.in, env.c, sudo.c,
+	sudo.h, sudoers.cat, sudoers.man.in, sudoers.pod:
+	Add env_file Defaults option that is similar to /etc/environment on
+	some systems.
+	[1daf53d51e18]
+
+2008-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README, TODO, WHATSNEW, sudo.cat, sudo.man.in,
+	sudoers.cat, sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.man.in,
+	version.h, visudo.cat, visudo.man.in:
+	change version to 1.7.0
+	[d41d126b9bd8]
+
+	* UPGRADE:
+	initial valgrind pass done
+	[c59c3876d8ca]
+
+2008-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Fix typo/think in sudo_ldap_read_secret() when storing the secret.
+	[830d246c09b0]
+
+2008-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	define LDAPS_PORT if the system headers do not
+	[247b12325701]
+
+2008-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c, gram.y:
+	Fix another memory leak in init_parser().
+	[7bba47deba11]
+
+	* configure, configure.in:
+	There was a missing space before the ldap libs in SUDO_LIBS for some
+	configurations.
+	[7524cfc93759]
+
+	* alias.c, gram.c, gram.y, toke.c, toke.l:
+	Clean up some memory leaks pointed out by valgrind.
+	[a965866ece1a]
+
+2008-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix "sudo -s" broken by mode/flags breakout
+	[acffe984d408]
+
+	* configure, configure.in:
+	remove duplicate check for dgettext
+	[58145529133c]
+
+2008-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c:
+	Fall back to default stanza if no user-specific limit is found.
+	[7b8cb29123ee]
+
+2008-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	include stdint.h if present
+	[f0ec38529306]
+
+	* snprintf.c:
+	Use LLONG_MAX, not the old QUAD_MAX
+	[01041ce508fb]
+
+2008-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.pod:
+	fix cut and pasto
+	[34240fdef5ab]
+
+2008-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Add #ifdef PURITY
+	[ce1b571ad526]
+
+2008-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/bsdauth.c:
+	remove useless cast
+	[494f8a862e1d]
+
+2008-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	sync
+	[f5c97ffaabcc]
+
+	* TODO:
+	sync
+	[96ff1c44c182]
+
+	* sudo.h:
+	Split MODE_* defines into primary and flags.
+	[c02ee3027cb9]
+
+2008-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aix.c:
+	It turns out the logic for getting AIX limits is more convoluted
+	than I realized and differs depending on whether the soft and/or
+	hard limits are defined.
+	[cf8d3f85d395]
+
+2008-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in:
+	Back out AIX-specific change to set the sudo_noexec path to the .a
+	file, we do really want to use the .so file. Since libtool doesn't
+	do that correctly, just install the .so file ourselves in the
+	Makefile.
+	[05c6f33177d9]
+
+	* install-sh:
+	If the file given to install is a path, only use the basename of the
+	file when building the destination path.
+	[695ba4e429ce]
+
+2008-03-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	parse_args() cleanup: Sort command line options in the getopt()
+	switch The -U option requires a parameter Normalize a few ISSET
+	calls Split mode into mode and flags and retire the now-obsolete
+	excl variable
+	[0d156835f861]
+
+	* WHATSNEW, check.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod,
+	sudo_usage.h.in:
+	Add -n (non-interactive) flag.
+	[e3e50400d32d]
+
+	* sudo.c:
+	Move version printing, etc. into a separate function.
+	[18c91b476e2c]
+
+	* sudo.c:
+	Don't try to cleanup nsswitch if it has not been initialized.
+	[aeb1ca1b399d]
+
+2008-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Block SIGPIPE in send_mail() so sudo is not killed by a problem
+	executing the mailer.
+	[f130e7924cca]
+
+2008-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	AIX shared libs end in .a, not .so.
+	[a5deb07020d8]
+
+2008-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Preserve HOME by default too. Matches documentation and previous
+	behavior.
+	[c16f17f1047c]
+
+2008-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Use getopt() to parse the command line. We need to be able to
+	intersperse env variables and options yet still honor "--"" which
+	complicates things slightly.
+	[60f271ce5c16]
+
+2008-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	sync
+	[685e67964eda]
+
+	* acsite.m4, configure, ltmain.sh:
+	update to libtool-1.5.26
+	[4c9a8c3d3b40]
+
+	* config.guess, config.sub:
+	update from libtool-1.5.26 distribution
+	[c6641aef2527]
+
+	* aix.c, sudo.h:
+	attempt to fix compilation errors on AIX
+	[edb13e5b2184]
+
+	* Makefile.in:
+	fix typo in last commit
+	[25ba7f7ceae4]
+
+	* Makefile.in:
+	Add WHATSNEW file to the distribution
+	[213f4115de8f]
+
+	* visudo.c:
+	use warningx instead of fprintf(stderr, ...)
+	[a3494b8ccb19]
+
+	* list.c:
+	add DEBUG to list2tq
+	[115d24a3000c]
+
+	* ChangeLog, TODO:
+	sync
+	[60e6f4d1fac0]
+
+	* WHATSNEW:
+	mention mailfrom
+	[e2498f9e18d6]
+
+	* Makefile.in, aix.c, config.h.in, configure, configure.in,
+	set_perms.c, sudo.h:
+	Add aix_setlimits() to set resource limits on AIX using a
+	combination of getuserattr() and setrlimit(). Currently untested.
+	[9b1441fd89ca]
+
+2008-03-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, logging.c, sudoers.cat,
+	sudoers.man.in, sudoers.pod:
+	Add mailfrom Defaults option that sets the value of the From: field
+	in the warning/error mail. If unset the login name of the invoking
+	user is used.
+	[029b9f05d3d9]
+
+	* defaults.c:
+	store a copy of _PATH_SUDO_ASKPASS in def_askpass that is freeable
+	[a90e407d5e00]
+
+	* gram.c, gram.y:
+	When adding a default, only call list2tq() once to do the list to tq
+	conversion. It is not legal to call list2tq multiple times on the
+	same list since list2tq consumes and modifies the list argument.
+	[fbc25d245c4a]
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	comment out XXXs for now
+	[595a1d43309d]
+
+	* WHATSNEW:
+	mention askpass
+	[b993e0837c22]
+
+2008-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Error out if both -A and -S are specified Error out if -A is
+	specified but no askpass is configured
+	[24f1df2638f6]
+
+	* configure, configure.in:
+	we are not going to ship a sudo-specific askpass
+	[61949e7a3943]
+
+2008-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	fix definition of TGP_ASKPASS
+	[0447c57ba4c3]
+
+	* def_data.c, def_data.in:
+	make askpass boolean-capable
+	[e0885893a325]
+
+	* INSTALL:
+	document --with-askpass
+	[c76e15ba97cf]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.man.in, visudo.cat:
+	regen
+	[8d16242980b7]
+
+2008-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudo_usage.h.in, sudoers.pod:
+	document -A and askpass
+	[02c07505a78c]
+
+	* auth/sudo_auth.c, check.c, configure, configure.in, def_data.c,
+	def_data.h, def_data.in, defaults.c, pathnames.h.in, sudo.c, sudo.h,
+	sudo_usage.h.in, tgetpass.c:
+	Add support for running a helper program to read the password when
+	no tty is present (or when specified with the -A flag). TODO: docs.
+	[05780f5f71fd]
+
+	* def_data.c, def_data.in:
+	add missing printf format to SELinux role and type strings
+	[2b32774715e7]
+
+2008-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in:
+	Disable use of gss_krb5_ccache_name() by default and add
+	--enable-gss-krb5-ccache-name configure option to enable it. It
+	seems that gss_krb5_ccache_name() doesn't work properly with some
+	combinations of Heimdal and OpenLDAP.
+	[f61ebd3b19bd]
+
+2008-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* selinux.c:
+	Ignore setexeccon() failing in permissive mode. Also add a call to
+	setkeycreatecon() (though this is probably insufficient). From Dan
+	Walsh.
+	[52564fc1c069]
+
+	* auth/pam.c:
+	Only set std_prompt for the PAM_PROMPT_* cases. The conversation
+	function may be called for non-password reading purposes so we must
+	be careful not to use def_prompt in cases where it may not be set.
+	[29d88ca575ba]
+
+2008-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* selinux.c:
+	Don't free the new tty context, we need to keep it around when we
+	restore the tty context after the command completes
+	[5b4bd39b6ea8]
+
+2008-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* selinux.c:
+	s/newrole/sudo/
+	[21b8a96ff8df]
+
+	* sudo.man.pl, sudo.pod:
+	Only put login_cap(3) in SEE ALSO section if we have login.conf
+	support
+	[05250ddff2c0]
+
+2008-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[301e5c5ccdbe]
+
+	* sudoers.pod:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[c1c98fa163ce]
+
+	* sudoers.man.pl:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[6c88f30b878a]
+
+	* sudo.pod:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[acdbdfd24e1d]
+
+	* sudo.man.pl:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[0c56d4750ac3]
+
+	* Makefile.in, configure, configure.in:
+	Substitute in comment characters for lines partaining to login.conf,
+	BSD auth and SELinux and only enable them if pertinent.
+	[9a02bd6a6658]
+
+	* Makefile.in, sudo.pod, sudoers.ldap.pod, sudoers.pod, visudo.pod:
+	Remove the =cut on the first line (above the copyright notice) to
+	quiet pod2man. Also remove the hackery in the FILES section and
+	just deal with the fact that there will a newline between each
+	pathname.
+	[2ac1ab191835]
+
+2008-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	run sudo.man.pl when generating sudo.man.in
+	[859727369168]
+
+	* configure, configure.in, sudo.man.pl:
+	comment out SELinux manual bits unless --with-selinux was specified
+	[97ff4212b649]
+
+	* sudoers.pod:
+	document role and type defaults for SELinux
+	[870f303366b3]
+
+	* sudo.c, sudo.cat, sudo.man.in, sudo.pod, sudo_usage.h.in:
+	Document "sudo -ll" and make "sudo -l -l" be equivalent.
+	[3ce6dc429ea3]
+
+2008-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Treat k*bsd*-gnu like Linux, not BSD. Fixes compilation problems on
+	Debian GNU/kFreeBSD.
+	[c4efa567a328]
+
+2008-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Avoid Heimdal'isms introduced in the rev 1.32 rewrite of
+	verify_krb_v5_tgt()
+	[f80538e5a6fa]
+
+	* logging.c, logging.h, sudo.c:
+	Remove dependence on VALIDATE_NOT_OK in logging functions. Split
+	log_auth() into log_allowed() and log_denial() Replace mail_auth()
+	with should_mail() and a call to send_mail()
+	[58aac9997557]
+
+2008-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Add debugging so we can tell if the krb5 ccache is accessible
+	[c679322527bb]
+
+	* INSTALL:
+	mention --with-selinux
+	[9efbe0b52194]
+
+2008-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[467a834f867c]
+
+	* selinux.c:
+	add Sudo tag
+	[d004ee669bed]
+
+	* sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod, sudo_usage.h.in,
+	sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod,
+	testsudoers.c, toke.c, toke.l:
+	Add support for SELinux RBAC. Sudoers entries may specify a role
+	and type. There are also role and type defaults that may be used.
+	To make sure a transition occurs, when using RBAC commands are
+	executed via the new sesh binary. Based on initial changes from Dan
+	Walsh.
+	[1d4abfe2c004]
+
+	* sesh.c:
+	Add support for SELinux RBAC. Sudoers entries may specify a role
+	and type. There are also role and type defaults that may be used.
+	To make sure a transition occurs, when using RBAC commands are
+	executed via the new sesh binary. Based on initial changes from Dan
+	Walsh.
+	[1e3b395ce049]
+
+	* Makefile.in, config.h.in, configure.in, def_data.c, def_data.h,
+	def_data.in, gram.c, gram.h, gram.y, ldap.c, parse.c, parse.h,
+	pathnames.h.in, selinux.c:
+	Add support for SELinux RBAC. Sudoers entries may specify a role
+	and type. There are also role and type defaults that may be used.
+	To make sure a transition occurs, when using RBAC commands are
+	executed via the new sesh binary. Based on initial changes from Dan
+	Walsh.
+	[6b421948286e]
+
+2008-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lbuf.c, ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.c:
+	Add long list (sudo -ll) support for printing verbose LDAP and
+	sudoers file entries. Still need to update manual.
+	[2875be37935c]
+
+2008-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, parse.c, sudo.h, sudo_nss.c, sudo_nss.h:
+	Unify the -l output for file and ldap based sudoers and use lbufs
+	for both. The ldap output does not currently include options that
+	cannot be represented as tags. This will be remedied in a long list
+	output mode to come.
+	[b2e429456596]
+
+2008-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Use a specific error message for errno == EAGAIN when setuid() et al
+	fails. On Linux systems setuid() will fail with errno set to EAGAIN
+	if changing to the new uid would result in a resource limit
+	violation.
+	[08d0aecd9f03]
+
+	* sudo.c:
+	Unlimit nproc on Linux systems where calling the setuid() family of
+	syscalls causes the nroc resource limit to be checked. The limits
+	will be reset by pam_limits.so when PAM is used. In the non-PAM
+	case the nproc limit will remain unlimited but there doesn't seem to
+	be a way around that other than having sudo parse
+	/etc/security/limits.conf directly.
+	[df024b415a8d]
+
+	* env.c, sudo.c, sudo.pod:
+	Only read /etc/environment on Linux and AIX
+	[90669e2aefdb]
+
+2008-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Use SUDO_DEFINE_UNQUOTED instead of AC_DEFINE_UNQUOTED to prevent
+	ldap.conf and ldap.secret paths from going into config.h. Avoid
+	single quotes in variable expansion when using SUDO_DEFINE_UNQUOTED
+	since in some versions of bash they will end up literally in the
+	resulting define.
+	[25390f3ef10a]
+
+2008-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	mention --with-nsswitch=no
+	[c509df927263]
+
+	* configure, configure.in:
+	ldap_ssl.h depends on ldap.h being included first
+	[d96d90e9b21f]
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Include ldap_ssl.h if we can find it. Needed for the
+	ldapssl_set_strength defines on HP-UX at least.
+	[9e530470948a]
+
+	* sudoers.ldap.pod:
+	sync
+	[b9d101f4673a]
+
+	* TODO:
+	sync
+	[2ce951b2ecd0]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.ldap.cat,
+	sudoers.ldap.man.in, sudoers.man.in, visudo.cat, visudo.man.in:
+	regen
+	[b61d793987e0]
+
+	* Makefile.in:
+	Use 78n line length when formatting cat pages.
+	[761bee9d5759]
+
+	* README.LDAP:
+	Remove redundant info that is now in sudoers.ldap.pod
+	[01828dcce59e]
+
+2008-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Reorganize the first section a bit. Substitute the proper path for
+	/etc/sudoers.
+	[11ae165e065d]
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Substitute values for ldap.conf, ldap.secret and nsswitch.conf Move
+	schema into EXAMPLES
+	[ab6509d1dde7]
+
+	* configure, configure.in:
+	Substitute values for ldap.conf, ldap.secret and nsswitch.conf into
+	sudoers.ldap.man.
+	[6e689972f465]
+
+	* configure, configure.in:
+	substitute for sudoers.ldap.man
+	[5a4a25766dee]
+
+	* Makefile.in:
+	Fix cut & pasto introduced when adding sudoers.ldap man page.
+	[a7b069af8894]
+
+	* sudoers.ldap.cat, sudoers.ldap.man.in, sudoers.ldap.pod:
+	Fill in some of the missing pieces. Still needs some reorganization
+	and editing.
+	[5e7331722166]
+
+2008-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudoers.ldap.cat, sudoers.ldap.man.in,
+	sudoers.ldap.pod:
+	Beginnings of a sudoers.ldap man page. Currently, much of the
+	information is adapted from README.LDAP.
+	[aad28c8a922d]
+
+2008-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	When copying gr_mem we must guarantee that the storage space for
+	gr_mem is properly aligned. The simplest way to do this is to
+	simply store gr_mem directly after struct group. This is not a
+	problem for gr_passwd or gr_name as they are simple strings.
+	[af58fc76f1ed]
+
+	* ldap.c:
+	Fix a typo/thinko in one of the calls to
+	sudo_ldap_check_user_netgroup(). From Marco van Wieringen.
+	[70b2eb8097f5]
+
+2008-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	include <mps/ldap_ssl.h> in ldap.c if available
+	[34346206ef16]
+
+2008-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c, gram.y:
+	Make sure we define SIZE_MAX for yacc's skeleton.c
+	[d8a45c7a3c42]
+
+	* tgetpass.c:
+	Use TCSAFLUSH when restoring terminal settings (and echo) to
+	guarantee that any pending output is discarded
+	[549a184479e5]
+
+2008-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers:
+	no longer need to specify SETENV when user has sudo ALL
+	[3051b41f8032]
+
+	* testsudoers.c:
+	sync user_args size calculation with sudo.c Add -g group option,
+	renaming old -g to -G Add set_runasgr() and set_runaspw() and use
+	them
+	[0850325180f0]
+
+	* sudo.c, sudo.h:
+	Make set_runaspw static void
+	[5d44d7a340ce]
+
+	* testsudoers.c, visudo.c:
+	g/c set_runaspw stub
+	[79ebb5e2cc38]
+
+	* configure, configure.in:
+	Don't add -llber twice.
+	[4356d302eef4]
+
+2008-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	fix typo
+	[249cecc557e9]
+
+2008-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen
+	[2f94ea375b67]
+
+	* configure, configure.in:
+	Fix check that determines whether -llber is required.
+	[6afa99523379]
+
+	* README.LDAP, config.h.in, configure, configure.in, ldap.c:
+	For netscape-based LDAP, use ldapssl_set_strength() to implement the
+	checkpeer ldap.conf option.
+	[16ae24d73795]
+
+	* auth/kerb5.c:
+	Delay krb5_cc_initialize() until we actually need to use the cred
+	cache, which is what krb5_verify_user() does. Better cleanup on
+	failure.
+	[d12e5f1695b8]
+
+2008-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Rewrite verify_krb_v5_tgt() based on what heimdal's
+	krb5_verify_user() does.
+	[05b5815f86c9]
+
+2008-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	The U suffix on constants is an ANSI feature
+	[c6dfce3167f1]
+
+	* configure, configure.in:
+	Add check for ber_set_option() in -llber
+	[43d0c0566074]
+
+2008-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	default if no nsswitch.conf is files only
+	[c13001d9c998]
+
+2008-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	don't tell people to mail aaron about LDAP stuff
+	[8165ec1ef0c6]
+
+	* README.LDAP:
+	timelimit and bind_timelimit
+	[44f74cbed167]
+
+	* ChangeLog:
+	sync
+	[aba1a0ab02bd]
+
+	* ldap.c:
+	Move ldap.secret reading into a separate function.
+	[1948acc9f7a4]
+
+	* check.c:
+	user_runas -> runas_pw
+	[334490fc2bae]
+
+2008-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sync
+	[c7b165cc47c6]
+
+	* check.c, sudo.pod, sudoers.pod:
+	Add and document the %p escape in the password prompt. Based on a
+	patch from Patrick Schoenfeld.
+	[3972d4f31ffa]
+
+	* ldap.c:
+	Check strlcpy() return values.
+	[9b42f3ae8ff1]
+
+	* ldap.c:
+	refactor ldap binding code into sudo_ldap_bind_s()
+	[cb0c66a4d955]
+
+	* README.LDAP:
+	Make it clear that host and uri can take multiple parameters. URI is
+	now supported for more than just openldap nsswitch.conf does't
+	accept "compat"
+	[f610dea656d6]
+
+	* sudo.c:
+	comment cleanup and update (c) year
+	[6cd69c810ca5]
+
+	* parse.c, sudo_nss.c:
+	Move display_privs() and display_cmnd() from parse.c to sudo_nss.c.
+	This should make it possible to build an LDAP-only sudo binary.
+	[61c3f27066a0]
+
+	* ldap.c, parse.c, sudo.c, sudo.h, sudo_nss.h:
+	Improve chaining of multiple sudoers sources by passing in the
+	previous return value to the next in the chain
+	[2c0b722b1b2d]
+
+	* gram.y:
+	Free up parser data structures in sudo_file_close().
+	[2251531d4519]
+
+	* gram.c, parse.c:
+	Free up parser data structures in sudo_file_close().
+	[8371f130f401]
+
+	* ldap.c:
+	Parse uri ourself if no ldap_initialize() is present Use
+	ldap_create() instead of deprecated ldap_init() Use
+	ldap_sasl_bind_s() instead of deprecated ldap_simple_bind_s()
+	[85d3825b1953]
+
+	* config.h.in, configure, configure.in:
+	Add check for ldap_sasl_bind_s() Remove -DLDAP_DEPRECATED from
+	CFLAGS
+	[240524512bc5]
+
+2008-01-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	add check for ldap_create
+	[3089badd73b8]
+
+2008-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add sudo_ldap_get_first_rdn() to return the first rdn of an entry's
+	dn using the mechanism appropriate for the LDAP SDK in use. Use
+	ldap_unbind_ext_s() instead of deprecated ldap_unbind_s(). Emulate
+	ldap_unbind_ext_s() and ldap_search_ext_s() for SDK's without them.
+	[6deeca3d00cc]
+
+	* lbuf.c:
+	include unistd.h
+	[8419ed0bae7f]
+
+	* config.h.in, configure.in:
+	fix typo in mtim_getnsec
+	[2d5f21230a60]
+
+2008-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	add check for st__tim in struct stat as used by SCO
+	[587060ea2a89]
+
+	* ldap.c:
+	use ldap_search_ext_s instead of deprecated ldap_search_s
+	[5fc44fe3b44c]
+
+	* Makefile.in, TODO, sudo.cat, sudo.man.in:
+	add sudo_nss.h to HDRS
+	[86f01a70ff29]
+
+	* ldap.c:
+	Replace deprecated ldap_explode_dn() with calls to ldap_str2dn() and
+	ldap_rdn2str().
+	[aa217002cfae]
+
+2008-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Use ldap_get_values_len()/ldap_value_free_len() instead of the
+	deprecated ldap_get_values()/ldap_value_free().
+	[e22dceb85e57]
+
+	* ChangeLog:
+	sync
+	[adad27b36107]
+
+	* TODO:
+	sync
+	[c449eb47e0ef]
+
+	* gettime.c, sudo.c:
+	Remove some already fixed XXXs
+	[532788d0e6da]
+
+	* ldap.c:
+	Same return value as non-existent sudoers if LDAP was unable to
+	connect.
+	[5819810e8e4e]
+
+	* sudo.pod:
+	mention /etc/environment
+	[ea8e6102f853]
+
+	* README.LDAP, UPGRADE, WHATSNEW:
+	Update to reflect recent developments.
+	[ed1fb026fe77]
+
+	* sudo.c:
+	Print nsswitch.conf, ldap.conf and ldap.secret paths in -V output.
+	[55b68a58260d]
+
+	* ldap.c:
+	When building up a query don't list groups in the aux group vector
+	that are the same as the passwd file group. On most systems the
+	first gid in the group vector is the same as the passwd entry gid.
+	[4bb51e297e0d]
+
+	* env.c, ldap.c:
+	Define LDAPNOINIT before calling ldap_init(), etc. to disable user
+	ldaprc and system defaults that could affect how LDAP works.
+	[ce5036440db2]
+
+	* INSTALL, configure, configure.in, pathnames.h.in, sudo.c,
+	sudo_nss.c, sudo_nss.h:
+	Rename read_nss -> sudo_read_nss Add --with-nsswitch to allow users
+	to specify nsswitch.conf path or disable it. If --with-nsswitch=no
+	but --with-ldap, order is LDAP, then sudoers. Fix --with-ldap-conf-
+	file and --with-ldap-secret-file
+	[ea5d7704381f]
+
+	* parse.c:
+	Honor def_ignore_local_sudoers
+	[f38e1121fae1]
+
+2007-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	no longer need to check def_ignore_local_sudoers here
+	[fce2a72f96fb]
+
+	* parse.c:
+	Refactor group vector resetting into a function and also call it
+	from display_cmnd. Stop after the first sucessful match in
+	display_cmnd. Print a newline between each display_privs method.
+	[981b37b5adff]
+
+	* parse.c:
+	fix double free introduced in rev 1.218
+	[c574b02d8747]
+
+	* ldap.c:
+	belt and suspenders; zero out result after freeing it
+	[7732988d4620]
+
+	* env.c, fileops.c, ldap.c, sudo.h, sudo_nss.c:
+	Refactor line reading into a separate function, sudo_parseln(),
+	which removes comments, leading/trailing whitespace and newlines.
+	May want to rethink the use of sudo_parseln() for /etc/ldap.secret
+	[61d9068f0645]
+
+	* parse.c, sudo.c:
+	Make the inability to read the sudoers file a non-fatal error if
+	there are other sudoers sources available. sudoers_file_lookup now
+	returns "not OK" if sudoers was not present
+	[643babf597a8]
+
+	* ldap.c:
+	make it clear that the global options are from LDAP
+	[9ff950349463]
+
+	* logging.c:
+	allocate proper amount of space for error string
+	[8bebb7d46d19]
+
+	* sudo_nss.c, sudo_nss.h:
+	actual sudo nss code
+	[5bd7d52d7738]
+
+	* ldap.c, parse.c, sudo.c, sudo.h:
+	nss-ify display_privs and display_cmnd.
+	[cccfdd3253f2]
+
+	* defaults.c, parse.c, testsudoers.c, visudo.c:
+	move update_defaults() to parse.c
+	[ace144b958a9]
+
+	* Makefile.in, ldap.c, list.c, parse.c, parse.h, sudo.c, sudo.h:
+	Use nsswitch to hide some sudoers vs. ldap implementation details
+	and reduce the number of #ifdef LDAP TODO: fix display routines and
+	error handling
+	[6225edde89a6]
+
+2007-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README.LDAP, ldap.c, pathnames.h.in, sudo.c, sudo.h:
+	First cut at nsswitch.conf support. Further reorganizaton and
+	related changes are forthcoming.
+	[717f59d0790b]
+
+2007-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, pathnames.h.in, sudo.c, sudo.h:
+	Add support for reading and /etc/environment file. Still needs to
+	be documented and should probably only applies to OSes that have it
+	(AIX and Linux, maybe others).
+	[15d3edae27e4]
+
+	* ldap.c:
+	include limits.h
+	[e19875ef0f82]
+
+2007-12-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	reword LDAP SASL
+	[7ec3c4ec31b5]
+
+2007-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sync
+	[87c5a7aea7bf]
+
+	* README.LDAP:
+	Add an example sudoRole, clarify netscape vs. openldap a bit more
+	[6f96c0ca8107]
+
+	* README.LDAP:
+	Be clear on what is OpenLDAP vs. Netscape-derived
+	[a33c8314dec5]
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Use ldapssl_init() for ldaps support instead of trying to do it
+	manually with ldap_init() + ldapssl_install_routines(). Use tls_cert
+	and tls_key for cert7.db and key3.db respectively. Don't print
+	debugging info for options that are not set. Add warning if
+	start_tls specified when not supported.
+	[abb62dc7e4a3]
+
+	* ldap.c:
+	fix compilation on solaris
+	[03d449684e80]
+
+	* Makefile.in:
+	add missing .h and .c files for missing lib objs
+	[8b37825bdfc7]
+
+2007-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	fix LDAP_OPT_NETWORK_TIMEOUT setting
+	[226eba89c0ad]
+
+	* ldap.c:
+	fix compilation on Solaris
+	[917d47639eb6]
+
+2007-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix typo
+	[009d5c81b225]
+
+	* README.LDAP:
+	try to clear up which variables are for OpenLDAP and which are for
+	netscape-derived SDKs
+	[f8d9823ee73c]
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add support for "ssl on" in both netscape and openldap flavors. Only
+	the OpenLDAP flavor has been tested.
+	[952745829ec5]
+
+	* logging.c, sudo.c, sudo.h:
+	Call cleanup() before exit in log_error() instead of calling
+	sudo_ldap_close() directly. ldap_conn can now be static to sudo.c
+	[da02d1b67a2c]
+
+	* sudo.c:
+	ld -> ldap_conn
+	[01afa6d927cc]
+
+2007-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, sudo.c, sudo.h:
+	Better ldap cleanup.
+	[25b9abe2d617]
+
+	* ldap.c:
+	Distinguish between LDAP conf settings that are connection-specific
+	(which take an ld pointer) and those that are default settings
+	(which do not).
+	[d48dc6c9c3b4]
+
+2007-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Improved warnings on error.
+	[c8dce7b4feb4]
+
+	* ldap.c:
+	Make ldap config table driven and set the config *after* we open the
+	connection.
+	[d9698b5a2681]
+
+2007-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	fix LDAP_OPT_X_CONNECT_TIMEOUT compat define
+	[598c6df06660]
+
+	* configure, configure.in:
+	some operating systems need to link with -lkrb5support when using
+	krb5
+	[8896365dde9e]
+
+2007-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	minor update
+	[acfeeb7f4886]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[a3c6699674f9]
+
+2007-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog, TODO:
+	sync
+	[138e99b925ee]
+
+	* ldap.c, schema.OpenLDAP, schema.iPlanet, sudoers2ldif:
+	add -g support for LDAP
+	[8fc27dbe9287]
+
+2007-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, sudo.c, sudo.pod, sudo_usage.h.in:
+	The -i and -s flags can now take an optional command.
+	[6afec104ee77]
+
+2007-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, def_data.c, def_data.h, def_data.in, sudo.c, sudo.pod,
+	sudoers.pod:
+	Add passprompt_override flag to sudoers that will cause the prompt
+	to be overridden in all cases. This flag is also set when the user
+	specifies the -p flag.
+	[e4c5402131a6]
+
+	* sudo.c:
+	Move setting of login class until after sudoers has been parsed. Set
+	NewArgv[0] for -i after runas_pw has been set.
+	[62a48c8c56fa]
+
+	* configure, configure.in:
+	Move the dgettext check.
+	[5fd8a4712d1c]
+
+2007-12-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, config.h.in, configure, configure.in:
+	Add basic support for looking up the string "Password: " in the PAM
+	localized text db. This allows us to determine whether the PAM
+	prompt is the default "Password: " one even if it has been
+	localized.
+
+	TODO: concatenate non-std PAM prompts and user-specified sudo
+	prompts.
+	[81c25a415d41]
+
+2007-11-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, config.h.in, configure, configure.in, parse.c,
+	set_perms.c, sudo.c, sudo.h:
+	Use AC_FUNC_GETGROUPS instead of a home-grown attempt that was
+	insufficient.
+	[1cce6ec1a91e]
+
+	* acsite.m4, configure, interfaces.c, memrchr.c:
+	Fix typos; Martynas Venckus
+	[be1233cca11a]
+
+2007-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Don't assume runas_pw is set; it may not be in the -g case.
+	[aa11bd2193ac]
+
+2007-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, set_perms.c:
+	Set aux group vector for PERM_RUNAS and restore group vector for
+	PERM_ROOT if we previously changed it. Stash the runas group vector
+	so we don't have to call initgroups more than once. Also add no-op
+	check to check_perms.
+	[53837fc755f7]
+
+2007-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW, check.c, def_data.in, defaults.c, gram.c, gram.h, gram.y,
+	ldap.c, logging.c, match.c, mon_systrace.c, parse.c, parse.h,
+	pwutil.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+	sudo.pod, sudo_usage.h.in, sudoers.cat, sudoers.man.in, sudoers.pod,
+	testsudoers.c, visudo.c, visudo.cat, visudo.man.in:
+	Add support for runas groups. This allows the user to run a command
+	with a different effective group. If the -g option is specified
+	without -u the command will be run as the current user (only the
+	group will change). the -g and -u options may be used together.
+	TODO: implement runas group for ldap improve runas group
+	documentation add testsudoers support
+	[9019309df6d0]
+
+	* configure, configure.in:
+	fix setting of mandir
+	[2c60f269399f]
+
+	* sudo.pod, sudoers.pod:
+	document that ALL implies SETENV
+	[bcc8e5b703b9]
+
+	* ldap.c:
+	s/setenv_ok/setenv_implied/g
+	[f005df2c2eea]
+
+	* ldap.c:
+	hostname_matches() returns TRUE on match in sudo 1.7.
+	[c3d4377b6e8b]
+
+	* ldap.c:
+	use strcmp, not strcasecmp when comparing ALL
+	[e486024574a1]
+
+	* ldap.c:
+	Make sudo ALL imply setenv. Note that unlike with file-based
+	sudoers this does affect all the commands in the sudoRole.
+	[bc12f54321d1]
+
+	* gram.c, gram.y, parse.c, parse.h:
+	sudo "ALL" now implies the SETENV tag but, unlike an explicit tag,
+	it is not passed on to other commands in the list.
+	[026e2cb40680]
+
+	* visudo.c:
+	Add missing sudo_setpwent() and sudo_setgrent() calls. Also use
+	sudo_getpwuid() instead of getpwuid().
+	[86f30a8fbd49]
+
+2007-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers:
+	Expand on the dangers of not using visudo to edit sudoers.
+	[e434e8057d02]
+
+2007-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Don't quote *?[]! on output since the lexer does not strip off the
+	backslash when reading those in.
+	[561da4a13afa]
+
+2007-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* glob.c:
+	expand "u_foo" types to "unsigned foo" to avoid compatibility
+	issues.
+	[b0d7c64d78c3]
+
+2007-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Refactor log line generation in to new_logline().
+	[6a9b9730615d]
+
+2007-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	fix typo
+	[9e19d4f86e47]
+
+2007-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, interfaces.c, interfaces.h,
+	match.c:
+	Add configure check for struct in6_addr instead of relying on
+	AF_INET6 since some systems define AF_INET6 but do not include IPv6
+	support.
+	[e24082c416bd]
+
+2007-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix block to add -lutil for FreeBSD and NetBSD when logincap is in
+	use.
+	[76a9df4a63be]
+
+2007-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	POSIX states that struct timespec be declared in time.h so check
+	there regardless of the value of TIME_WITH_SYS_TIME.
+	[e42c55ec9daf]
+
+2007-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Instead of defining a macro to call the appropriate method for
+	turning on/off echo, just define tc[gs]etattr() and the related
+	defines that use the correct terminal ioctls if needed. Also go back
+	to using TCSAFLUSH instead of TCSADRAIN on all but QNX.
+	[5dfb2379d995]
+
+2007-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	g/c @ALLOCA@
+	[e6946c2e3820]
+
+	* configure:
+	regen
+	[9bac7159a138]
+
+	* INSTALL, auth/pam.c, config.h.in, configure.in:
+	Add --disable-pam-session configure option to disable calling
+	pam_{open,close}_session. May work around bugs in some PAM
+	implementations.
+	[273d0fdb4a9d]
+
+2007-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	quiet gcc warnings
+	[325565c5a579]
+
+	* tgetpass.c:
+	Avoid printing the prompt if we are already backgrounded. E.g. if
+	the user runs "sudo foo &" from the shell. In this case, the call
+	to tcsetattr() will cause SIGTTOU to be delivered.
+	[db2139a8d8b8]
+
+2007-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in:
+	Reorder things such that the definition of env_reset come right
+	before the env variable lists.
+	[e0d8e22a581a]
+
+	* parse.h:
+	Shrink type and seqno in struct alias from int to u_short
+	[9425263dd565]
+
+	* alias.c, match.c, parse.c, parse.h:
+	Add a sequence number in the aliases for loop detection. If we find
+	an alias with the seqno already set to the current (global) value we
+	know we've visited it before so ignore it.
+	[301a0548ffff]
+
+2007-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, auth/pam.c, sudo.c, sudo.h:
+	PAM wants the full tty path so add user_ttypath which holds the full
+	path to the tty or is NULL if no tty was present.
+	[c7c1dd4b36c8]
+
+	* auth/pam.c:
+	Set PAM_RHOST to work around a bug in Solaris 7 and lower that
+	results in a segv.
+	[3a8865b3a357]
+
+2007-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen
+	[5647be127950]
+
+	* alias.c, defaults.c, gram.y, list.c, list.h, match.c, parse.c,
+	parse.h, testsudoers.c, visudo.c:
+	rename lh_ -> tq_
+	[8f500c542c4a]
+
+2007-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alloc.c:
+	remove some useless casts
+	[409a448b23f5]
+
+	* alloc.c:
+	pull in inttypes.h for SIZE_MAX; we avoid stdint.h since inttypes.h
+	predates the final C99 spec and the standard specifies that it shall
+	include stdint.h anyway
+	[ae478fdef61a]
+
+2007-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, alloca.c, configure.in:
+	Since we ship with a pre-generated parser there is no need to ship a
+	bogus alloca implementation.
+	[3f611a7cc0e5]
+
+	* configure:
+	regen
+	[771eccf5269c]
+
+	* configure.in:
+	remove initial setting of CHECKSIA, we require that it be unset if
+	not used
+	[a2e91adc5aa2]
+
+	* Makefile.in:
+	add list.c to SRCS
+	[7db0e56cf5b9]
+
+	* configure:
+	regen
+	[3716ec30172e]
+
+	* configure.in:
+	only do SIA checks on Digital Unix
+	[6a96e1af2597]
+
+2007-09-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[ac1dc29de72b]
+
+	* ChangeLog, TODO:
+	sync
+	[781effce0a2d]
+
+	* auth/kerb5.c:
+	Remove call to krb5_cc_register() as it is not needed for modern
+	kerb5.
+	[351b8b764f16]
+
+	* configure:
+	regen
+	[ac21dbcc9c2c]
+
+	* aclocal.m4, configure.in:
+	New method for setting the default authentication type and avoiding
+	conflicts in auth types.
+	[5fb15be11f78]
+
+	* match.c, parse.c, testsudoers.c:
+	Each entry in a cmndlist now has an associated runaslist so no need
+	to keep track of the most recent non-NULL one.
+	[582e015786b0]
+
+2007-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	back out partial ldaps support mistakenly committed
+	[357703e94b2d]
+
+	* ldap.c:
+	Add support for unix groups and netgroups in sudoRunas
+	[2f04eb91c6d0]
+
+2007-09-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Fix sudoedit of a non-existent file. From Tilo Stritzky.
+	[a5488a03bddd]
+
+2007-09-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[541177376ee1]
+
+	* INSTALL:
+	update --passprompt escape info
+	[6d57db4cd538]
+
+	* configure.in:
+	remove now-bogus comment and update copyright date
+	[6a4af45fa331]
+
+	* configure.in:
+	Fix up use of with_passwd
+	[7c79d8640f77]
+
+	* acsite.m4, config.guess, config.sub, configure.in, ltmain.sh:
+	Update to autoconf-2.61 andf libtool-1.5.24
+	[045259b0b439]
+
+	* Makefile.in:
+	"cmp -s" not just cmp Add @datarootdir@ to quiet autoconf-2.61
+	[f5b6a7afb817]
+
+2007-09-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* gram.c:
+	regen
+	[b5b78e71d2cb]
+
+	* gram.y:
+	move tags and runaslist propagation to be earlier
+	[94f7805f4489]
+
+	* visudo.c:
+	If -f flag given use the permissions of the original file as a
+	template
+	[9303d22bddb0]
+
+	* gram.y:
+	prevent a double free() when re-initing the parser
+	[5b3907c4de5a]
+
+2007-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[49a90b19a17d]
+
+	* aclocal.m4, alias.c, alloc.c, auth/API, auth/afs.c, auth/bsdauth.c,
+	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.h, config.h.in,
+	configure.in, env.c, ldap.c, list.c, list.h, memrchr.c, parse.c,
+	parse.h, pwutil.c, redblack.c, redblack.h, snprintf.c, sudo.c,
+	sudo.h, testsudoers.c, visudo.c, zero_bytes.c:
+	Remove support for compilers that don't support void *
+	[35e1d01ae197]
+
+	* gram.c:
+	regen
+	[70ce412a458a]
+
+	* Makefile.in, alias.c, defaults.c, gram.y, list.c, list.h, match.c,
+	parse.c, parse.h, testsudoers.c, visudo.c:
+	Move list manipulation macros to list.h and create C versions of the
+	more complex ones in list.c. The names have been down-cased so they
+	appear more like normal functions.
+	[9cea0e281148]
+
+	* Makefile.in:
+	Fix cmp command when regenerating parser. Make gram.o the first
+	dependency for all programs so gram.h will be generated before
+	anything that needs it.
+	[429ea065abf1]
+
+	* gram.y, parse.h:
+	Convert NEW_DEFAULT anf NEW_MEMBER into static functions.
+	[2f3433833589]
+
+	* match.c, parse.c, testsudoers.c:
+	Use LH_FOREACH_REV when checking permission and short-circuit on the
+	first non-UNSPEC hit we get for the command. This means that
+	instead of cycling through the all the parsed sudoers entries we
+	start at the end and work backwards and quit after the first
+	positive or negative match.
+	[881474532f3e]
+
+	* gram.c:
+	regen
+	[9152a19d4188]
+
+	* defaults.c, gram.y, parse.c, parse.h, testsudoers.c, visudo.c:
+	Change list head macros to take a pointer, not a struct.
+	[054f1dcce4cc]
+
+	* gram.c:
+	regen
+	[be154aae6235]
+
+	* gram.y:
+	Propagate the runasspec from one command to the next in a cmndspec.
+	[4957b1cb03a3]
+
+2007-08-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Replace has_meta() with a macro that calls strpbrk().
+	[a2e58846a542]
+
+	* regen
+	[5a932a5c9451]
+
+	* alias.c, defaults.c, gram.y, match.c, parse.c, parse.h,
+	testsudoers.c, visudo.c:
+	Use a list head struct when storing the semi-circular lists and
+	convert to tail queues in the process. This will allow us to
+	reverse foreach loops more easily and it makes it clearer which
+	functions expect a list as opposed to a single member.
+
+	Add macros for manipulating lists. Some of these should become
+	functions.
+
+	When freeing up a list, just pop off the last item in the queue
+	instead of going from head to tail. This is simpler since we don't
+	have to stash a pointer to the next member, we always just use the
+	last one in the queue until the queue is empty.
+
+	Rename match functions that take a list to have list in the name.
+	Break cmnd_matches() into cmnd_matches() and cmndlist_matches.
+	[7c37b271607a]
+
+	* parse.c:
+	Fix pasto, append "!" not negated (which is an int) for sudo -l
+	output.
+	[93a444c3997f]
+
+	* Makefile.in:
+	Remove the dependency of gram .h on gram.y, the .c dependency is
+	enough. Only move y.tab.h to gram.h if it is different; avoids
+	needless rebuilding.
+	[67bf4ea2a2e5]
+
+2007-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Defaults lines may be associated with lists of users, hosts,
+	commands and runas users, not just single entries.
+	[795effacb6be]
+
+2007-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Revert the "cmp" portion of the last diff, it doesn't make sense.
+	[26f34bf4e2e3]
+
+	* Makefile.in:
+	Remove *.lo for clean: When generating the parser, only move the
+	generated files into place if they differ from the existing ones.
+	[84673fea371b]
+
+2007-08-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Replace IPV6 regexp with a much simpler (readable) one and add an
+	extra check when it matches to make sure we have a valid address.
+	[592e9f690556]
+
+	* match.c:
+	Fix thinko introduced when merging IPV6 support.
+	[da38cd5eb8c7]
+
+2007-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, LICENSE:
+	regen
+	[0d7b27b90634]
+
+	* license.pod:
+	add 2007
+	[510e5048ae1a]
+
+	* UPGRADE:
+	mention #uid vs. comment pitfall
+	[4d2861898bcc]
+
+	* acsite.m4:
+	Merge in a patch from the libtool cvs that fixes a problem with the
+	latest autoconf. From Stepan Kasal.
+	[0c279ae7df3e]
+
+	* parse.h:
+	Back out he XOR swap trick, it is slower than a temp variable on
+	modern CPUs.
+	[91c4b024e317]
+
+	* gram.c:
+	regen
+	[cb6d4106fb74]
+
+	* gram.y, parse.h:
+	Convert the tail queue to a semi-circle queue and use the XOR swap
+	trick to swap the prev pointers during append.
+	[8bf4d9fbee58]
+
+2007-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.h:
+	remove useless statement
+	[421ec1dd73e6]
+
+	* toke.c, toke.l:
+	Refactor #include parsing into a separate function and return
+	unparsed chars (such as newline or comment) back to the lexer.
+	[64166917aa3d]
+
+2007-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* WHATSNEW:
+	mention better uid support
+	[56f510e7f2ec]
+
+	* sudoers.pod:
+	Users may now consist of a uid.
+	[5fd31b2c55ed]
+
+	* gram.c, gram.h, toke.c:
+	regen
+	[599e58af6dc1]
+
+	* parse.c:
+	Use lbuf_append_quoted() for sudo -l output to quote characters that
+	would require quoting in sudoers.
+	[3132d05c990a]
+
+	* lbuf.c, lbuf.h:
+	Add lbuf_append_quoted() which takes a set of characters which
+	should be quoted with a backslash when displayed.
+	[ab09bebb1d65]
+
+	* toke.l:
+	Require that the first character after a comment not be a digit or a
+	dash. This allows us to remove the GOTRUNAS state and treat
+	uid/gids similar to other words. It also means that we can now
+	specify uids in User_Lists and a User_Spec may now contain a uid.
+	[461fe01f8392]
+
+	* gram.y, toke.l:
+	Replace RUNAS token with '(' and ')' tokens to make the runas
+	portion of the grammar more natural.
+	[e0c383b4684d]
+
+	* BUGS:
+	The BUGS file is history
+	[4d9a809585c7]
+
+	* Makefile.in, README:
+	The BUGS file is history
+	[d9500e261172]
+
+2007-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	Allow comments after a RunasAlias as long as the character after the
+	pound sign isn't a digit or a dash.
+	[d7f3bd94eeda]
+
+	* WHATSNEW:
+	Glob support was back-ported to 1.6.9
+	[d1d5cfd46228]
+
+2007-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	remove sudo_usage.h in distclean
+	[df05ce9c4127]
+
+	* parse.c:
+	If a Defaults value contains a blank, double-quote the string.
+	[9057a910daad]
+
+	* toke.c, toke.l:
+	Properly deal with Defaults double-quoted strings that span multiple
+	lines using the line continuation char. Previously, the entire
+	thing, including the continuation char, newline, and spaces was
+	stored as-is.
+	[4a4e8eacefe6]
+
+	* sudo.c:
+	Be consistent when using single quotes and backticks.
+	[d010b83a0fa1]
+
+2007-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, configure, configure.in, lbuf.c, lbuf.h, parse.c,
+	sudo.c, sudo_usage.h.in:
+	Add new linebuf code to do appends of dynamically allocated strings
+	and word-wrapped output. Currently used for sudo's usage() and sudo
+	-l output. Sudo usage strings are now in sudo_usage.h which is
+	generated at configure time.
+	[4dfd0ee8d961]
+
+2007-08-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c, sudo.h:
+	Fix line wrapping in usage() and use the actual tty width instead of
+	assuming 80.
+	[700eab37c5a6]
+
+2007-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* history.pod:
+	some more info
+	[8140112a8ae1]
+
+	* history.pod:
+	Mentioned Chris Jepeway's parser and also the new one that is in
+	sudo 1.7.
+	[2132d00f0597]
+
+2007-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	For the options list, add flag args where appropriate and increase
+	the indent level so there is room for them.
+	[2b60fb572e12]
+
+2007-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix some spacing in "sudo -l" and add a comment about some bogosity
+	in the line wrapping.
+	[b59b056f5ee2]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[5fb719f18ebc]
+
+	* INSTALL, Makefile.in, WHATSNEW, config.h.in, configure.in,
+	def_data.c, def_data.h, def_data.in, gram.c, gram.h, gram.y,
+	parse.c, parse.h, pathnames.h.in, sudo.c, sudo.h, sudoers.pod,
+	testsudoers.c, toke.c, toke.l:
+	Remove monitor support until there is a versino of systrace that
+	uses a lookaside buffer (or we have a better mechanism to use).
+	[61ff76878e4a]
+
+	* config.h.in, configure, configure.in, sudo.c:
+	use getaddrinfo() instead of gethostbyname() if it is available
+	[cc33c136aa6a]
+
+2007-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c:
+	Deal with OSes where sizeof(gid_t) < sizeof(int).
+	[130a89cbdfba]
+
+	* interfaces.c:
+	repair non-getifaddrs() code after ipv6 integration
+	[7ae7a89e2236]
+
+	* sudo.c:
+	If we can open sudoers but fail to read the first byte, close the
+	file stream before trying again.
+	[6f31272fae7b]
+
+2007-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c:
+	regen
+	[4d7afe0aa6fa]
+
+	* gram.y, interfaces.c, interfaces.h, match.c, sudoers.pod, toke.l:
+	Add IPv6 support; adapted from patches by YOSHIFUJI Hideaki
+	[4e6ff2965a42]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Add some missing markup Update copyright
+	[7e6d3c686b5e]
+
+2007-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix sudo_noexec extension which got broken in the libtool update
+	[3a5b447df861]
+
+2007-08-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	explicitly specify -Tascii to nroff
+	[45c8da4cbefe]
+
+2007-08-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	remove an ANSI-ism that crept in
+	[29086f87b2ca]
+
+2007-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	Adjust list indents Prevent -- from being turned into an em dash Use
+	a list for the environment instead of a literal paragraph
+	[c3abcd8f76f4]
+
+	* visudo.pod:
+	Use a list for the environment instead of an indented literal
+	paragraph.
+	[0ffcfcb7349f]
+
+	* sudoers.pod:
+	Adjust list indentation
+	[615c89e3123a]
+
+	* license.pod:
+	add =head3
+	[8b2e0d38c0bd]
+
+2007-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	mention that when specifying a uid for the -u option the shell may
+	require that the # be escaped
+	[3e3a17bff150]
+
+2007-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Fix off by one in group matching.
+	[b529602b7fba]
+
+2007-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Fix typo: PYTHONINSPEC should be PYTHONINSPECT. From David Krause.
+	[ffbf8907c6e7]
+
+2007-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Add missing define of HAVE_GSS_KRB5_CCACHE_NAME for the
+	-lgssapi_krb5 case.
+	[2b85a89c2252]
+
+	* aclocal.m4, configure, configure.in:
+	Fix link tests such that new gcc doesn't optimize away the test.
+	[83484ec95cba]
+
+2007-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	add missing over/back
+	[251a12c89b91]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Change FILES section to use =item
+	[60b9efc3a0b2]
+
+	* env.c:
+	Add back allocation of the env struct in rebuild_env but save a copy
+	of the old pointer and free it before returning.
+	[1100cd4fa997]
+
+	* env.c:
+	Don't init the private environment in rebuild_env() since it may
+	have already been done implicitly sudo_setenv/sudo_unsetenv.
+
+	Multiply length by sizeof(char *) in memcpy/memmove when copying the
+	environment so we copy the full thing.
+
+	Add missing set of parens so we deref the right pointer in
+	sudo_unsetenv when searching for a matching variable.
+	[9086a8f756b1]
+
+2007-07-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Use file markup for paths in the FILES section
+	[940d99f731f2]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Don't capitalize sudo/visudo
+	[f067a455d44b]
+
+	* sudoers.pod:
+	Sort sudoers options; based on a diff from Igor Sobrado.
+	[a9b9befe85ac]
+
+2007-07-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Use 8 and 5 instead of @mansectsu@ and @mansectform@ since the
+	latter confuses pod2man. The Makefile rules for the .man.in file
+	will add @mansectsu@ and @mansectform@ back in after pod2man is done
+	anyway.
+	[b50ea0db727c]
+
+2007-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, license.pod:
+	Move license info to pod format
+	[25bdd82e592b]
+
+	* configure, configure.in, sudoers.pod:
+	Substitute value of path_info into sudoers man page.
+	[9ba661a82798]
+
+	* WHATSNEW:
+	remove features that were back-ported to 1.6.9
+	[e76d756cbe65]
+
+	* sudo.c, sudo.pod, visudo.c, visudo.pod:
+	Sort SYNOPSIS and sync usage. From Igor Sobrado.
+	[4970386c9e54]
+
+	* env.c:
+	Only need sudo_setenv/sudo_unsetenv if we are going to use
+	ldap_sasl_interactive_bind_s() but don't have
+	gss_krb5_ccache_name().
+	[f1a73d8b35c5]
+
+	* ChangeLog:
+	rebuild without branch info
+	[5d5a33494677]
+
+	* Makefile.in:
+	Add ChangeLog target
+	[a702034fdd89]
+
+	* auth/pam.c:
+	Run cleanup code if the user hits ^C at the password prompt.
+	[9cf87768e921]
+
+	* auth/pam.c:
+	Some versions of pam_lastlog have a bug that will cause a crash if
+	PAM_TTY is not set so if there is no tty, set PAM_TTY to the empty
+	string.
+	[5b63f6c88866]
+
+2007-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	ChageLog not Changelog
+	[1243d8473ceb]
+
+	* ChangeLog:
+	sync
+	[d887df98c6b0]
+
+	* Makefile.in:
+	CHANGE -> Changelog
+	[917738df30dd]
+
+	* TODO:
+	sync
+	[cd382f7d1948]
+
+2007-07-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, ldap.c:
+	Add configure hooks for gss_krb5_ccache_name() and the gssapi
+	headers.
+	[139606209991]
+
+2007-07-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	rebuild_env() and insert_env_vars() no longer return environment
+	pointer, they set environ directly.
+
+	No longer need to pass around an envp pointer since we just operate
+	on environ now.
+
+	Add dosync argument to insert_env() that indicates whether it should
+	reset environ when realloc()ing env.envp.
+
+	Use an initial size of 128 for the environment.
+	[4735fd5fddb8]
+
+	* env.c:
+	Split sudo_setenv() into an external version and a version only for
+	use by rebuild_env().
+	[fda7d655adb1]
+
+2007-07-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Add support for using gss_krb5_ccache_name() instead of setting
+	KRB5CCNAME. Also use sudo_unsetenv() in the non-
+	gss_krb5_ccache_name() case if there was no KRB5CCNAME in the
+	original environment. TODO: configure setup for
+	gss_krb5_ccache_name()
+	[fcafa5a49caf]
+
+	* README.LDAP:
+	add krb5_ccname
+	[fceb8f883886]
+
+	* README.LDAP, ldap.c:
+	Add support for sasl_secprops in ldap.conf
+	[1f06f4bf7347]
+
+	* env.c, sudo.h:
+	Add sudo_unsetenv() and refactor private env syncing code into
+	sync_env().
+	[045ecb3fd22b]
+
+	* README.LDAP, ldap.c:
+	The ldap.conf variable is sasl_auth_id not sasl_authid.
+	[a5f98491311b]
+
+2007-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, sudo.c, sudo.h:
+	Add support for krb5_ccname in ldap.conf. If specified, it will
+	override the default value of KRB5CCNAME in the environment for the
+	duration of the call to ldap_sasl_interactive_bind_s().
+	[b08a10c3045b]
+
+	* env.c, sudo.h:
+	Remove format_env() Add sudo_setenv() to replace most format_env() +
+	insert_env() combinations. insert_env() no longer takes a struct
+	environment *
+	[131da52f43f3]
+
+	* ldap.c:
+	Fix use_sasl vs. rootuse_sasl logic.
+	[0c0417b6918c]
+
+	* README.LDAP, config.h.in, configure, configure.in, ldap.c:
+	Add support for SASL auth when connecting to an LDAP server. Adapted
+	from a diff by Tom McLaughlin.
+	[a6285f1356ea]
+
+2007-07-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Only enable AIX or BSD auth if no other exclusive auth method has
+	been chosen. Allows people to e.g., use PAM on AIX without adding
+	--without-aixauth. A better solution is needed to deal with default
+	authentication since if a non-exclusive method is chosen we will
+	still get an error.
+	[83f7afdc0ec3]
+
+2007-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY, Makefile.in, history.pod:
+	Generate HISTORY from history.pod (which is also used for web pages)
+	[60bcd5164931]
+
+2007-07-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudoers.man.in:
+	regen
+	[63956a366191]
+
+	* sudo.pod:
+	Better explanation of environment handling in the sudo man page.
+	[6c247742f7ee]
+
+	* env.c, sudo.c:
+	Defer setting user-specified env vars until after authentication.
+	[4750b79323ee]
+
+	* env.c:
+	honor def_default_path for PATH set on the command line
+	[6db31d9b6d65]
+
+	* env.c, sudo.c, sudo.pod, sudoers.pod:
+	Allow user to set environment variables on the command line as long
+	as they are allowed by env_keep and env_check. Ie: apply the same
+	restrictions as normal environment variables. TODO: deal with
+	secure_path
+	[26c0da3840cf]
+
+2007-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo_edit.c:
+	Call rebuild_env() in call cases. Pass original envp to sudo_edit().
+	Don't allow -E or env var setting in sudoedit mode. More accurate
+	usage() when called as sudoedit.
+	[a4af20658361]
+
+	* ldap.c:
+	warn -> warning
+	[d87d1192b048]
+
+	* sudo.pod:
+	add -c option to sudoedit synopsis
+	[15b596a7e2db]
+
+	* TODO:
+	udpate to reality
+	[e2f8fde89db1]
+
+	* parse.c:
+	Use ALLOW/DENY instead of TRUE/FALSE when dealing with the return
+	value from {user,host,runas,cmnd}_matches(). Rename *matches
+	variables -> *match. Purely cosmetic.
+	[e54a44c00a88]
+
+	* parse.c:
+	Move setting of FLAG_NO_CHECK into the if(pwflag) block. No change
+	in behavior.
+	[c6272b4f2127]
+
+	* sudoers:
+	add SETENV tag
+	[3a3066bb6788]
+
+2007-07-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Make pwcheck local to the pwflag block. Use pwcheck even if user
+	didn't match since Defaults options may still apply.
+	[45da9efbbafd]
+
+	* check.c, sudo.c:
+	Do not update timestamp if user not validated by sudoers.
+	[a4a9d4364827]
+
+	* set_perms.c:
+	for PERM_RUNAS, set the egid to the runas user's gid and restore to
+	the user's original in PERM_ROOT
+	[1514bfb32847]
+
+	* logging.c, mon_systrace.c, set_perms.c, sudo.h:
+	PERM_FULL_ROOT is now no different than PERM_ROOT so remove
+	PERM_FULL_ROOT
+	[b9d047a3178c]
+
+	* check.c:
+	don't check timestamp mtime if we are just going to remove it
+	[5d2470bc6cbd]
+
+	* sudoers.pod:
+	Move sudoers defaults parameters into their own section.
+	[54701fbc0ff3]
+
+	* testsudoers.c:
+	Reduce a level of indent by a few placed continue statements.
+	[5d5a9838c8ef]
+
+	* parse.c:
+	Make matching but negated commands/hosts/runas entries override a
+	previous match as expected. Also reduce some levels of indent by a
+	few placed continue statements.
+	[dd59fa4b91a1]
+
+2007-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Print default runas in "sudo -l" if sudoers don't specify one.
+	[07d408c400bd]
+
+	* match.c:
+	Less hacky way of testing whether the domain was set.
+	[a537059776e5]
+
+2007-07-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Mention pam-devel and openldap-devel for Linux
+	[9e708c54ecc3]
+
+2007-07-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	or vs. are
+	[abe8c0f3a410]
+
+2007-07-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix typo in Solaris project support
+	[2ffeb2d80959]
+
+	* HISTORY:
+	update
+	[df162b36f120]
+
+	* sudo.c:
+	Make -- on the command line match the manual page. The implied shell
+	case has been simplified as a result.
+	[cd217a1f6694]
+
+2007-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers2ldif:
+	add simplistic support for sudoRunas; note that if a sudoers entry
+	contains multiple Runas users, all will apply to the sudoRole
+	[65b11421f5c8]
+
+	* sudoers2ldif:
+	honor SETENV and NOSETENV tags
+	[2c0d5ba7a09b]
+
+2007-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Redo setting of user_args. We now build up a private copy of argv
+	first and then replace the NULs?with spaces.
+	[ccbba72ea112]
+
+	* mon_systrace.c:
+	getcwd() returns NULL on failure, not 0 on success
+	[88cd9e66e530]
+
+	* mon_systrace.c:
+	allow chunksiz to reach 1 before erroring out
+	[619d68f14964]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[8db512d3caf0]
+
+2007-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in, env.c, gram.c, gram.h, gram.y,
+	logging.c, parse.c, parse.h, sudo.c, sudo.h, sudo.pod, sudoers.pod,
+	toke.c, toke.l:
+	Add support for setting environment variables on the command line.
+	This is only allowed if the setenv sudoers options is enabled or if
+	the command is prefixed with the SETENV tag.
+	[5744caebd969]
+
+	* README.LDAP:
+	replace Aaron's email address with the sudo-workers list
+	[2ffce5f9afc0]
+
+	* configure:
+	regen
+	[8013dff82c0c]
+
+2007-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* schema.OpenLDAP, schema.iPlanet:
+	Break schema out into separate files.
+	[15e598e4c60b]
+
+	* Makefile.in, README.LDAP:
+	Break schema out into separate files.
+	[1a53966ca1fa]
+
+2007-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/aix_auth.c:
+	free message if set by authenticate()
+	[849c220c1236]
+
+	* match.c:
+	deal with NULL gr_mem
+	[49e4d74f0bbe]
+
+2007-06-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	regen
+	[fead999ad3e9]
+
+	* configure.in:
+	add template for HAVE_PROJECT_H
+	[e6c42c2eaad1]
+
+	* closefrom.c:
+	include fcntl.h
+	[54d98b382f03]
+
+2007-06-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention --with-project
+	[d3ea3baad7c5]
+
+	* config.h.in, configure.in, sudo.c:
+	Add Solaris 10 "project" support. From Michael Brantley.
+	[f14f3c8c6554]
+
+	* sudoers.pod:
+	fix typo
+	[50db81a19787]
+
+	* configure:
+	regen
+	[ea71afd3e564]
+
+	* configure.in:
+	Fix preservation of LDFLAGS in the LDAP case.
+	[40a3a47e8059]
+
+	* memrchr.c:
+	Remove dependecy on NULL
+	[c957ae5e1733]
+
+	* configure:
+	regen
+	[4955ce0c6912]
+
+	* aclocal.m4, configure.in:
+	Can't use the regular autoconf fnmatch() check since we need
+	FNM_CASEFOLD so go back to our custom one.
+	[f10d76237486]
+
+	* env.c:
+	Fix preserving of variables in env_keep.
+	[d040049d6b84]
+
+	* env.c:
+	add XAUTHORIZATION
+	[0d589a5fe015]
+
+	* UPGRADE:
+	expand upon env resetting and mention that it began in 1.6.9 not
+	1.7.
+	[dba251655c76]
+
+	* sudoers.pod:
+	Update descriptions of env_keep and env_check to match current
+	reality.
+	[dba77357954b]
+
+2007-06-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add LINGUAS to initial_checkenv_table. Add COLORS, HOSTNAME,
+	LS_COLORS, MAIL, PS1, PS2, XAUTHORITY to intial_keepenv_table.
+	[eec4632bd190]
+
+	* env.c, logging.c:
+	Treat USERNAME environemnt variable like LOGNAME/USER
+	[09f52dcfd70c]
+
+	* env.c:
+	Don't need to populate keepenv table with the contents of the
+	checkenv table.
+	[527a14afd973]
+
+	* sudo.c:
+	Don't force sudo into the C locale.
+	[8a5bd301ef96]
+
+	* env.c:
+	Make env_check apply when env_reset it true. Environment variables
+	are passed through unless they contain '/' or '%'. There is no need
+	to have a variable in both env_check and env_keep.
+	[840c802721e4]
+
+2007-06-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Remove an duplicate lock_file() call and add a comment.
+	[5af9dcdf0eb6]
+
+	* UPGRADE:
+	Add sudo 1.6.9 upgrade note.
+	[1585149f2914]
+
+2007-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	Solaris will return EINVAL if the buffer used in SIOCGIFCONF is too
+	small. From Klaus Wagner.
+	[d6899fc44f77]
+
+	* logging.c, sudo.h:
+	Redo the long syslog line splitting based on a patch from Eygene
+	Ryabinkin. Include memrchr() for systems without it.
+	[66a50e8d553a]
+
+	* memrchr.c:
+	Redo the long syslog line splitting based on a patch from Eygene
+	Ryabinkin. Include memrchr() for systems without it.
+	[2f6702b7d41b]
+
+	* Makefile.in, config.h.in, configure, configure.in:
+	Redo the long syslog line splitting based on a patch from Eygene
+	Ryabinkin. Include memrchr() for systems without it.
+	[407a46190921]
+
+	* configure.in:
+	Since we need to be able to convert timespec to timeval for utimes()
+	the last 3 digits in the tv_nsec are not significant. This makes the
+	sudoedit file date comparison work again.
+	[9d0258849fa9]
+
+2007-06-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in:
+	Add SUDO_ADD_AUTH macro to deal with adding things to AUTH_OBJS.
+	This deals with exclusive authentication methods in a simple way.
+	[7d70072c0f35]
+
+2007-06-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	mkstemp.c is BSD code too.
+	[29e236d98162]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	No commercial support for now.
+	[7c76b3e192dd]
+
+2007-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	cleanenv() is no more.
+	[518080514408]
+
+2007-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ChangeLog:
+	Display branch info in Changelog
+	[44e3b27427c7]
+
+	* utimes.c:
+	Include config.h early so we have it for TIME_WITH_SYS_TIME
+	[4bf1a00d0703]
+
+	* ChangeLog:
+	Fix Changelog generation and update.
+	[6e960dbcbece]
+
+2007-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* closefrom.c:
+	Use /proc/self/fd instead of /proc/$$/fd
+
+	Move old-style fd closing into closefrom_fallback() and call that if
+	/proc/self/fd doesn't exist or the F_CLOSEM fcntl() fails
+	[faa7e4810758]
+
+	* auth/kerb5.c, config.h.in, configure.in:
+	o use krb5_verify_user() if available instead of doing it by hand o
+	use krb5_init_secure_context() if we have it o pass an encryption
+	type of 0 to krb5_kt_read_service_key() instead of
+	ENCTYPE_DES_CBC_MD5 to let kerberos choose.
+	[df7acf72bd7c]
+
+	* env.c:
+	Check TERM and COLORTERM for '%' and '/' characters. From Debian.
+	[f92d05197e40]
+
+	* configure.in:
+	Fix closefrom() substitution in the Makefile
+	[b642b13fcc5c]
+
+	* TROUBLESHOOTING:
+	Mention alternate sudo pronunciation.
+	[7c71dc73409f]
+
+2007-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Remove KRB5_KTNAME from environment. Allow COLORTERM.
+	[70f35a79f780]
+
+	* auth/kerb5.c:
+	If we cannot get a valid service key using the default keytab it is
+	a fatal error. Fixes a bug where sudo could be tricked into
+	allowing access when it should not by a fake KDC. From Thor Lancelot
+	Simon.
+	[a3ae6a47cb23]
+
+2007-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4, configure, configure.in:
+	Update long long checks to use AC_CHECK_TYPES and to cache values.
+	[047318eaaeb2]
+
+	* aclocal.m4, configure.in:
+	Use AC_FUNC_FNMATCH instead of a homebrew fnmatch checker. We can't
+	use AC_REPLACE_FNMATCH since that assumes replacing with GNU
+	fnmatch.
+	[80513a1003ea]
+
+2007-05-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Add closefrom() to LIB_OBJS not SUDO_OBJS if it is missing since we
+	need it for visudo now too.
+	[50837c7c2b5e]
+
+2007-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Attempt to clarify the bit talking about network numbers w/o
+	netmasks.
+	[211e68c1d034]
+
+	* sudo.pod:
+	Clarify timestamp dir ownership sentence.
+	[9178f132c7f7]
+
+2007-04-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Linux PAM now defines __LINUX_PAM__, not __LIBPAM_VERSION. From
+	Dmitry V. Levin.
+	[81fce91667bc]
+
+2007-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	-i is also one of the mutually exclusive options to list it in the
+	warning message. Noted by Chris Pepper.
+	[7da73fb248e9]
+
+2007-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.pod:
+	The sudoers variable is env_editor, not enveditor. From Jean-
+	Francois Saucier.
+	[2a86ec09a6db]
+
+2007-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* redblack.c:
+	I tracked down the original author so credit him and include his
+	license info.
+	[3733553a1bba]
+
+2007-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+	sudoers.pod:
+	Fix typos; from Jason McIntyre.
+	[1ee4ce2512f2]
+
+	* logging.c:
+	Restore signal mask before calling reapchild(). Fixes a possible
+	race condition that could prevent sudo from properly waiting for the
+	child.
+	[9ee4192385dc]
+
+2007-01-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Don't declare pw_free() if we are not going to use it.
+	[adb79a4289ca]
+
+	* env.c:
+	Add NOEXEC support for AIX 5.3 which supports LDR_PRELOAD and
+	LDR_PRELOAD64. The 64-bit version is not currently supported.
+	Remove zero_env() prototype as it no longer exists.
+	[b4fe65027fb6]
+
+2006-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Add "Auto-Submitted: auto-generated" line to sudo mail for rfc 3834.
+	[78002ad90f7b]
+
+2006-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	If the user enters ^C at the password prompt, abort instead of
+	trying to authenticate with an empty password (which causes an
+	annoying delay).
+	[da3f27b747c7]
+
+2006-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* closefrom.c, config.h.in, configure, configure.in:
+	Add fcntl F_CLOSEM support to closefrom(); adapted from a diff by
+	Darren Tucker.
+	[0331b7780759]
+
+	* pwutil.c:
+	pw_free() is only used by sudo_freepwcache() so ifdef it out too.
+	[0014c0d9eeba]
+
+2006-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	Update to latest versions from cvs.savannah.gnu.org
+	[aa0143101c20]
+
+2006-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, sudo_edit.c:
+	Move password/group cache cleaning out of sudo_end{pw,grp}ent() so
+	we can close the passwd/group files early.
+	[559074bd7eb7]
+
+	* config.h.in, configure, configure.in, set_perms.c:
+	Add seteuid() flavor of set_perms() for systems without setreuid()
+	or setresuid() that have a working seteuid(). Tested on Darwin.
+	[508d8da99189]
+
+2006-07-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	systrace_read() returns ssize_t
+	[9f97d1d1a59d]
+
+	* configure, configure.in:
+	Fix typo, -lldap vs. -ldap; from Tim Knox.
+	[a8cc43c3bb2a]
+
+2006-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	Fix typo; Matt Ackeret
+	[86964ee3dfbd]
+
+2006-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Print sudoers path in -V mode for root.
+	[dc43f2d75bd9]
+
+2006-06-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Do a sub tree search instead of a base search (one level in the tree
+	only) for sudo right objects. This allows system administrators to
+	categorize the rights in a tree to make them easier to manage.
+	[6d2d9abf996e]
+
+2005-12-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	fix typo
+	[1473413bcbda]
+
+2005-12-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Convert GET_OPT and GET_OPTI to use just 2 args. Add timelimit and
+	bind_timelimit support; adapted from gentoo.
+	[afc816093026]
+
+2005-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Support comments that start in the middle of a line
+	[c25df6ee3db8]
+
+	* configure, configure.in:
+	Define LDAP_DEPRECATED until we start using ldap_get_values_len()
+	[ee249bfe230a]
+
+2005-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* closefrom.c:
+	Silence gcc -Wsign-compare; djm@openbsd.org
+	[28769ce6418d]
+
+	* error.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	cleanup() now takes an int as an arg so it can be used as a signal
+	handler too.
+	[2bb0df34d09c]
+
+	* sudo.c:
+	Make a copy of the shell field in the passwd struct for NewArgv to
+	avoid a use after free situation after sudo_endpwent() is called.
+	[5dcc9ffd362e]
+
+2005-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in:
+	Add mkstemp() for those poor souls without it.
+	[5fdd02e863e0]
+
+	* mkstemp.c:
+	Add mkstemp() for those poor souls without it.
+	[c99401207860]
+
+	* Makefile.in:
+	Add mkstemp() for those poor souls without it.
+	[9c1cf2678f24]
+
+2005-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add PERL5DB to list of environment variables to remove.
+	[7375c27ecf75]
+
+2005-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c, mon_systrace.h:
+	Instead of calling the check function twice with a state cookie use
+	separate check/log functions.
+
+	Check more ioctl() calls for failure.
+
+	systrace_{read,write} now return the number of bytes read/written or
+	-1 on error.
+	[3dc8946d90e9]
+
+	* env.c:
+	Add more environment variables to remove; from gentoo linux Add some
+	comments about what bad env variables go to what (more to do)
+	[6918110a6b82]
+
+2005-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo_edit.c:
+	Move sudo_end{gr,pw}ent() until just before the exec since they free
+	up our cached copy of the passwd structs, including sudo_user and
+	sudo_runas. Fixes a use-after-free bug.
+	[54de3778bad0]
+
+	* visudo.c:
+	Close all fd's before executing editor.
+	[4fcc05e1bec8]
+
+	* sudo.c:
+	Enable malloc debugging on OpenBSD when SUDO_DEVEL is set.
+	[ef0e8ffa5c9f]
+
+	* check.c:
+	Fix fd leak when lecture file option is enabled. From Jerry Brown
+	[ce97f9207cd8]
+
+2005-11-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add PERLLIB, PERL5LIB and PERL5OPT to the default list of
+	environment variables to remove. From Charles Morris
+	[c96e1367d1c1]
+
+2005-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	add JAVA_TOOL_OPTIONS to initial_badenv_table for java 5
+	[72a6a1571226]
+
+2005-10-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	add PS4 and SHELLOPTS to initial_badenv_table for bash
+	[89dfb3f318f3]
+
+2005-08-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix typo; Toby Peterson
+	[b7a3222b23f4]
+
+2005-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tsgetgrpw.c:
+	Make return buffers static so they don't get clobbered
+	[13323a39b9f5]
+
+2005-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid5.c:
+	Fix securid5 authentication, was not checking for ACM_OK. Also add
+	default cases for the two switch()es. Problem noted by ccon at
+	worldbank
+	[14091e418333]
+
+2005-06-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Remove ncat() in favor of just counting bytes and pre-allocating
+	what is needed.
+	[25b8712adb61]
+
+2005-06-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Fix up some comments Add missing fclose() for the rootbinddn case
+	[ae95c8a89711]
+
+	* ldap.c:
+	align struct ldap_config
+	[35d0d64c76f8]
+
+	* ldap.c:
+	use LINE_MAX for max conf file line size
+	[da116cb8853d]
+
+	* pathnames.h.in:
+	add _PATH_LDAP_SECRET
+	[128b04ecfab7]
+
+	* README.LDAP:
+	Mention rootbinddn Give example ou=SUDOers container
+	[852edc69bd1c]
+
+2005-06-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, configure, configure.in, ldap.c:
+	Support rootbinddn in ldap.conf
+	[1615c91522a1]
+
+	* env.c, sudo.pod, sudoers.pod:
+	Preserve DISPLAY environment variable by default.
+	[05f503d5f438]
+
+	* acsite.m4, configure:
+	set need_lib_prefix=no for all cases; this is safe for LD_PRELOAD
+	[18a04dea8d05]
+
+	* acsite.m4, configure:
+	set need_version=no for all cases; this is safe for LD_PRELOAD
+	[b542560e1a73]
+
+	* aclocal.m4:
+	typo
+	[c040df0fcd5a]
+
+	* configure, configure.in:
+	Add dragonfly
+	[f13794618636]
+
+	* auth/pam.c:
+	Fix call to pam_end() when pam_open_session() fails.
+	[0be47cdfdef1]
+
+	* configure:
+	regen
+	[7f5c13b4b800]
+
+	* acsite.m4:
+	rebuild acsite.m4 from libtool 1.9f libtool.m4 ltoptions.m4
+	ltsugar.m4 ltversion.m4
+	[a7ba9fd1a2ab]
+
+	* config.guess, config.sub, ltmain.sh:
+	merge in local changes: config.guess: o better openbsd support
+	config.sub: o hiuxmpp support ltmain.sh o remove requirement that
+	libs must begin with "lib" o don't print a bunch of crap about
+	library installs o don't run ldconfig
+	[f4149f2c720f]
+
+	* config.guess, config.sub, ltmain.sh:
+	libtool 1.9f
+	[82a534e7121f]
+
+	* configure.in:
+	Update with autoupdate and make minor changes for libtool 1.9f
+	[11b5ae5c1428]
+
+2005-06-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	don't call sudo_ldap_display_cmnd if ldap not setup
+	[8bcf6c094ffe]
+
+	* sudo_edit.c, visudo.c:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[b95c333299a0]
+
+	* gettime.c:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[021b4569cc0c]
+
+	* fileops.c:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[dd8573b2ee7d]
+
+	* emul/timespec.h:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[f95137771564]
+
+	* check.c, compat.h:
+	Move declatation of struct timespec to its own include files for
+	systems without it since it needs time_t defined.
+	[2ef2ace8fe85]
+
+	* ldap.c:
+	Don't set safe_cmnd for the "sudo ALL" case.
+	[ad7fa9e07da0]
+
+2005-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Call pam_open_session() and pam_close_session() to give pam_limits a
+	chance to run. Idea from Karel Zak.
+	[fed46d471350]
+
+2005-04-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, sudo.c:
+	Add explicit cast from mode_t -> u_int in printf to silence warnings
+	on Solaris
+	[17bb961fe22d]
+
+	* parse.c:
+	include grp.h to silence a warning on Solaris
+	[14386fbab640]
+
+2005-04-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Fix printing of += and -= defaults.
+	[a667604c56cd]
+
+2005-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Sanity check number of syscall args with argsize. Not really needed
+	but a little paranoia never hurts.
+	[6bb455a2c2d6]
+
+	* mon_systrace.c, mon_systrace.h:
+	Don't do pointer arithmetic on void * Use int, not size_t/ssize_t
+	for systrace lengths (since it uses int)
+	[3cafccffcffd]
+
+2005-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Add some memsets for paranoia Fix namespace collsion w/ error Check
+	rval of decode_args() and update_env() Remove improper setting of
+	validated variable
+	[3d385158354d]
+
+2005-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c, sudo.h:
+	In -l mode, only check local sudoers file if def_ignore_sudoers is
+	not set and call LDAP versions from display_privs() and
+	display_cmnd() instead of directly from main(). Because of this we
+	need to defer closing the ldap connection until after -l processing
+	has ocurred and we must pass in the ldap pointer to display_privs()
+	and display_cmnd().
+	[1dfc2e8c9f2b]
+
+	* ldap.c:
+	Reorganize LDAP code to better match normal sudoers parsing.
+	Instead of storing strings for later printing in -l mode we do
+	another query since the authenticating user and the user being
+	listed may not be the same (the new -U flag). Also add support for
+	"sudo -l command".
+
+	There is still a fair bit if duplicated code that can probably be
+	refactored.
+	[e9568f19bde5]
+
+2005-04-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Replace pass variable with do_netgr for better readability.
+	[1bba841b6e79]
+
+	* ldap.c:
+	use DPRINTF macro
+	[02b159b66bb5]
+
+	* ldap.c:
+	estrdup, not strdup
+	[22cdee7973c1]
+
+2005-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Add macro to test if the tag changed to improve readability.
+	[4e11b4819556]
+
+	* parse.c:
+	Avoid printing defaults header if there are no defaults to print...
+	[41a28627df03]
+
+	* glob.c:
+	Fix a warning on systems without strlcpy().
+	[6814e0f0e4f4]
+
+	* pwutil.c:
+	Use macros where possible for sudo_grdup() like sudo_pwdup().
+	[30f201ff35cd]
+
+2005-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* utimes.c:
+	It is possible for tv_usec to hold >= 1000000 usecs so add in
+	tv_usec / 1000000.
+	[794ac4d53a65]
+
+2005-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	The component in krb5_principal_get_comp_string() should be 1, not 0
+	for Heimdal. From Alex Plotnick.
+	[fefa351c5044]
+
+2005-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c, alloc.c, check.c, defaults.c, find_path.c, gram.c, gram.y,
+	interfaces.c, ldap.c, logging.c, match.c, mon_systrace.c, pwutil.c,
+	redblack.c, sudo.c, sudo.h, toke.c, toke.l, visudo.c:
+	Add efree() for consistency with emalloc() et al. Allows us to rely
+	on C89 behavior (free(NULL) is valid) even on K&R.
+	[7876bb80d87c]
+
+	* parse.c, sudo.c:
+	Move initgroups() for -U option into display_privs() so group
+	matching in sudoers works correctly.
+	[b074428ad2ca]
+
+2005-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Removed duplicate call to ldap_unbind_s introduced along with
+	sudo_ldap_close.
+	[19acc1c20f7c]
+
+	* parse.c:
+	Add missing space in Defaults printing
+	[95d2935bf6d4]
+
+2005-03-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Sync sudo_pwdup with OpenBSD changes: use macros for size computaton
+	and string copies.
+	[6b6b241495e5]
+
+2005-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Zero old pw_passwd before replacing with version from shadow file.
+	[3251b349dfe1]
+
+	* configure, configure.in:
+	Only attempt shadow password detection if PAM is not being used Add
+	shadow_* variables to make shadow password detection more generic.
+	[d498a3423ac9]
+
+	* configure.in:
+	Use OSDEFS for os-specific -D_FOO_BAR stuff rather than CPPFLAGS
+	[04d55bbd5e35]
+
+2005-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	use a non-breaking space to avoid a double space after e.g.
+	[11cdb54bdf7b]
+
+	* sudo.pod:
+	commna, not colon after e.g.
+	[8d5875ff72e0]
+
+2005-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_noexec.c:
+	Add __ variants of the exec functions. GNU libc at least uses
+	__execve() internally.
+	[d1880473d790]
+
+	* indent.pro:
+	Match reality a bit more.
+	[633e3fa875a7]
+
+	* pwutil.c:
+	Missed piece from rev. 1.6, fix sudo_getpwnam() too.
+	[128f7b21c2ee]
+
+	* pwutil.c:
+	Store shadow password after making a local copy of struct passwd in
+	case normal and shadow routines use the same internal buffer in
+	libc.
+	[f806052a6ffc]
+
+2005-03-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alloc.c, logging.c:
+	Make varargs usage consistent with the rest of the code.
+	[3d45affc9851]
+
+2005-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_noexec.c:
+	Wrap more of the exec family since on Linux the others do not appear
+	to go through the normal execve() path.
+	[8167769b4e19]
+
+	* visudo.c:
+	make print_unused static like proto says
+	[ecf10e1bae55]
+
+	* glob.c:
+	silence a warning on K&R systems
+	[2e00425f1a5c]
+
+	* alias.c, error.c:
+	make this build in K&R land
+	[156f65f8525a]
+
+	* parse.c:
+	make this build in K&R land
+	[6fc9276889cb]
+
+2005-03-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c:
+	regen
+	[3b349748cd21]
+
+2005-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	return(foo) not return foo optimize _atobool() slightly
+	[11d09d154ed5]
+
+	* ldap.c:
+	Use TRUE/FALSE
+	[53999320d98f]
+
+	* ldap.c:
+	Reformat to match the rest of sudo's code.
+	[1bd0f2afa0e7]
+
+	* sudo.pod:
+	I am the primary author
+	[5d311ecd85c6]
+
+2005-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, README, RUNSON:
+	The RUNSON file is toast--it confused too many people and really
+	isn't needed in a configure-oriented world.
+	[96a6ef7bbc08]
+
+	* INSTALL:
+	alternate -> alternative
+	[b65015c5d0a2]
+
+	* tgetpass.c:
+	Use TCSADRAIN instead of TCSAFLUSH since some OSes have issues with
+	TCSAFLUSH.
+	[c66b4763ffdc]
+
+	* toke.l:
+	Allow leading blanks before Defaults and Foo_Alias definitions
+	[2add513d9277]
+
+	* Makefile.in:
+	fix rules to build toke.o and gram.o in devel mode
+	[96cbb414ebd3]
+
+2005-02-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	env_keep overrides set_logname
+	[401877193a15]
+
+	* env.c:
+	Fix disabling set_logname and make env_keep override set_logname.
+	[0906e7a5ed93]
+
+	* compat.h, config.h.in, configure, configure.in:
+	No longer need memmove()
+	[43bdb6efe3f2]
+
+	* env.c, sudo.c:
+	Just clean the environment once. This assumes that any further
+	setenv/putenv will be able to handle the fact that we replaced
+	environ with our own malloc'd copy but all the implementations I've
+	checked do.
+	[11658fe92ba2]
+
+2005-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	In -i mode, base the value of insert_env()'s dupcheck flag on
+	DID_FOO flags. Move checks for $HOME resetting into rebuild_env()
+	[8365b0bd0c71]
+
+2005-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	Move setting of user_path, user_shell, user_prompt and prev_user
+	into init_vars() since user_shell at least is needed there.
+	[37e22dce66e9]
+
+2005-02-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	fix devel builds
+	[9fbb15ef164c]
+
+	* sudo.c:
+	Fix some printf format mismatches on error.
+	[ffc1c3f11740]
+
+	* check.c:
+	Fix some printf format mismatches on error.
+	[7b3b508adf50]
+
+	* configure, gram.c, toke.c:
+	regen
+	[aa76f9d8b02a]
+
+	* Makefile.in, aclocal.m4, alias.c, alloc.c, auth/afs.c,
+	auth/aix_auth.c, auth/bsdauth.c, auth/dce.c, auth/fwtk.c,
+	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/securid5.c,
+	auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h, check.c,
+	closefrom.c, compat.h, configure.in, defaults.c, defaults.h,
+	emul/utime.h, env.c, error.c, fileops.c, find_path.c, getprogname.c,
+	getspwuid.c, gettime.c, goodpath.c, gram.y, interfaces.c,
+	interfaces.h, ldap.c, logging.c, logging.h, match.c, mon_systrace.c,
+	parse.c, redblack.c, redblack.h, set_perms.c, sigaction.c,
+	snprintf.c, strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c,
+	sudo.h, sudo.pod, sudo_edit.c, sudo_noexec.c, sudoers.pod,
+	testsudoers.c, tgetpass.c, toke.l, utimes.c, version.h, visudo.c,
+	visudo.pod, zero_bytes.c:
+	Update copyright years.
+	[0610c3654739]
+
+	* Makefile.binary.in:
+	Update copyright years.
+	[d78ffc9f2e2b]
+
+	* LICENSE:
+	Update copyright years.
+	[f60473bca4b1]
+
+	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+	version 1.7
+	[aa977a544ca1]
+
+	* WHATSNEW:
+	What's new in sudo 1.7, based on the 1.7 CHANGES entries.
+	[ecfcf7269c14]
+
+2005-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, logging.h, sudo.h:
+	Add __printflike and use it with gcc to warn about printf-like
+	format mismatches
+	[b192ad4a0548]
+
+2005-02-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, ChangeLog:
+	Replaced CHANGES file with ChangeLog generated from cvs logs
+	[d9ace9dab98f]
+
+	* set_perms.c:
+	Use warning/error instead of perror/fatal.
+	[e33259df7738]
+
+	* config.guess:
+	Update OpenBSD section
+	[9d2c23de6801]
+
+	* UPGRADE:
+	Add upgrading noted for 1.7
+	[1fb6b6d6df07]
+
+	* env.c, sudo.c, sudoers.pod:
+	Instead of zeroing out the environment, just prune out entries based
+	on the env_delete and env_check lists. Base building up the new
+	environment on the current environment and the variables we removed
+	initially.
+	[fc192df8fd15]
+
+	* config.h.in, configure, configure.in, sudo.c:
+	Set locale to "C" if locales are supported, just to be safe.
+	[91fbaa98f02e]
+
+	* toke.c, toke.l:
+	Cast?argument to ctype functions to unsigned char.
+	[e096b4d65796]
+
+2005-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	correct value for DID_USER
+	[b5b05d36ec15]
+
+	* error.c, fnmatch.c, getcwd.c, glob.c, snprintf.c:
+	#include <compat.h> not "compat.h"
+	[7a0ad9a0ccd7]
+
+	* defaults.c:
+	Reset the environment by default.
+	[4ecc6423e0f0]
+
+	* sudo.c:
+	Alloc an extra slot in NewArgv. Removes the need to malloc an new
+	vector if execve() fails.
+	[83dfb6f584a7]
+
+2005-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, config.h.in, configure, configure.in, sudo.c:
+	Use execve(2) and wrap the command in sh if we get ENOEXEC.
+	[c0c6af4e2a21]
+
+2005-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_noexec.c:
+	Only include time.h on systems that lack struct timespec which gets
+	defind in compat.h (using time_t).
+	[e373e518b4cb]
+
+	* sudo_noexec.c:
+	Include time.h for time_t in compat.h for systems w/o struct
+	timespec.
+	[a34b5637e458]
+
+	* compat.h, config.h.in, configure, configure.in:
+	use bcopy on systems w/o memmove
+	[f835eafd78c6]
+
+	* compat.h:
+	__attribute__((__unused__)) doesn't work in gcc 2.7.2.1 so limit its
+	use to gcc >= 2.8.
+	[1cb9a4e58566]
+
+	* Makefile.in:
+	Add explicit rule to build sudo_noexec.lo
+	[df1dfcf8dd77]
+
+2005-02-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL.configure, Makefile.in:
+	No longer depend on VPATH; pointed out a bunch of missed
+	dependencies.
+	[601a45d4af6b]
+
+	* TROUBLESHOOTING:
+	Help for PAM when account section is missing
+	[9b8221256756]
+
+	* auth/pam.c:
+	Give user a clue when there is a missing "account" section in the
+	PAM config.
+	[2529625c0495]
+
+	* auth/pam.c:
+	Better error handling.
+	[518c9bda23d8]
+
+	* config.h.in, configure, configure.in:
+	Move _FOO_SOURCE to CPPFLAGS so it takes effect as early as
+	possible. Silences a warning about isblank() on linux.
+	[19c94d7ecdc8]
+
+	* auth/pam.c:
+	Fix typo (missing comma) that caused an incorrect number of args to
+	be passed to log_error().
+	[0099dfec560f]
+
+2005-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c:
+	Don't try to destroy a tree we didn't create.
+	[d43c4fe03aa4]
+
+2005-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+	compat.h, defaults.c, env.c, error.c, fileops.c, find_path.c,
+	fnmatch.c, getcwd.c, getprogname.c, getspwuid.c, gettime.c,
+	goodpath.c, gram.c, gram.y, interfaces.c, ldap.c, logging.c,
+	match.c, mon_systrace.c, parse.c, pwutil.c, set_perms.c,
+	sigaction.c, snprintf.c, strcasecmp.c, strerror.c, strlcat.c,
+	strlcpy.c, sudo.c, sudo_edit.c, sudo_noexec.c, testsudoers.c,
+	tgetpass.c, toke.c, toke.l, utimes.c, visudo.c, zero_bytes.c:
+	Add __unused to rcsids
+	[ad6b4ac45705]
+
+2005-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix error message when mixing invalid auth types
+	[68069b3ff5bc]
+
+	* INSTALL:
+	PAM, AIX auth, BSD auth and login_cap are now on by default if the
+	OS supports them.
+	[4e44e9098cf0]
+
+	* auth/sudo_auth.h, config.h.in:
+	s/HAVE_AUTHENTICATE/HAVE_AIXAUTH/g
+	[2d569b43b23e]
+
+	* configure.in:
+	Better checking for conflicting authentication methods Display the
+	authentication methods used at the end of configure Rename --with-
+	authenticate -> --with-aixauth Use --with-aixauth, --with-bsdauth,
+	--with-pam, --with-logincap by default on systems that support them
+	unless disabled. Add OSMAJOR variable that replaces old OSREV; now
+	OSREV has full version number
+	[a21115b6fe9f]
+
+2005-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.in, sudo.c, sudoers.pod:
+	s/-O/-C/
+	[ee73f1b81923]
+
+2005-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	Replace: test -n "$FOO" || FOO="bar"
+
+	With: : ${FOO='bar'}
+	[37552d9054fc]
+
+2005-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* pwutil.c, testsudoers.c, tsgetgrpw.c:
+	Use function pointers to only call private passwd/group routines
+	when using a nonstandard passwd/group file.
+	[215908681dfb]
+
+2005-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	sync
+	[2e55c03f5790]
+
+	* tsgetgrpw.c:
+	Can't use strtok() since it doesn't handle empty fields so add
+	getpwent()/getgrent() functions and call those.
+	[bdaa5b0db70e]
+
+2005-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Fix dummied out toke.c and gram.c dependencies.
+	[4b909c8b2ebe]
+
+	* Makefile.in:
+	Rename PARSESRCS -> GENERATED since it is only used in the clean
+	target Add devdir variable and use it to specify the path to parser
+	sources
+	[f27b3f41ca23]
+
+	* configure:
+	regen
+	[22c6435dbd46]
+
+	* configure.in:
+	Add a devdir variables that defaults to $(srcdir) and is set to . if
+	--devel was specified. Allows for proper dependecies building the
+	parser.
+	[a36d694c6d21]
+
+	* testsudoers.c:
+	Add support for custom passwd/group files.
+	[296549ff4b87]
+
+	* Makefile.in:
+	Build private copy of pwutil.o for testsudoers with MYPW defined so
+	it uses our own passwd/group routines.
+	[bafa54ec78ca]
+
+	* visudo.c:
+	Remove sudo_*{pw,gr}* stubs and add sudo_setspent/sudo_endspent
+	stubs instead. We can now just use the caching sudo_*{pw,gr}*
+	functions in pwutil.c Add comment about wanting to call
+	sudo_endpwent/sudo_endgrent in cleanup()
+	[7e59d6b5510d]
+
+	* tsgetgrpw.c:
+	Remove caching; we will just use what is in pwutil.c Use global
+	buffers for passwd/group structs Rename functions from sudo_* to
+	my_*
+	[8c1e068f574c]
+
+	* logging.c, sudo.c:
+	g/c pwcache_init/pwcache_destroy
+	[60a24909b947]
+
+	* sudo.h:
+	Undo last commit and add sudo_setspent and sudo_endspent instead.
+	[bac80db08296]
+
+	* getspwuid.c, pwutil.c:
+	Move all but the shadow stuff from getspwuid.c to pwutil.c and
+	pwcache_get and pwcache_put as they are no longer needed. Also add
+	preprocessor magic to use private versions of the passwd and group
+	routines if MYPW is defined (for use by testsudoers).
+	[a16b8678a426]
+
+	* tsgetgrpw.c:
+	zero out struct passwd/group before filling it in so if there are
+	fields we don't handle they end up as 0.
+	[274cb6a93301]
+
+	* logging.c, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	Adapt to pwutil.c
+	[43ebd04c8b82]
+
+	* Makefile.in:
+	Add tsgetgrpw.c and pwutil.c Rename the *OBJ variables for better
+	readability.
+	[7f88c6061e2d]
+
+	* tsgetgrpw.c:
+	Passwd and group lookup routines for testsudoers that support
+	alternate passwd and group files.
+	[d7803101d34e]
+
+	* getspwuid.c, pwutil.c:
+	Split off pw/gr cache and dup code into its own file. This allows
+	visudo and testsudoers to use the pw/gr cache too.
+	[ef333d3ffedf]
+
+2005-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Print Defaults info in "sudo -l" output and wrap lines based on the
+	terminal width.
+	[e559eae4250e]
+
+2005-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c, testsudoers.c, visudo.c:
+	Only check group vector in usergr_matches() if we are matching the
+	invoking or list user. Always check the group members, even if
+	there was a group vector.
+	[d0c7ceb2a041]
+
+2004-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, fnmatch.3:
+	No longer bundle fnmatch.3
+	[72db4a4ff4e1]
+
+	* CHANGES, TODO:
+	checkpoint
+	[e92781bfd99c]
+
+2004-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	sort usage
+	[15e3b876ec2c]
+
+	* sudo.pod:
+	Sort command line options
+	[c1fa56584bc4]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, logging.c, sudo.c,
+	sudo.pod, sudoers.pod:
+	Add closefrom sudoers option to start closing at a point other than
+	3. Add closefrom_override sudoers option and -C sudo flag to allow
+	the user to specify a different closefrom starting point.
+	[370652b099d1]
+
+	* pathnames.h.in:
+	Add _PATH_DEVNULL for those without it.
+	[0c4c3e0ceb8b]
+
+	* LICENSE:
+	no more UCB strcasecmp
+	[397a6298e07f]
+
+	* strcasecmp.c:
+	replace BSD licensed one with version derived from pdksh
+	[d7cfda8c57a2]
+
+2004-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Fix last commit.
+	[7afb9a180532]
+
+	* sudo.c:
+	Make sure stdin, stdout and stderr are open and dup them to
+	/dev/null if not.
+	[590f387068bd]
+
+2004-12-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c, mon_systrace.c, sudo.c, sudo.h:
+	add sudo_ldap_close
+	[4273a36765a7]
+
+	* fileops.c, gettime.c, sudo.c, sudo_edit.c, utimes.c, visudo.c:
+	Use TIME_WITH_SYS_TIME
+	[c32b59bf15fb]
+
+	* config.h.in, configure, configure.in:
+	Add TIME_WITH_SYS_TIME_H
+	[57cb146f451d]
+
+2004-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Add missing braces to avoid DYLD_FORCE_FLAT_NAMESPACE being set
+	unconditionally on darwin. From Toby Peterson.
+	[d69959681c87]
+
+	* getspwuid.c:
+	Check rbinsert() return value. In the case of faked up entries
+	there is usually a negative response cached that we need to
+	overwrite.
+
+	In pwfree() don't try to zero out a NULL pw_passwd pointer.
+	[00b32d1a48c1]
+
+	* mon_systrace.c:
+	Use the double fork trick to avoid the monitor process being waited
+	for by the main program run through sudo.
+	[e0ce556712ff]
+
+2004-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Call initgroups() in -U mode so group matches work normally.
+	[2235bea15283]
+
+	* def_data.h, mkdefaults:
+	Don't print a trailing comma for the last entry in enum def_tupple
+	[c43a96bb31df]
+
+2004-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention values when lecture, listpw and verifypw are used in boolean
+	context.
+	[a0b5c0abaccf]
+
+	* def_data.c, def_data.in:
+	verifypw when used in a boolean TRUE context should be "all", not
+	"any".
+	[2eb076ddd5e2]
+
+2004-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.in, defaults.c:
+	Allow tuples that can be used as booleans to be used as boolean
+	TRUE. In this case the 2nd possible value of the tuple is used for
+	TRUE.
+	[bd99aa77e88b]
+
+2004-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Correct the test for 2-parameter timespecsub
+	[d41c9cb26b97]
+
+	* sudo.h:
+	Add strub struct definitions for passwd, timeval and timespec
+	[c4ce5c43d8c5]
+
+	* config.h.in, configure, configure.in, sudo_edit.c, visudo.c:
+	Add check for 2-argument form of timespecsub (FreeBSD and BSD/OS)
+	and fix a typo in the gettimeofday check.
+	[8ac9893057ce]
+
+2004-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c, testsudoers.c:
+	Deal with user_stat being NULL as it is for visudo and testsudoers.
+	[3605a6ff64d0]
+
+	* parse.c, sudo.c, sudo.cat, sudo.h, sudo.man.in, sudo.pod:
+	Add -U option to use in conjunction with -l instead of -u. Add
+	support for "sudo -l command" to test a specific command.
+	[99638789d415]
+
+	* gram.c, gram.y, sudo.c:
+	Set safe_cmnd after sudoers_lookup() if it has not been set.
+	Previously it was set by sudo "ALL" in the parser but at that point
+	the fully-qualified pathname has not yet been found.
+	[ac30d98f8225]
+
+2004-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, testsudoers.c:
+	Correctly handle multiple privileges per userspec and runas
+	inheritence.
+	[a98a965181af]
+
+2004-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Zero out sd_un for each entry in sudo_defs_table in init_defaults.
+	[031d3cd4a848]
+
+2004-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* toke.c, toke.l:
+	make per-command defaults work with sudoedit
+	[e56fe33db916]
+
+	* ldap.c, parse.c, sudo.c, sudo.h:
+	Remove the FLAG_NOPASS, FLAG_NOEXEC and FLAG_MONITOR flags.
+	Instead, we just set the approriate defaults variable.
+	[756eeecc1d86]
+
+	* sample.sudoers, sudoers.cat, sudoers.man.in, sudoers.pod:
+	Document per-command Defaults.
+	[92a0f84b91c1]
+
+	* defaults.c, defaults.h, gram.c, gram.h, gram.y, mon_systrace.c,
+	sudo.c, testsudoers.c, toke.c, toke.l, visudo.c:
+	Add support for command-specific Defaults entries. E.g.
+	Defaults!/usr/bin/vi noexec
+	[be3d52bf01cf]
+
+	* defaults.c, match.c, parse.c, parse.h, testsudoers.c:
+	Change an occurence of user_matches() -> runas_matches() missed
+	previously runas_matches(), host_matches() and cmnd_matches() only
+	really need to pass in a list of members. user_matches() still
+	needs to pass in a passwd struct because of "sudo -l"
+	[833b22fc6fa0]
+
+	* parse.c:
+	Check def_authenticate, def_noexec and def_monitor when setting
+	return flags. XXX May be better to just set the defaults directly
+	and get rid of those flags.
+	[b6db22b59d69]
+
+	* alias.c, alloc.c, auth/afs.c, auth/aix_auth.c, auth/bsdauth.c,
+	auth/dce.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c,
+	auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, check.c, closefrom.c,
+	defaults.c, env.c, error.c, fileops.c, find_path.c, fnmatch.c,
+	getcwd.c, getprogname.c, getspwuid.c, gettime.c, glob.c, goodpath.c,
+	gram.c, gram.y, interfaces.c, ldap.c, logging.c, match.c,
+	mon_systrace.c, parse.c, redblack.c, set_perms.c, snprintf.c,
+	strcasecmp.c, strerror.c, strlcat.c, strlcpy.c, sudo.c, sudo_edit.c,
+	sudo_noexec.c, testsudoers.c, tgetpass.c, toke.c, toke.l, utimes.c,
+	visudo.c, zero_bytes.c:
+	Use: #include <config.h> Not: #include "config.h" That way we get
+	the correct config.h when build dir != src dir
+	[97e5670a442b]
+
+	* Makefile.in:
+	Back out part of rev 1.263; fix -I order
+	[197ea01cad5d]
+
+	* toke.c, toke.l:
+	More robust parsing if #include; could be much better still.
+	[31bc3cd8f045]
+
+	* sudo_edit.c, visudo.c:
+	Make arg splitting in visudo and sudoedit consistent.
+	[7bc74485f246]
+
+	* Makefile.in, alias.c, gram.c, gram.y, parse.h:
+	Split alias routines out into their own file.
+	[d90f633cf9ae]
+
+	* error.h:
+	__attribute__ is already defined in compat.h
+	[676ed3fe9203]
+
+	* visudo.c:
+	quit() should not be __noreturn__ as it is non-void on some
+	platforms.
+	[e528c2b6ba10]
+
+	* auth/fwtk.c, auth/rfc1938.c, auth/securid.c, auth/securid5.c:
+	Add local error/warning functions like err/warn but that call an
+	additional cleanup routine in the error case. This means we no
+	longer need to compile a special version of alloc.o for visudo.
+	[e78e8aae882e]
+
+	* parse.h:
+	Clarify comments about the data structures
+	[ae894e266701]
+
+2004-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Add support for VISUAL and EDITOR containing command line args. If
+	env_editor is not set any args in VISUAL and EDITOR are ignored.
+	Arguments are also now supported in def_editor.
+	[ff7303b8e298]
+
+2004-11-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.h:
+	alias_matches() is no more
+	[b59825e28084]
+
+	* CHANGES, TODO:
+	sync
+	[2b8f5f63c1de]
+
+	* Makefile.in:
+	When regenerating the parser, don't replace gram.h unless it has
+	changed.
+	[819949668018]
+
+	* Makefile.in:
+	remove Makefile.binary for distclean
+	[351eec8d00b2]
+
+	* env.c:
+	Preserve KRB5CCNAME in zero_env() and add a paranoia check to make
+	sure we can't overflow new_env.
+	[3284d17b9c6d]
+
+	* sudo_edit.c:
+	paranoia when stripping trailing slashes from tempdir.
+	[012f1aa2b81f]
+
+	* sudo.c:
+	Set user_ngroups to 0 if getgroups() returns an error.
+	[c46d43e9449a]
+
+2004-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, sudo.c:
+	Add configure check for getgroups()
+	[5d8a214e2cef]
+
+	* ldap.c:
+	Use supplementary group vector in struct sudo_user.
+	[3d0c463c034d]
+
+	* match.c:
+	Only do string comparisons on the group members if there is no
+	supplemental group list.
+	[be1c8362f7ef]
+
+	* CHANGES, TODO:
+	sync
+	[db188bc5b975]
+
+	* sudo_edit.c:
+	On Digital UNIX _PATH_VAR_TMP doesn't end with a trailing slash so
+	chop off any trailing slashes we see and add an explicit one.
+	[e1b477dafee1]
+
+	* match.c:
+	remove bogus XXX comment
+	[8aecb8a28d40]
+
+	* match.c:
+	Get rid of alias_matches and correctly fall through to the non-alias
+	cases when there is no alias with the specified name.
+	[2cd555246f09]
+
+	* getspwuid.c:
+	Cache non-existent passwd/group entries too.
+	[8de9a467d271]
+
+	* gram.c:
+	regen
+	[9ece18c58f36]
+
+	* getspwuid.c:
+	fix typo
+	[9a7ae371eac1]
+
+	* check.c, getspwuid.c, glob.c, ldap.c, logging.c, match.c,
+	mon_systrace.h, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	Implement group caching and use the passwd and group caches
+	throughout.
+	[f1d8c5015169]
+
+2004-11-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* match.c:
+	Properly negate the return value of alias_matches() when
+	appropriate.
+	[ce59c4ce77ad]
+
+	* match.c:
+	Make hostname_matches() return TRUE for a match, else FALSE like the
+	caller expects.
+	[1dc03902d3a2]
+
+	* Makefile.in:
+	Add missing dependencies on gram.h
+	[4f94bbb1d50c]
+
+	* match.c:
+	Use runas_matches in alias_matches() now that we have it.
+	[284d22e91178]
+
+	* parse.c, parse.h:
+	Expand aliases in "sudo -l" mode
+	[f67a38b79c44]
+
+	* gram.y, match.c:
+	Use ALIAS for the member type when storing an alias instead of
+	HOSTALIAS/RUNASALIAS/CMNDALIAS/USERALIAS since match.c relies on the
+	more generic type. Expand runas_matches instead of calling
+	user_matches() inside of it since user_matches() looks up
+	USERALIASes, not RUNASALIASes.
+	[52004d75232b]
+
+	* CHANGES, getspwuid.c:
+	Paranoia; zero out pw_passwd before freeing passwd entry.
+	[bd1b22638f00]
+
+	* LICENSE, Makefile.in, alloc.c, check.c, config.h.in, configure,
+	configure.in, defaults.c, emul/err.h, env.c, err.c, error.c,
+	error.h, find_path.c, interfaces.c, logging.c, mon_systrace.c,
+	sudo.c, sudo.h, sudo_edit.c, testsudoers.c, visudo.c:
+	Add local error/warning functions like err/warn but that call an
+	additional cleanup routine in the error case. This means we no
+	longer need to compile a special version of alloc.o for visudo.
+	[25000b676cfe]
+
+	* match.c:
+	Use userpw_matches() to compare usernames, not strcmp(), since the
+	latter checks for "#uid".
+	[fcbe4b859f66]
+
+	* getspwuid.c, mon_systrace.c, mon_systrace.h, sudo.c:
+	Cache passwd db entries in 2 reb-black trees; one indexed by uid,
+	the other by user name. The data returned from the cache should be
+	considered read-only and is destroyed by sudo_endpwent().
+	[ee2418ff3f86]
+
+	* match.c:
+	add cast to uid_t
+	[eb6415302d84]
+
+	* gram.y:
+	missing free in alias_destroy
+	[572ecb680ad8]
+
+	* redblack.c:
+	Can't use rbapply() for rbdestroy since the destructor is passed a
+	data pointer, not a node pointer.
+	[11ce713830c0]
+
+	* getspwuid.c, logging.c, sudo.c, sudo.h:
+	Create and use private versions of setpwent() and endpwent() that
+	set/end the shadow password file too.
+	[616bc76d23bf]
+
+	* gram.c, gram.h, gram.y, match.c, parse.h, testsudoers.c, visudo.c:
+	Store aliases in a red-black tree.
+	[ce017d540416]
+
+	* Makefile.in, redblack.c, redblack.h:
+	red-black tree implementation
+	[cd5586e8f48b]
+
+	* visudo.c:
+	Edit all sudoers file if there were unused or undefined aliases and
+	we are in strict mode.
+	[b6d5f5bb7262]
+
+2004-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, def_data.c, def_data.h, def_data.in, defaults.c, env.c,
+	find_path.c, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.c:
+	Bring back the "secure_path" Defaults option now that Defaults take
+	effect before the path is searched.
+	[2e52c0e27606]
+
+2004-11-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, parse.c:
+	A user can always list their own entries, even with -u. Better error
+	message when failing to list another user's entries.
+	[e2e24deb0071]
+
+	* parse.c, sudo.c, sudo.h:
+	The syntax to list another user's entries is now "-u otheruser -l".
+	Only root or users with sudo "ALL" may list other user's entries.
+	[3c0657e8f5fe]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Update env variable info in SECURITY NOTES
+	[299716071024]
+
+	* env.c:
+	strip CDPATH too
+	[9b97643b26f9]
+
+	* env.c:
+	strip exported bash functions from the environment.
+	[9e5090c8284f]
+
+2004-10-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Only reset sudo_user.pw based on SUDO_USER environment variables for
+	real commands and sudoedit. This avoids a confusing message when a
+	user tries "sudo -l" or "sudo -v" and is denied.
+	[3ea6d0053274]
+
+	* gram.c, gram.y, parse.h:
+	Extend LIST_APPEND to deal with appending lists too
+	[d963e42f622f]
+
+2004-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	Convert some bitwise AND to ISSET
+	[130dc40d268e]
+
+	* lex.yy.c, toke.c:
+	toke.c replaces lex.yy.c
+	[048858df79e7]
+
+	* CHANGES, TODO:
+	sync
+	[d19e7abf251c]
+
+	* BUGS:
+	new parser fixes most of the outstanding bugs
+	[0891f66e3758]
+
+	* configure:
+	regen
+	[1a3358cc7283]
+
+	* visudo.c:
+	Rework for the new parser. Now checks for unused aliases in sudoers.
+	[ad462ede3094]
+
+	* testsudoers.c:
+	Rewrite for the new parser. Now supports a -d flag (dump) and adds
+	a -h flag (host). It now defaults to the local hostname unless
+	otherwise specified.
+	[1b69685cc601]
+
+	* sudo.h:
+	Add new prototypes. Remove NOMATCH/UNSPEC (now in parse.h)
+	[2e4fb3abfef0]
+
+	* sudo.c:
+	Update for new parse. We now call find_path() *after* we have
+	updated the global defaults based on sudoers. Also adds support for
+	listing other user's privs if you are root.
+	[cf3db9fc3024]
+
+	* mon_systrace.c:
+	Working LDAP support; also remove a now-unneeded rewind().
+	[649ecf1baf6b]
+
+	* logging.c, logging.h:
+	Add NO_STDERR flag.
+	[6cb935af94e0]
+
+	* ldap.c:
+	Split sudo_ldap_check() into three pieces: sudo_ldap_open(),
+	udo_ldap_update_defaults() and sudo_ldap_check(). This allows us to
+	connecto to LDAP, apply the default options, find the command in the
+	user's path, and then check whether the user is allowed to run it.
+	The important thing here is that the default runas user may be
+	specified as a default option and that needs to be set before we
+	search for the command.
+	[fc0426abc6f1]
+
+	* ldap.c:
+	Add casts to unsigned char for isspace() to quiet a gcc warning.
+	[e5358e3df439]
+
+	* defaults.h:
+	Add prototype for update_defaults()
+	[564dac3db74e]
+
+	* defaults.c:
+	Don't warn about line numbers now that we operate on a set of data
+	structures (or LDAP) and not a file.
+	[bcd9ffb9b67c]
+
+	* config.h.in:
+	No long use lsearch()
+	[9d048c587319]
+
+	* Makefile.in:
+	Update for new and changed file names.
+	[6f424a7c4515]
+
+	* LICENSE:
+	no more BSD lsearch.c
+	[463a96d89026]
+
+	* match.c:
+	foo_matches() routines now live in match.c Added user_matches(),
+	runas_matches(), host_matches(), cmnd_matches() and alias_matches()
+	that operate on the parsed sudoers file.
+	[b14da8a0567e]
+
+	* parse.lex, toke.l:
+	Move parse.lex -> toke.l Rename buffer_frob() -> switch_buffer()
+	WORD no longer needs to exclude '@' kill yywrap()
+	[a922294eb7b7]
+
+	* gram.c, gram.h, gram.y, parse.c, parse.h, parse.yacc, sudo.tab.c,
+	sudo.tab.h:
+	Rewritten parser that converts sudoers into a set of data
+	structures. This eliminates ordering issues and makes it possible to
+	apply sudoers Defaults entries before searching for the command.
+	[30d2ec4d203c]
+
+	* configure.in, emul/search.h, lsearch.c:
+	We won't be using lsearch() any longer.
+	[29c4d54bfac0]
+
+	* ldap.c:
+	sudo should not send mail if someone who runs 'sudo -l' has no
+	entry.
+	[6fc27a69fd9c]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[8166347917f3]
+
+	* visudo.pod:
+	Update warnings to match new visudo
+	[004c0766798f]
+
+	* sudoers.pod:
+	The new parser doesn't have the old ordering constraints.
+	[ffd43bd08661]
+
+	* sudo.pod:
+	Document that -l now takes an optional username argument
+	[278f9557de8b]
+
+2004-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	AIX 5.2.0.0 works
+	[523acd29d858]
+
+	* ldap.c:
+	If LDAP_OPT_SUCCESS is not defined, use LDAP_SUCCESS instead. Fixes
+	a compilation problem with Solaris 9's native LDAP.
+
+	Set FLAG_MONITOR when needed.
+	[35824ade672d]
+
+2004-10-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Call sudo_goodpath() *after* changing the cwd to match the traced
+	process. Fixes relative paths.
+	[12ee111d0ad7]
+
+2004-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c:
+	Kill set_perms() stub--it is no longer needed.
+	[116ed702935d]
+
+2004-10-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	stay_setuid now requires set_reuid() or setresuid()
+	[8511f67e25d5]
+
+	* INSTALL, PORTING, TROUBLESHOOTING, config.h.in, configure,
+	configure.in, set_perms.c, sudo.c, sudo.h:
+	Kill use of POSIX saved uids; they aren't worth bothering with.
+	[b3b1f19f18c1]
+
+2004-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* glob.c:
+	remove call to issetugid()
+	[63f2e492c08f]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Remove warning about wildcards. Now that we use glob() the bug is
+	fixed.
+	[b15729d32266]
+
+	* parse.c:
+	Use glob(3) instead of fnmatch(3) for matching pathnames and stat
+	each result that matches the basename of the user's command. This
+	makes "cd /usr/bin ; sudo ./blah" work when sudoers allows
+	/usr/bin/blah. Fixes bug #143.
+	[e31eb6310340]
+
+	* config.h.in, configure, configure.in:
+	Define HAVE_EXTENDED_GLOB for extended glob (GLOB_TILDE and
+	GLOB_BRACE)
+	[677ed6661e17]
+
+	* config.h.in, configure, configure.in:
+	Check for a glob() that supports GLOB_BRACE and GLOB_TILDE
+	[aaa2329dd266]
+
+	* LICENSE:
+	reference glob
+	[bedc9a923423]
+
+	* glob.c:
+	4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+	removed.
+	[81799451473c]
+
+	* emul/glob.h:
+	4.4BSD glob(3) with fixes from OpenBSD and some unneeded extensions
+	removed.
+	[0335cf31fb1e]
+
+2004-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Just return if STRIOCINJECT or STRIOCREPLACE fail. It probably
+	means we are out of space in the stack gap...
+	[5b02b702021e]
+
+	* CHANGES:
+	sync
+	[be3826273e56]
+
+	* mon_systrace.c:
+	Take a stab at ldap sudoers support here.
+	[9d023695b0de]
+
+	* mon_systrace.c, mon_systrace.h:
+	Detach from tracee on SIGHUP, SIGINT and SIGTERM. Now "sudo reboot"
+	doesn't cause reboot to inadvertanly kill itself.
+	[d4aab2365610]
+
+	* mon_systrace.c:
+	put "monitor" in the proctitle, not "systrace"
+	[9a9025767d86]
+
+	* mon_systrace.c:
+	When modifying the environment, don't replace envp when we can get
+	away with just rewriting pointers in the traced process.
+	[c03622f7a2e2]
+
+	* mon_systrace.c, mon_systrace.h:
+	Add environment updating via STRIOCINJECT (if available).
+	[037291016870]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[869acc511046]
+
+2004-10-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c:
+	regen
+	[4e61a9bd3c97]
+
+	* parse.lex:
+	Fix bug introduced in unput() removal; want yyless(0) not yyless(1)
+	[b70d7bd6e147]
+
+	* mon_systrace.c:
+	Include file is now mon_systrace.h
+	[ead4e36d92ae]
+
+	* Makefile.in, configure, configure.in, def_data.c, def_data.h,
+	def_data.in, lex.yy.c, parse.c, parse.h, parse.lex, parse.yacc,
+	sudo.c, sudo.h, sudo.tab.c, sudo.tab.h, sudoers.pod:
+	No longer call it tracing, it is now "monitoring" which should be
+	more a obvious name to non-hackers.
+	[aa811ded0789]
+
+2004-10-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c, mon_systrace.h:
+	Fix some XXX
+	[a271072dacc6]
+
+	* mon_systrace.c, mon_systrace.h:
+	No need to include syscall.h, use 1024 as the max # of entries (the
+	max that systrace(4) allows).
+
+	Only need to use SYSTR_POLICY_ASSIGN once
+
+	Change check_syscall() -> find_handler() and have it return the
+	handler instead of just running it. We need this since handler now
+	have two parts: one part that generates and answer and another that
+	gets called after the answer is accepted (to do logging).
+
+	Add some missing check_exec for emul execv
+	[a89d243f0525]
+
+	* sample.pam, sample.sudoers, sample.syslog.conf, sudoers:
+	Add $Sudo$ tags.
+	[6f3fedb0daba]
+
+	* config.h.in:
+	Add missing HAVE_LINUX_SYSTRACE_H
+	[ff75ab7bfc53]
+
+	* Makefile.in:
+	add trace_systrace.o dependency
+	[88a408668ab2]
+
+2004-09-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Also look for systrace.h in /usr/include/linux
+	[98b98b436cf3]
+
+	* mon_systrace.c, mon_systrace.h:
+	Move all struct defs and prototypes into trace_systrace.h and mark
+	all but systace_attach() static.
+	[85511253b570]
+
+	* mon_systrace.c, mon_systrace.h:
+	Add support for tracing emulations. At the moment, all emulations
+	are compiled in. It might make sense to #ifdef them in the future,
+	though this impeeds readability.
+	[87bb50abf277]
+
+	* Makefile.in, configure, configure.in:
+	rename systrace.c -> trace_systrace.c
+	[31cfa4407d93]
+
+	* parse.yacc, sudo.tab.c:
+	Allow this to build with a K&R compiler again
+	[32876af5bb98]
+
+	* TODO:
+	sync
+	[46865bd70f7c]
+
+	* compat.h, sudo.c, visudo.c:
+	Use __attribute__((__noreturn__))
+	[65bbad71fe89]
+
+	* visudo.c:
+	Exit() takes a negative value to indicate it was not called via
+	signal.
+	[b93032ed7b60]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[45bcf4661558]
+
+	* Makefile.in, visudo.c:
+	Define Err() and Errx() that are like err() and errx() but call
+	Exit() instead of exit(). Build private copy of alloc.o for visudo
+	that calls Err() and Errx().
+	[c6d02bf42edd]
+
+2004-09-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[39de7e7c59da]
+
+	* CHANGES:
+	sync
+	[ba481d9ed1aa]
+
+	* visudo.c:
+	Overhaul visudo for editing multiple files: o visudo has been
+	broken out into functions (more work needed here) o each file is
+	now edited before sudoers is re-parsed o if a #include line is
+	added that file will be edited too
+
+	TODO: o cleanup temp files when exiting via err() or errx() o
+	continue breaking things out into separate functions
+	[80c35cf534eb]
+
+	* parse.lex, sudo.c, sudo.h, testsudoers.c, visudo.c:
+	Add keepopen arg to open_sudoers that open_sudoers can use to
+	indicate to the caller that the fd should not be closed when it is
+	done with it. To be used by visudo to keep locked fds from being
+	closed prematurely (and thus losing the lock).
+	[f330fe632470]
+
+	* parse.yacc, sudo.c:
+	Add errorfile global that contains the name of the file that caused
+	the error.
+	[98079c7a37ed]
+
+	* parse.lex:
+	return COMMENT to yacc grammar for a #include line
+	[2024a8de4fa8]
+
+	* parse.lex:
+	Remove us of unput() in favor of yyless() which is cheaper.
+	[c61291902beb]
+
+	* parse.yacc:
+	Allow an empty sudoers file.
+	[62fb111db2e7]
+
+2004-09-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	Rewind sudoers_fp now that sudoers_lookup() doesn't do it for us.
+	[9e15869ef597]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[c29bdd43bfad]
+
+	* visudo.c:
+	Do signal setup before calling edit_sudoers(). Don't shadow the
+	"quiet" global.
+	[74252efd09ff]
+
+	* visudo.c:
+	If a sudoers file includes other files, edit those too. Does not yes
+	deal with creating the new includes files itself.
+	[06af7b9c173f]
+
+	* testsudoers.c:
+	init_parser now takes a path
+	[b5ee186eb192]
+
+	* parse.c, parse.h, parse.lex, parse.yacc:
+	More scaffolding for dealing with multiple sudoers files: o
+	init_parser() now takes a path used to populate the sudoers global
+	o the sudoers global is used to print the correct file in yyerror()
+	o when switching to a new sudoers file, perserve old file name and
+	line number
+	[d9be4970b8bd]
+
+	* Makefile.in, pathnames.h.in:
+	Kill _PATH_SUDOERS_TMP; it is not meaningful now that we can have
+	multiple sudoers files.
+	[6ccc4e921c43]
+
+	* parse.c, sudo.c:
+	Rewind sudoers_fp in open_sudoers() instead of sudoers_lookup() so
+	we start at the right file position when reading include files.
+	[91fcb961e7a4]
+
+	* sudoers.pod:
+	document #include
+	[fbb92a25a726]
+
+	* lex.yy.c:
+	regen
+	[50cd7a4c9dff]
+
+	* parse.lex:
+	Add max depth of 128 for the include stack to avoid loops.
+
+	Since yyerror() doesn't stop parsing, pass return values back to
+	yylex and call yyterminate() on error.
+	[e79dbffb729d]
+
+2004-09-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	document tracing
+	[165a467eadd8]
+
+	* sudo.pod:
+	Mention PREVENTING SHELL ESCAPES section of sudoers man page
+	[3217ccecd834]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[fbd58d1d3a76]
+
+	* parse.lex:
+	Add support for #include in sudoers (visudo support TBD)
+	[a78015ca81af]
+
+	* parse.yacc:
+	make yyerror()'s argument const
+	[7d8e168c019a]
+
+	* testsudoers.c, visudo.c:
+	Add open_sudoers() stubs.
+	[087466787198]
+
+	* sudo.c, sudo.h:
+	Rename check_sudoers() open_sudoers() and make it return a FILE *
+	[142fc511fc65]
+
+2004-09-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+	version.h:
+	Crank version
+	[1adc3f839480]
+
+	* Makefile.in, sudo.psf:
+	Better HP-UX depot construction
+	[2d952b000e63]
+
+2004-09-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mon_systrace.c:
+	o Made children global so check_exec() can lookup a child. o
+	Replaced uid in struct childinfo with struct passwd * (for runas) o
+	new_child() now takes a parent pid so the runas info can be
+	inherited o Added find_child() to lookup a child by its pid o
+	update_child() now fills in a struct passwd o Converted the big
+	if/else mess in set_policy to a switch o Syscalls that change uid
+	are now "ask" so we get SYSTR_MSG_UGID events
+	[29b9ea3f09a3]
+
+	* getspwuid.c:
+	Add flag to sudo_pwdup that indicates whether or not to lookup the
+	shadow password. Will be used to a struct passwd that has the
+	shadow password already filled in.
+	[e19d43dd7238]
+
+	* mon_systrace.c:
+	add missing increment of addr in read_string()
+	[f9eb0f060cb6]
+
+	* mon_systrace.c:
+	Remove bogus call to update_child() and some cosmetic fixes
+	[701ab0b97fef]
+
+	* mon_systrace.c:
+	Don't leak /dev/systrace fd to tracee Make initialized global for
+	simplicity If STRIOCATTACH returns EBUSY we are already being traced
+	Check for user_args == NULL in setproctitle() call Add missing calls
+	to STRIOCANSWER
+	[1956edf9bc3a]
+
+	* sudo.c:
+	g/c sudo_pwdup proto
+	[b7c4d6249ecb]
+
+	* Makefile.in, sudo.psf:
+	Add target for building a depot file
+	[357019efd99b]
+
+	* mon_systrace.c:
+	trim includes
+	[501534428471]
+
+2004-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, sudo.tab.c, sudo.tab.h:
+	regen
+	[52fd250c6986]
+
+	* INSTALL:
+	document --with-systrace
+	[79623927c94e]
+
+	* config.h.in, configure, configure.in:
+	Add check for setproctitle
+	[1730cf1c26ed]
+
+	* mon_systrace.c:
+	pass struct str_msg_ask in to syscall checker so it can set the
+	error code
+	[1703fd2fdef6]
+
+	* mon_systrace.c:
+	systrace(4) support for sudo. On systems with the systrace(4)
+	kernel facility (OpenBSD, NetBSD, Linux w/ patches) sudo can
+	intercept exec calls and check the exec args against the sudoers
+	file. In other words, sudo can now control subcommands and shell
+	escapes.
+	[928c9217c386]
+
+	* sudo.c, sudo.h:
+	Call systrace_attach() if FLAG_TRACE is set.
+	[014ba9402fa5]
+
+	* parse.c, parse.h, parse.lex, parse.yacc, sudo.h:
+	Add trace Defaults option and TRACE/NOTRACE tags and set FLAG_TRACE
+	[a99904db5e56]
+
+	* parse.c, sudo.c:
+	Don't close sudoers_fp, keep it open and set close on exec flag
+	instead.
+	[43a9fec60bee]
+
+	* def_data.c, def_data.h, def_data.in:
+	Add trace option
+	[5b643b86730a]
+
+	* Makefile.in:
+	Add systrace
+	[47a0519c427c]
+
+	* INSTALL:
+	SunOS /bin/sh blows up with configure
+	[005a23cc5615]
+
+	* configure, configure.in:
+	Include sys/param.h before systrace.h
+	[9345bc8efecf]
+
+	* configure:
+	regen
+	[a8f53fcbb254]
+
+	* pathnames.h.in:
+	_PATH_DEV_SYSTRACE
+	[d2ad1e492a00]
+
+	* configure.in:
+	line up options in --help
+	[fa51f2821d09]
+
+	* config.h.in, configure.in:
+	Add --with-systrace
+	[a264d54bc413]
+
+2004-09-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[a4dad0bcc523]
+
+	* aclocal.m4, configure.in:
+	make this work with autoconf-2.59
+	[c4a92b6a684a]
+
+2004-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Simplify logic around open & stat of files and do sanity on edited
+	file even if we lack fstat (still racable but worth doing).
+	[adda65ade70c]
+
+2004-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	Add support url
+	[bf6590fbde9f]
+
+	* Makefile.in:
+	versino 1.6.8p1
+	[b84ebfaf1552] [SUDO_1_6_8p1]
+
+	* CHANGES:
+	more changes for 1.6.8p1
+	[e23a9c0393b6]
+
+	* version.h:
+	1.6.8p1
+	[872f14504b5f]
+
+	* CHANGES, sudo_edit.c:
+	Add sanity check so we don't try to edit something other than a
+	regular file.
+	[350134ec6d4e]
+
+2004-09-15  Aaron Spangler  <aaron777@gmail.com>
+
+	* CHANGES:
+	sync
+	[3091ca9eae00]
+
+	* INSTALL:
+	document --with-ldap-conf-file
+	[0e2cd6b896f1]
+
+2004-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, ins_csops.h:
+	political correctness strikes again
+	[428e8bc77f55]
+
+	* RUNSON:
+	sync
+	[27f44bd423dc]
+
+2004-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.binary.in, Makefile.in:
+	Install sudoedit man link
+	[19a55234fc1f]
+
+	* INSTALL:
+	Update PAM note and mention where HP-UX users can download gcc
+	binaries.
+	[d37cdbbabfd4]
+
+	* Makefile.in:
+	libtool wants to install stuff from .libs so fake one up for binary
+	installations.
+	[a681bc6fcfba]
+
+	* Makefile.binary.in:
+	rm -f old sudoedit link instead of using ln -f set LIBTOOL correctly
+	[3e0c4b3372cc]
+
+	* Makefile.in:
+	Deal with "uname -m" having slashes in it rm -f old sudoedit link
+	instead of using ln -f
+	[cff33fb97e5b]
+
+	* Makefile.binary, Makefile.binary.in:
+	Makefile.binary -> Makefile.binary.in for config.status substitution
+	Add support for installing noexec bits
+	[37d8bb3483c6]
+
+	* Makefile.in:
+	Copy noexec bits into binary dists too No longer use my old arch
+	script for making binary dists
+	[e7058bab9e33]
+
+	* Makefile.binary:
+	Install sudoedit link.
+	[417d1e101711]
+
+2004-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/utime.h:
+	avoid __P so there is no need for compat.h to be included
+	[6d8d1f1abf7d]
+
+	* utimes.c:
+	Don't use HAVE_UTIME_H before including config.h.
+	[013b7bb61181]
+
+2004-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	Fix Solatis futimes macro
+	[d4eda2ca0d29]
+
+2004-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Rename ots -> omtim for improved readability.
+	[127ca5bb297c]
+
+2004-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Redo changes in revision 1.7. Don't really need to keep the temp
+	file open; re-opening it with the invoking user's euid is
+	sufficient.
+	[55a883165a95]
+
+	* CHANGES:
+	sync
+	[9015b291170d]
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[c0313f6ed783]
+
+	* sudo.pod:
+	back out revision 1.70; it is no long applicable
+	[b641d503aff6]
+
+	* env.c:
+	Let the loader initialize nep
+	[bec192139b02]
+
+	* config.h.in, configure, configure.in:
+	Removed unneed check for fchown Add check for gettimeofday Move
+	autoheader template stuff into separate AH_TEMPLATE lines
+	[bfc0edbd43f2]
+
+	* check.c, compat.h, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+	Use timespec throughout.
+	[1a178a23b69b]
+
+	* Makefile.in:
+	gettime.[co]
+	[6aeb48a7ab7f]
+
+	* gettime.c:
+	function to return the current time in a struct timespec
+	[bf8eb12cb63f]
+
+	* utimes.c:
+	Not a darpa-sponsored file.
+	[121ce5e2036c]
+
+2004-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, config.h.in, configure, configure.in:
+	Add a check for struct timespec and provide it for those without.
+	[42124055030d]
+
+	* config.h.in, configure, configure.in, sudo_edit.c:
+	Add checks for st_mtim and st_mtimespec and add macros for pulling
+	the mtime sec and nsec out of struct stat. These are used in
+	sudo_edit() to better tell whether or not the file has changed.
+	[23debfbb3fab]
+
+	* check.c, fileops.c, sudo.h, sudo_edit.c, visudo.c:
+	Add an extra param to touch() for nsec
+	[56f7a4ba8ddb]
+
+	* sudo_edit.c:
+	Call mkstemp() as the in invoking user so we don't have to chown the
+	file later. Only touch() the temp file if we can do it via the file
+	descriptor. Don't check for modification of the temp file if we lack
+	fstat(). Catch errors read()ing the temp file.
+	[665f52c70836]
+
+	* fileops.c:
+	If path is NULL and fd == -1 return -1.
+	[757a518a824c]
+
+	* sudo_edit.c:
+	closefrom() is overkill, the only extra fds are the ones we opened
+	so just close those in the child.
+	[f361c9d2a1f4]
+
+	* Makefile.in, aclocal.m4, check.c, compat.h, config.h.in, configure,
+	configure.in, fileops.c, sudo.h, sudo_edit.c, utime.c, utimes.c,
+	visudo.c:
+	Use utimes() and futimes() instead of utime() in touch(), emulating
+	as needed. Not all systems are able to support setting the times of
+	an fd so touch() takes both an fd and a file name as arguments.
+	[3d9276f29717]
+
+2004-09-07  Aaron Spangler  <aaron777@gmail.com>
+
+	* env.c:
+	Rare SEGV
+	[8995f828782d]
+
+2004-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[b8e9406711c5]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Add SUPPORT section and re-order some of the sections to match the
+	order we use in OpenBSD.
+	[fa37bd917e2c]
+
+2004-09-06  Aaron Spangler  <aaron777@gmail.com>
+
+	* env.c:
+	Openldap ~/.ldaprc fix
+	[1a37afe6850f]
+
+2004-09-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	Talk about how the editor must write its changes to the original
+	file and not just use rename(2).
+	[c55ed91c5ee9]
+
+	* CHANGES:
+	sync
+	[62af26bd37a2]
+
+	* sudo_edit.c:
+	Keep the temp file open instead of re-opening after the editor has
+	exited.
+	[de41eeb6dcf2]
+
+	* sample.pam:
+	Update for current redhat/fedora core.
+	[8cf083077333]
+
+2004-09-03  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	tls_ examples
+	[ba783d88a034]
+
+2004-09-02  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	config tls_* options
+	[0b0e0797b3b9]
+
+2004-08-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	No need for -lcrypt when using pam.
+	[41fff3a53e68]
+
+2004-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[75820aecce2c]
+
+2004-08-27  Aaron Spangler  <aaron777@gmail.com>
+
+	* configure.in, ldap.c, pathnames.h.in:
+	Allow --with-ldap-conf-file option to override LDAP_CONF
+	[c9909bc484a5]
+
+	* ldap.c:
+	cleanup debug message
+	[1f6ca4824d8d]
+
+2004-08-26  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	more config info
+	[f2e7147fd507]
+
+2004-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, find_path.c, goodpath.c, parse.c, sudo.c, sudo.h, visudo.c:
+	Add cmnd_base to struct sudo_user and set it in init_vars(). Add
+	cmnd_stat to struct sudo_user and set it in sudo_goodpath(). No
+	longer use gross statics in command_matches(). Also rename some
+	variables for improved clarity.
+	[7169a6c7bea4]
+
+2004-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	document HP's crippled compiler deficiency.
+	[c405ea5a8d4c]
+
+	* INSTALL:
+	Fix some thinkos in --with-editor and --with-env-editor
+	descriptions. Noticed by Norihiko Murase.
+	[dd781de1c985]
+
+	* configure, configure.in:
+	--with-noexec takes an optional PATH argument.
+	[8f6ab77f22cc]
+
+	* INSTALL:
+	document --with-noexec
+	[50cb1fc627ce]
+
+2004-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON, TODO:
+	sync
+	[f2503bd13373] [SUDO_1_6_8]
+
+	* sudo_edit.c:
+	Better warning message when sudoedit is unable to write to the
+	destination file.
+	[f78c18f2ffa8]
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[7e2bf63d6d9a]
+
+	* sudo.pod:
+	Don't italicize the string "sudoedit"
+	[c691643bd269]
+
+2004-08-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	Mention GratiSoft.
+	[dc53de581b2d]
+
+2004-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[8ae0484dfc38]
+
+	* parse.yacc:
+	Reset used_runas to FALSE when re-intializing the parser.
+	[b7403f353a02]
+
+2004-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess:
+	Correct OpenBSD mips support
+	[314fc7afc165]
+
+	* config.guess:
+	Add OpenBSD/mips
+	[ac87d0a773ef]
+
+2004-08-07  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	More behavior notes
+	[13be1d212b47]
+
+	* README.LDAP:
+	Updates on current behavior
+	[d498a8866d6f]
+
+2004-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	=back does not take an indentlevel (makes no difference to formatted
+	files).
+	[9c8523bb382a]
+
+	* sudo.pod:
+	=back does not take an indentlevel (makes no difference to formatted
+	files).
+	[e5f479e24fa8]
+
+	* CHANGES:
+	new
+	[2dbd9aba8b33]
+
+	* sudo.c:
+	Consistency. Use same error for bad -u #uid when targetpw is set as
+	we do when a bad -u username is specified.
+	[922961c4a9d6]
+
+	* TODO:
+	Add checksum idea from Steve Mancini
+	[e6ece1b766ba]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[370d2317829f]
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[f93d41fc38b1]
+
+	* sudo.pod, sudoers.pod:
+	Document the restriction on uids specified via -u when targetpw is
+	set.
+	[878fedb455db]
+
+	* sudo.c:
+	Error out when targetpw is enabled and sudo is run with -u #uid but
+	#uid does not exist in the passwd database. We can't do target
+	authentication when the target is not in passwd!
+	[27c5888c86eb]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	regen
+	[ceb65711050c]
+
+	* TODO:
+	Some more todo for the next release.
+	[7b7417be7601]
+
+	* INSTALL:
+	Make it clear that PAM should be used for DCE support when possible.
+	[7502029fd385]
+
+	* sudoers.pod:
+	o Document problems with wildcards and relative paths. o Make the
+	order requirements more prominent. o Change a "set" to "reset" for
+	clarity.
+	[bacdd181b33f]
+
+2004-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	Mention --with-secure-path, not SECURE_PATH.
+	[41283ddde5e1]
+
+2004-08-03  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	reflect changes to parse.c
+	[8880fe9b724d]
+
+2004-08-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[a57658ca9177]
+
+	* parse.c, parse.h, testsudoers.c, visudo.c:
+	Don't pass user_cmnd and user_args to command_matches(), just use
+	the globals there. Since we keep state with statics anyway it is
+	misleading to pretend that passing in different cmnd and cmnd_args
+	will work.
+	[0a2544991fd6]
+
+	* parse.yacc:
+	Don't pass user_cmnd and user_args to command_matches(), just use
+	the globals there. Since we keep state with statics anyway it is
+	misleading to pretend that passing in different cmnd and cmnd_args
+	will work.
+	[a4910bf6032b]
+
+	* parse.c:
+	Fix a bug introduced in rev. 1.149. When checking for pseudo-
+	commands check for a '/' anywhere in cmnd, not just the first
+	character.
+	[ce98142f03ca]
+
+2004-07-31  Aaron Spangler  <aaron777@gmail.com>
+
+	* sudo.man.in, sudo.pod:
+	Clarification thanks to Olivier Blin <oblin@mandrakesoft.com>
+	[a91800e094b1]
+
+	* sudoers.man.in, sudoers.pod:
+	Add ignore_local_sudoers
+	[741ddcbf7083]
+
+	* README.LDAP:
+	Sun One schema definition by Andreas.Bussjaeger@t-systems.com and
+	janth@moldung.no
+	[742c02e07cd9]
+
+2004-07-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	typo
+	[e7cdefbd7a9a]
+
+2004-07-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	sync
+	[734dafc4a85e]
+
+	* parse.c:
+	Parse sudoers file as PERM_RUNAS not PERM_ROOT and remove a useless
+	PERM_SUDOERS. Restore to PERM_ROOT upon exit of the parse.
+	[151b7f593568]
+
+2004-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	PAM change
+	[d8fb6d6a22d0]
+
+2004-07-08  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	Better debugging of ALL command
+	[9db3e84029dc]
+
+2004-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	When matching for "sudoedit" in sudoers check both the command the
+	user typed *and* the command that is listed in the sudoers entry.
+	[f36ca1f94095]
+
+2004-07-04  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	Added !command feature
+	[ed539574611b]
+
+2004-06-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Use pam_acct_mgmt() to check for disabled accounts; Brian Farrell
+	[2be8e0e8813a]
+
+2004-06-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	License is ISC-style, not BSD-style
+	[ac0589e1dd5d]
+
+	* CHANGES:
+	sync
+	[16058a30f404]
+
+2004-06-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[8820eb9c809b]
+
+	* sudo.pod:
+	o Update some out of date bits to reality o Change the shell promt
+	in examples to bourne-shell style o Clarify some details o Add a
+	CAVEAT about "sudo cd /foo"
+	[b0af373214b6]
+
+	* check.c:
+	Don't ask for a password if invoking user == target user.
+	[dd5c96141132]
+
+	* sudo.c:
+	typo in comment
+	[278d20f9b249]
+
+2004-06-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[9036c6f39eff]
+
+	* sudoers.pod:
+	Expand on NOEXEC a little.
+	[9a13756aebe4]
+
+	* TODO:
+	sync
+	[8d2c1af48de8]
+
+	* visudo.cat, visudo.man.in:
+	regen
+	[3921f01607c8]
+
+	* sudo.tab.c:
+	regen
+	[9338c3d68250]
+
+	* visudo.pod:
+	Add a check in visudo for runas_default being set after it has
+	already been used.
+	[6700358d7ad8]
+
+	* CHANGES, parse.yacc, visudo.c:
+	Add a check in visudo for runas_default being set after it has
+	already been used.
+	[803560986a8a]
+
+	* sudo.tab.c:
+	regen
+	[b60636e2cf63]
+
+	* parse.yacc:
+	Add a MATCHED macro for testing whether foo_matches has been set to
+	TRUE or FALSE. This is more readable than checking for >=0 or < 0.
+	Doesn't change the actual code generated.
+	[f376da8ccdc8]
+
+2004-06-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat:
+	regen
+	[6cceb6d6c9bd]
+
+	* sudoers.man.in:
+	regen
+	[5acd12b730b3]
+
+	* sudoers.pod:
+	Correct description of where Defaults specs should go.
+	[6b11ff53d7ad]
+
+	* sudoers:
+	Correct description of where Defaults specs should go.
+	[868db857630d]
+
+	* testsudoers.c, visudo.c:
+	update (c) year
+	[272c8a53604c]
+
+	* logging.h:
+	update (c) year
+	[3cec76d400ce]
+
+	* ldap.c:
+	update (c) year
+	[f264632488a0]
+
+	* find_path.c:
+	update (c) year
+	[40c227af9227]
+
+	* auth/pam.c:
+	update (c) year
+	[87149e0eed50]
+
+	* auth/bsdauth.c, auth/kerb5.c:
+	update (c) year
+	[d72eb434c068]
+
+2004-06-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[83408d9e9d2e]
+
+	* auth/bsdauth.c, auth/kerb5.c, auth/pam.c, visudo.c:
+	Remove trailing spaces, no actual code changes.
+	[4c3bf2819293]
+
+	* tgetpass.c:
+	Remove trailing spaces, no actual code changes.
+	[96f6e0a24c26]
+
+	* ldap.c, logging.h, parse.c, parse.yacc, sudo.c, testsudoers.c:
+	Remove trailing spaces, no actual code changes.
+	[c7075d1cbed5]
+
+	* getcwd.c:
+	Remove trailing spaces, no actual code changes.
+	[776cc0374547]
+
+	* find_path.c:
+	Remove trailing spaces, no actual code changes.
+	[7ed7099f3c71]
+
+	* compat.h, defaults.c, env.c:
+	Remove trailing spaces, no actual code changes.
+	[893e83c33795]
+
+	* check.c:
+	Remove trailing spaces, no actual code changes.
+	[f77750f8803b]
+
+	* sudo.tab.c:
+	regen
+	[62e0ed883b31]
+
+	* parse.yacc:
+	Fix a >=0 that should be <0 that was improperly converted when
+	UNSPEC was added.
+	[ad1531a55a49]
+
+	* parse.yacc:
+	Add do {} while(0) around pop macro Set cmnd_matches to UNSPEC, not
+	NOMATCH when resetting it.
+	[ae017a12870a]
+
+	* parse.yacc:
+	Fix pastos introduced in SETNMATCH addition.
+	[6ea1c9d80681]
+
+2004-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README.LDAP:
+	Update for configure changes
+	[637a635da287]
+
+	* sudo.tab.c:
+	regen
+	[4753c2788713]
+
+	* sudo.h:
+	Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+	these in parse.yacc. Also in parse.yacc initialize the *_matches
+	vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+	when setting *_matches to a value that may be
+	NOMATCH/UNSPEC/TRUE/FALSE.
+	[2ba622e15a4d]
+
+	* parse.yacc:
+	Add NOMATCH and UNSPEC defines (-1 and -2 respectively) and use
+	these in parse.yacc. Also in parse.yacc initialize the *_matches
+	vars to UNSPEC and add two macros, SETMATCH and SETNMATCH for use
+	when setting *_matches to a value that may be
+	NOMATCH/UNSPEC/TRUE/FALSE.
+	[746b519e41a6]
+
+	* parse.yacc:
+	Initialize runas to -2, not -1 since we need to be able to
+	distinguish between the initialized value and the value of a non-
+	match when passing along the runas value to multiple commands.
+
+	The result of this is that an unmatched runas is now set to -1, not
+	0. This is required now that parse.c treats a FALSE value for runas
+	as being explicitly denied.
+	[7791ed3621f6]
+
+2004-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, visudo.c:
+	Error out if argc < 1.
+	[ce6b2a9eda3c]
+
+	* getprogname.c:
+	Error out if argc < 1.
+	[c566cce8dc78]
+
+	* configure, configure.in:
+	Add tests for what libs we need to link with for ldap and for
+	whether or not lber.h needs to be explicitly included.
+	[b2e9729cc4e7]
+
+2004-06-03  Aaron Spangler  <aaron777@gmail.com>
+
+	* ldap.c:
+	Solaris native LDAP build fix
+	[39929e40eb11]
+
+2004-06-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* ldap.c:
+	Set edn to NULL is ldap_get_dn() fails to avoid potential use of an
+	unset variable.
+	[6a4c20a66f98]
+
+	* sudo.h:
+	Add prototype for sudo_ldap_list_matches
+	[443b007a8dab]
+
+	* configure, configure.in:
+	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+	version too. Added check for dd_fd in `DIR' if no dirfd is found;
+	this is now used to confitionally define the dirfd macro in
+	compat.h.
+	[567656978f7e]
+
+	* config.h.in:
+	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+	version too. Added check for dd_fd in `DIR' if no dirfd is found;
+	this is now used to confitionally define the dirfd macro in
+	compat.h.
+	[34eace4faec8]
+
+	* compat.h:
+	Better check for dirfd macro--we now set HAVE_DIRFD for the macro
+	version too. Added check for dd_fd in `DIR' if no dirfd is found;
+	this is now used to confitionally define the dirfd macro in
+	compat.h.
+	[8d50ff1bbf2a]
+
+	* closefrom.c:
+	Only check /proc/$$/fd if we have the dirfd function/macro.
+	[15e3ccce7553]
+
+	* compat.h, config.h.in, configure, configure.in:
+	Add a check for a dirfd() function (like Linux) and add a dirfd
+	macro in compat.h if there is no dirfd() function or macro.
+	[1e95756edb50]
+
+	* closefrom.c, getcwd.c:
+	dirfd() is now defined in compat.h as needed.
+	[bb1d79271188]
+
+	* CHANGES:
+	Clarify closefrom() note.
+	[f4e4a5508dda]
+
+	* parse.c:
+	When checking for a command in the directory, only copy the base dir
+	once.
+	[7a3276808b87]
+
+	* closefrom.c:
+	If there is a /proc/$$/fd directory, behave like the Solaris
+	closefrom() and only close the descriptors listed therein.
+	[19de23779e84]
+
+	* alloc.c:
+	compat.h guarantees INT_MAX is defined.
+	[1bf0c79d4606]
+
+	* compat.h:
+	Add definitions of OPEN_MAX and INT_MAX for those without it and
+	remove definition of RLIM_INFINITY (now unused).
+	[f827d1ebf96e]
+
+	* CHANGES, alloc.c, check.c, compat.h, find_path.c, getcwd.c, parse.c,
+	sudo.c, sudo.h, visudo.c:
+	Use PATH_MAX, not MAXPATHLEN since the former is standardized.
+	[59788f211c24]
+
+2004-05-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	sync
+	[d32fa124f1ad]
+
+	* RUNSON:
+	Add some entries that were mailed in a while ago
+	[ff8d5bfec54e]
+
+	* closefrom.c:
+	o sysconf returns a long, not an int. o check for negative return
+	value from sysconf/getdtablesize and use OPEN_MAX in this case. o
+	define OPEN_MAX to 256 for those without it (a fair guess...)
+	[ccf81ae6deb2]
+
+2004-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* UPGRADE:
+	Mention change in parse order for RunAs entries.
+	[dc73b0bca617]
+
+	* configure:
+	regen
+	[07cce8e0534e]
+
+2004-05-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, README.LDAP, config.h.in, configure.in:
+	o --with-ldap now takes an optional dir as a parameter o added
+	check for ldap_initialize() and start_tls_s()
+	[2b846c7974c6]
+
+	* README.LDAP:
+	Fix some typos, word choice and formatting issues.
+	[00dc8ca84b10]
+
+2004-05-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Use SA_INTERRUPT so SunOS works correctly, avoid stdio and just use
+	read/write as it is simpler.
+	[30f5446ee8b0]
+
+	* configure, configure.in:
+	Remove hack overriding cross-compiler check. It should no longer be
+	needed.
+	[22a6cbd88608]
+
+	* compat.h:
+	Remove select() compat bits since we no longer use select().
+	[d7bbf7cd36f5]
+
+	* CHANGES, tgetpass.c:
+	Use alarm() instead of select() for the timeout for systems that
+	don't fully/properly implement select().
+	[d7cc60f15800]
+
+2004-05-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	synbc
+	[132a39788e07]
+
+	* RUNSON:
+	update
+	[61ef508380c6]
+
+	* set_perms.c:
+	Deal with systems that have no way of setting the effective uid such
+	as nsr-tandem-nsk.
+	[306e00e9b5a4]
+
+	* configure, configure.in:
+	Define NO_SAVED_IDS if we don't find seteuid()
+	[8588f18345cf]
+
+	* config.h.in, configure, configure.in:
+	Add back check for setreuid() since NSK doesn't have it.
+	[43127bd703d1]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[af4f4b20e422]
+
+	* CHANGES:
+	sync
+	[29ca3b699c24]
+
+	* BUGS:
+	sync
+	[3593f17f72ed]
+
+	* parse.c:
+	In sudoers_lookup() return VALIDATE_NOT_OK if the runas user was
+	explicitly denied and the command matched. This fixes a long-
+	standing bug and makes: foo machine = (ALL) /usr/bin/blah
+	foo machine = (!bar) /usr/bin/blah
+
+	equivalent to: foo machine = (ALL, !bar) /usr/bin/blah
+	[2f5ee244985a]
+
+	* sudoers.pod:
+	Clarify mail_noperm
+	[3238b2d41989]
+
+2004-05-20  Aaron Spangler  <aaron777@gmail.com>
+
+	* Makefile.in:
+	Missing DESTDIR in make install for sudo_noexec.la
+	[91431e821525]
+
+2004-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	regen
+	[cdfde0dcb556]
+
+	* TODO:
+	sync
+	[4799b7d8b62c]
+
+	* sudoers.pod:
+	Remove fastboot/fasthalt (who still remembers these?) and add a
+	minimal sudoedit example.
+	[19d299f233cd]
+
+	* sample.sudoers:
+	Remove fastboot/fasthalt (who still remembers these?) and add a
+	minimal sudoedit example.
+	[b1bca73d6250]
+
+	* UPGRADE, sudo.c, visudo.c:
+	filesystem -> file system
+	[1e1afaf30469]
+
+	* TROUBLESHOOTING:
+	filesystem -> file system
+	[39fb594e9338]
+
+	* CHANGES, INSTALL:
+	filesystem -> file system
+	[85948b608ffe]
+
+	* sudo.pod, sudoers.pod:
+	Fix some minor typos and formatting goofs
+	[e94d243a0b90]
+
+	* lex.yy.c:
+	regen
+	[2eed0ab1f4c4]
+
+	* visudo.pod:
+	remove my email addr
+	[b63262c0389b]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Use @mansectform@ and @mansectsu@ everywhere Make man page
+	references links with L<>
+	[f459f4b9ddb9]
+
+	* parse.lex:
+	Accept quoted globbing characters and pass them verbatim for
+	fnmatch()
+	[8248b86e9380]
+
+	* UPGRADE:
+	Document that /tmp/.odus is gone.
+	[3667b66af5bb]
+
+	* pathnames.h.in:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[48d94c9f9ad4]
+
+	* configure:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[058d7b8cf07b]
+
+	* aclocal.m4:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[cf52c4c2803f]
+
+	* CHANGES:
+	No longer use /tmp/.odus as a possible timestamp dir unless
+	specifically configured to do so. Instead, if no /var/run exists,
+	use /var/adm/sudo or /usr/adm/sudo.
+	[6058c4cefcec]
+
+	* set_perms.c, sudo.c, tgetpass.c, visudo.c:
+	Preliminary changes to support nsr-tandem-nsk. Based on patches
+	from Tom Bates.
+	[2e5f81834383]
+
+	* logging.c:
+	Preliminary changes to support nsr-tandem-nsk. Based on patches
+	from Tom Bates.
+	[934bbe6872b6]
+
+	* check.c, compat.h:
+	Preliminary changes to support nsr-tandem-nsk. Based on patches
+	from Tom Bates.
+	[390b698b5924]
+
+2004-05-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	There was no 1.6.7p6.
+	[8013d2e6b062]
+
+	* BUGS, CHANGES:
+	sync
+	[c38b41f32857]
+
+	* Makefile.in:
+	add missing files to DISTFILES
+	[e6a80ad03039]
+
+	* sudo.cat, sudoers.cat, visudo.cat:
+	regen
+	[027bc9746dd5]
+
+	* sudoers.man.in:
+	regen
+	[f5e85ef686cf]
+
+	* Makefile.in:
+	Fix some line wrap and update (c) year
+	[bad1f46aa1ca]
+
+2004-04-28  Aaron Spangler  <aaron777@gmail.com>
+
+	* README.LDAP:
+	Build Note
+	[7a061248249b]
+
+2004-04-07  Aaron Spangler  <aaron777@gmail.com>
+
+	* Makefile.in:
+	Fix install-dirs
+	[be0726dd92e7]
+
+2004-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[3f4f0d1ab8b9]
+
+	* visudo.c:
+	In Exit() when used as a signal handler, emsg is a pointer so
+	sizeof() is wrong so make it a #define instead. Also avoid using a
+	negative exit value. Found by Aaron Campbell
+	[78716a3a3fdc]
+
+2004-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Remove bogus sentence about uids in a User_List. Document usernames
+	vs. uid parsing in a Runas_List.
+	[7ca510b5031c]
+
+	* parse.c, parse.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+	If the user specified a uid with the -u flag and the uid exists in
+	the passwd file, set runas_user to the name, not the uid.
+
+	When comparing usernames in sudoers, if a name is really a uid
+	(starts with '#') compare it numerically to pw_uid.
+	[8d6935d04673]
+
+2004-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	krb5_mcc_ops should be const; Johnny C. Lam
+	[aa8c753e426e]
+
+2004-02-28  Aaron Spangler  <aaron777@gmail.com>
+
+	* CHANGES, config.h.in, ldap.c:
+	Added start_tls support
+	[7ef864c15b69]
+
+2004-02-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Clean up libtool stuff for 'make distclean' and add def_data.c,
+	def_data.h to PARSESRCS.
+	[bf9bb6bb06ab]
+
+2004-02-14  Aaron Spangler  <aaron777@gmail.com>
+
+	* strlcat.c, strlcpy.c:
+	Un-Fix last license munge
+	[42654b77ac71]
+
+2004-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[e4de6b23a4dc]
+
+	* CHANGES, RUNSON, TODO:
+	checkpoint
+	[94e1ace84d5c]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[8ce784505643]
+
+	* auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, auth/sudo_auth.h,
+	emul/search.h, emul/utime.h:
+	More to a less restrictive, ISC-style license.
+	[a31b20e48003]
+
+	* auth/kerb5.c, auth/pam.c:
+	More to a less restrictive, ISC-style license.
+	[e41f92b41216]
+
+	* auth/dce.c, auth/fwtk.c, auth/kerb4.c:
+	More to a less restrictive, ISC-style license.
+	[87534c164a52]
+
+	* auth/bsdauth.c:
+	More to a less restrictive, ISC-style license.
+	[e21be6594b58]
+
+	* auth/afs.c, auth/aix_auth.c, zero_bytes.c:
+	More to a less restrictive, ISC-style license.
+	[6d234be91c5e]
+
+	* sudoers.man.in, sudoers.pod, testsudoers.c, tgetpass.c, visudo.c,
+	visudo.man.in, visudo.pod:
+	More to a less restrictive, ISC-style license.
+	[b02aea324fd6]
+
+	* sudo_noexec.c:
+	More to a less restrictive, ISC-style license.
+	[a6da7631e0b2]
+
+	* strlcat.c, strlcpy.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+	sudo_edit.c:
+	More to a less restrictive, ISC-style license.
+	[71cdcc241e94]
+
+	* sigaction.c, strerror.c:
+	More to a less restrictive, ISC-style license.
+	[4bccdedca58a]
+
+	* ldap.c, logging.c, logging.h, parse.c, parse.h, pathnames.h.in,
+	set_perms.c:
+	More to a less restrictive, ISC-style license.
+	[64d772d70ab3]
+
+	* getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, interfaces.c, interfaces.h:
+	More to a less restrictive, ISC-style license.
+	[520381c60a54]
+
+	* find_path.c, getprogname.c:
+	More to a less restrictive, ISC-style license.
+	[f605d5eab6f1]
+
+	* fileops.c:
+	More to a less restrictive, ISC-style license.
+	[4129a8b38a67]
+
+	* env.c:
+	More to a less restrictive, ISC-style license.
+	[d5bd859757de]
+
+	* defaults.h:
+	More to a less restrictive, ISC-style license.
+	[008f5d5743f5]
+
+	* LICENSE, Makefile.in, alloc.c, check.c, closefrom.c, compat.h,
+	defaults.c:
+	More to a less restrictive, ISC-style license.
+	[d8d7bfc8a18b]
+
+	* utime.c, version.h:
+	More to a less restrictive, ISC-style license.
+	[e2e038ad8209]
+
+	* parse.lex, parse.yacc:
+	More to a less restrictive, ISC-style license.
+	[2f5942e847a1]
+
+	* Makefile.binary:
+	More to a less restrictive, ISC-style license.
+	[1ed561734535]
+
+2004-02-13  Aaron Spangler  <aaron777@gmail.com>
+
+	* sudoers2ldif:
+	Merged in LDAP Support
+	[3994c4d05947]
+
+	* ldap.c, sudo.c, sudo.h:
+	Merged in LDAP Support
+	[547eaa346fcc]
+
+	* def_data.c, def_data.h, def_data.in:
+	Merged in LDAP Support
+	[8fb255280e42]
+
+	* CHANGES, Makefile.in, README.LDAP, config.h.in, configure.in:
+	Merged in LDAP Support
+	[1038092a161e]
+
+2004-02-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h, sudo_noexec.c:
+	Only do "extern int errno" if errno is not a macro.
+	[b2e02a08be8b]
+
+2004-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	setreuid(0, 0) fails on QNX if the euid is not already 0 so set the
+	euid first, then just call setuid(0) to set the real uid too.
+	[f08546e2e0ee]
+
+	* set_perms.c:
+	Use setresuid() and setreuid() for PERM_RUNAS when appropriate
+	instead of seteuid() which may not exist.
+	[ba508581befb]
+
+2004-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	2004
+	[37425513a342]
+
+	* INSTALL, config.h.in, configure, configure.in, ins_classic.h:
+	Add --with-pc-insults configure option
+	[7daa5294c17b]
+
+	* visudo.man.in:
+	Prefer VISUAL over EDITOR like old vipw did.
+	[996252a4ab65]
+
+2004-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudoers.man.in:
+	regen
+	[a247f1c52eb9]
+
+	* sudoers.pod:
+	Add a note that noexec is not a cure-all.
+	[9e7fc535367d]
+
+	* sudoers.pod:
+	Mention that disabling "root_sudo" is pretty pointless.
+	[f38a415afba0]
+
+	* configure, configure.in:
+	Substitute for root_sudo in sudoers.pod
+	[ce483cfc86be]
+
+	* sudo.pod:
+	Add sudoedit to the NAME section
+	[51bc453ec2f6]
+
+	* sudoers.pod:
+	Document that fact that setting ignore_dot in sudoers has no effect
+	due to the fact that find_path() is called *before* sudoers is read.
+	[6808df7e417c]
+
+2004-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Do not require _PATH_USRTMP to be set.
+	[546f3270dd10]
+
+	* BUGS, CHANGES, TODO:
+	sync
+	[4205ddeab781]
+
+	* sudo.man.in:
+	regen
+	[e2143690a88a]
+
+	* sudo.pod:
+	Clarify that when sudo is run by root with the SUDO_USER variable
+	set, the sudoers lookup happens for root and not the SUDO_USER user.
+	[47207bec1bdf]
+
+2004-01-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c, auth/sudo_auth.c, interfaces.c, logging.c, parse.c,
+	set_perms.c, sigaction.c, sudo.c, tgetpass.c:
+	Use the SET, CLR and ISSET macros.
+	[a8b0d7f1e8fd]
+
+	* fnmatch.c:
+	Use the SET, CLR and ISSET macros.
+	[1afbcba22ba6]
+
+	* defaults.c, env.c:
+	Use the SET, CLR and ISSET macros.
+	[2f39431e0a49]
+
+	* interfaces.h:
+	MAIN was replaced with _SUDO_MAIN some time ago.
+	[ea1b38f2ac9d]
+
+	* sudo.c:
+	Don't look at prev_user until after we've parsed sudoers and done
+	the password check. That way, if sudo/sudoedit is run from a root
+	process that was invoked by sudo, we check sudoers for root, not the
+	previous user. This makes sudoedit much more useful and means that
+	for the sudo case, we get correct logging on who actually ran the
+	command.
+	[431dfbf20552]
+
+2004-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo_edit.c:
+	Add a comment describing why we need to be notified about our child
+	stopping.
+	[0bec3ce4b49d]
+
+2004-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.in:
+	Update the noexec variable descriptions
+	[9cb7f1aa0e57]
+
+	* sudoers.man.in, sudoers.pod:
+	noexec now replaces more than just execve()
+	[23cbdc0ee95c]
+
+	* sudo_noexec.c:
+	Alas, all the world does not go through execve(2). Many systems
+	still have an execv(2) system call, Linux 2.6 provides fexecve(2)
+	and it is not uncommon for libc to have underscore ('_') versions of
+	the functions to be used internally by the library. Instead of
+	stubbing all these out by hand, define a macro and let it do the
+	work. Extra exec functions pointed out by Reznic Valery.
+	[9fa0cd871b0c]
+
+	* sudo.c, sudo_edit.c:
+	Fix suspending the editor in -e mode. Because we do a fork() first
+	we need to be notified when the child has been stopped and then send
+	that same signal to ourself so the shell can do its job control
+	thing.
+	[773165eb6057]
+
+	* visudo.c:
+	Use WIFEXITED and WEXITSTATUS macros. If there are systems out
+	there that want to run sudo that still don't support these we can
+	try to deal with that later.
+	[6af68e4aff60]
+
+	* lex.yy.c:
+	regen
+	[403435317d5d]
+
+	* sudo.man.in, sudo.pod, sudoers.man.in, sudoers.pod:
+	Document sudo -e / sudoedit
+	[a80f6ea910af]
+
+	* configure, configure.in:
+	fix typo
+	[5020fcdc27f4]
+
+	* config.h.in, configure.in:
+	Add SET/CLR/ISSET
+	[03ff57286e7e]
+
+2004-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Allow non-exclusive flags when invoked as sudoedit. Pretty print the
+	long usage() line to not wrap (assumes 80 char display)
+	[3941fa4004bb]
+
+	* Makefile.in, sudo.c:
+	If sudo is invoked as "sudoedit" the -e flag is implied and no other
+	flags are permitted.
+	[929670b01293]
+
+	* sudo.h:
+	Add a new flag, -e, that makes it possible to give users the ability
+	to edit files with the editor of their choice as the invoking user,
+	not the runas user. Temporary files are used for the actual edit
+	and the temp file is copied over the original after the editor is
+	done.
+	[c4051414c1f4]
+
+	* Makefile.in, parse.c, parse.lex, sudo.c, sudo_edit.c:
+	Add a new flag, -e, that makes it possible to give users the ability
+	to edit files with the editor of their choice as the invoking user,
+	not the runas user. Temporary files are used for the actual edit
+	and the temp file is copied over the original after the editor is
+	done.
+	[37ac05c8ac3c]
+
+	* env.c, sudo.c:
+	If real uid == 0 and the SUDO_USER environment variables is set, use
+	that to determine the invoking user's true identity. That way the
+	proper info gets logged by someone who has done "sudo su" but still
+	uses sudo to as root. We can't do this for non-root users since
+	that would open up a security hole, though perhaps it would be
+	acceptable to use getlogin(2) on OSes where this a system call (and
+	doesn't just look in the utmp file).
+	[c2f9198708a1]
+
+	* pathnames.h.in:
+	Add _PATH_TMP, _PATH_VARTMP and _PATH_USRTMP
+	[7d9e5768df93]
+
+	* config.h.in, configure, configure.in:
+	Add check for fchown(2)
+	[a85df18798ed]
+
+2004-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Back out portions of the -i commit that set NewArgv[0] in
+	set_runaspw. It is far to late to set NewArgv[0] there and will have
+	no effect anyway as cmnd and safe_cmnd have already been set.
+	[c2d343430c1c]
+
+	* visudo.c, visudo.pod:
+	Prefer VISUAL over EDITOR like old vipw did.
+	[ae32f477cea3]
+
+2004-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, sudo.c:
+	In -i mode always set new environment based on the runas user's
+	passwd entry.
+	[fa653b7887a8]
+
+2004-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.man.in, sudo.pod:
+	Document the new -i flag and sync SYNOPSIS section with usage() in
+	sudo.c. Also sort the flags in the OPTIONS section.
+	[6aabc0ffc47e]
+
+	* sudo.c, sudo.h:
+	o Add -i that acts similar to "su -", based on patches from David J.
+	MacKenzie o Sort the flags in the usage message
+	[c0fe7d6beffd]
+
+	* sudoers.man.in, sudoers.pod:
+	Add a missing @runas_default@ substitution.
+	[60516fe2d090]
+
+2004-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Change euid to runas user before calling find_path().
+	Unfortunately, though runas_user can be modified in sudoers we
+	haven't parsed sudoers yet.
+	[f469fdf2e313]
+
+	* sudoers.man.in, sudoers.pod:
+	Add missing defintion of Parameter_List and use single pipes in the
+	Defaults EBNF definition.
+	[f7bed6e909bf]
+
+	* sudo.c:
+	Fix a bug when set_runaspw() is used as a callback. We don't want
+	to reset the contents of runas_pw if the user specified a user via
+	the -u flag.
+
+	Avoid unnecessary passwd lookups in set_authpw(). In most cases we
+	already have the info in runas_pw.
+	[efc35623ba09]
+
+2004-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	Add Stan Lee / Uncle Ben quote to the lecture from RedHat
+	[ebd5a76ccd7e]
+
+	* sudo.h:
+	Update sudo_getepw() proto and add one for set_runaspw()
+	[6ed65795c17f]
+
+	* parse.c:
+	If we can't stat the command as root, try as the runas user instead.
+	[ae713fca0e15]
+
+	* testsudoers.c, visudo.c:
+	Add stub set_runaspw() function
+	[42aa37050053]
+
+	* sudo.c:
+	Add set_runaspw() function to fill in runas_pw. This will be used
+	as a callback to update runas_pw when the runas user changes.
+	[e570aa0088d0]
+
+	* env.c, sudo.c:
+	PERM_RUNAS -> PERM_FULL_RUNAS
+	[51eec6f9e89a]
+
+	* set_perms.c, sudo.h:
+	Rename PERM_RUNAS -> PERM_FULL_RUNAS and add a PERM_RUNAS that just
+	changes the euid.
+	[877c6fe4d12c]
+
+	* getspwuid.c:
+	Make sudo_pwdup() act like OpenBSD pw_dup() and allocate memory in
+	one chunk for easy free()ing. Also change it from static to extern.
+	[ab503260a7ec]
+
+	* defaults.c, defaults.h:
+	Add callback support
+	[a61c4ca983fb]
+
+	* mkdefaults:
+	Add a callback field and use it for runas_default
+	[96b69c27df5e]
+
+	* def_data.c, def_data.in:
+	Add a callback field and use it for runas_default
+	[d3e9f06872b8]
+
+2004-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/fwtk.c:
+	Add support for chalnecho and display server responses used by fwtk
+	>= 2.0
+	[b1870f7aaf0d]
+
+2004-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.man.in, sudoers.pod:
+	ld.so is ld.so.1 on solaris
+	[2bf9a123fa4c]
+
+	* Makefile.in, config.h.in, configure, configure.in, sudo.c, sudo.h:
+	Use closefrom() instead of doing the equivalent inline.
+	[7e3ef6072884]
+
+	* closefrom.c:
+	closefrom(3) for systems w/o it
+	[35caf58bb636]
+
+2004-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.man.in:
+	Update from .pod file.
+	[d4c94fc0e0c9]
+
+	* configure, configure.in:
+	Substitute noexec_file for the sudoers man page
+	[203d3376a551]
+
+	* sudo.man.in, sudo.pod:
+	Mention noexec
+	[014375ddbb06]
+
+	* sudoers.man.in, sudoers.pod:
+	Document noexec
+	[49a65d06201f]
+
+	* auth/pam.c, config.h.in, configure.in:
+	Move PAM_CONST macro definition from config.h to pam.c where it
+	belongs. We can't have this in config.h since that gets included too
+	early.
+	[e64748071637]
+
+	* auth/pam.c, config.h.in, configure, configure.in:
+	Some PAM implementations put their headers in /usr/include/pam
+	instead of /usr/include/security.
+	[8cc749e9575c]
+
+	* configure.in:
+	I missed changing the EXEC macro -> EXECV here when I changed this
+	in config.h.in and sudo.c a while ago.
+	[6f5afac7789f]
+
+	* acsite.m4:
+	OpenBSD vax/m88k/hppa don't do shared libs
+	[e4901d958bb7]
+
+	* configure, configure.in:
+	o merge the hpux case entries into a single entry w/ its own sub-
+	case statement. o HP-UX >= 11 support getspnam(), use it in
+	preference to getprpwuid()
+	[0caad428894e]
+
+	* configure, configure.in:
+	eval $shrext so that it expands nicely on MacOS X
+	[40419343eef8]
+
+	* Makefile.in:
+	Don't lie about making a module, it does the wrong thing on mach
+	[7629b28f5688]
+
+	* ltmain.sh:
+	Remove requirement that libs must begin with "lib". They don't when
+	we point directly at the lib using LD_PRELOAD or its equivalent.
+	[d66f3de6ec85]
+
+	* acsite.m4:
+	Disable support for c++, f77 and java. We don't need it, it takes a
+	lot of time, and it hosed our check for shared lib support.
+	[4f5749c52ce4]
+
+	* configure:
+	regen
+	[160865e9d15f]
+
+	* configure.in:
+	Call AC_ENABLE_SHARED and check the status of enable_shared to know
+	when shared libs are available.
+	[42504c1668fc]
+
+	* acsite.m4:
+	Duh, OpenBSD suports shared libs too
+	[8e3cd9417475]
+
+	* config.h.in, configure.in:
+	Only OpenPAM and Linux PAM use const qualifiers.
+	[b2f76476e866]
+
+	* configure, configure.in:
+	o No need to check for sed, libtool config does that for us o move
+	check for --with-noexec until after libtool magic is run so we can
+	use $can_build_shared and $shrext
+	[668c656e89cc]
+
+	* ltmain.sh:
+	Don't print a bunch of crap about library installs since we are not
+	really installing a library.
+	[83fbcad29fe4]
+
+	* env.c:
+	Make format_env() varargs Add noexec support for Darwin, MacOS X,
+	Irix, and Tru64
+	[468885d75d10]
+
+	* acsite.m4, ltconfig, ltmain.sh:
+	Update to libtool 1.5 with local changes: o no ldconfig in the
+	finish step o assume no libprefix or version is needed
+	[4961cffc3797]
+
+	* sudo_noexec.c:
+	Fix compilation under K&R
+	[8b309bf0b1b2]
+
+2004-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint
+	[3c368badab32]
+
+	* sudo_noexec.c:
+	stub execve() that just returns EACCES; used for noexec
+	functionality
+	[1297acae283a]
+
+	* sudo.tab.h:
+	Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+	generated code.
+	[dcab78c49273]
+
+	* sudo.tab.c:
+	Regen w/ updated byacc from OpenBSD; fixes a gcc 3.2 issue with
+	generated code.
+	[0a61c735eabe]
+
+2004-01-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* def_data.c, def_data.h, def_data.in:
+	Move the environment defaults to the end and shorten a few of the
+	descriptions.
+	[66787b9c612c]
+
+	* configure, configure.in:
+	no shared libs on ultris or convexos
+	[2c5f3c456e32]
+
+	* Makefile.in, configure, configure.in:
+	Build sudo_noexec shared object using libtool; could use some
+	cleanup.
+	[373f483555dd]
+
+	* acsite.m4, ltconfig, ltmain.sh:
+	libtool scaffolding
+	[c903a42e3d90]
+
+	* parse.yacc, sudo.tab.c:
+	Merge the NOPASSWD/PASSWD and NOEXEC/EXEC rules so that order is not
+	important.
+	[c6e8a34639a4]
+
+	* defaults.c, env.c, lex.yy.c, parse.c, parse.h, parse.lex,
+	parse.yacc, pathnames.h.in, sudo.c, sudo.h, sudo.tab.c:
+	update copyright year
+	[a16372ae1711]
+
+	* configure, configure.in, defaults.c, env.c, pathnames.h.in:
+	Add _PATH_SUDO_NOEXEC and corresponding --with-noexec configure
+	option. The default value of noexec_file is set to this.
+	[7d88e1d3c494]
+
+	* def_data.c, def_data.h, def_data.in, env.c, lex.yy.c, parse.c,
+	parse.h, parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+	sudo.tab.h:
+	Add support for preloading a shared object containing a dummy
+	execve() function that just sets error and returns -1. This adds a
+	"noexec_file" option to load the filename as well as a "noexec" flag
+	to enable it unconditionally. There is also a NOEXEC tag that can
+	be attached to specific commands and an EXEC tag to disable it.
+	[c8b6712feb91]
+
+	* mkdefaults:
+	add missing newline to usage statement
+	[e84746618362]
+
+	* config.h.in, sudo.c:
+	Rename EXEC macro -> EXECV
+	[ddaa0c027299]
+
+	* logging.c:
+	Don't truncate usernames to 8 characters in the log message.
+	[f62a20f27075]
+
+	* check.c, sudoers.man.in, sudoers.pod:
+	Update copyright year
+	[ca9964054085]
+
+	* check.c, def_data.c, def_data.h, def_data.in, sudoers.man.in,
+	sudoers.pod:
+	Add a new option, lecture_file, that can be used to point to a
+	custom sudo lecture.
+	[940133231216]
+
+2003-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c:
+	Add a zero_bytes() function to do the equivalent of bzero in such a
+	way that will heopfully not be optimized away by sneaky compilers.
+	[161b6d74bfb4]
+
+	* zero_bytes.c:
+	Add a zero_bytes() function to do the equivalent of bzero in such a
+	way that will heopfully not be optimized away by sneaky compilers.
+	[d035abf0af94]
+
+	* Makefile.in, sudo.h:
+	Add a zero_bytes() function to do the equivalent of bzero in such a
+	way that will heopfully not be optimized away by sneaky compilers.
+	[ff136de3e255]
+
+	* err.c:
+	Use #ifdef __STDC__, not #if __STDC__.
+	[6889dd6bc51a]
+
+2003-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkdefaults:
+	Always put at least one space between the def_* macro name and its
+	definition.
+	[6b3ad0e6619a]
+
+	* configure, configure.in:
+	Adjust code for --without-lecture to match new values.
+	[062aa788a6b9]
+
+	* visudo.man.in:
+	regen after pasto fix
+	[3deec16906c0]
+
+	* sudoers.man.in, sudoers.pod:
+	Document that "lecture" has changed from a flag to a tuple.
+	[e2c03062b533]
+
+	* check.c, def_data.c, def_data.h, def_data.in, defaults.c,
+	defaults.h, logging.c, mkdefaults, parse.c, sudo.c, sudo.h:
+	Add support for tuples in def_data.in; these are implemented as an
+	enum type. Currently there is only a single tuple enum but in the
+	future we may have one tuple enum per T_TUPLE entry in def_data.in.
+	Currently listpw, verifypw and lecture are tuples. This avoids the
+	need to have two entries (one ival, one str) for pwflags and syslog
+	values.
+
+	lecture is now a tuple with the following values: never, once,
+	always
+
+	We no longer use both an int and string entry for syslog facilities
+	and priorities. Instead, there are logfac2str() and logpri2str()
+	functions that get used when we need to print the string values.
+	[5293f946c836]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/rfc1938.c, auth/securid5.c, auth/sia.c, auth/sudo_auth.c,
+	check.c, def_data.h, defaults.c, defaults.h, env.c, find_path.c,
+	logging.c, mkdefaults, parse.c, parse.yacc, set_perms.c, sudo.c,
+	sudo.tab.c, visudo.c:
+	Create def_* macros for each defaults value so we no longer need the
+	def_{flag,ival,str,list,mode} macros (which have been removed). This
+	is a step toward more flexible data types in def_data.in.
+	[009c02934106]
+
+	* TODO:
+	checkpoint
+	[0a99a4bb5d15]
+
+2003-12-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	If we are in -k/-K mode, just spew to stderr. It is not unusual for
+	users to place "sudo -k" in a .logout file which can cause sudo to
+	be run during reboot after the YP/NIS/NIS+/LDAP/etc daemon has died.
+	Previously, this would result in useless mail and logging.
+	[d282e7ed63af]
+
+2003-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.pod:
+	fix pasto in VISUAL description
+	[1c6a6148b5f9]
+
+2003-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[f44312c63799]
+
+	* CHANGES:
+	checkpoint
+	[0c42e38f78d5]
+
+	* TROUBLESHOOTING:
+	Some OSes (like Solaris) allow export w/ nosuid too
+	[973ce85ffa12]
+
+2003-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	We don't use FD_ZERO anymore so just define FD_SET (if not already
+	there).
+	[d1c8c11905cd]
+
+2003-06-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Fix a core dump on Solaris by preserving the pam_handle_t we used
+	during authentication for pam_prep_user(). If we didn't
+	authenticate (ie: ticket still valid), we call pam_init() from
+	pam_prep_user(). This is something of a hack; it may be better to
+	change the auth API and add an auth_final() function that acts like
+	pam_prep_user().
+	[f787de49b175]
+
+2003-06-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Add explicit declaration of printerr variable in function header
+	(was defaulting to int which is OK but oh so K&R :-). From Theo.
+	[492c2358783f]
+
+2003-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in:
+	s/HAVE_STOW/USE_STOW/
+	[4b99e1824ece]
+
+	* logging.c:
+	Also exit waitpid() loop when pid == 0. Fixes a problem where the
+	sudo process would spin eating up CPU until sendmail finished when
+	it has to send mail.
+	[ec3d5792b9b4]
+
+2003-05-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	Remove advertising clause, UCB has disavowed it
+	[43a26bbd6628]
+
+	* fnmatch.3:
+	Remove advertising clause, UCB has disavowed it
+	[3ff24291bcfa]
+
+2003-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	Don't assume that getgrnam() calls don't modify contents of struct
+	passwd returned by getpwnam(). On FreeBSD w/ NIS this can happen.
+	Based on a patch from Kirk Webb.
+	[5574c68f60f3]
+
+2003-05-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	missing ;;
+	[22378f2a9d31]
+
+	* configure.in:
+	darwin has a broken setreuid() in at least some versions
+	[d572aed930d2]
+
+	* env.c:
+	Fix an off by one error when reallocating the environment; Kevin Pye
+	[3d98e7cf097a]
+
+2003-04-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix User_Spec definition; SEKINE Tatsuo
+	[49b0da65e090]
+
+2003-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* HISTORY:
+	More info on the early days from Coggs.
+	[9381ca10b06b]
+
+2003-04-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	remove errant semicolon that prevented compilation under heimdal
+	[d2f2bb73a598]
+
+2003-04-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c, tgetpass.c, visudo.c, visudo.man.in, visudo.pod:
+	add DARPA credit on affected files
+	[7020785ee50d]
+
+	* sudoers.pod:
+	add DARPA credit on affected files
+	[83b46318750b]
+
+	* sigaction.c, strerror.c, sudo.c, sudo.h, sudo.man.in, sudo.pod,
+	sudoers.man.in:
+	add DARPA credit on affected files
+	[d8adf1c2ba22]
+
+	* set_perms.c:
+	add DARPA credit on affected files
+	[3d79fdabb582]
+
+	* pathnames.h.in:
+	add DARPA credit on affected files
+	[e334cdda422f]
+
+	* logging.c, parse.c:
+	add DARPA credit on affected files
+	[8f75f822755b]
+
+	* auth/passwd.c, auth/rfc1938.c, auth/secureware.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, auth/sudo_auth.c, fileops.c,
+	find_path.c, getprogname.c, getspwuid.c, goodpath.c, interfaces.c,
+	interfaces.h:
+	add DARPA credit on affected files
+	[da66e28fb3f5]
+
+	* auth/kerb5.c, auth/pam.c:
+	add DARPA credit on affected files
+	[15da3021b49c]
+
+	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, parse.lex, parse.yacc, utime.c,
+	version.h:
+	add DARPA credit on affected files
+	[868d54cbddea]
+
+	* env.c:
+	add DARPA credit on affected files
+	[90239f51ef0a]
+
+	* defaults.c, defaults.h:
+	add DARPA credit on affected files
+	[6a64205fd1eb]
+
+	* compat.h:
+	add DARPA credit on affected files
+	[316a735783c4]
+
+	* Makefile.in, alloc.c, check.c:
+	add DARPA credit on affected files
+	[cd939e05c810]
+
+	* LICENSE:
+	slightly different wording for the darpa credit
+	[e468909c4a21]
+
+2003-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	Add DARPA credit
+	[8eb20e2cd63e]
+
+2003-04-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Use krb5_princ_component() instead of krb5_princ_realm() for MIT
+	Kerberos like we did before I messed things up ;-)
+
+	Use krb5_principal_get_comp_string() to do the same thing w/
+	Heimdal. I'm not sure if the component should be 0 or 1 in this
+	case.
+
+	#define ENCTYPE_DES_CBC_MD5 ETYPE_DES_CBC_MD5 for Heimdal since
+	older versions lack ENCTYPE_DES_CBC_MD5. This is gross and there
+	should be a configure check for this I guess.
+	[74919a3933fe]
+
+2003-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	builtin -> built-in; Jason McIntyre
+	[027f2187923e]
+
+	* TROUBLESHOOTING, config.h.in, configure, configure.in:
+	builtin -> built-in; Jason McIntyre
+	[70b81ac48943]
+
+	* sudoers.pod:
+	built in -> built-in; Jason McIntyre
+	[da658ef5138d]
+
+2003-04-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint for 1.6.7p3
+	[da85f989fadf]
+
+	* HISTORY:
+	Update info on the early years @ SUNY-Buffalo from Cliff Spencer.
+	Amazingly, sudo source from 1985 is available via groups.google.com
+	[39e0fc85b89f]
+
+	* sudo.c:
+	Don't change rl.rlim_max for RLIMIT_CORE. We need only set
+	rl.rlim_cur to 0 to turn off core dumps. This may be needed for the
+	RLIMIT_CORE restoration on some OSes.
+	[7e2c1a7adfd8]
+
+2003-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Make this compile on Heimdal and MIT Kerberos 5
+	[44c07d615868]
+
+	* config.h.in, configure, configure.in:
+	Check for heimdal even if we found krb5-config and define
+	HAVE_HEIMDAL.
+	[aba0126f0059]
+
+	* auth/kerb5.c:
+	Replace ETYPE_DES_CBC_MD5 with ENCTYPE_DES_CBC_MD5. The former is
+	no longer defined by MIT kerb5 (though it used to be and indeed
+	remains so in Heimdal).
+	[e5a6c64d7cd5]
+
+2003-04-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	Remove newer stuff that passes multiple (possibly duplicate)
+	directories to "mkdir -p" since that seems to break on Tru64 Unix at
+	least. This basically brings back what shipped with sudo 1.6.6.
+	[f2a1abd872b3]
+
+2003-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/kerb5.c:
+	Correct number of args to krb5_principal_get_realm() and fix an
+	unclosed comment that hid the bug.
+	[0b37f8ce7824]
+
+	* configure:
+	regen
+	[1876cb840fe0]
+
+	* configure.in:
+	++version
+	[480aff7c048e]
+
+	* README:
+	++version
+	[488e0bbff613]
+
+	* Makefile.in:
+	++version
+	[97ef63cedc38]
+
+	* INSTALL.binary:
+	++version
+	[a506204e77d0]
+
+	* INSTALL:
+	++version
+	[555aeba5c2bf]
+
+	* CHANGES, version.h:
+	++version
+	[f66985a64063]
+
+	* BUGS:
+	++version
+	[ea3573432412]
+
+	* configure.in:
+	use krb5-config to determine Kerberos V details if it exists
+	[7b46bbdaf774]
+
+	* alloc.c, auth/fwtk.c, auth/rfc1938.c, auth/securid.c,
+	auth/securid5.c, auth/sia.c, check.c, compat.h, defaults.c, env.c,
+	find_path.c, interfaces.c, logging.c, parse.c, sudo.c, sudo.h,
+	testsudoers.c, visudo.c:
+	Use warn/err and getprogname() throughout. The main exception is
+	openlog(). Since the admin may be filtering logs based on the
+	program name in the log files, hard code this to "sudo".
+	[9f180d015cfa]
+
+	* Makefile.in:
+	Add getprogname.c and err.c
+	[d411c54a07dc]
+
+	* configure:
+	regen
+	[6d585d391acc]
+
+	* config.h.in, configure.in:
+	Add checks for getprognam(), __progname and err.h
+	[bcbccf61d34a]
+
+	* emul/err.h:
+	For systems withour err/warn functions.
+	[1b33118884d9]
+
+	* err.c:
+	For systems withour err/warn functions.
+	[26721f6b041f]
+
+	* getprogname.c:
+	For systems neither getprogname() nor __progname; uses Argv[0].
+	[841cf42af1eb]
+
+2003-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint for 1.6.7p1
+	[5bfdaf441dce]
+
+	* sudo.c, testsudoers.c:
+	fix strlcpy() rval check (innocuous)
+	[e05ac7e0d1f3]
+
+	* check.c:
+	oflow detection in expand_prompt() was faulty (false positives). The
+	count was based on strlcat() return value which includes the length
+	of the entire string.
+	[086c5a0acb25]
+
+2003-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON, TODO:
+	checkpoint for the sudo 1.6.7 release
+	[096bab4da29a] [SUDO_1_6_7]
+
+	* CHANGES:
+	checkpoint for the sudo 1.6.7 release
+	[87322187ed78]
+
+2003-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	g/c unused variable
+	[c57cd4a17765]
+
+	* configure:
+	regen
+	[e7c1f581dfac]
+
+	* configure.in:
+	use man sections 8 and 5 for csops
+	[87de581bda88]
+
+2003-03-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[cb1433a9c7a1]
+
+	* configure.in:
+	Add -lskey or -lopie directly to SUDO_LIBS instead of having
+	AC_CHECK_LIB() add them to LIBS. Fixes visudo linkage.
+	[ac5667978939]
+
+	* configure:
+	regen
+	[638459118a2a]
+
+	* configure.in:
+	Add --with-blibpath for AIX. An alternate libpath may be specified
+	or
+	-blibpath support can be disabled. Also change conifgure such that
+	-blibpath is not specified if no -L libpaths were added to
+	SUDO_LDFLAGS.
+	[c7d17b480cad]
+
+	* aclocal.m4:
+	Add --with-blibpath for AIX. An alternate libpath may be specified
+	or
+	-blibpath support can be disabled. Also change conifgure such that
+	-blibpath is not specified if no -L libpaths were added to
+	SUDO_LDFLAGS.
+	[37022e991575]
+
+	* INSTALL:
+	Add --with-blibpath for AIX. An alternate libpath may be specified
+	or
+	-blibpath support can be disabled. Also change conifgure such that
+	-blibpath is not specified if no -L libpaths were added to
+	SUDO_LDFLAGS.
+	[4b4bbe5bbe1b]
+
+	* configure.in:
+	add AIX blibpath support
+	[16ba788bf086]
+
+	* INSTALL, configure.in:
+	--with-skey and --with-opie now take an option directory argument
+	This obsoletes a --with-csops hack (/tools/cs/skey)
+
+	Also remove the remaining direct uses of "echo"
+	[5b4986a90c03]
+
+2003-03-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	Detect KTH Kerberos IV and deal with it. Also make -lroken optional
+	for KTH Kerberos IV and V.
+	[119f97b48e18]
+
+	* aclocal.m4:
+	Add SUDO_APPEND_LIBPATH function that add -L/path/to/dir (and
+	-R/path/to/dir if $with_rpath) to the specified variable.
+	[e55e49d076ce]
+
+	* INSTALL, configure.in:
+	Add -R/path/to/libs for Solaris and SVR4. There is a new configure
+	option, --with-rpath to control this behavior.
+	[d4730c5399ab]
+
+	* configure.in:
+	for kerb4 put libdes after libkrb on the link line
+	[5c566100eab6]
+
+	* auth/kerb4.c:
+	typo
+	[6541b72b64a3]
+
+	* configure.in:
+	fix kerberos lib check when a path is specified
+	[ae833a914c6f]
+
+	* logging.c:
+	Fix boolean thinko in SIGCHLD reaper and call reapchild after
+	sending mail instead of doing a conditional sudo_waitpid.
+	[86fa9a35df5a]
+
+2003-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[e6275cf528ba]
+
+	* configure.in:
+	replace =DIR with [=DIR] where sensible
+	[c39a59173b38]
+
+	* configure.in:
+	o Use AC_MSG_* instead of "echo" o New Kerberos include/lib
+	detection based on openssh's configure.in
+	[5b7a340912df]
+
+	* INSTALL:
+	--with-kerb4 and --with-kerb5 now take an optional argument.
+	[71ed87fc9c64]
+
+2003-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid.c:
+	Kill remaining strcpy(), the programmer's guide says username is 32
+	bytes.
+	[bdba70fcd08d]
+
+	* auth/kerb4.c:
+	trat uid_t as unsigned long for printf and use snprintf, not sprintf
+	[8072f5f8966d]
+
+	* auth/rfc1938.c:
+	use snprintf
+	[fc0c70c665fe]
+
+2003-03-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/sudo_auth.c:
+	update copyright year
+	[b0a10ccb1d0e]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	update copyright year
+	[8fce0034eb51]
+
+	* LICENSE, Makefile.in, aclocal.m4, alloc.c, check.c, compat.h,
+	configure.in, env.c, find_path.c, interfaces.c, logging.c, parse.c,
+	parse.lex, parse.yacc, set_perms.c, sudo.c, sudo.h, sudo.pod,
+	sudoers.pod, testsudoers.c, version.h, visudo.c, visudo.pod:
+	update copyright year
+	[d541e75fe520]
+
+	* check.c, env.c, sudo.c:
+	Cast [ug]ids to unsigned long and printf with %lu
+	[2ede64d3592b]
+
+	* configure:
+	regen
+	[c7c3245bdf3e]
+
+	* configure.in:
+	correct error messages for --with-sudoers-{mode,uid,gid}
+	[77fc15b1c9db]
+
+	* alloc.c:
+	make the malloc(0) error specific to each function to aid tracking
+	down bugs.
+	[a58c34374b4b]
+
+	* alloc.c:
+	deal with platforms where size_t is signed and there is no SIZE_MAX
+	or SIZE_T_MAX
+	[7192abb4ab4e]
+
+	* auth/kerb5.c:
+	Make this compile w/ Heimdal and fix some gcc warnings.
+	[f52f026f31c2]
+
+	* sudo.c:
+	Use stat_sudoers macro so --with-stow can work
+	[c3674735c139]
+
+	* INSTALL, config.h.in, configure, configure.in:
+	Add support for --with-stow based on patches from Robert Uhl
+	[b274cc1dd52c]
+
+	* env.c:
+	fix indentation
+	[110d9f1721b1]
+
+	* configure.in:
+	back out rev 1.352
+	[1eee91c83f11]
+
+	* lex.yy.c:
+	regen
+	[72fba1c9590b]
+
+	* parse.lex:
+	use strlcpy, not strncpy
+	[4faccbaeccef]
+
+	* set_perms.c:
+	Fix typo; check pw_uid, not pw_gid after setusercontext() failure.
+	[33bf0d18fdc1]
+
+	* logging.c:
+	use pid_t
+	[3e0536993d2c]
+
+2003-03-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* strlcat.c, strlcpy.c:
+	Make gcc shutup about unused rcsid
+	[1669a0c74e9e]
+
+	* interfaces.c:
+	Move the n == 0 check for the non-getifaddrs cas
+	[2460be061b2a]
+
+	* auth/rfc1938.c:
+	skeychallenge() on NetBSD take a size parameter
+	[05acc2012801]
+
+	* configure:
+	regen
+	[24bccf4749e8]
+
+	* configure.in:
+	put -ldl after -lpam, not before; fixes static linking on Linux
+	[7f06b7b2b4d8]
+
+	* interfaces.c:
+	Avoid malloc(0) and fix the loop invariant for the getifaddrs()
+	case.
+	[239a55068646]
+
+	* sudo.cat, sudoers.cat, visudo.cat:
+	regen
+	[4a2eed3981ca]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	regen
+	[2c96ea2cf930]
+
+	* Makefile.in:
+	Preserve copyright notice from .pod file in .man.in file
+	[519fbd09aebc]
+
+	* visudo.pod:
+	Add sudoers(5) to SEE ALSO
+	[77ecfe3aedf1]
+
+2003-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c:
+	regen
+	[6f5751ce0b74]
+
+	* parse.lex:
+	Don't assume libc can realloc() a NULL string. If malloc/realloc
+	fails, make sure we just return; yyerror() is not terminal.
+	[1b8618623708]
+
+	* lex.yy.c:
+	regen
+	[5d31b46191c6]
+
+	* parse.lex:
+	simplify fill_args a little and use strlcpy for paranoia
+	[0ea35a55542b]
+
+	* sudo.tab.c:
+	regen
+	[5a8d508d708b]
+
+	* check.c, env.c, find_path.c, parse.c, parse.yacc, sudo.c,
+	testsudoers.c:
+	Use strlc{at,py} for paranoia's sake and exit on overflow. In all
+	cases the strings were either pre-allocated to the correct size of
+	length checks were done before the copy but a little paranoia can go
+	a long way.
+	[e73d28f1d14e]
+
+	* sudo.h:
+	Add strlc{at,py} protos
+	[748ffc7fc7f4]
+
+	* env.c, interfaces.c:
+	Use erealloc3()
+	[47f2cb46aba8]
+
+	* configure:
+	regen
+	[e7e2fb79f935]
+
+	* alloc.c:
+	Oflow test of nmemb > SIZE_MAX / size is fine (don't need >=). Use
+	memcpy() instead of strcpy() in estrdup() so this is strcpy()-free.
+	[7e0fa4d6fc1d]
+
+	* sudo.c:
+	snprintf() a uid as %lu, not %ld to match the MAX_UID_T_LEN test in
+	configure.
+	[09ea4d3959e9]
+
+	* aclocal.m4:
+	In MAX_UID_T_LEN test cast uid_t to unsigned long, just unsigned.
+	[31b4fdfdb8bf]
+
+2003-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Use snprintf() for paranoia
+	[a2659ceb46de]
+
+	* parse.yacc:
+	Use emalloc2 and erealloc3
+	[90a069842401]
+
+	* Makefile.in:
+	strlc{at,py} for those w/o it
+	[bac82dc916ee]
+
+	* strlcat.c, strlcpy.c:
+	stlc{at,py} for those w/o it.
+	[ce7254f5db09]
+
+	* config.h.in, configure, configure.in:
+	Add stlc{at,py} for those w/o it.
+	[00f08219657a]
+
+	* alloc.c, sudo.h:
+	Add erealloc3(), a realloc() version of emalloc2().
+	[c96eaf08bbed]
+
+	* interfaces.c, sudo.c:
+	Use emalloc2() to allocate N things of a certain size.
+	[1e0aba365555]
+
+	* alloc.c, sudo.h:
+	Add emalloc2() -- like calloc() but w/o the bzero and with
+	error/oflow checking.
+	[292150bc4153]
+
+	* alloc.c:
+	Error out on malloc(0); suggested by theo
+	[995279e81326]
+
+2003-03-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix a typo; David Krause
+	[f161213a17ab]
+
+2003-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	fix typo
+	[3ae5ad9a351a]
+
+2003-03-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Remove DYLD_ from the environment for MacOS X; from bbraun
+	[38caad5a3935]
+
+2003-03-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in:
+	not not; Anil Madhavapeddy
+	[d4f4f0bfc66b]
+
+2003-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	typos; jmc@openbsd.org
+	[868c0f09bf9e]
+
+2003-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	Add some missing ';' rule terminators that bison warns about.
+	[535b0b8dcce5]
+
+	* config.sub:
+	fix typo I introduced in last merge
+	[81db4e4f43fe]
+
+	* configure:
+	regenerate with autoconf 2.57
+	[ca0c1e9564f8]
+
+	* config.h.in:
+	Add missing "$HOME"
+	[209186197ad1]
+
+	* configure.in:
+	Add some more square backets to make autoconf 2.57 happy
+	[b5639c14faf7]
+
+	* config.sub, mkinstalldirs:
+	Updates from autoconf-2.57
+	[36be35eb331b]
+
+	* config.guess:
+	Updates from autoconf-2.57
+	[ea0f8ca622af]
+
+2003-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.h:
+	regen
+	[13a65a421567]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[0b529db7cb6d]
+
+	* parse.lex, parse.yacc, sudoers.pod:
+	Add support for Defaults>RunasUser
+	[20d726373175]
+
+2003-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	fclose() yyin after each yyparse() is done and use fopen() instead
+	of using freopen().
+	[587f8a2df857]
+
+	* parse.lex:
+	Better fix for sudoers files w/o a newline before EOF. It looks
+	like the issue is that yyrestart() does not reset the start
+	condition to INITIAL which is an issue since we parse sudoers
+	multiple times.
+	[920f8326968a]
+
+2003-01-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.lex:
+	Work around what appears to be a flex bug when dealing with files
+	that lack a final newline before EOF. This adds a rule to match EOF
+	in the non-initial states which resets the state to INITIAL and
+	throws an error.
+	[b94943bb1f81]
+
+	* visudo.c:
+	o The parser needs sudoers to end with a newline but some editors
+	(emacs) may not add one. Check for a missing newline at EOF and
+	add one if needed. o Set quiet flag during initial sudoers parse (to
+	get options) o Move yyrestart() call and always use freopen() to
+	open yyin after initial sudoers parse.
+	[12d12f9b07aa]
+
+2002-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Fix pasto/thinko in setresgid()/setregid() usage. Want to set
+	effective gid, not real gid, when reading sudoers.
+	[c7d18b810fcd]
+
+	* set_perms.c:
+	don't compile set_perms_posix if we have setreuid or setresuid
+	[b9cea7a81a29]
+
+2002-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, sudoers.pod:
+	document new prompt escapes
+	[2f088076b640]
+
+	* check.c:
+	Add %U and %H escapes and redo prompt rewriting. "%%" now gets
+	collapsed to "%" as was originally intended. This also gets rid of
+	lastchar (does lookahead instead of lookback) which should simplify
+	the logic slightly.
+	[4b707b77b3c7]
+
+2002-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Write the prompt *after* turning off echo to avoid some password
+	characters being echoed on heavily-loaded machines with fast
+	typists.
+	[d38c57775915]
+
+	* config.sub:
+	Add support for mipseb; wiz@danbala.tuwien.ac.at
+	[cfdac87ed5c8]
+
+	* configure.in:
+	Fix IRIX fallout from name changes in man dir/sect Makefile
+	variables. Patch from erici AT motown DOT cc DOT utexas DOT edu
+	[9a7618755c23]
+
+	* auth/pam.c:
+	Keep a local copy of tgetpass_flags so we don't add in TGP_ECHO to
+	the global copy. Problem noted by Peter Pentchev.
+	[d0a3e189cb06]
+
+2002-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[23b931359087]
+
+	* parse.yacc:
+	Add missing yyerror() calls; YYERROR does not seem to call this for
+	us.
+	[0be7aeb3ac57]
+
+2002-11-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	fix typo in comment; Pedro Bastos
+	[d7406c460e99]
+
+2002-11-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	document --disable-setresuid
+	[fbd03d03a027]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c:
+	Sprinkle some volatile qualifiers to prevent over-enthusiastic
+	optimizers from removing memset() calls.
+	[5370ac0e6129]
+
+	* logging.c, parse.yacc:
+	minor sign fixes pointed out by gcc -Wsign-compare
+	[db872438337f]
+
+	* set_perms.c, sudo.c, sudo.h:
+	Revamp set_perms. We now use a version based on setresuid() or
+	setreuid() when possible since that allows us to support the
+	stay_setuid option and we always know exactly what the semantics
+	will be (various Linux kernels have broken POSIX saved uid support).
+	[523bc212396c]
+
+	* config.h.in, configure:
+	regen from configure.in
+	[351877ea2624]
+
+	* configure.in:
+	Add checks for setresuid() and a way to disable using it
+	[a5b21653d169]
+
+	* compat.h:
+	No long need to emulate set*[ug]id() via setres[ug]id() or
+	setre[ug]id(). The new set_perms stuff only uses things it knows are
+	there.
+	[47884bd5d1d9]
+
+	* sudo.c:
+	Before exec, restore state of signal handlers to be the same as when
+	we were initialy invoked instead of just reseting to SIG_DFL. Fixes
+	a problem when using sudo with nohup. Based on a patch from Paul
+	Markham.
+	[f8f5a1484faa]
+
+	* sudo.c:
+	o timestamp_uid should be uid_t, not int o clarify error message
+	when sudo is run by root and no_root_sudo is set
+	[19dda0734264]
+
+2002-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	update ftp link for bison
+	[98bc191016e3]
+
+2002-07-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Error out if setusercontext() fails and the runas user is not root.
+	[089f9ade4686]
+
+2002-05-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid5.c:
+	Fix rcsid
+	[07e9e85dcc2f]
+
+	* configure.in:
+	Fix SecurID API test
+	[5ec201f454a5]
+
+2002-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	typo in comment
+	[9d385c9ac533]
+
+	* configure.in:
+	securid5 stuff needs pthreads. Just adding -lpthread is suboptimal
+	but I don't see a better way at the moment.
+	[f89e55cbb313]
+
+	* Makefile.in, auth/securid5.c:
+	SecurID API version 5 support from Michael Stroucken
+	[68500ac7e531]
+
+	* configure.in:
+	Add check for SecurID 5.0 API
+	[1ee242e6de6b]
+
+2002-05-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* strerror.c:
+	We actually do still need config.h to get the 'const' definition for
+	K&R C.
+	[d9c982032d85]
+
+2002-05-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen with autoconf 2.5.3
+	[c71fc086eef5]
+
+	* configure.in:
+	Don't set sysconfdir to '/etc' if the user has specified a --prefix.
+	[d90da1efafd9]
+
+	* configure.in:
+	Some fixes for autoconf 2.53 from Robert Uhl o don't AC_SUBST
+	LIBOBJS o force a 4th arg for AC_CHECK_HEADER() to workaround a bug
+	[dd67afefa90d]
+
+	* env.c, sudo.c, sudo.h:
+	No need for dump_badenv() now that dump_defaults() knows how to dump
+	lists.
+	[6bcda468501d]
+
+	* BUGS, INSTALL, INSTALL.binary, Makefile.in, README, configure.in,
+	version.h:
+	++version
+	[44e3b8f95f0b]
+
+	* sudoers.pod:
+	document timestampowner
+	[37ebd69e9dd1]
+
+	* check.c:
+	Don't call set_perms() when doing timestamp stuff unless
+	timestamp_uid != 0.
+	[63a63d41d18c]
+
+	* auth/sudo_auth.c, check.c, logging.c, parse.c, set_perms.c, sudo.c,
+	sudo.h, testsudoers.c:
+	g/c second arg to set_perms--it is no longer used
+	[7ac4ce50c612]
+
+2002-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, set_perms.c, sudo.c, sudo.h:
+	Add support for non-root timestamp dirs. This allows the timestamp
+	dir to be shared via NFS (though this is not recommended).
+	[faa83dd2b7fb]
+
+	* def_data.c, def_data.h, def_data.in:
+	Add timestampowner, "Owner of the authentication timestamp dir"
+	[d47640d4c86a]
+
+2002-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Don't try to pre-compute the size of the new envp, just allocate
+	space up front and realloc as needed. Changes to the new env
+	pointer must all be made through insert_env() which now keeps track
+	of spaced used and allocates as needed.
+	[39bc934a9f2c]
+
+2002-04-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[0e12c09bb790]
+
+	* configure.in:
+	Fix two typo/pastos; from jrj@purdue.edu
+	[b718a4bf1181]
+
+2002-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL.binary, README:
+	++version
+	[a1e33027278c] [SUDO_1_6_6]
+
+	* configure, sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in,
+	visudo.cat, visudo.man.in:
+	regen
+	[19eb2be283ef]
+
+	* CHANGES, RUNSON, TODO:
+	Sync with 1.6.6
+	[2ff9a9087f63]
+
+	* check.c:
+	The the loop used to expand %h and %u, the lastchar variable was not
+	being initialized. This means that if the last char in the prompt
+	is '%' and the first char is 'h' or 'u' a extra copy of the host or
+	user name would be copied, for which space had not been allocated.
+	[b2e27197857d]
+
+2002-04-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, configure.in, version.h:
+	crank version to 1.6.6
+	[cfd08689e597]
+
+	* auth/afs.c:
+	#undef VOID to get rid of an AFS warning
+	[b40760564dc1]
+
+	* env.c:
+	Use easprintf instead of emalloc + sprintf for some things.
+	[e7bfe2e69a03]
+
+2002-03-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[35327104383d]
+
+	* parse.c, parse.lex, parse.yacc, testsudoers.c:
+	Remove Chris Jepeway's email address so people don't bug him ;-)
+	[c03410747a69]
+
+2002-03-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Move endpwent() to be after set_perms(PERM_RUNAS, ...) and also call
+	endgrent() at the same time.
+	[28b6097d5d1a]
+
+2002-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Make it clear which configure options take arguments.
+	[38529e7efad0]
+
+2002-01-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY. If there is no
+	RLIM_INFINITY, just pretend it is -1. This works because we only
+	check for RLIM_INFINITY and do not set anything to that value.
+	[53173d34e6eb]
+
+2002-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Zero and free allocated memory when there is a conversation error.
+	[e342133db579]
+
+	* auth/bsdauth.c:
+	Use sigaction() not signal()
+	[126c2790561f]
+
+	* INSTALL:
+	Mention that some linux kernels have broken POSIX saved ID support
+	[571ef1a893d3]
+
+	* CHANGES:
+	checkpoint for 1.6.5p2
+	[9e9e456f7f43]
+
+	* configure:
+	regen
+	[d53703a46708]
+
+	* configure.in:
+	Add --disable-setreuid flag
+	[3b9f2679cb55]
+
+	* INSTALL:
+	Document new --disable-setreuid option and change description for
+	--disable-saved-ids to match new error message.
+	[14fd3e5f60a5]
+
+	* set_perms.c:
+	fatal() now takes an argument that determines whether or not to call
+	perror().
+	[d826b25e62ff]
+
+	* TROUBLESHOOTING:
+	Update for new error messages from set_perms()
+	[78007c3f76a9]
+
+	* PORTING:
+	Update for new error messages from set_perms()
+	[60c545a6bcff]
+
+2002-01-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Make this compile w/o warnings
+	[b90843a29af5]
+
+	* auth/pam.c:
+	Mention that we can't use pam_acct_mgmt()
+	[1dfc5a6e0479]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c:
+	The user's password was not zeroed after use when AIX
+	authentication, BSD authentication, FWTK or PAM was in use.
+	[b18fff30b1e7]
+
+2002-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Avoid giving PAM a NULL password response, use the empty string
+	instead. This avoids a log warning when the user hits ^C at the
+	password prompt when PAM is in use.
+	[c3315805e4e4]
+
+	* auth/pam.c:
+	Don't check the return value of pam_setcred(). In Linux-PAM 0.75
+	pam_setcred() returns the last saved return code, not the return
+	code for the setcred module. Because we haven't called
+	pam_authenticate(), this is not set and so pam_setcred() returns
+	PAM_PERM_DENIED.
+	[73db145fa179]
+
+	* Makefile.in:
+	Don't need a '/' between $(DESTDIR) and a directory.
+	[0901ca618176]
+
+	* Makefile.binary:
+	Don't need a '/' between $(DESTDIR) and a directory.
+	[cd7eb6098b87]
+
+2002-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[41b12c039282]
+
+	* configure.in:
+	o BSDi also has a bogus setreuid() o Old FreeBSD has a bogus
+	setreuid() o new NetBSD has a real setreuid() o add check for
+	freeifaddrs() if getifaddrs() exists.
+	[a82ee3b01733]
+
+	* config.h.in, interfaces.c:
+	Older BSDi releases lack freeifaddrs() so add a test for that and if
+	it is not present just use free().
+	[6270671ea9d5]
+
+2002-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, RUNSON:
+	Checkpoint for 1.6.5p1
+	[26134ecf9b36]
+
+	* auth/passwd.c:
+	Return AUTH_FAILURE in passwd_init() if skeyaccess() denies access
+	to normal passwords, not AUTH_FATAL (which just causes an exit).
+	[785e0f4bc0e2]
+
+	* visudo.c:
+	Don't use memory after it has been freed.
+	[c60492739fdb]
+
+	* auth/passwd.c:
+	skeyaccess() wants a struct passwd * not a char *; Patch from
+	Phillip E. Lobbes
+	[65a1d3806fcd] [SUDO_1_6_5]
+
+	* BUGS:
+	++version
+	[b2e1825e692e]
+
+	* CHANGES, RUNSON, TODO:
+	checkpoint for sudo 1.6.5
+	[d730945622e7]
+
+2002-01-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[49744c403ac9]
+
+	* INSTALL, INSTALL.binary, Makefile.in, README, configure.in:
+	version 1.6.5
+	[ec30a5f7fc45]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	sudo version 1.6.5
+	[458a3bed535d]
+
+	* logging.c:
+	o when invoking the mailer as root use a hard-coded environment that
+	doesn't include any info from the user's environment. Basically
+	paranoia.
+
+	o Add support for the NO_ROOT_MAILER compile-time option and run the
+	mailer as the user and not root if NO_ROOT_MAILER is defined.
+	[4df351ec92ce]
+
+	* set_perms.c, sudo.h:
+	Bring back PERM_FULL_USER
+	[edb6039bb284]
+
+	* configure:
+	regen
+	[3eb2943afa03]
+
+	* version.h:
+	version 1.6.5
+	[044fc9a0c72b]
+
+	* INSTALL, config.h.in, configure.in:
+	Add --disable-root-mailer option to run the mailer as the user and
+	not root.
+	[e9f805397963]
+
+	* CHANGES:
+	checkpoint for 1.6.4p2
+	[b58aae5aa98a]
+
+	* PORTING:
+	Mention the "seteuid(0): Operation not permitted" problem here too
+	just for good measure.
+	[90135b37a691]
+
+2002-01-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c, getspwuid.c, sudo.c:
+	The SHELL environment variable was preserved from the user's
+	environment instead of being reset based on the passwd database when
+	the "env_reset" option was used. Now it is reset as it should be.
+	[300066ef3c71]
+
+	* configure:
+	regen
+	[a47d779e6552]
+
+	* INSTALL, TROUBLESHOOTING, config.h.in, configure.in, set_perms.c,
+	sudo.c:
+	Add a configure option to turn off use of POSIX saved IDs
+	[fb18cc8e94d0]
+
+	* configure:
+	regen
+	[d4f2f20025b6]
+
+	* configure.in:
+	add --with-efence option
+	[45c4f33a8e88]
+
+	* sudo.c:
+	Only OR in MODE_RESET_HOME if MODE_RUN is set. Fixes a problem where
+	"sudo -l" would not work if always_set_home was set.
+	[c3a6de6c4800]
+
+	* lex.yy.c:
+	regen
+	[417424452998]
+
+	* parse.lex:
+	Quoted commas were not being treated correctly in command line
+	arguments.
+	[753415541b37]
+
+	* sudo.c:
+	o Move the call to rebuild_env() until after MODE_RESET_HOME is set.
+	Otherwise, the set_home option has no effect.
+
+	o Fix use of freed memory when the "fqdn" flag is set. This was
+	introduced by the fix for the "segv when gethostbynam() fails" bug.
+	Also, we no longer call set_fqdn() if the "fqdn" flag is not set so
+	there is no need to check the "fqdn" flag in set_fqdn() itself.
+	[4b6a4245c04e]
+
+	* env.c:
+	Add 'continue' statements to optimize the switch statement. From
+	Solar.
+	[a82c76975ae5]
+
+2002-01-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	Regen from new sudoers.pod
+	[6ecc07b3d0e1] [SUDO_1_6_4]
+
+	* sudoers.pod:
+	Add caveat about stay_setuid flag
+	[9d228a7bea1b]
+
+	* sudo.c:
+	If set_perms == set_perms_posix and the stay_setuid flag is not set,
+	set all uids to 0 and use set_perms_fallback().
+	[c4e54d1ec86f]
+
+	* set_perms.c, sudo.h:
+	Remove PERM_FULL_USER (which is no longer used) and add
+	PERM_FULL_ROOT (used when exec'ing the mailer).
+	[15406c522ea2]
+
+	* logging.c:
+	Use set_perms(PERM_FULL_ROOT, 0) before exec'ing the mailer since we
+	never want to run the mailer setuid.
+	[2294853e0666]
+
+2002-01-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod, visudo.cat, visudo.man.in,
+	visudo.pod:
+	Use sudo.ws instead of courtesan.com in URLs
+	[55204002a308]
+
+	* Makefile.binary, Makefile.in:
+	Fix mansect substitution
+	[b7b5cbc3aa91]
+
+	* Makefile.in:
+	Substitute man sections in Makefile.binary
+	[040deb785e56]
+
+	* Makefile.binary:
+	Sync install targets with Makefile.in and substitute in man
+	sections.
+	[77882a275281]
+
+	* INSTALL, INSTALL.binary:
+	version is 1.6.4
+	[0f87aabbcb70]
+
+	* Makefile.in:
+	Repair bindist target
+	[8d43bfe7e2d1]
+
+	* CHANGES:
+	sync for 1.6.4
+	[13ca3d4a0a72]
+
+2002-01-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	Fix case where neither whoami nor id are found
+	[424dd270bc47]
+
+2002-01-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	If neither whoami nor id exists, just assume we are root.
+	[2d2644e42c53]
+
+	* alloc.c:
+	Add explicit cast to (VOID *) on malloc/realloc. Seems to be needed
+	on AIX which for some reason isn't pulling in the malloc prototype.
+	[231440d2ee3b]
+
+2002-01-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, aclocal.m4, compat.h, parse.c, sudo.c:
+	(c) 2002
+	[700e3b41a68e]
+
+	* CHANGES:
+	checkpoint
+	[33e604bd8d5b]
+
+	* sudo.c:
+	Defer assigning new environment until right before the exec.
+	[f13c49e75c1c]
+
+	* parse.c:
+	kill extra blank line
+	[12ef22e9dae3]
+
+2002-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[a6cd2d788f74]
+
+	* configure.in:
+	Use -O not -O2 for m88k-motorola-sysv* since motorola gcc-derived
+	compiler doesn't recognise -O2.
+	[5234aa543692]
+
+	* HISTORY:
+	Clarify origins of Root Group sudo a bit based on info from
+	billp@rootgroup.com
+	[4deef01c4208]
+
+2002-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE:
+	2002
+	[6c8e089dbd1a]
+
+	* CHANGES:
+	checkpoint for 1.6.4rc1
+	[3349eb87a49f]
+
+2002-01-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	now generated via autoheader
+	[84657d303cb9]
+
+	* configure:
+	regen
+	[207bfa6a13f6]
+
+	* compat.h:
+	Move in some stuff that was previously in config.h.
+	[e576d8b6480f]
+
+	* aclocal.m4, configure.in:
+	Add info for autoheader.
+	[0549cd5da27c]
+
+2002-01-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	o Add DESTDIR support o Use -M, -O, and -G instead of -m, -o, and
+	-g to facilitate non-root installs
+	[619216038f56]
+
+	* install-sh:
+	Add -M option (like -m but only for root) If we can't find "whoami",
+	use "id" w/ some sed.
+	[b39121c8b792]
+
+	* configure:
+	regen
+	[b39b93ff9804]
+
+	* configure.in:
+	allow user to always override mansectsu and mansectform
+	[0fca5e63bd90]
+
+2001-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	update from autoconf 2.52
+	[07bd75a508c3]
+
+	* config.guess, config.sub:
+	Update from autoconf 2.52
+	[857b90fe31b7]
+
+	* configure:
+	regen with autoconf 2.52
+	[08e7d1ea2aeb]
+
+	* configure.in:
+	o Call AC_PROG_CC_STDC to find out how to run the compiler in ANSI
+	mode o Remove compiler-specific checks for HP-UX now that we use
+	AC_PROG_CC_STDC
+	[d433a70b6208]
+
+	* RUNSON:
+	Checkpoint
+	[babf6d2235d1]
+
+	* auth/pam.c:
+	o Add pam_prep_user function to call pam_setcred() for the target
+	user; on Linux this often sets resource limits. o When calling
+	pam_end(), try to convert the auth->result to a PAM_FOO value.
+	This is a hack--we really need to stash the last PAM_FOO value
+	received and use that instead.
+	[6ad6f340dd2a]
+
+	* set_perms.c, sudo.h:
+	o Add pam_prep_user function to call pam_setcred() for the target
+	user; on Linux this often sets resource limits.
+	[67795421ac82]
+
+	* env.c:
+	Fix off by one error in number of bytes allocated via malloc (does
+	not affected any released version of sudo).
+	[5f5915360111]
+
+2001-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c:
+	regen
+	[8208c0277775]
+
+	* parse.lex:
+	Allow '@', '(', ')', ':' in arguments to a defaults variable w/o
+	requiring that they be quoted.
+	[ae59bc8f68dd]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Mention that no double quotes are needed when
+	adding/deleting/assigning a single value to a list.
+	[25efc940a1f0]
+
+	* Makefile.in:
+	Don't rely on mkdefaults being executable, call perl explicitly.
+	[6edc97ba5f1d]
+
+	* sudo.tab.c:
+	regen
+	[49130b2e7e4d]
+
+	* parse.yacc:
+	Remove some XXX that are no longer relevant.
+	[d460ac0d3767]
+
+	* defaults.c:
+	o Roll our own loop instead of using strpbrk() for better
+	grokability o When adding to a list we must malloc() and use
+	memcpy(), not strdup() since we must only copy len bytes from str.
+	[649bef08e1f0]
+
+2001-12-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[f0bbf2c38c0e]
+
+	* parse.yacc:
+	typo in comment
+	[2563711ff593]
+
+2001-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	checkpoint
+	[a6d8a29fb30e]
+
+	* configure:
+	regen
+	[bdfcaaf3bd13]
+
+	* configure.in:
+	avoid the -g flag unless --with-devel was specified
+	[a976707bef30]
+
+	* Makefile.in:
+	mkdefaults, def_data.in and sigaction.c were missing from the
+	tarball
+	[6917ffbaa412]
+
+	* Makefile.in:
+	def_data.c was missing
+	[87c78b11453d]
+
+2001-12-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	Fix setting of $USER and $LOGNAME in the non-reset_env case. Also
+	allow HOME, SHELL, LOGNAME, and USER to be specified in keep_env
+	[fc8698e6a45e]
+
+	* TODO:
+	Another TODO item
+	[6f251d6cd466]
+
+	* sudoers:
+	Add comment for Default section so folks know where it should go.
+	[7edba626f392]
+
+2001-12-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Use TCSETAF, not TCSETA to set terminal in termio case
+	[fbd172f6c5d3]
+
+	* sudoers.cat, sudoers.man.in:
+	regen from sudoers.pod
+	[64edd2de816e]
+
+	* sudoers.pod:
+	o Typo, Runas_User_List should be Runas_List o a User_List can not
+	contain a uid o mention that the Defaults section should come after
+	Alias definitions but before the user specifications
+	[54070ba2092b]
+
+2001-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[e62d1d97693c]
+
+	* sudoers.pod:
+	Fix listpw and verifypw sections, they were not being formatted
+	properly.
+	[123868c2f3e9]
+
+	* sudoers.cat, sudoers.man.in:
+	regen
+	[f94841f8b374]
+
+	* sudoers.pod:
+	fix typos
+	[f278f1c1184e]
+
+	* configure:
+	regen
+	[d2270049ba9f]
+
+	* config.h.in, configure.in:
+	use AC_SYS_POSIX_TERMIOS instead of rolling our own
+	[c1a13f1354b9]
+
+	* README:
+	Reference sudo.ws not courtesan.com
+	[ca13be67ebd7]
+
+	* PORTING:
+	Add notes on shadow passwords
+	[aa13863f2314]
+
+	* BUGS:
+	In list mode (sudo -l), characters escaped with a backslash are
+	shown verbatim with the backslash.
+	[1a75a2858be2]
+
+	* sudoers:
+	Add simple examples from OpenBSD (Marc Espie)
+	[3ae9a9ae4125]
+
+	* tgetpass.c:
+	Catch SIGTTIN and SIGTTOU too and treat them like SIGTSTP.
+	[f8817699ee10]
+
+	* CHANGES:
+	minor prettyification
+	[f523587929b9]
+
+	* CHANGES:
+	Updated change log
+	[39d9010ee7a8]
+
+	* testsudoers.c:
+	Fix CIDR handling here too.
+	[c91db8344c32]
+
+	* auth/pam.c:
+	Apparently a NULL response is OK
+	[83bae61078d9]
+
+	* TODO:
+	Checkpoint for upcoming beta release
+	[efb95c09df2a]
+
+	* TROUBLESHOOTING:
+	Many people believe that adding a runas spec should obviate the need
+	for the -u flag. It does not.
+	[c698bad85b0e]
+
+	* RUNSON:
+	checkpoint update for upcoming 1.6.4 beta
+	[009e465a0a45]
+
+	* config.h.in:
+	o Add HAVE_STDLIB_H and HAVE_MEMORY_H o Define HAVE_STRINGS_H even
+	if HAVE_STRING_H is defined -- this is safe now
+	[d27c035f4e14]
+
+	* PORTING:
+	Add signals section
+	[2d24c13cb3c8]
+
+	* configure:
+	regen
+	[2b80a939e2ed]
+
+	* configure.in:
+	Fix check for sigaction_t
+	[6fa41c89ab20]
+
+	* sudo.c:
+	XXX - should call find_path() as runas user, not root. Can't do
+	that until the parser changes though.
+	[f0b4f85651bd]
+
+	* sudo.c:
+	If find_path() fails as root, try again as the invoking user (useful
+	for NFS). Idea from Chip Capelik.
+	[e03fa7872692]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in:
+	Regenerate after pod file changes
+	[48e4bd75ec21]
+
+	* def_data.c, def_data.h, def_data.in, set_perms.c, sudo.c, sudo.h,
+	sudo.pod, sudoers.pod:
+	Add new sudoers option "preserve_groups". Previously sudo would not
+	call initgroups() if the target user was root. Now it always calls
+	initgroups() unless the -P command line option or the
+	"preserve_groups" sudoers option is set. Idea from TJ Saunders.
+	[4f730359f101]
+
+2001-12-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, config.h.in:
+	Use new HAVE_SIGACTION_T define
+	[dfb25f3cae5b]
+
+	* logging.c:
+	Fix compilation on K&C
+	[7355e3275e34]
+
+	* configure:
+	regen
+	[a710584f92f0]
+
+	* configure.in:
+	Add check for sigaction_t -- IRIX already defines this so don't
+	redefine it.
+	[df9c5737f6da]
+
+	* snprintf.c:
+	fix typo
+	[3d782b8134c8]
+
+	* interfaces.c:
+	need stdlib.h here too
+	[c789d8973ab2]
+
+	* configure:
+	regen
+	[44822856bf46]
+
+	* configure.in:
+	Remove redundant checks for string.h, strings.h and unistd.h
+	[933c94f8bbf4]
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	Regen from pod files
+	[ad18c590f638]
+
+	* BUGS:
+	Update for 1.6.4
+	[26bc88b69d22]
+
+	* configure, lex.yy.c, sudo.tab.c:
+	regen
+	[bef89fd6fa2d]
+
+	* strerror.c:
+	Return EINVAL if errnum > sys_nerr
+	[0512374e6661]
+
+	* auth/sudo_auth.h:
+	o Update copyright year
+	[a877016db6e2]
+
+	* LICENSE, Makefile.binary, Makefile.in, aclocal.m4, compat.h,
+	config.h.in, defaults.h, interfaces.h, pathnames.h.in, sudo.h,
+	sudo.pod:
+	o Update copyright year
+	[e15a1b39039f]
+
+	* configure.in:
+	o Don't define STDC_HEADERS unconditionally for IRIX o Update
+	copyright year
+	[82a8cb819e07]
+
+	* README:
+	update version
+	[d82e523a16b4]
+
+	* auth/afs.c, auth/aix_auth.c, auth/bsdauth.c, auth/dce.c,
+	auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+	auth/sudo_auth.c, logging.c, parse.c, parse.lex, parse.yacc,
+	set_perms.c, snprintf.c, sudo.c, testsudoers.c, tgetpass.c, utime.c,
+	visudo.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[fe39f76b3795]
+
+	* lsearch.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[764ba3d4fa13]
+
+	* getspwuid.c, goodpath.c, interfaces.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[fb46d46140d4]
+
+	* getcwd.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[b199d70ac7ab]
+
+	* alloc.c, check.c, defaults.c, env.c, fileops.c, find_path.c,
+	fnmatch.c:
+	o Reorder some headers and use STDC_HEADERS define properly o Update
+	copyright year
+	[dab8f192a3ed]
+
+	* configure:
+	regen
+	[156658f25cea]
+
+	* tgetpass.c:
+	flags set in signal handlers should be volatile sig_atomic_t
+	[c22931a5535e]
+
+	* config.h.in, configure.in:
+	Add checks for volatile and sig_atomic_t
+	[b03b3341381d]
+
+	* configure, lex.yy.c:
+	regen
+	[ed9daba88217]
+
+	* def_data.c, def_data.h, def_data.in, defaults.c, env.c, find_path.c,
+	sudo.c, sudoers.pod:
+	Remove "secure_path" Defaults option since it cannot work with the
+	existing parser.
+	[c9e54a0f5971]
+
+	* find_path.c, sudo.c:
+	Unset "secure_path" if user_is_exempt()
+	[fb7544565ae8]
+
+	* env.c, pathnames.h.in:
+	o Remove assumption that PATH and TERM are not listed in env_keep o
+	If no PATH is in the environment use a default value o If TERM is
+	not set in the non-reset case also give it a default value.
+	[c987eb7df268]
+
+	* aclocal.m4, configure.in, defaults.c, pathnames.h.in:
+	_PATH_SENDMAIL -> _PATH_SUDO_SENDMAIL so --without-sendmail works on
+	systems that define in paths.h
+	[51865b0cdebf]
+
+	* auth/passwd.c, auth/sudo_auth.c, auth/sudo_auth.h:
+	Add support for skeyaccess(3) if it is present in libskey.
+	[8add77c7d3e7]
+
+2001-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Only need to do 'lc = login_getclass(NULL)' if lc == NULL
+	[5a3d3cbf2c6d]
+
+	* parse.lex:
+	'\\' is a perfectly legal character to have in a command line
+	argument.
+	[c15a466ef00e]
+
+	* sudo.c:
+	o Defer call to set_fqdn() until it is safe to use log_error() o
+	Don't print errno string value if gethostbyname fails, it is not
+	relevant
+	[c0c6bcf08bcb]
+
+	* parse.c:
+	Fix CIDR -> in_addr_t conversion.
+	[2f307ebeb63f]
+
+2001-12-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Remove an extra "User_List" in the User_Spec definition From
+	ybertrand AT snoopymail.com
+	[97bde59ea280]
+
+	* parse.c:
+	Make 'listpw=never' work for users who are not explicitly mentioned
+	in sudoers.
+	[258f0f30a428]
+
+	* sudoers.pod:
+	Remove gratuitous '=' in EBNF grammar; era AT iki.fi
+	[4b0f03872ee1]
+
+	* sudoers.pod:
+	Document new list Defaults type and convert env_keep and env_delete
+	to lists. Document new env_check option.
+	[a07f1f079fe3]
+
+	* lex.yy.c, sudo.tab.c, sudo.tab.h:
+	regen parser
+	[e39ac6c6581b]
+
+	* parse.lex:
+	Don't let '#' appear in a {WORD} and restrict #foo in a Runas spec
+	to #[0-9-]+.
+	[69c5388908f3]
+
+	* configure:
+	regen
+	[0f1877b88cb3]
+
+	* aclocal.m4:
+	Simpler SUDO_FUNC_ISBLANK that uses AC_TRY_LINK
+	[6545503ae361]
+
+	* config.h.in, configure.in:
+	Add check for skeyaccess(3)
+	[6caf69fe6359]
+
+	* visudo.pod:
+	Document new -c, -f, and -q options
+	[13d0203c21d3]
+
+	* visudo.c:
+	o Add -f option (alternate sudoers file) o Convert to use getopt(3)
+	[4c2b664d617d]
+
+	* configure:
+	regen
+	[6d5bd932e7b5]
+
+	* aclocal.m4, config.h.in, configure.in:
+	Add check for isblank and a replacement macro if it doesn't exist.
+	[b524f5e4f953]
+
+2001-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	In check-only mode, don't create sudoers if it does not already
+	exist.
+	[c748a2d5acad]
+
+	* parse.yacc:
+	o Add a new token, DEFVAR, to indicate a Defaults variable name o
+	Add support for "+=" and "-=" list operators o replace some 1 and 0
+	with TRUE and FALSE for greater legibility.
+	[554cb174b37e]
+
+	* parse.lex:
+	o Use exclusive start conditions to remove some ambiguity in the
+	lexer. Also reorder some things for clarity. o Add support for
+	"+=" and "-=" list operators. o Use the new DEFVAR token to denote
+	a Defaults variable name.
+	[3a2cf8323e26]
+
+	* sudo.h:
+	Prototype init_envtables()
+	[b74916469dab]
+
+	* env.c:
+	o Convert environment handling to use lists instead of strings.
+	This greatly simplifies routines that need to do "foreach" type
+	operations. o Add new init_envtables() function to set env_check
+	and env_delete defaults based on initial_badenv_table and
+	initial_checkenv_table (formerly sudo_badenv_table).
+	[0a8b404658b6]
+
+	* defaults.c, defaults.h:
+	o Add a new LIST type and functions to manipulate it. o This is for
+	use with environment handling variables. o Call new
+	init_envtables() routine inside init_defaults() to initialize the
+	environment lists.
+	[ae73e64f0902]
+
+	* def_data.c, def_data.h, def_data.in:
+	Convert environment options to use the new LIST type and add a new
+	one, env_check that only deletes if the sanity check fails.
+	[3019503936de]
+
+	* testsudoers.c:
+	Add dummy version of init_envtables()
+	[9d9e3ee609d9]
+
+	* parse.yacc:
+	honor quiet mode
+	[8330fba6167c]
+
+	* visudo.c:
+	Add check-only mode
+	[dab411bc8c35]
+
+	* mkdefaults:
+	Fix generation of entries with NULL descriptions.
+	[ea75b9fed02e]
+
+2001-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Use sigaction_t and quiet a gcc warning.
+	[6f67d719c452]
+
+	* sudo.c:
+	Must reset signal handlers before we exec
+	[300418120e1a]
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c:
+	Be carefule now that tgetpass() can return NULL (user hit ^C). PAM
+	version needs testing. Set SIGTSTP to SIG_DFL during password entry
+	so user can suspend us.
+	[00304aa58747]
+
+	* tgetpass.c:
+	Add support for interrupting/suspending tgetpass via keyboard input.
+	If you suspend sudo from the password prompt and resume it will re-
+	prompt you.
+	[4af2b5101d32]
+
+	* sudo.c:
+	Don't block keyboard interrupt signals, just set them to SIG_IGN.
+	[d46d7f67ef6b]
+
+2001-12-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add back HAVE_SIGACTION
+	[c9c7702c603e]
+
+	* configure:
+	regen
+	[09fe669d337f]
+
+	* config.h.in, configure.in, logging.c, sudo.c, visudo.c:
+	Kill POSIX_SIGNALS define and old signal support now that we emulate
+	POSIX ones Also be sure to correctly initialize struct sigaction.
+	[4bc2a6dbb2be]
+
+	* strerror.c:
+	Don't need config.h or "#ifndef HAVE_STRERROR" wrapper.
+	[1ad64a19f328]
+
+	* compat.h:
+	Add scaffolding for POSIX signal emulation
+	[945861d4c93b]
+
+	* sigaction.c:
+	o Add missing ';' so this compiles o Can't use NULL since we don't
+	include stdio.h
+	[04d0cac7438f]
+
+	* sigaction.c:
+	Emulate sigaction() using sigvec()
+	[d0b54a989875]
+
+2001-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Document new behavior of negative values of timestamp_timeout Fix a
+	typo
+	[4c0716570d01]
+
+	* sudo.pod:
+	Add security note about command not being logged after 'sudo su' and
+	friends.
+	[43294851a33c]
+
+	* sudo.pod:
+	Mention that -V prints default values when run as root, including
+	the list of environment variables to clear.
+	[d9e5e550a8c3]
+
+	* Makefile.in:
+	Run pod2man with --quotes=none to avoid stupid quoting of C<>
+	entries.
+	[997b23c35dbe]
+
+2001-11-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c, def_data.c, def_data.h, def_data.in, sudoers.pod:
+	Add mail_badpass option Also modify mail_always behavior to also
+	send mail when the password is wrong
+	[838d40ccafce]
+
+	* env.c, sudo.c, sudo.h:
+	Dump default bad env table when 'sudo -V' is run by root.
+	[f67f1b8048b0]
+
+	* sudoers.pod:
+	document env_delete
+	[d74f893663a2]
+
+	* env.c:
+	Add support for '*' in env_keep when not resetting the environment
+	(ie: the normal case).
+	[fd4fb62ea8fd]
+
+	* env.c:
+	Add env_delete variable that lets the user replace/add to the
+	bad_env_table. Allow '*' wildcard in env_keep entries.
+	[aa728bc35e29]
+
+2001-11-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* mkinstalldirs:
+	Force umask to 022 to guarantee sane directory permissions.
+	[9ab3cfe70569]
+
+2001-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	add sudo.tab.h and sudo.tab.c to sudo.tab.o dependency
+	[671010465e6f]
+
+	* mkdefaults:
+	fix breakage in last commit
+	[8318f8851e56]
+
+	* Makefile.in:
+	acsite.m4 -> aclocal.m4
+	[30c146873a01]
+
+	* check.c:
+	fix I_TS_TIMEOUT vs. I_TIMESTAMP_TIMEOUT pasto in previous commit
+	[4dc8b39954da]
+
+	* def_data.c:
+	regenerated from def_data.in
+	[915ea16ce1eb]
+
+	* check.c, defaults.c, defaults.h:
+	Add new T_UINT type that most things use instead of T_INT If
+	timestamp_timeout is < 0 then treat the ticket as never expiring (to
+	be expired manually by the user).
+	[3a3a636a2a5d]
+
+	* def_data.in:
+	change most T_INT -> T_UINT
+	[a2228d2457af]
+
+	* mkdefaults:
+	fix warning when no args
+	[ca70a5394af5]
+
+	* visudo.c:
+	Change 2 Exit() -> exit() Avoid stdio in Exit() and call _exit() if
+	we are a signal handler. We no longer print the signal number but
+	the user can just check the exit value for that.
+	[dc424f631fef]
+
+2001-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	when setting up pipes in child process check for case where stdin ==
+	pipe fd 0
+	[518112d76184]
+
+2001-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Ignore editor exit value since XPG4 says vi's exit value is the
+	count of editing errors made (failed searches, etc).
+	[b9d952284865]
+
+2001-10-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[cb3aa586f03b]
+
+	* configure.in:
+	sco now is identified by config.guess as *-sco-*
+	[46664bbdea61]
+
+	* configure.in:
+	Check for getspnam() in -lgen if not in -lc for UnixWare.
+	[0f152ad1ba93]
+
+2001-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod, visudo.pod:
+	"upper case" -> "uppercase"
+	[f9151f232326]
+
+	* sudoers.pod:
+	fix typos and grammar; pjanzen@foatdi.harvard.edu
+	[2855d73d0237]
+
+2001-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Missing word (specify); krapht@secureops.com
+	[65523eb37a2c]
+
+2001-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	If we fail to lookup a login class, apply the default one.
+	[d4869faa6816]
+
+	* logging.c:
+	In log_error() free message, not logline unconditionally, then free
+	logline if it is not the same as message. No function change but
+	this mirrors how they are allocated.
+	[565e5f6cc643]
+
+2001-07-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regenerate
+	[834a48f548a2]
+
+	* configure.in:
+	remove some backslash quotes that are unneeded
+	[50d401d6e2ca]
+
+	* configure.in:
+	o Tweaks to make this work with autoconf-2.50 o Use AC_LIBOBJ
+	instead of changing LIBOBJS directly o Use AC_REPLACE_FUNCS where we
+	can o Use AC_CHECK_FUNCS instead of AC_CHECK_FUNC so we don't have
+	to AC_DEFINE things manually.
+	[f502c5f15f92]
+
+	* config.guess, config.sub:
+	Updated from autoconf-2.50
+	[6140205915ef]
+
+2001-05-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	Update mailing list section. We use mailman now, not majordomo.
+	[b9a8ca45e6dc]
+
+2001-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* getspwuid.c, logging.c, sudo.c:
+	Use setpwent()/endpwent() + all the shadow variants to make sure we
+	don't inadvertantly leak an fd to the child. Apparently Linux's
+	shadow routines leave the fd open even if you don't call setspent().
+	Reported by mike@gistnet.com; different patch used.
+	[d33792ef6c01]
+
+2001-04-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	s/eg./e.g./
+	[bd32a0acaf93]
+
+	* tgetpass.c:
+	select() may return EAGAIN. If so, continue like we do for EINTR.
+	[5f202c943818]
+
+	* logging.c:
+	Fix a non-exploitable buffer overflow in the word splitting code.
+	This should really be rewritten.
+	[4c724363863a]
+
+	* Makefile.in:
+	FAQ link goes away
+	[1d26dd6c8972]
+
+	* INSTALL:
+	Tell people to look in sample.syslog.conf for examples, not FAQ
+	[affcae3f43ca]
+
+	* TROUBLESHOOTING:
+	Update list of env vars that are cleared
+	[234e56f1435a]
+
+	* sudo.c:
+	remove struct env_table decl since that stuff has all moved to env.c
+	[5dd923148777]
+
+2001-04-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fileops.c:
+	Fix a pasto in flock-style unlocking and include <sys/file.h> for
+	flock on older systems; twetzel@gwdg.de
+	[d5420d9d2861]
+
+	* configure:
+	regen to get NeXT lockf/flock fix
+	[d3ba6ed70e15]
+
+	* configure.in:
+	force NeXT to use flock since lockf is broken
+	[bd5391dca1bb]
+
+2001-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	Use stashed user_gid when checking against exempt gid since sudo
+	sets its gid to a a value that makes sudoers readable. Previously
+	if you used gid 0 as the exempt group everyone would be exempt. From
+	Paul Kranenburg <pk@cs.few.eur.nl>
+	[0b140cc3a817]
+
+2001-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[cc455408f32b]
+
+	* aclocal.m4:
+	#include stdio.h in SUDO_CHECK_TYPE since IRIX 6 aparently defines
+	some types (such as ssize_t) therein.
+	[b6aee85ca331]
+
+2001-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Fix negation of paths in a boolean context. Problem found by
+	apt@UH.EDU
+	[8aee217a7cdf]
+
+2001-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	pasto
+	[ad32b277bf68]
+
+2001-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	SA_RESETHAND means the opposite of what I was thinking--oops To
+	block all signals in old-style signals use ~0, not 0xffffffff
+	[6ecdd793590a]
+
+2001-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	coerce difference of pointers to int when used in a string length
+	printf format; deraadt@openbsd.org
+	[a9d10f07180d]
+
+2001-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Block all signals in Exit() to avoid a signal race. There is still
+	a tiny window but I'm not going to worry about it.
+	[6661805c0458]
+
+2001-01-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* env.c:
+	glibc uses the LANGUAGE env var so clear that too; Solar Designer
+	[d4ba95628afb]
+
+	* lex.yy.c:
+	Regenerate with a fix to flex.skl that preserves errno from
+	clobbering by isatty().
+	[607eec736e19]
+
+2000-12-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/aix_auth.c, auth/bsdauth.c, auth/fwtk.c, auth/pam.c,
+	auth/sia.c, auth/sudo_auth.c:
+	Some defaults I_ defines got renamed.
+	[ec19b23caaf3]
+
+	* Makefile.in, check.c, def_data.c, def_data.h, def_data.in,
+	defaults.c, defaults.h, env.c, logging.c, mkdefaults, parse.yacc,
+	set_perms.c, sudo.c, sudo.tab.c:
+	Move defaults info into its own files from which we generate .h and
+	.c files. This makes adding or rearranging variables much simpler.
+	[e91b880b5043]
+
+2000-12-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	fix typo in last commit
+	[10a6ee2bae71]
+
+	* compat.h, config.h.in, configure, configure.in:
+	Add check + emulation for setegid (like seteuid).
+	[29492092bd2f]
+
+	* env.c:
+	Make env_keep override badenv_table as documented Fix traversal of
+	badenv_table (broken in last commit)
+	[37c9f0d22673]
+
+	* set_perms.c, sudo.c, sudo.h:
+	Don't try and build saved uid version of set_perms on systems w/o
+	them. Rename set_perms_saved_uid() -> set_perms_posix() Make
+	set_perms_setreuid simply be set_perms_fallback() and simply include
+	the appropriate function at compile time (setreuid() vs. setuid()).
+	[3107333c062c]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	PATH is also preserved when env_reset is in effect
+	[90e45c5711ff]
+
+	* CHANGES, Makefile.in, check.c, compat.h, config.h.in, configure,
+	configure.in, defaults.c, defaults.h, env.c, find_path.c,
+	getspwuid.c, set_perms.c, sudo.c, sudo.cat, sudo.h, sudo.man.in,
+	sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, testsudoers.c,
+	visudo.c, visudo.cat, visudo.man.in:
+	New Defaults options: o stay_setuid - sudo will remain setuid if
+	system has saved uids or setreuid(2) o env_reset - reset the
+	environment to a sane default o env_keep - preserve environment
+	variables that would otherwise be cleared
+
+	No longer use getenv/putenv/setenv functions--do environment munging
+	by hand. Potentially dangerous environment variables can be cleared
+	only if they contain '/' pr '%' characters to protect buggy
+	programs. Moved environment routines into env.c (new file)
+	[c2f97651db4c]
+
+	* INSTALL:
+	Clear up --without-passwd description
+	[2f336dab6733]
+
+	* putenv.c, sudo_setenv.c:
+	We now build up a new environment from scratch and assign it to
+	"environ".
+	[6ae6152f2238]
+
+2000-12-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	Grammatical fixes from Paul Janzen
+	[e03ead2e56f8]
+
+2000-12-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	If there was a syntax error and the user just wants to quit, unlink
+	sudoers if it is zero length.
+	[74ba7921f520]
+
+	* visudo.c:
+	'Q' means ignore parse error, not 'q'
+	[e8d0e4491fe6]
+
+	* visudo.c:
+	Open sudoers for writing with mode SUDOERS_MODE From Dimitry Andric
+	<dim@xs4all.nl>
+	[b24990a72491]
+
+2000-12-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* set_perms.c:
+	Add missing #ifdef HAVE_LOGIN_CAP_H; ayamura@ayamura.org
+	[41a8db10e076]
+
+2000-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	Darwin / Mac OS X support from Wilfredo Sanchez <wsanchez@apple.com>
+	[6052da895d2e]
+
+2000-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, visudo.c:
+	Use exit(127), not exit(-1)
+	[9ff0c3eada34]
+
+	* Makefile.in, defaults.c, defaults.h, set_perms.c, sudo.c:
+	Move set_perms() to its own file and use POSIX saved uid or
+	setreuid() if available.
+
+	Added stay_setuid option for systems that have libraries that
+	perform extra paranoia checks in system libraries for setuid
+	programs (ie: anything with issetugid(2)).
+	[28960f842698]
+
+	* sudo.c:
+	strip more bits from the environment and add a facility for
+	stripping things only if they contain '/' or '%' to address printf
+	format string vulnerabilities in other programs.
+	[b98d6375f299]
+
+2000-11-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[7e74e5c91049]
+
+	* configure.in:
+	For NCR, add -lc89 to LIBS, not SUDO_LIBS and cache the existence of
+	strcasecmp().
+	[a418e9e70442]
+
+	* configure:
+	regen
+	[bbff244a52bc]
+
+	* configure.in:
+	Check for strcasecmp(3) in -lc89 for NCR Unix
+	[361c99576681]
+
+2000-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	Define HAVE_INNETGR #ifdef HAVE__INNETGR
+	[473cdb92b6db]
+
+	* configure:
+	regen
+	[4e6364a195e0]
+
+	* compat.h, config.h.in, configure.in:
+	Add check for _innetgr(3) since NCR systems have that instead of
+	innetgr(3).
+	[25e6852e7494]
+
+2000-10-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/securid.c:
+	check return value of creadcfg() call sd_close() after sd_auth()
+	store username in sd->username so we don't rely on the USER env
+	variable
+	[d106b4f42722]
+
+2000-10-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	document --with-bsdauth
+	[f1518ecc2ee9]
+
+	* configure:
+	regen
+	[dceb35071ea8]
+
+	* configure.in:
+	--with-bsdauth assumes --with-logincap
+	[4200778083fd]
+
+	* auth/bsdauth.c, auth/fwtk.c:
+	When prompting for a response to a challenge, if the user just hits
+	return then reprompt with echo turned on.
+	[a539b6474a97]
+
+2000-10-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Remove debugging code that should not have been committed, oops.
+	[9862607b77a7]
+
+	* auth/bsdauth.c:
+	Use lower-level routines and get the password ourselves. Checks for
+	a challenge and if there is one echo is not turned off.
+	[2d8fcd166baa]
+
+	* auth/pam.c, auth/sudo_auth.h:
+	minor housekeeping, no real code changes
+	[d0074a277fb4]
+
+2000-10-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Fix a coredump in the logging functions if gethostname(2) fails by
+	deferring the call to log_error() until things are better setup.
+
+	Fix return value of set_loginclass() in non-BSD-auth case.
+
+	Hard-code 'sudo' in the usage message so we can fit more options on
+	a line
+	[d9d1b7579818]
+
+	* logging.c:
+	Fix errant ';' (typo) that broken MSG_ONLY
+	[849b2276a470]
+
+2000-10-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in:
+	regen
+	[bb3c8c6704d1]
+
+	* sudo.pod:
+	Document -a flag
+	[e18316cebaac]
+
+	* Makefile.in, auth/bsdauth.c, auth/sudo_auth.h, config.h.in,
+	configure, configure.in, getspwuid.c, sudo.c:
+	Add support for BSD authentication.
+	[f374cfd9ca0d]
+
+2000-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Fix typo; from sato@complex.eng.hokudai.ac.jp
+	[3085fee9766e]
+
+2000-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	Mention negating umask
+	[c9e410294dae]
+
+	* defaults.c:
+	Allow user to specify umask of 0777 (same as !umask)
+	[bb771daa96fe]
+
+2000-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod, visudo.pod:
+	Fix a typo and give a URL for the sudo history.
+	[77f73199aedb]
+
+2000-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, sudo.pod:
+	fix typos; pepper@reppep.com
+	[5532c7421340]
+
+2000-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c, sudo.h, sudo_setenv.c:
+	sudo_setenv() now exits on memory alloc failure instead of returning
+	-1.
+	[71f1cf18f47b]
+
+2000-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Strip out NLSPATH and PATH_LOCALE from the environment for FreeBSD
+	and possibly others.
+	[b69d985b0d22]
+
+	* logging.c:
+	Don't use vsyslog(3) since HP-UX (and others?) lack it. This means
+	that "%m" won't be expanded but we don't use that anyway since the
+	logging routines may splat to stderr as well.
+	[8d37a544d0c0]
+
+	* defaults.c, defaults.h, sudo.c, sudoers.cat, sudoers.man.in,
+	sudoers.pod:
+	Add always_set_home variable
+	[dbcaff646e07]
+
+	* configure, configure.in:
+	Have to hard code default values in help since the defaults are set
+	_after_ the help stuff.
+	[7b5d6d72f55c]
+
+2000-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* lex.yy.c, parse.lex:
+	Allow special characters (including '#') to be embedded in pathnames
+	if quoted by a '\\'. The quoted chars will be dealt with by
+	fnmatch(). Unfortunately, 'sudo -l' still prints the '\\'.
+	[3ed33cf09977]
+
+2000-08-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	Better path searching for programs we need.
+	[60517cb1f0d6]
+
+	* TROUBLESHOOTING:
+	Add section on "C compiler cannot create executables" errors.
+	[e4ada6eaee59]
+
+	* Makefile.binary, Makefile.in, version.h:
+	Crank version
+	[93d1bd5b7f5e]
+
+	* aclocal.m4, configure, configure.in, sudo.cat, sudo.man.in,
+	sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod, visudo.cat,
+	visudo.man.in, visudo.pod:
+	Substitute values from configure into man pages.
+	[619854c356c1]
+
+2000-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, sudo.c:
+	The listpw and verifypw sudoers options would not take effect
+	because the value of the default was checked *before* sudoers was
+	parsed. Instead of passing in the value of PWCHECK_* to
+	sudoers_lookup(), pass in the arg for def_ival() so the check can be
+	deferred until after sudoers is parsed.
+	[4f596e358f72]
+
+2000-08-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	When writing prompt, no need to write the NUL as well;
+	hag@linnaean.org
+	[fbcdd7b431ee]
+
+2000-06-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* install-sh:
+	When looking for chown, check in /sbin too
+	[657ba6653f8c]
+
+2000-06-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Remove extraneous call to init_defaults() and set runas_user to NULL
+	betweem parses so init_defaults will reset it each time, thus
+	avoiding a reference to free()d data.
+	[7421fcd692af]
+
+2000-06-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, interfaces.c, interfaces.h, sudo.c:
+	Add support for using getifaddrs() to get the list of ip addr /
+	netmask pairs. Currently IPv4-only.
+	[a35bc4f7306d]
+
+	* visudo.c:
+	Add a missing check for UserEditor == NULL Add missing '+' before
+	line number when invoking editor to fix a syntax error
+	[f0d4635f6082]
+
+2000-05-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Call clean_env very early in main() for paranoia's sake. Idea from
+	Marc Esipovich.
+	[f8d72ebd0115]
+
+2000-05-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.h:
+	Update proto for evasprintf and easprintf
+	[d147d6e58419]
+
+	* alloc.c:
+	Make easprintf() and evasprintf() return an int.
+	[b2ca5d089667]
+
+	* check.c:
+	If the targetpw flag is set, use target username as part of the
+	timestamp path. If tty tickets are in effect cat the tty and the
+	target username with a ':' as the separator.
+	[de11abc693c2]
+
+2000-05-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	Backout part of last change; setting PAM_USER to the invoking user
+	breaks things like targetpw.
+	[427218a7387f]
+
+	* auth/pam.c:
+	set tty and username via pam_set_item
+	[85d1922dbcc9]
+
+	* auth/sudo_auth.c, check.c, getspwuid.c, sudo.c, sudo.h:
+	Fix root, runas, and target authentication for non-passwd file auth
+	methods.
+	[a14535e7b30c]
+
+2000-04-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+	Use B<-Z> not C<-Z> for command line flags in all places. This is
+	more consistent and works around a bug in Pod::Man.
+	[64b5a05f30c5]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Fix an occurence of 'semicolon' that should be 'colon'
+	[4ea5aacae3fb]
+
+2000-04-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix --with-badpri help line
+	[3cc40977c043]
+
+2000-04-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, logging.c, sudo.c:
+	Bracket calls to syslog with an openlog() and closelog() since some
+	authentication methods (like PAM) may do their own logging via
+	syslog. Since we don't use syslog much (usually just once per
+	session) this doesn't really incur a performance penalty. It also
+	Fixes a SEGV with pam_kafs.
+	[fe1cc28529f6]
+
+2000-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Fix -H flag. runas_homedir is only valid after
+	set_perms(PERM_RUNAS, mode)
+	[ce9b1c6f68a6]
+
+2000-04-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Clarify the fact that insults are not enabled just by including them
+	in the binary.
+	[d5a31d48320c]
+
+2000-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man.in, sudoers.cat, sudoers.man.in, visudo.cat,
+	visudo.man.in:
+	Regenerated with perl 5.6.0 pod2man
+	[21751433768b]
+
+	* Makefile.in:
+	Give date string to pod2man since its default is ugly and it ain't
+	got no alibi.
+	[0080b2f6298f]
+
+	* Makefile.in:
+	Do section substitution on the output of pod2man and remove hack
+	needed for old pod2man.
+	[1ef843d5c78b]
+
+	* sudo.pod, sudoers.pod, visudo.pod:
+	Put back real man sections, we will do the substitution later.
+	[f728c1abad7e]
+
+2000-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Don't bother checking for the path to vi if user specified --with-
+	editor
+	[bf698487e0d5]
+
+2000-04-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, visudo.c:
+	Visudo now does its own fork/exec instead of calling system(3).
+	[99bbcd88863b]
+
+	* CHANGES, INSTALL, Makefile.in, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.c:
+	Visudo now checks for the existence of an editor and gives a
+	sensible error if it does not exist.
+
+	The path to the editor for visudo is now a colon-separated list of
+	allowable editors. If the user has $EDITOR set and it matches one
+	of the allowed editors that editor will be used. If not, the first
+	editor in the list that actually exists is used.
+	[cc86eb9f5440]
+
+	* sudo.cat, sudo.man.in, sudo.pod:
+	Clear up confusion wrt sudo's return value.
+	[9385b12d8e79]
+
+2000-03-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Strip sudo and visudo for bindist target
+	[a995ddd79177]
+
+	* sudo.cat, sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in,
+	sudoers.pod, visudo.cat, visudo.man.in, visudo.pod:
+	Use @mansectsu@ and @mansectform@ in the man page bodies as well.
+	[5eb9e60a726f] [SUDO_1_6_3]
+
+	* visudo.cat, visudo.man.in, visudo.pod:
+	Typo: @sysconf@ -> @sysconfdir@
+	[f07f52fcd099]
+
+	* Makefile.in:
+	'make dist' should not cause any files to be modified so remove its
+	dependencies.
+	[7f44a2666a9c]
+
+	* CHANGES:
+	Whoops, forgot to add release marker
+	[16c0f16b35b8]
+
+2000-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	Final change for 1.6.3 (or so I hope)
+	[473c89da6123]
+
+	* sudo.cat, sudoers.cat, visudo.cat:
+	Use SYSV man sections since BSD systems will have nroff...
+	[0a6bd154324e]
+
+2000-03-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.tab.c:
+	When checking to see if the host/user matches in a defaults spec,
+	check against TRUE, not just non-zero since it might be -1.
+	[41f2b7ad3fdd]
+
+	* configure, configure.in:
+	OSF/1 puts file formats in section 4, not 5.
+	[d77c1301afa9]
+
+	* CHANGES, INSTALL, sudo.c:
+	Make login class support work on BSD/OS
+	[e9bbe3c08ade]
+
+	* RUNSON:
+	Update for 1.6.3
+	[c40ce1d76c4d]
+
+	* configure, configure.in:
+	If there is no inet_addr but there *is* an __inet_addr that's ok
+	since inet_addr is probably just a macro then. The better thing to
+	do would be to look for the macro, but this is fine for now.
+	[1b8865ae4d68]
+
+	* configure, configure.in:
+	Don't use shlicc for BSD/OS 4.x
+	[83fbf6dedd2c]
+
+	* Makefile.in, configure, configure.in:
+	*.man lives in cwd, *.cat lives in $(srcdir), add a @mansrcdir@
+	configure variable so we can deal with this. Also, only remove *.man
+	for 'distclean' not 'clean'.
+	[30d56e6de214]
+
+	* sudo.c:
+	set_loginclass() should be static like the proto says
+	[d570a2d55fb8]
+
+2000-03-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	Add #ifdef __STDC__ around the rangematch function header to avoid
+	promotion of test to int, thus violating the prototype. Gcc handles
+	this gracefully but more std ANSI compilers will complain.
+	[7d98c3e332b2]
+
+	* emul/fnmatch.h:
+	Pull in newer fnmatch(3) that supports FNM_CASEFOLD
+	[4e1320852f8b]
+
+	* aclocal.m4, configure, fnmatch.3, fnmatch.c:
+	Pull in newer fnmatch(3) that supports FNM_CASEFOLD Check for
+	FNM_CASEFOLD in configure
+	[9ef952bf1896]
+
+	* CHANGES, TODO:
+	update for 1.6.3
+	[e4ba6368a0c5]
+
+	* sudo.tab.c, sudo.tab.h, testsudoers.c, visudo.c:
+	Fully qualified hosts w/ wildcards were not matching the FQHOST
+	token type. There's really no need for a separate token for fully-
+	qualified vs. unqualified anymore so FQHOST is now history and
+	hostname_matches now decides which hostname (short or long) to check
+	based on whether or not the pattern contains a '.'.
+	[fbd2887d9811]
+
+	* parse.h:
+	Fully qualified hosts w/ wildcards were not matching the FQHOST
+	token type. There's really no need for a separate token for fully-
+	qualified vs. unqualified anymore so FQHOST is now history and
+	hostname_matches now decides which hostname (short or long) to check
+	based on whether or not the pattern contains a '.'.
+	[dd7bbe223461]
+
+	* lex.yy.c, parse.c, parse.lex, parse.yacc:
+	Fully qualified hosts w/ wildcards were not matching the FQHOST
+	token type. There's really no need for a separate token for fully-
+	qualified vs. unqualified anymore so FQHOST is now history and
+	hostname_matches now decides which hostname (short or long) to check
+	based on whether or not the pattern contains a '.'.
+	[630d9d205397]
+
+	* parse.c, parse.h, parse.yacc, sudo.tab.c, sudoers.cat,
+	sudoers.man.in, sudoers.pod, testsudoers.c, visudo.c:
+	Add support for wildcards in the hostname.
+	[d8d821ed4238]
+
+	* Makefile.in:
+	Add targets for *.man.in, using config.status to generate *.man from
+	*.man.in
+	[640e50ede485]
+
+	* sudoers.cat, sudoers.man.in, sudoers.pod:
+	Document set_logname option and enbolden refs to sudo and visudo.
+	[9622b3a48707]
+
+	* INSTALL, Makefile.in, aclocal.m4, configure, configure.in, sudo.cat,
+	sudo.man.in, sudo.pod, sudoers.cat, sudoers.man.in, sudoers.pod,
+	visudo.cat, visudo.man.in, visudo.pod:
+	Add FreeBSD login.conf support (untested on BSD/OS) based on a patch
+	from Michael D. Marchionna. configure now does substitution on the
+	man pages, allowing us to fix up the paths and set the section
+	correctly. Based on an idea from Michael D. Marchionna.
+	[463e928a0a2f]
+
+	* auth/passwd.c:
+	Better fix for handling HP-UX aging info.
+	[3950f42d8549]
+
+	* sudo.c:
+	Add support for set_logname run-time default
+	[c6a7cc76b8b4]
+
+	* sudo.man.in, sudoers.man.in, visudo.man.in:
+	configure does substitution on these to produce *.man
+	[b83fc3c1bfc9]
+
+	* sudo.man, sudoers.man, visudo.man:
+	These files now get generated from *.man.in at configure time.
+	[c499061f79e0]
+
+2000-03-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, defaults.h:
+	Add set_logname option so users can turn off setting of LOGNAME/USER
+	environment variables.
+	[6316869180b8]
+
+	* lsearch.c, parse.c, testsudoers.c:
+	kill register
+	[6e104e653748]
+
+2000-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/passwd.c:
+	HP-UX adds extra info at the end for password aging so when
+	comparing the result of crypt to pw_passwd we only compare the first
+	len(epass) bytes *unless* the user entered an empty string for a
+	password.
+	[3d24d4e4e889]
+
+	* logging.c:
+	Get rid of grandchild hack, it was causing problems and there is
+	really no need for it. This fixes a bug where we spin eating up CPU
+	when the user runs a long-running process like a shell.
+	[5743b10b1e81]
+
+2000-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	User can always specify a login class if he/she is already root.
+	[710d160cef9f]
+
+	* config.h.in, configure, configure.in, defaults.c, defaults.h,
+	sudo.c, sudo.h:
+	FreeBSD login class (login.conf) support.
+	[026b981d6328]
+
+2000-03-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c:
+	HAVE_SECUREWARE -> HAVE_GETPRPWNAM; fixes secureware support
+	[9cd4929f1a78]
+
+2000-03-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/passwd.c:
+	Truncate unencrypted password to 8 chars if encrypted password is
+	exactly 13 characters (indicateing standard a DES password). Many
+	versions of crypt() do this for you, but not all (like HP-UX's).
+	[a9d0259cb193]
+
+2000-03-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, RUNSON:
+	Mention that gcc on dynix may have problems
+	[77b97fa5bf1b]
+
+2000-02-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	Link visudo with NET_LIBS since we now call syslog via defaults.c
+	[9e3830b277cc]
+
+	* defaults.c:
+	Use Argv[0] as the first arg to openlog() since visudo uses this
+	too.
+	[e61078f328ec]
+
+2000-02-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Stash coredumpsize resource limit and retsore it before the exec()
+	Otherwise the child ends up with a coredumpsize of 0.
+	[f6a4783835a3]
+
+2000-02-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man, sudo.pod:
+	document -S flag
+	[3ebd805b7142]
+
+	* sudo.c:
+	fix usage string
+	[66b2dfa47fe8]
+
+	* CHANGES, RUNSON, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+	auth/sudo_auth.c, sudo.c, sudo.h, tgetpass.c:
+	Added -S flag (read passwd from stdin) and tgetpass_flags global
+	that holds flags to be passed in to tgetpass(). Change echo_off
+	param to tgetpass() into a flags field. There are currently 2
+	possible flags for tgetpass(): TGP_ECHO and TGP_STDIN. In
+	tgetpass(), abstract the echo set/clear via macros and if (flags &
+	TGP_ECHO) but echo is not set on the terminal, but sure to set it.
+	[a4fcbb712cd0]
+
+	* tgetpass.c:
+	Fixed a bug that caused an infinite loop when the password timeout
+	was disabled.
+	[2be1ffc5a39f]
+
+2000-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, defaults.c, defaults.h, getspwuid.c, sudo.c, sudo.h,
+	sudoers.cat, sudoers.man, sudoers.pod, visudo.c:
+	Add rootpw, runaspw, and targetpw options.
+	[2d4563e46df7]
+
+	* CHANGES, defaults.c, sudoers.cat, sudoers.man, sudoers.pod,
+	visudo.c:
+	enveditor -> env_editor
+	[ddc5f856e583]
+
+2000-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, README, configure, configure.in,
+	sudo.cat, sudo.man, sudoers.cat, sudoers.man, version.h, visudo.cat,
+	visudo.man:
+	crank versino to 1.6.3
+	[a5f7d3e74360]
+
+	* INSTALL, TODO, defaults.c, defaults.h, sudoers.cat, sudoers.man,
+	sudoers.pod, visudo.c:
+	Add 'editor' and 'enveditor' sudoers defaults and make visudo honor
+	them. This means that visudo will now parse the sudoers file
+	*before* it is edited so a bogus sudoers file will cause a warning
+	to go to stderr. Also, visudo checks the variables once--it does not
+	check them after each editor run since that could be confusing.
+	[9f5af18e9212]
+
+2000-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	1.6.2 -> 1.6.2p1
+	[e25b74f1d1af]
+
+	* check.c, sudo.c, sudo.h:
+	Move user_is_exempt prototype into sudo.h
+	[daf26a6ded8a]
+
+2000-02-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	Fix thinko, some && should have been || in the last commit
+	[4b9b2d487ded]
+
+	* configure, configure.in:
+	Don't initialized Makefile variables to be NULL since the user may
+	want to import variables from their environment.
+	[7be019f4422c]
+
+2000-02-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	typo
+	[38f4d8971f0a]
+
+2000-01-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	fix a yacc (skeleton.c) warning
+	[a2da228a937b]
+
+2000-01-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, RUNSON, configure, configure.in:
+	Make pam work on HP-UX 11.0;jaearick@colby.edu
+	[b94de0ff6f42]
+
+	* CHANGES:
+	recent changes; prepare for 1.6.2p1
+	[b291635ea141]
+
+	* find_path.c:
+	Don't apply SECURE_PATH if user is example; jmknoble@pobox.com
+	[4306285c4f6e]
+
+2000-01-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	Regen with yacc that has a memory leak plugged.
+	[e26383a04eb7]
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	Expanded docs on sudoers 'defaults' options based on INSTALL file
+	info.
+	[54c3d62d6c74]
+
+	* INSTALL:
+	Fix some while lies
+	[d15311782150]
+
+2000-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	When making a bindist, link FAQ to TROUBLESHOOTING instead of
+	copying.
+	[2d88a6ac88cf]
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	Add netgroup caveat
+	[28d119f466e3] [SUDO_1_6_2]
+
+	* RUNSON:
+	Last minute updates
+	[89fb4ed22d52]
+
+	* TROUBLESHOOTING:
+	PAM entry
+	[a9fd59f39457]
+
+	* auth/pam.c:
+	correct a comment
+	[a29627225ba9]
+
+	* CHANGES, RUNSON:
+	update for 1.6.2
+	[b7f1c40ea732]
+
+	* auth/pam.c:
+	Better detection of PAM errors and fix custom prompts with PAM.
+	Based on patches from "Cloyce D. Spradling" <cloyce@headgear.org>
+	[ff69234b94a5]
+
+2000-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	Cast ULONG_MAX to unsigned long long when comparing to an unsigned
+	long long value.
+	[9d918c3a2ecd]
+
+2000-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, config.h.in, configure, configure.in, visudo.c:
+	Fix sudoers locking in visudo. We now lock the sudoers file itself,
+	not the temp file (since locking the temp file can foul up editors).
+	The previous locking scheme didn't work because the fd was closed
+	too early.
+	[de2011bb11ed]
+
+	* config.h.in, configure, configure.in:
+	Don't need test for ftruncate() any more.
+	[e5f71c848104]
+
+	* configure, configure.in:
+	Add a test for the -Aa flag w/ HP-UX's cc. Fixes compilation with
+	the unbundled HP-UX cc.
+	[2c373612c644]
+
+2000-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	"a a" -> "a"; Aaron Campbell <aaron@cs.dal.ca>
+	[05360d2c314e]
+
+2000-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, Makefile.in, defaults.c, defaults.h, parse.c, parse.h,
+	parse.yacc, sudo.c, sudo.h, sudoers.pod, testsudoers.c, tgetpass.c,
+	version.h, visudo.c:
+	update copyright year on changed files
+	[5792a2a28a4c]
+
+	* RUNSON:
+	updates
+	[edf8f19aa403]
+
+	* CHANGES:
+	aix fix
+	[4d4a243b31e2]
+
+	* INSTALL:
+	Crank version to 1.6.2
+	[bcb5cb411624]
+
+	* configure:
+	Crank version to 1.6.2
+	[32a19f33427f]
+
+	* sudo.c:
+	When using rlimit check for RLIM_INFINITY When computing the value
+	of maxfd, use min(getdtablesize(), RLIMIT_NOFILE)
+	[8c16166802e5]
+
+	* CHANGES:
+	recent changes
+	[09fc7112e44d]
+
+	* BUGS, Makefile.in, README, configure.in, sudo.cat, sudo.man,
+	sudoers.cat, sudoers.man, version.h, visudo.cat, visudo.man:
+	Crank version to 1.6.2
+	[055fa61a7c61]
+
+	* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.pod:
+	Add 'shell_noargs' runtime option back in. We have to defer
+	checking until after the sudoers file has been parsed but since
+	there are now other options that operate that way this one can too.
+	Based on a patch from bguillory@email.com.
+	[231db7a007a6]
+
+	* defaults.c, defaults.h, parse.c, sudo.c, sudo.h:
+	Add "listpw" and "verifypw" options.
+	[190683bac878]
+
+	* sudoers.cat, sudoers.man, sudoers.pod:
+	o Fix some typos/omissions o Add section on verifypw and listpw o
+	Define how NOPASSWD interacts with the -v and -l flags
+	[6feb7350eb79]
+
+2000-01-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	For HP-UX cc, add -Aa to CPPFLAGS. For HP-UX always add
+	-D_HPUX_SOURCE to CPPFLAGS.
+	[06cc35d89dc8]
+
+	* defaults.c, defaults.h:
+	In struct sudo_defs_types, move the union to the end and don't
+	initialize the union member since that only works with an ANSI
+	compiler. We set the value of the union by hand in init_defaults()
+	anyway. This allows sudo to compile on a K&R compiler again.
+	[623487e1fcfa]
+
+2000-01-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c, parse.h, parse.yacc, sudo.tab.c, testsudoers.c, visudo.c:
+	netgr_matches needs to check shost as well as host since they may be
+	different.
+	[3f43ace23d3e]
+
+	* tgetpass.c:
+	End on \r as well as \n
+	[cb7c6e6f4202]
+
+2000-01-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Update statbuf.st_mode based on SUDOERS_MODE when we are chaning
+	from 0400 to whatever SUDOERS_MODE is (converting from the old
+	sudoers mode). Assumes that SUDOERS_MODE is less restrictive than
+	0400 which should always be the case.
+	[34cd83d49d20]
+
+	* parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+	Make treatment of -l and -v sane wrt NOPASSWD flags. Now allow -l
+	w/o a passwd if there is *any* entry for the user on the host with a
+	NOPASSWD flag. For -v, only allow w/o a passwd if *all* entries for
+	the user on the host w/ the specified runas user have the NOPASSWD
+	flag set.
+	[4b3b85697653]
+
+	* Makefile.in:
+	add check target
+	[3d24d34a76fd]
+
+1999-12-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Treat EOF at whatnow prompt like 'x' instead of looping.
+	[5deffc27114c]
+
+1999-12-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	recent changes
+	[5836a9452568] [SUDO_1_6_1]
+
+1999-12-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure, configure.in, sudo.c:
+	Add check for initgroups() since old SYSV lacks this.
+	[657a6005a569]
+
+	* CHANGES, RUNSON, aclocal.m4, config.h.in, configure, configure.in,
+	parse.c, testsudoers.c:
+	o Kill HAVE_FNMATCH_H o Only define HAVE_FNMATCH if <fnmatch.h>
+	exists.
+	[17d081e917d6]
+
+1999-12-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.c:
+	Don't allow insults to be enabled if the insults[] array is empty.
+	Otherwise there would be division by zero.
+	[b20c14db6029]
+
+	* insults.h:
+	Don't allow insults to be enabled if the insults[] array is empty.
+	Otherwise there would be division by zero.
+	[028f130204b0]
+
+	* CHANGES, RUNSON:
+	Don't allow insults to be enabled if the insults[] array is empty.
+	Otherwise there would be division by zero.
+	[974f4780254b]
+
+	* insults.h:
+	Don't care about USE_INSULTS #define since the insult stuff may be
+	overridden at runtime.
+	[b873df8b299c]
+
+	* auth/sudo_auth.c:
+	Honor insults flag.
+	[756111640fdc]
+
+	* CHANGES, parse.c:
+	Don't ask the user for a password if the user is not allowed to run
+	the command and the authenticate flag (in sudoers) is false.
+	[cea9fdc09c76]
+
+	* CHANGES, RUNSON, lex.yy.c, parse.lex:
+	o Whenever we get a bare newline we change to the INITIAL state. o
+	Enter GOTRUNAS when we see Runas_Alias
+
+	This allows #uid to work in a RunasAlias.
+	[a475513e7c7a]
+
+1999-12-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, parse.yacc, sudo.tab.c:
+	fix parsing of runas lists: o oprunasuser and runaslist now return a
+	value o in a runasspec, if a runaslist does not return TRUE, set
+	runas_matches to FALSE. Normally, a runaslist only returns FALSE
+	for explicitly denied users. o since runaslist does not modify the
+	stack there is no need for a push/pop in runasalias.
+	[82b305b34a8c]
+
+	* check.c, sudo.c:
+	Don't kill the user's tickets until after sudoers has been parsed
+	since tty_tickets and ticket_dir could be set in sudoers.
+	[f43e25367f3a]
+
+	* BUGS, CHANGES, Makefile.binary, Makefile.in, README, RUNSON,
+	configure, configure.in, sudo.cat, sudo.man, sudoers.cat,
+	sudoers.man, tgetpass.c, version.h, visudo.cat, visudo.man:
+	crank version to 1.6
+	[95f8bdcf9bb2]
+
+	* testsudoers.c:
+	add set_fqdn() stub
+	[bbc81af5b41a]
+
+1999-12-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, defaults.c, defaults.h, sudo.c, sudo.h, sudoers.cat,
+	sudoers.man, sudoers.pod, visudo.c:
+	o Kill shell_noargs option, it cannot work since the command needs
+	to be set before sudoers is parsed. o Fix the "set_home" sudoers
+	option (only worked at compile time). o Fix "fqdn" sudoers option.
+	We now set host/shost via set_fqdn which gets called when the
+	"fqdn" option is set in sudoers. o Move the openlog() to
+	store_syslogfac() so this gets overridden correctly from the
+	sudoers file.
+	[3dca861f0f5d]
+
+	* auth/securid.c:
+	SecurID support should compile now.
+	[a544e5c6ea34]
+
+1999-11-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.man, sudo.pod, sudoers.cat, sudoers.man, visudo.cat,
+	visudo.man, visudo.pod:
+	fix some syntactic goofs
+	[b3451f0d5239]
+
+1999-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudo.html, sudoers.html, visudo.html:
+	No longer need the .html files as they are generated automatically
+	on the web site.
+	[1b4aa4204584]
+
+	* CHANGES, LICENSE:
+	kill characters that made wml unhappy
+	[b988fbc6da56]
+
+	* HISTORY:
+	typo
+	[a418963f7fce]
+
+1999-11-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	majordomo@cs.colorado.edu -> majordomo@courtesan.com
+	[5d151e8ffd3b]
+
+	* Makefile.in, configure:
+	Wrap script execution w/ /bin/sh for the benefit of ctm
+	[3a9c4766b2c3]
+
+1999-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Make the -s flag be exclusive too. Also reorder the flags in the
+	exclusive usage message so they are alphabetical.
+	[4c7af200db34]
+
+1999-11-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	make pam errors other than PAM_PERM_DENIED fatal
+	[64bcb3fd2baf]
+
+	* auth/API:
+	fix typo
+	[f3134c88b12e]
+
+	* INSTALL:
+	make it clear that /etc/pam.d/sudo is required on linux
+	[213cc3eaad82]
+
+	* auth/pam.c:
+	fix a warning on redhat and spew an error if pam_authenticate()
+	returns an error other than AUTH_SUCCESS or PAM_PERM_DENIED
+	[7e46dd19da89]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Be very clear that the password required is the user's not root's
+	[a6da127347e5]
+
+1999-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	add sample.syslog.conf to DISTFILES and BINFILES
+	[8661c27c007e]
+
+1999-11-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updates from Brian Jackson + some formatting
+	[6d31c6fa63f8]
+
+1999-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL.binary, Makefile.binary, README, RUNSON:
+	o One RUNSon update o Changes for automating real binary releases
+	[dd9585f4406c]
+
+	* Makefile.in:
+	Add bindist target
+	[546ed3fa94bb]
+
+1999-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	talk about run-time options in addition to compile-time options
+	[1eb813ff0a9a] [SUDO_1_6_0]
+
+	* CHANGES:
+	fix typos
+	[65e92bb70a7b]
+
+	* sudo.c:
+	need sys/time.h if HAVE_SETRLIMIT
+	[ce31655a8a60]
+
+	* PORTING, README, RUNSON, sudo.c, sudo.cat, sudo.html, sudo.man,
+	sudo.pod, visudo.cat, visudo.html, visudo.man, visudo.pod:
+	get rid of references to sudo-bugs. Now mention the web site or the
+	sudo@ alias
+	[a9db861fd8c6]
+
+	* sudoers.html:
+	repair pod2html damage
+	[62ece4277f1f]
+
+	* RUNSON, TODO:
+	Update for 1.6 release
+	[98569c57ba2a]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	Add warning about using ALL in a command context.
+	[6c77685ab280]
+
+1999-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	Call yyrestart() on a parse error to reset the lexer state.
+	[1370a27acdb2]
+
+	* lex.yy.c, parse.lex:
+	Don't need YY_FLUSH_BUFFER after all Move yyrestart() into visudo.c
+	since it might not get called in yywrap if we get a parse error
+	(and we only reread the file on error anyway).
+	[37f4b449e28e]
+
+	* lex.yy.c, parse.lex:
+	Call YY_FLUSH_BUFFER macro in yywrap() to clean up any buffers that
+	might still exist. Call yyrestart() instead of using the deprecated
+	YY_NEW_FILE macro.
+	[7d0d873046c6]
+
+	* lex.yy.c, parse.lex:
+	flex doesn't need %N table size declarations
+	[268b020fd60a]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	Mention what characters need to be escaped in names.
+	[72ccbb6b0f31]
+
+1999-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure:
+	regen
+	[65827abb5c7b]
+
+	* INSTALL:
+	clarify Mac OS X entry
+	[8da1549a71f5]
+
+	* RUNSON:
+	update
+	[0cff8df7459f]
+
+	* configure.in:
+	o Use AC_MSG_ERROR throughout o Check syslog configure options for
+	danity
+	[4cb81e642e5c]
+
+1999-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Fix printing of type T_MODE in dump_defaults()
+	[a868bb6f5515]
+
+	* strcasecmp.c:
+	missing sys/types.h
+	[ca694ca325b6]
+
+	* INSTALL:
+	Break out options that may be overridden at run time into their own
+	section. Add a not about Max OS X and correct some lies.
+	[d8bcfd120593]
+
+1999-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, config.h.in, configure, configure.in, sudo.c:
+	o Now use getrlimit to find the highest fd when closing all non-std
+	fd's o Turn off core dumps via setrlimit for the sake of paranoia
+	[dd9f651b6def]
+
+	* RUNSON:
+	updates
+	[f581841fe615]
+
+1999-11-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[553baa1d44c7]
+
+	* tgetpass.c:
+	When read()'ing, do a single character at a time to be sure we don't
+	go oast the newline.
+	[907d33f55bb4]
+
+	* sudo.c:
+	For the sudo_root option, check against user_uid, not getuid() since
+	at this point, ruid == euid == 0.
+	[92d5c51939b4]
+
+	* RUNSON:
+	some updates
+	[e3ed0c1f312b]
+
+	* logging.h:
+	Fix compilation problem when --with-logging=file was specified.
+	This means that syslog is now required to build sudo but that should
+	not be a problem. If it is it can be fixed trivially with a
+	configure check for syslog() or syslog.h.
+	[839a4b069190]
+
+	* tgetpass.c:
+	Make this work again for things like "sudo echo hi | more" where the
+	tty gets put into character at a time mode. We read until we read
+	end of line or we run out of space (similar to fgets(3)).
+	[c8f746df2e63]
+
+1999-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	change ital to bold
+	[f860978e530a]
+
+	* RUNSON:
+	update
+	[9bcfbb405568]
+
+1999-10-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Error out if syslog parameters are given without a value. For
+	Ultrix or 4.2BSD "syslog" is allowed without a value since there are
+	no facilities in the 4.2BSD syslog.
+	[69e7a686f5f0]
+
+1999-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	Ignore the syslog facility for systems w/ old syslog like Ultrix.
+	[5c250adbbb84]
+
+	* TROUBLESHOOTING:
+	people with "." early in their path can have problems running sudo
+	from the build dir ;-)
+	[20a1744a24a4]
+
+1999-10-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Remove -r realm option
+	[127caa537f95]
+
+	* auth/kerb5.c, auth/sudo_auth.c, auth/sudo_auth.h, configure,
+	configure.in, sudo.c:
+	New krb5 code from Frank Cusack <fcusack@iconnet.net>.
+	[7177a3893a62]
+
+	* CHANGES:
+	update to reality
+	[766cfbb512d6]
+
+1999-10-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/fwtk.c:
+	include <auth.h> to get function prototypes.
+	[d6c7c12d09fe]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	document -L flag
+	[dc803e1ce0d7]
+
+1999-10-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	in set_perms(), always call setuid(0) before changing the ruid/euid
+	so we always know it will succeed.
+	[8cced1b862bf]
+
+	* defaults.h:
+	#undef T_FOO to avoid conflicts with system defines (like on
+	ULTRIX).
+	[d9f0aac092b0]
+
+	* TODO, sample.sudoers, sudoers.cat, sudoers.html, sudoers.man,
+	sudoers.pod:
+	Docuement "Defaults" lines in /etc/sudoers. Still needs some
+	fleshing out but this is a start.
+	[521a1e629bbc]
+
+1999-10-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* use strtol, not strtoul since not everyone has not strtoul
+	[988462f093cc]
+
+	* defaults.c:
+	use strtol, not strtoul since not everyone has not strtoul
+	[fce835ce62e3]
+
+	* lex.yy.c, parse.lex:
+	last {WORD} rule should only apply in the INITIAL state
+	[9b57570bfa83]
+
+	* lex.yy.c, parse.lex:
+	o Add support for escaped characters in the WORD macro o Modify
+	fill() to squash escape chars
+	[87572d59e4e0]
+
+	* defaults.c, defaults.h:
+	o Add T_PATH flag to allow simple sanity checks for default values
+	that are supposed to be pathnames. o Fix a duplicate free when
+	visudo finds an error.
+	[bdc6855a6c6d]
+
+1999-10-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c, defaults.h, logging.c:
+	mail_if_foo -> mail_foo
+	[cbee9415875d]
+
+1999-10-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h, defaults.c, defaults.h, sudo.c, tgetpass.c:
+	o Add requiretty option o Move O_NOCTTY to compat.h
+	[65b8bf0e1795]
+
+	* logging.c:
+	The exit() in log_error() was mistakenly removed in a previous
+	version. Put it back...
+	[9473449130a4]
+
+1999-10-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, TODO, auth/aix_auth.c, auth/fwtk.c, auth/pam.c,
+	auth/rfc1938.c, auth/sia.c, auth/sudo_auth.c, check.c, config.h.in,
+	configure, configure.in, defaults.c, defaults.h, find_path.c,
+	getspwuid.c, logging.c, parse.yacc, sudo.c, sudo.tab.c:
+	o Change defaults stuff to put the value right in the struct. o
+	Implement mailer_flags o Store syslog stuff both in int and string
+	form. Setting the string form magically updates the int version.
+	o Add boolean attribute to strings where it makes sense to say !foo
+	[4698953f9a36]
+
+	* tgetpass.c:
+	add O_NOCTTY when opening /dev/tty just in case
+	[4c6d1d1bb300]
+
+1999-10-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/API:
+	cleanup function no longer takes a status arg
+	[0819edbfe7f8]
+
+	* INSTALL:
+	the the
+	[19aadb65ea28]
+
+1999-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO, config.h.in, configure, configure.in, logging.c:
+	Use strftime() instead of ctime() if it is available.
+	[fb60ea63b514]
+
+1999-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* defaults.c:
+	fix copyright date
+	[4a53b54aa72f]
+
+	* RUNSON:
+	update ReliantUNIX entry
+	[de618a4f67d9]
+
+	* defaults.c, defaults.h, logging.c:
+	add log_year option
+	[251a9e20568a]
+
+	* configure, configure.in:
+	add --without-sendmail to help output
+	[93162f199902]
+
+	* configure, configure.in:
+	enforce an otctal arg for --with-suoders-mode
+	[45e1b04ccad3]
+
+1999-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, TODO, aclocal.m4, auth/aix_auth.c,
+	auth/fwtk.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c, auth/sia.c,
+	auth/sudo_auth.c, check.c, config.h.in, configure, configure.in,
+	defaults.c, defaults.h, find_path.c, lex.yy.c, logging.c, parse.h,
+	parse.lex, parse.yacc, sudo.c, sudo.h, sudo.tab.c, sudo.tab.h,
+	testsudoers.c, version.c, visudo.c:
+	Add support for "Defaults" line in sudoers to make configuration
+	variables changable at runtime (and on a global, per-host and per-
+	user basis). Both the names and the internal representation are
+	still subject to change. It was necessary to make sudo_user.runas
+	but a char ** instead of a char * since this value can be changed by
+	a Defaults line. There is a similar (but more complicated) issue
+	with sudo_user.prompt but it is handled differently at the moment.
+
+	Add a "-L" flag to list the name of options with their descriptions.
+	This may only be temporary.
+
+	Move some prototypes to parse.h
+
+	Be much less restrictive on what is allowed for a username.
+	[f71abf7ba80c]
+
+	* sample.syslog.conf:
+	Add more info
+	[e952e6f42d4d]
+
+1999-09-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, fnmatch.3, fnmatch.c, getcwd.c, lsearch.c, snprintf.c,
+	strcasecmp.c:
+	UCB has dropped the advertising clause from their license.
+	[a5602b36a341]
+
+1999-08-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/sudo_auth.h:
+	move dce_verofy proto to correct section
+	[972c815af558]
+
+	* auth/dce.c:
+	remove XXX
+	[820631855be0]
+
+1999-08-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* emul/fnmatch.h:
+	Add fnmatch() prototype
+	[79e84576d92a]
+
+	* fnmatch.c, parse.c, testsudoers.c:
+	Move inclusion of emul/fnmatch.h to be after sudo.h for __P
+	[1182c89fa811]
+
+	* sudo.h:
+	add strcasecmp proto
+	[512d1d8a6a0c]
+
+	* auth/sudo_auth.c:
+	add check for case where there are no auth methods
+	[e4af2b91b43e]
+
+	* configure, configure.in:
+	Define _XOPEN_EXTENDED_SOURCE on AIX and __USE_FIXED_PROTOTYPES__ on
+	SunOS4 w/ gcc
+	[746ce8bcec23]
+
+	* getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c:
+	include strings.h everywhere we include string.h
+	[6f7d5d437e7b]
+
+	* version.c:
+	nicer output when showing auth methods
+	[0eac4b977f9d]
+
+	* version.c:
+	Add support for SEND_MAIL_WHEN_NO_HOST
+	[9f20a3a3fae6]
+
+	* config.h.in, configure, configure.in:
+	Add _GNU_SOURCE for Linux
+	[c7bd8c511847]
+
+	* lex.yy.c, parse.lex:
+	fix definition of OCTECT
+	[4af30e63244d]
+
+	* configure, configure.in:
+	aix_auth.o not authenticate.o
+	[fe95dfb08df4]
+
+1999-08-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Only block SIGINT, SIGQUIT, SIGTSTP (which can be generated from the
+	keyboard). Since we run with ruid/euid == 0 the user can't really
+	signal us in nasty ways.
+	[a7f6487c0f48]
+
+	* visudo.c:
+	Don't need to worry about catching too many signals since we do
+	locking on the tmp file. If a lockfile is really stale, it will be
+	detected and overwritten.
+	[28983db3e749]
+
+	* INSTALL, Makefile.in:
+	include auth/API in tarball
+	[014991600252]
+
+	* auth/sudo_auth.c:
+	move memset() of plaintext pw outside of verify loop and only do the
+	memset if we are *not* in standalone mode.
+	[66f8e87567e2]
+
+	* auth/sudo_auth.c, auth/sudo_auth.h:
+	DCE is not a standalone method
+	[34963e2d8a1b]
+
+	* sudo.c:
+	fix --enable-noargs-shell
+	[4234062abbb0]
+
+	* snprintf.c:
+	"#ifdef __STDC__" not "#if __STDC__" (I missed one)
+	[c430b80454c6]
+
+	* auth/fwtk.c, auth/sia.c:
+	_cleanup() function returns an int.
+	[d1a1cc071ec1]
+
+	* auth/dce.c:
+	there were still some return(0)'s hanging around, make them
+	AUTH_FAILURE
+	[1002aa1962c3]
+
+	* parse.c:
+	typo in comment
+	[5abc410dbfd2]
+
+	* version.c:
+	add missing semicolon
+	[a262283b52a5]
+
+	* auth/sudo_auth.h:
+	missing backslash
+	[bf89f6bd2900]
+
+1999-08-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, config.h.in, configure, configure.in:
+	Kill _XOPEN_EXTENDED_SOURCE -- causes problems on some OSes
+	[f1a9bca0cf67]
+
+	* Makefile.in:
+	add parse.h to HDRS
+	[a3d054987766]
+
+	* Makefile.in, configure, configure.in:
+	Kill VISUDO_LIBS and VISUDO_LDFLAGS. Add LIBS, NET_LIBS, and
+	LDFLAGS. Common libs go in LIBS, commong ld flags go in LDFLAGS and
+	network libs like -lsocket, -lnsl go in NET_LIBS. This allows
+	testsudoers to build on Solaris and is a bit cleaner in general.
+	[4e6239e97002]
+
+	* UPGRADE:
+	mention ptmp -> sudoers.tmp
+	[ec3baa0fe8a1]
+
+	* config.h.in, configure, configure.in:
+	Define _XOPEN_SOURCE_EXTENDED not _XOPEN_SOURCE
+	[6f93dc7f39f5]
+
+	* RUNSON:
+	add 2 reports
+	[ce0fcc00ee4e]
+
+	* auth/kerb5.c:
+	Minor changes, mostly cosmetic. verify_krb_v5_tgt() changed to
+	return a value more like a system function
+	[0dd56aa21424]
+
+	* auth/dce.c:
+	Add an XXX
+	[58fc8562c212]
+
+	* TODO:
+	more things todo!
+	[5a459d0cf339]
+
+	* sample.sudoers:
+	update based on what is in the man page
+	[1a0477db96fa]
+
+	* parse.yacc, sudo.tab.c:
+	minor change to first line printed in -l mode
+	[69eb57d96952]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+	standard and add "EXAMPLES" section
+	[7e543335ebe1]
+
+	* visudo.cat, visudo.html, visudo.man, visudo.pod:
+	rename "ENVIRONMENT VARIABLES" section to "ENVIRONMENT" to be more
+	standard
+	[f82d87ed65c2]
+
+	* logging.c, parse.c, sudo.h:
+	add FLAG_NO_CHECK
+	[c7d69176a2d7]
+
+	* lex.yy.c, parse.lex:
+	make an OCTET really be limited to 0-255
+	[6ee568dd6a02]
+
+	* UPGRADE:
+	mention timestamp changes
+	[e44d5302bf60]
+
+	* PORTING:
+	cosmetic cleanup
+	[36fa3a2664dd]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	new sudoers(8) man page
+	[e674d06283d0]
+
+1999-08-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.c:
+	Update comments about syslog name tables
+	[63830a782dcb]
+
+	* CHANGES, LICENSE, Makefile.in, configure, configure.in, parse.yacc,
+	strcasecmp.c, sudo.tab.c:
+	include strcasecmp() for those without it
+	[a0d8e2488bbc]
+
+	* sample.sudoers:
+	Use the : operator some more and fix a typo
+	[18804c70da86]
+
+	* HISTORY:
+	update the history of sudo
+	[9d9b3d5279b3]
+
+	* parse.c, parse.lex, testsudoers.c:
+	CIDR-style netmask support
+	[768644467353]
+
+	* CHANGES:
+	recent changes
+	[a4319e9d07cb]
+
+	* sudo.tab.c, sudo.tab.h:
+	these should be generated with byacc, not bison
+	[f57b9489b752]
+
+	* lex.yy.c:
+	regen
+	[522461f95dfa]
+
+	* parse.h, parse.yacc, sudo.tab.c, sudo.tab.h:
+	In "sudo -l" mode, the type of the stored (expanded) alias was not
+	stored with the contents. This could lead to incorrect output if
+	the sudoers file had different alias types with the same name.
+	Normal parsing (ie: not in '-l' mode) is unaffected.
+	[823fe2bc4b79]
+
+1999-08-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	define _XOPEN_SOURCE to get at crypt() proto on some systems
+	[1b3769b86fb9]
+
+1999-08-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	fix comment
+	[fc1264df00f7]
+
+	* tgetpass.c:
+	don't need limits.h
+	[f1631829af45]
+
+	* snprintf.c:
+	kill bogus reference to vfprintf
+	[a0b99b25d389]
+
+	* sample.sudoers, sudoers:
+	better examples
+	[b4d87ea64cc8]
+
+	* snprintf.c:
+	Add some const in the K&R defs. This is safe since we define const
+	away if the compiler doesn't grok it.
+	[614d6e83d45e]
+
+	* aclocal.m4, configure:
+	Better test for working long long support. Ultrix compiler supports
+	basic long long but not all operations on them.
+	[5da1508710ed]
+
+	* aclocal.m4, auth/secureware.c, config.h.in, configure, getspwuid.c,
+	snprintf.c, sudo.c:
+	Add check for LONG_IS_QUAD #undef MAXINT before including
+	hpsecurity.h to silence an HP-UX warning Check for U?LONG_LONG_MAX
+	in snprintf.c and use LONG_IS_QUAD
+	[a1f7993367fc]
+
+1999-08-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* LICENSE, aclocal.m4, config.h.in, configure, configure.in,
+	snprintf.c:
+	UCB-derived snprintf + asprintf support. Supports quads if the
+	compiler does. No floating point yet, perhaps later...
+	[0caf05aba945]
+
+1999-08-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/API, auth/sudo_auth.c, auth/sudo_auth.h, check.c, find_path.c,
+	goodpath.c, logging.c, parse.c, sudo.c:
+	Run most of the code as root, not the invoking user. It doesn't
+	really gain us anything to run as the user since an attacker can
+	just have an setuid(0) in their egg. Running as root solves
+	potential problems wrt signalling.
+	[408e530dda01]
+
+	* sudo.tab.c:
+	regen
+	[f8cfb37e37de]
+
+1999-08-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c, sudo.c:
+	Don't wait for child to finish in log_error(), let the signal
+	handler get it if we are still running, else let init reap it for
+	us. The extra time it takes to wait lets the user know that mail is
+	being sent.
+
+	Install SIGCHLD handler in main() and for POSIX signals, block
+	everything
+	*except* SIGCHLD.
+	[d2b6ab0ef3be]
+
+	* INSTALL, config.h.in, configure, configure.in, logging.c, parse.c,
+	parse.yacc, sudo.c, sudo.h:
+	sudoers_lookup() now returns a bitmap instead of an int. This makes
+	it possible to express things like "failed to validate because user
+	not listed for this host". Some thigns that were previously
+	VALIDATE_FOO are now FLAG_FOO. This may change later on.
+
+	Reorganized code in log_auth() and sudo.c to deal with above
+	changes.
+
+	Safer versions of push/pushcp with in the do { ... } while (0) style
+
+	parse.yacc now saves info on the stack to allow parse.c to determine
+	if a user was listed, but not for the host he/she tried to run on.
+
+	Added --with-mail-if-no-host option
+	[63326cb01efc]
+
+1999-08-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.h, sudo.tab.c, visudo.c, visudo.cat, visudo.html,
+	visudo.man, visudo.pod:
+	o NewArgv and NewArgc don't need to be externally visible. o If
+	pedantic > 1, it is a parse error. o Add -s (strict) option to
+	visudo which sets pedantic to 2.
+	[5d7d81b55cd5]
+
+	* HISTORY, INSTALL:
+	Just have sudo-bugs contact info in one place
+	[e7f6588ea683]
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Add BUGS section
+	[6607d96ea510]
+
+	* Makefile.in, configure, configure.in:
+	Add testsudoers to default build target if --with-devel Don't clean
+	generated parser files unless "distclean".
+	[5827b769dc57]
+
+	* parse.yacc, sudo.tab.c:
+	In pedantic mode we need to save *all* the aliases, not just those
+	that match, or we get spurious warnings.
+	[24f5b1f0e1de]
+
+	* TROUBLESHOOTING:
+	reference samples.sylog.conf
+	[11841668380a]
+
+1999-08-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.syslog.conf:
+	Sample entries for syslog.conf
+	[0f7697d878a1]
+
+	* CHANGES:
+	recent changes
+	[8bca8810c6bd]
+
+	* auth/API, auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c,
+	auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sia.c,
+	auth/sudo_auth.c, auth/sudo_auth.h:
+	In struct sudo_auth, turn need_root and configured into flags and
+	add a flag to specify an auth method is running alone (the only
+	one). Pass auth methods their sudo_auth pointer, not the data
+	pointer. This allows us to get at the flags and tell if we are the
+	only auth method. That, in turn, allows the method to be able to
+	decide what should/should not be a fatal error. Currently only
+	rfc1938 uses it this way, which allows us to kill the OTP_ONLY
+	define and te hackery that went with it. With access to the
+	sudo_auth struct, methods can also get at a string holding their
+	cannonical name (useful in error messages).
+	[b7e320fc6511]
+
+	* INSTALL, Makefile.in, README, config.h.in, configure, configure.in,
+	getspwuid.c, lex.yy.c, parse.lex, parse.yacc, sudo.tab.c,
+	sudo.tab.h:
+	o --with-otp deprecated, use --without-passwd instead o real
+	dependencies in the Makefile o --with-devel option to enable yacc,
+	lex, and -Wall o style -- "foo -> bar" becomes "foo->bar" o ALL goes
+	back to being a token, not a string but don't leak memory o rename
+	hsotspec -> host in parse.yacc
+	[912c45226cb2]
+
+1999-08-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, CHANGES:
+	recent changes
+	[801fa6e55687]
+
+	* auth/sudo_auth.c, configure, configure.in, interfaces.c, snprintf.c,
+	sudo.c, sudo.h:
+	o Digital UNIX needs to check for *snprintf() before -ldb is added
+	to LIBS since -ldb includes a bogus snprintf(). o Add forward refs
+	for struct mbuf and struct rtentry for Digital UNIX. o Reorder some
+	functions in snprintf.c to fix -Wall o Add missing includes to fix
+	more -Wall
+	[8d207203e126]
+
+	* INSTALL, auth/sudo_auth.c, check.c, config.h.in, configure,
+	configure.in, parse.yacc, sudo.tab.c, testsudoers.c, version.c,
+	visudo.c:
+	o Add a "pedentic" flag to the parser. This makes sudo warn in
+	cases where an alias may be used before it is defined. Only turned
+	on for visudo and testsudoers. o Add --disable-authentication option
+	that makes sudo not require authentication by default. The PASSWD
+	tag can be used to require authentication for an entry. We no
+	longer overload --without-passwd.
+	[f307e09adf98]
+
+	* lex.yy.c, parse.lex:
+	Break 'WORD' regexp def into HOSTNAME and USERNAME. These days a
+	username can contain just about anything so be very permissive. Also
+	drop the unused \. punctuation.
+	[06a50614ff89]
+
+1999-08-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.tab.c:
+	o add a 'val' element to aliasinfo struct and move -> parse.h o
+	find_alias() now returns an aliasinfo * instead of boolean o
+	add_alias() now takes a value parameter to store in the
+	aliasinfo.val o The cmnd, hostspec, runasuser, and user rules now
+	return: 1) positive match 0) negative match (due to '!')
+	-1) no match This means setting $$ explicitly in all cases, which I
+	should have done in the first place. It also means that we always
+	store a value that is != -1 and when we see a '!' we can set
+	*_matches to !rv if rv != -1. The upshot of all of this is that '!'
+	now works the way it should in lists and some of the rules are more
+	uniform and sensible.
+	[ad8e73b5d581]
+
+	* Makefile.in:
+	add parse.h dependency
+	[4ccccd464d30]
+
+	* parse.h:
+	kill unused *_matched macros
+	[02cba6dcb732]
+
+	* parse.yacc:
+	Allow a list of users as the first thing in a user spec, not just a
+	single entry. This makes things more uniform, though it does allow
+	you to write user specs that are hard to read.
+	[3c4c91c508ca]
+
+	* sudo.tab.c:
+	parse.yacc
+	[feca81881bb6]
+
+	* configure:
+	regen
+	[6f247010bb3b]
+
+	* configure.in:
+	fix check for crypt() in libufc
+	[82770736f4b0]
+
+1999-08-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	sudo-users list now exists
+	[4716d2bb0bbf]
+
+	* INSTALL, PORTING, README, TODO, TROUBLESHOOTING:
+	Update to reality.
+	[1eda2d57e42a]
+
+	* CHANGES, Makefile.in, TODO, TROUBLESHOOTING, check.c, compat.h,
+	config.h.in, configure, configure.in, fileops.c, logging.c, sudo.h,
+	version.c, visudo.c:
+	o Move lock_file() and touch() into fileops.c so visudo can use them
+	o Visudo now locks the sudoers temp file instead of bailing when the
+	temp file already exists. This fixes the problem of stale temp
+	files but it does *require* that you not try to put the temp file in
+	a world-writable directory. This shoud not be an issue as the temp
+	file should live in the same dir as sudoers. o Visudo now only
+	installs the temp file as sudoers if it changed.
+	[2517cd06c070]
+
+1999-08-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	add fcntl locking
+	[c304adeaf515]
+
+	* config.h.in, configure, configure.in, logging.c:
+	Lock the log file.
+	[d8652704fbdf]
+
+	* Makefile.in, TROUBLESHOOTING, parse.c, pathnames.h.in, sudo.c,
+	visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+	o /etc/stmp -> /etc/sudoers.tmp since solaris uses stmp as shadow
+	temp file o _PATH_SUDO_SUDOERS -> _PATH_SUDOERS and _PATH_SUDO_STMP
+	-> _PATH_SUDOERS_TMP
+	[68cad8975807]
+
+1999-08-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, check.c, config.h.in, configure, configure.in, version.c:
+	o Kill *_MESSAGE and replace with NO_LECTURE o Add more things to
+	root sudo -V config reporting
+	[cdd2613a9dcf]
+
+	* configure, configure.in:
+	aix_auth.o not authenticate.o
+	[d972e35f6730]
+
+	* config.h.in:
+	Add --with-goodpri and --with-badpri configure options to specify
+	the syslog priority to use.
+	[2595ae50ab86]
+
+	* INSTALL, configure, configure.in, logging.h:
+	Add --with-goodpri and --with-badpri configure options to specify
+	the syslog priority to use.
+	[8276ee9b2b49]
+
+	* compat.h:
+	kill crufty AIX stuff
+	[a4f35ef9854e]
+
+	* Makefile.in:
+	Sigh, some versions of make (like Solaris's) don't deal with $< like
+	I would expect. Both GNU and BSD makes get this right but... So, we
+	just expand $< inline at the cost of some ugliness.
+	[b1b456f8801f]
+
+	* version.c:
+	If the invoking user is root, sudo will now print configure info in
+	-V mode. Currently just prints logging info, to be expanded later.
+	[392f7ed99267]
+
+	* logging.c, logging.h, sudo.c, sudo.h:
+	o new defines for syslog facility and priority o use new
+	print_version() functino for -V mode
+	[78abc5142985]
+
+	* check.c:
+	Don't need version.c
+	[db9a830ad893]
+
+	* aclocal.m4, config.h.in, configure, configure.in:
+	Add check for syslog facilities and priorities tables in syslog.h
+	[b86213e5fc5c]
+
+	* Makefile.in:
+	o authenticate -> aix_auth o add version.c
+	[44b6b9a8d0f5]
+
+	* auth/sudo_auth.c:
+	Missed a prompt -> user_prompt conversion
+	[e4c60b1f210c]
+
+1999-08-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TODO:
+	sudo should lock its logfile
+	[6d2830b28b07]
+
+	* parse.yacc, sudo.tab.c:
+	o Add '!' correctly when expanding Aliases. o Add shortcut macros
+	for append() to make things more readable. o The separator in
+	append() is now a string instead of a char. o In append(), only
+	prepend the separator if the last char is not a '!'. This is a
+	hack but it greatly simplifies '!' handling. o In -l mode, Runas
+	lists and NOPASSWD/PASSWD tags are now inherited across entries in
+	a list (matches current behavior). o Fix formatting in -l mode such
+	that items in a list are separated by a space. Greatlt improves
+	readability. o Space for name field in struct aliasinfo is now
+	allocated dyanically instead of using a (big) buffer. o In
+	add_alias(), only search the list once (lsearch instead of lfind +
+	lsearch)
+	[51f7e07addb9]
+
+	* lex.yy.c, sudo.tab.c, sudo.tab.h:
+	regen
+	[5c19bb05dc21]
+
+	* configure, configure.in:
+	Solais pam doesn't require anye xtra setup
+	[a25ba03d91d1]
+
+	* parse.yacc:
+	o Simpler '!' support now that the lexer deals with multiple !'s for
+	us. o In the case of opFOO, have FOO give a boolean return value and
+	set foo_matches in opFOO, not FOO. o Treat 'ALL' as a string since
+	it gets fill()'d in parse.lex--fixes a small memory leak. In the
+	long run it may be better to just fix parse.lex and make ALL back
+	into a token. However, having it be a string is useful since it
+	can be easily passed back to the parent rule if we so desire.
+	[b3c64b443018]
+
+	* parse.lex:
+	o Remove some unnecessary backslashes o collapse multiple !'s by
+	using !+ and checking if yyleng is even or odd. this allows us to
+	simplify ! handling in parse.yacc
+	[76330e8da8e3]
+
+	* sudo.c:
+	-u flag was being ignored
+	[e30283207585]
+
+1999-08-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	correct fix
+	[a0e2377dec8f]
+
+	* Makefile.in:
+	work around pod2man stupididy
+	[7c755640b67f]
+
+	* Makefile.in:
+	correct dependencies for .cat
+	[5ed7b0653b68]
+
+	* sudo.cat, sudo.man, visudo.cat, visudo.man:
+	regen
+	[b74510dd6a0a]
+
+	* sudo.pod, visudo.pod:
+	Add copyright Update to reality
+	[188e9b046c15]
+
+	* parse.c, sudo.c, sudo.h:
+	rename validate() to the more descriptive sudoers_lookup()
+	[7a1cb652f379]
+
+	* auth/aix_auth.c:
+	use tgetpass
+	[b8ba5daec40a]
+
+1999-07-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[e61460cdf4a0]
+
+	* HISTORY, INSTALL, Makefile.in, README, RUNSON, TROUBLESHOOTING,
+	configure, configure.in, sudo.c:
+	Sudo, not CU Sudo
+	[9061b3573c0c]
+
+	* LICENSE:
+	add 4th term to license similar to term 5 in the apache license
+	[92712e895afb]
+
+	* emul/search.h, emul/utime.h:
+	add 4th term to license similar to term 5 in the apache license
+	[4f93a8b9396e]
+
+	* auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/fwtk.c, auth/kerb4.c,
+	auth/kerb5.c, auth/pam.c, auth/passwd.c, auth/rfc1938.c,
+	auth/secureware.c, auth/securid.c, auth/sia.c, auth/sudo_auth.c,
+	auth/sudo_auth.h, insults.h, interfaces.c, interfaces.h, lex.yy.c,
+	logging.c, logging.h, parse.c, parse.h, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strerror.c, sudo.c, sudo.h, sudo.tab.c,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c:
+	add 4th term to license similar to term 5 in the apache license
+	[afae9f2bf9ec]
+
+	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+	add 4th term to license similar to term 5 in the apache license
+	[c389d3fdafac]
+
+	* Makefile.in, alloc.c, check.c, compat.h, config.h.in, find_path.c,
+	getspwuid.c, goodpath.c:
+	add 4th term to license similar to term 5 in the apache license
+	[969e63dbd38e]
+
+	* LICENSE, aclocal.m4, auth/rfc1938.c, check.c, configure.in,
+	insults.h, logging.c, sudo.c, sudo.h:
+	there was a 1995 release too
+	[5963fd89457a]
+
+1999-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[254b794f16ab]
+
+	* check.c:
+	Use dirs instead of files for timestamp. This allows tty and non-
+	tty schemes to coexist reasonably. Note, however, that when you
+	update a tty ticket, the mtime on the user dir gets updated as well.
+	[44bfac32f799]
+
+	* configure, configure.in:
+	Fix getprpwnam() checking on SCO. Need to link with "-lprot -lx"
+	when linking test program, not just -lprot. Also add check for
+	getspnam(). The SCO docs indicate that /etc/shadow can be used but
+	this may be a lie.
+	[2ba21d36cc1e]
+
+1999-07-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/API:
+	first cut at auth API description
+	[3d10df021eb8]
+
+1999-07-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/pam.c, auth/rfc1938.c,
+	auth/secureware.c, auth/securid.c, auth/sudo_auth.c,
+	auth/sudo_auth.h:
+	auth API change. There is now an init method that gets run before
+	the main loop. This allows auth routines to differentiate between
+	initialization that happens once vs. setup that needs to run each
+	time through the loop.
+	[76df1c0d3478]
+
+	* auth/kerb5.c, logging.c:
+	use easprintf() and evasprintf()
+	[fd97d96dc12f]
+
+	* alloc.c, sudo.h:
+	add easprintf() and evasprintf(), error checking versions of
+	asprintf() and vasprintf()
+	[f54385de20b7]
+
+	* TODO:
+	remove 2 items. One done, one won't do.
+	[64513b47bc7a]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[4aa299de2752]
+
+	* configure, sudo.cat, sudo.html, sudo.man, sudoers.html, visudo.cat,
+	visudo.html, visudo.man:
+	regen
+	[553c0d1209be]
+
+	* CHANGES:
+	new changes
+	[d7be00b7e36b]
+
+	* sudo.pod:
+	o Document -K flag and update meaning of -k flag. o BSD-style
+	copyright o Document clearing of BIND resolver environment variables
+	o Clarify bit about shared libs o suggest rc files create /tmp/.odus
+	if your OS gives away files
+	[4a4092be1455]
+
+	* visudo.pod:
+	BSD license
+	[ad0bfd0a4630]
+
+	* version.h:
+	BSD-style copyright
+	[ecc6479325be]
+
+	* tgetpass.c:
+	o BSD copyright o no need to block signals, we now do that in main()
+	o cosmetic changes
+	[61958beda7ab]
+
+	* testsudoers.c, visudo.c:
+	o BSD-style copyright o Use "struct sudo_user" instead of old
+	globals. o some cometic cleanup
+	[88c0c6924082]
+
+	* sudo_setenv.c:
+	BSD-style copyright
+	[df20290129a0]
+
+	* sudo.h:
+	o BSD copyright o logging and parser bits moved to their own .h
+	files o new "struct sudo_user" to encapsulate many of the old
+	globals.
+	[50fc86bf25cb]
+
+	* sudo.c:
+	o no longer contains sudo 1.1/1.2 code o BSD copyright o use new
+	logging routines o simplified flow of control o BIND resolver
+	additions to badenv_table
+	[8c53f15bfcb0]
+
+	* strerror.c:
+	BSD-style copyright
+	[7c906c3a82ac]
+
+	* snprintf.c:
+	Now compiles on more K&R compilers
+	[07ab1d3231c7]
+
+	* putenv.c:
+	BSD-style copyright, cosmetic changes
+	[c42371295881]
+
+	* pathnames.h.in:
+	BSD-style copyright
+	[e5c34ebd4cf1]
+
+	* parse.c, parse.h, parse.lex, parse.yacc:
+	BSD-style copyright. Move parser-specific defines and structs into
+	parse.h + other cosmetic changes
+	[d3088efb6228]
+
+	* logging.h:
+	defines for logging routines
+	[13147941c02d]
+
+	* find_path.c, getspwuid.c, goodpath.c, interfaces.c:
+	BSD-style copyright, cosmetic changes
+	[e8205e91a4fa]
+
+	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.h:
+	BSD-style copyright
+	[b9499da7cdce]
+
+	* configure.in:
+	o tgetpass.c is no longer optional o kill DCE_OBJS, add AUTH_OBJS o
+	kill --disable-tgetpass o add --without-passwd o changes to fill in
+	AUTH_OBJS for new auth api o check for strerror(), v?snprintf() and
+	v?asprintf() o replace --with-AuthSRV with --with-fwtk
+	[9a3f39b9c128]
+
+	* config.h.in:
+	BSD-style copyright. Remove USE_GETPASS and HAVE_UTIME_NULL. Add
+	HAVE_FWTK, HAVE_STRERROR, HAVE_SNPRINTF, HAVE_VSNPRINTF,
+	HAVE_ASPRINTF, HAVE_VASPRINTF, WITHOUT_PASSWD and NO_PASSWD
+	[9a09054db53a]
+
+	* compat.h:
+	BSD-style copyright; Add S_IFLNK and MIN/MAX id they are missing.
+	[25509c566975]
+
+	* alloc.c:
+	BSD-style copyright
+	[4967be892363]
+
+	* TROUBLESHOOTING:
+	no more --with-getpass
+	[afd5b670c196]
+
+	* TODO:
+	Take out things I've done...
+	[375420c8270e]
+
+	* README:
+	Refer to LICENSE
+	[c486c8db30f6]
+
+	* PORTING:
+	--with-getpass no longer exists
+	[db48202df1bb]
+
+	* Makefile.in:
+	BSD-style copyright. Update to reflect reality wrt new files and
+	new auth modules.
+	[61a2ca7940fb]
+
+	* INSTALL:
+	Remove --with-AuthSRV and --disable-tgetpass. Add --with-fwtk and
+	--without-passwd.
+	[64e8f9e1c05e]
+
+	* HISTORY:
+	Update history a bit
+	[df60c0a871b8]
+
+	* COPYING, LICENSE:
+	Now distributed under a BSD-style license
+	[d1a184ccabe1]
+
+	* auth/sudo_auth.c:
+	o BSD-style copyright o Add support for NO_PASSWD/WITHOUT_PASSWD
+	options. o skey/opie replaced by rfc1938 code o new struct sudo_user
+	global
+	[891b57060868]
+
+	* auth/pam.c, auth/sia.c:
+	BSD-style copyright and use new log functions
+	[65c44445ea84]
+
+	* auth/kerb5.c:
+	o BSD-style copyright o Use new log functiongs o Use asprintf() and
+	snprintf() where sensible.
+	[1ff0feaacf95]
+
+	* check.c:
+	Rewrote all the old sudo 1.1/1.2 code. Timestamp handling is now
+	done more reasonably--better sanity checks and tty-based stamps are
+	now done as files in a directory with the same name as the invoking
+	user, eg. /var/run/sudo/millert/ttyp1. It is not currently possible
+	to mix tty and non-tty based ticket schemes but this may change in
+	the future (it requires sudo to use a directory instead of a file in
+	the non-tty case). Also, ``sudo -k'' now sets the ticket back to
+	the epoch and ``sudo -K'' really deletes the file. That way you
+	don't get the lecture again just because you killed your ticket in
+	.logout. BSD-style copyright now.
+	[ec3460f85be8]
+
+	* logging.c:
+	o rewritten logging routines. log_error() now takes printf-style
+	varargs and log_auth() for the return value of validate(). o BSD-
+	style copyright
+	[438292025c4e]
+
+	* auth.c, check_sia.c, dce_pwent.c, secureware.c:
+	superceded by new auth API
+	[412060590da7]
+
+	* auth/kerb4.c:
+	BSD-style copyright
+	[cc4e800833c7]
+
+	* auth/fwtk.c:
+	Use snprintf() where it makes sense and add a BSD-style copyright
+	[1b7502388a74]
+
+	* auth/afs.c, auth/aix_auth.c, auth/dce.c, auth/passwd.c,
+	auth/rfc1938.c, auth/secureware.c, auth/securid.c, auth/sudo_auth.h:
+	BSD-style copyright
+	[42583bedae5c]
+
+	* emul/utime.h, utime.c:
+	BSD-style copyright
+	[3985c90aba47]
+
+	* emul/search.h:
+	this has been rewritten so use my BSD-style copyright
+	[176df1b0de6f]
+
+1999-07-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* snprintf.c:
+	include malloc.h if no stdlib.h
+	[7b123f1d1d03]
+
+	* snprintf.c:
+	KTH snprintf()/asprintf() for systems w/o them
+	[3ca9aefb9d01]
+
+	* strerror.c:
+	strerror() for systems w/o it
+	[7f0bd8a1c1b4]
+
+1999-07-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	stylistic changes
+	[6f99aceb7170]
+
+	* parse.c, parse.lex, parse.yacc:
+	Add contribution info in the main comment
+	[e50cec10acd6]
+
+1999-07-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth/pam.c:
+	remove missed ref to PAM_nullpw
+	[a43e59692cdb]
+
+	* auth/sudo_auth.h:
+	pasto
+	[891ff138ab89]
+
+	* auth/kerb5.c:
+	more or less complete now--still untested
+	[21036732faa0]
+
+	* auth/afs.c, auth/pam.c:
+	don't use user_name macro, it will go away
+	[def7cf727349]
+
+	* auth/opie.c, auth/rfc1938.c, auth/skey.c, auth/sudo_auth.h:
+	combine skey/opie code into rfc1938.c
+	[44d88ca93d3e]
+
+	* auth/dce.c, auth/sudo_auth.h:
+	DCE authentication method; basically unchanged from dce_pwent.c
+	[4d468473dd6f]
+
+	* auth/aix_auth.c, auth/sudo_auth.h:
+	AIX authenticate() support. Could probably be much better
+	[000013321a33]
+
+	* auth/sia.c:
+	Fix an uninitialized variable and some cleanup. Now works (tested)
+	[fd6ad88ff055]
+
+	* auth/sia.c, auth/sudo_auth.h:
+	SIA support for digital unix
+	[5335f3e70eab]
+
+	* auth/pam.c:
+	don't use prompt global, it will go away
+	[fadd22dd6ce4]
+
+	* auth/secureware.c:
+	correct copyright years
+	[6aa07c49f51b]
+
+	* auth/afs.c, auth/fwtk.c, auth/kerb4.c, auth/kerb5.c, auth/opie.c,
+	auth/pam.c, auth/passwd.c, auth/secureware.c, auth/securid.c,
+	auth/skey.c, auth/sudo_auth.c, auth/sudo_auth.h:
+	New authentication API and methods
+	[9debe9b59c79]
+
+1999-07-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.tab.c:
+	regen
+	[84578e82c1a6]
+
+	* parse.yacc:
+	only save an entry if user_matches && host_matches, even if the
+	stack is empty (fix for previous commit)
+	[00984b078d8a]
+
+	* sudo.tab.c:
+	regen
+	[66acf160b4b7]
+
+	* parse.yacc:
+	1) Always save an entry on the stack if it is empty. This fixes the
+	-l and -v flags that were broken by earlier parser changes.
+
+	2) In a Runas list, don't negate FALSE -> TRUE since that would make
+	!foo match any time the user specified a runas user (via -u) other
+	than foo.
+	[f322eb54b015]
+
+	* testsudoers.c:
+	interfaces and num_interfaces are now auto, not extern
+	[113add5c6518]
+
+1999-07-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth.c:
+	use a static global to keep stae about empty passwords
+	[bc02e30807d8]
+
+	* check_sia.c:
+	make PASSWORD_NOT_CORRECT logging consistent with other modules
+	[21962549d5fd]
+
+1999-07-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* auth.c:
+	PAM prompt code was wrong, looks like we have to kludge it after
+	all.
+	[91f246155ead]
+
+	* auth.c:
+	In the PAM code, when a user hits return at the first password
+	prompt, exit without a warning just like the normal auth code
+	[918f59bacdb7]
+
+	* configure, configure.in:
+	kludge around cross-compiler false positives
+	[5e5fc8356400]
+
+	* auth.c, check.c, check_sia.c, logging.c, sudo.h, tgetpass.c:
+	New (correct) PAM code Tgetpass now takes an echo flag for use with
+	PAM_PROMPT_ECHO_ON Block SIGINT and SIGTSTP during auth remove a
+	useless umask setting Change error from BAD_ALLOCATION ->
+	BAD_AUTH_INIT (for use with sia/PAM) Some cosmetic changes to auth.c
+	for consistency
+	[e71397f09dd8]
+
+	* sudo.c:
+	Some -Wall and kill some trailing spaces
+	[8229b43d5c4e]
+
+	* configure.in:
+	define -D__EXTENSIONS__ for solaris so we get crypt() proto
+	[7533e4436cab]
+
+1999-06-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	add Dynix 4.4.4
+	[b69f773efbce]
+
+	* INSTALL, config.h.in, configure, configure.in:
+	for kerberos V < version, fall back on old kerb4 auth code
+	[d685ed3a1d8e]
+
+	* INSTALL:
+	clarify some things
+	[2f5ba2e8e53a]
+
+	* UPGRADE, sudoers.cat, sudoers.man, sudoers.pod:
+	typos
+	[8925a109c093]
+
+1999-06-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	mention why DONT_LEAK_PATH_INFO is not the default
+	[0346260cb4ec]
+
+1999-06-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	Fix open(2) return value checking, was NULL for fopen, should be -1
+	for open
+	[355878bf6d8a]
+
+	* configure:
+	regen
+	[68bf82871862]
+
+	* configure.in:
+	better wording for solaris pam notice
+	[04e88c7a6c42]
+
+	* CHANGES:
+	document recent changes
+	[7c922c5622ef]
+
+	* TROUBLESHOOTING:
+	Update shadow password section
+	[e8448bae7d66]
+
+	* auth.c:
+	move authentication code from check.c to auth.c
+	[e9f6ecae2399]
+
+	* Makefile.in, check.c, sudo.h:
+	move authentication code to auth.c
+	[124cded85f46]
+
+1999-05-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, check_sia.c, compat.h, find_path.c,
+	getspwuid.c, goodpath.c, interfaces.c, interfaces.h, lex.yy.c,
+	logging.c, parse.c, parse.lex, parse.yacc, secureware.c, sudo.c,
+	sudo.h, sudo.tab.c, sudo_setenv.c, testsudoers.c, tgetpass.c,
+	visudo.c:
+	Move interface-related defines to interfaces.h so we don't have to
+	include <netinet/in.h> everywhere.
+	[e7599d8ea0bf]
+
+1999-05-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, INSTALL, TODO, check.c, compat.h, getspwuid.c, logging.c,
+	parse.yacc, sudo.c, sudo.tab.c, tgetpass.c:
+	o Replace _PASSWD_LEN braindeath with our own SUDO_MAX_PASS. It
+	turns out the old DES crypt does the right thing with passwords
+	longert than 8 characters. o Fix common typo (necesary ->
+	necessary) o Update TODO list
+	[ad75007a6f13]
+
+1999-05-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	set $LOGNAME when we set $USER
+	[391596210fd7]
+
+1999-04-27  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	add comment about digital unix and interfaces.c warning with gcc
+	[e20f815901cc]
+
+1999-04-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers:
+	use modern paths and give examples for some of the new parser
+	features
+	[e7b2e507c695]
+
+1999-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	fix comment
+	[5eb0d005a65f]
+
+	* alloc.c, check.c, check_sia.c, dce_pwent.c, find_path.c,
+	getspwuid.c, goodpath.c, interfaces.c, lex.yy.c, logging.c, parse.c,
+	parse.lex, parse.yacc, putenv.c, secureware.c, sudo.c, sudo.tab.c,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	Function names should be flush with the start of the line so they
+	can be found trivially in an editor and with grep
+	[3c400abde574]
+
+	* find_path.c, interfaces.c, lex.yy.c, parse.c, parse.lex, parse.yacc,
+	sudo.c, sudo.tab.c, testsudoers.c, tgetpass.c, visudo.c:
+	free(3) is already void, no need to cast it
+	[6981e1ebda0f]
+
+	* logging.c, sudo.c, sudo.h:
+	catch case where cmnd_safe is not set (this should not be possible)
+	[3e1e3038546c]
+
+	* CHANGES, logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c,
+	testsudoers.c, visudo.c:
+	Stash the "safe" path (ie: the one listed in sudoers) to the command
+	instead of stashing the struct stat. Should be safer.
+	[aa2883fcf57e]
+
+1999-04-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, Makefile.in, UPGRADE:
+	notes on updating from an earlier release
+	[df9fffa4ab2c]
+
+	* CHANGES:
+	updated
+	[574f5065d15a]
+
+1999-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.tab.c, sudo.tab.h, sudoers.cat, sudoers.html,
+	sudoers.man, sudoers.pod:
+	You can now specifiy a host list instead of just a host or alias.
+	Ie: user = host1,host2,ALIAS,!host3 my_command now works.
+	[e3942bb78021]
+
+	* testsudoers.c:
+	Quiet -Wall
+	[a3edc8b08c3a]
+
+	* parse.yacc, sudo.tab.c:
+	Move the push from the beginning of cmndspec to the end. This means
+	we no longer have to do a push at the end of privilege, just reset
+	some values.
+	[8ea66e5860c6]
+
+	* sudoers.cat, sudoers.html, sudoers.man, sudoers.pod:
+	runas-lists and NOPASSWD/PASSWD modifiers are now sticky and you can
+	use "!" most everywhere
+	[aadae4d1c9d5]
+
+1999-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudoers.pod:
+	modernize paths and update su example based on sample.sudoers one
+	[3f6a37e16c83]
+
+	* sample.sudoers:
+	New runas semantics
+	[756ee92865b7]
+
+	* CHANGES, Makefile.in, alloc.c, config.h.in, configure, configure.in,
+	strdup.c, sudo.h:
+	In estrdup(), do the malloc ourselves so we don't need to rely on
+	the system strdup(3) which may or may not exist. There is now no
+	need to provide strdup() for those w/o it. Also, the prototype for
+	estrdup() was wrong, it returns char * and its param is const.
+	[5f1f984da8e3]
+
+	* getcwd.c:
+	$Sudo tag
+	[e4188a35e68c]
+
+	* check.c:
+	buf should be prompt; Michael Robokoff <mrobo@networkcs.com>
+	[2aec87c86cde]
+
+	* CHANGES, TODO, parse.yacc, sudo.tab.c:
+	It is now possible to use the '!' operator in a runas list as well
+	as in a Cmnd_Alias, Host_Alias and User_Alias.
+	[a4fdaabda990]
+
+	* logging.c, sudo.h:
+	Kill GLOBAL_NO_SPW_ENT (not used) and crank GLOBAL_PROBLEM
+	[73d0376785ae]
+
+	* sudo.h:
+	Definitions of *_matched were wrong--user top, not top-2 as
+	subscript.
+	[5f8350a57362]
+
+	* logging.c, parse.c, parse.yacc, sudo.c, sudo.h, sudo.tab.c:
+	Add VALIDATE_NOT_OK_NOPASS for when user is not allowed to run a
+	command but the NOPASSWD flag was set. Make runasspec, runaslist,
+	runasuser, and nopasswd typeless in parse.yacc Add support for '!'
+	in the runas list Fix double printing of '%' and '+' for groups and
+	netgroups respectively Add *_matched macros (no need for local stack
+	variable). Should only be used directly after a pop (since top must
+	be >= 2).
+	[392b1400c4e6]
+
+	* aclocal.m4, configure.in:
+	Add copyright, somewhat silly
+	[55c2cdd82dca]
+
+1999-04-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, Makefile.in, README, alloc.c, check.c, check_sia.c,
+	compat.h, config.h.in, configure, configure.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+	lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in,
+	putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h,
+	sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat, sudoers.man,
+	testsudoers.c, tgetpass.c, utime.c, version.h, visudo.c, visudo.cat,
+	visudo.man:
+	Crank version to 1.6 and combine copyright statements
+	[0e1c791658ae]
+
+	* sample.sudoers:
+	Use ! not ^ to do negation
+	[1480a0761730]
+
+	* lex.yy.c, sudo.tab.c:
+	regen
+	[89ca5a46684b]
+
+	* parse.lex, parse.yacc:
+	Make runas and NOPASSWD tags persistent across entris in a command
+	list. Add a PASSWD tag to reverse NOPASSWD. When you override a
+	runas or *PASSWD tag the value given becomes the new default for the
+	rest of the command list.
+	[f1bbb4066542]
+
+1999-04-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, RUNSON:
+	update for 1.5.9
+	[a1ae9d4a7d54] [SUDO_1_5_9]
+
+	* visudo.c:
+	Shift return value of system(3) by 8 to get real exit value and if
+	it is not 1 or 0 print the retval along with the error message.
+	[c1ff50d743fb]
+
+1999-03-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	testsudoers needs LIBOBJS too
+	[972571b4e4bf]
+
+	* parse.c, parse.yacc, sudo.tab.c:
+	Fix another parser bug. For a sudoers entry like this: millert
+	ALL=/bin/ls,(daemon) !/bin/ls sudo would not allow millert to run ls
+	as root.
+	[51968e1eb33d]
+
+	* CHANGES:
+	new change
+	[271c6110bb62]
+
+	* parse.yacc, sudo.tab.c:
+	Save entries that match a ! command on the matching stack too
+	[5afb5107116c]
+
+	* sudo.c:
+	Make sudo's usage info better when mutually exclusive args are given
+	and don't rely on argument order to detect this; nick@zeta.org.au
+	[2422753c88fd]
+
+1999-03-29  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, Makefile.in, RUNSON:
+	updates from CU
+	[b37381e3dafb]
+
+	* Makefile.in:
+	use gzip
+	[94a64e52a166]
+
+	* parse.yacc, sudo.tab.c:
+	Fix off by one error introduced in *alloc changes
+	[95ede581153a]
+
+	* BUGS, CHANGES, INSTALL, Makefile.in, README, alloc.c, check.c,
+	check_sia.c, compat.h, config.h.in, configure, configure.in,
+	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.cat,
+	sudo.h, sudo.man, sudo.tab.c, sudo_setenv.c, sudoers.cat,
+	sudoers.man, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c, visudo.cat, visudo.html, visudo.man, visudo.pod:
+	++version
+	[c6d88f024e37]
+
+	* Makefile.in, check.c, find_path.c, getspwuid.c, goodpath.c,
+	interfaces.c, lex.yy.c, logging.c, parse.c, parse.lex, parse.yacc,
+	putenv.c, secureware.c, strdup.c, sudo.c, sudo.h, sudo.tab.c,
+	sudo_setenv.c, testsudoers.c, utime.c, visudo.c:
+	Use emalloc/erealloc/estrdup
+	[44221d97361a]
+
+	* alloc.c:
+	error checking memory allocation routines
+	[5f8c1e7bbc71]
+
+	* parse.yacc, sudo.tab.c:
+	Still not right, this fixes it for real
+	[ad553b6f5339]
+
+	* parse.yacc, sudo.tab.c:
+	Fix for previous commit
+	[4d6f989f9bf2]
+
+	* CHANGES, INSTALL, parse.yacc:
+	Fix a parser bug that was exposed when mixing different runas specs
+	and ! commands. For example: millert ALL=(daemon)
+	/usr/bin/whoami,!/bin/ls would allow millert to run whoami as root
+	as well as daemon when it should just allow daemon. The problem was
+	that comma-separated commands in a list shared the same entry on the
+	matching stack. Now they get their own entry iff there is a full
+	match. It may be better to just make the runas spec persistent
+	across all commands in a list like the user and host entries of the
+	matching stack. However, since that is a fairly major change it
+	should gets its own minor rev increase.
+	[c4b939cdcc8e]
+
+1999-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, config.h.in:
+	Simplify PAM code and fix a PAM-related warning on Linux
+	[2468399523b6]
+
+1999-03-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	updates
+	[29d4a997769c]
+
+	* sample.sudoers:
+	better su entry
+	[76d8285a72ba]
+
+	* configure:
+	regen
+	[b7450cc6975d]
+
+	* check.c, configure.in:
+	new pam code that works on solaris, should work on linux too;
+	aelberg@home.com
+	[84c16c0ff259]
+
+1999-03-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	more entries
+	[b6bef8660759]
+
+	* config.h.in:
+	only include strings.h if there is no string.h
+	[b66054a32b00]
+
+1999-03-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess:
+	Sinix is now being called ReliantUNIX; bjjackso@us.oracle.com
+	[c086d2fe63af]
+
+1999-03-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	shost must be set before log functions are called #ifdef HOST_IN_LOG
+	[d49a7944358f]
+
+1999-03-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, lex.yy.c, parse.lex:
+	Fix a bug wrt quoting characters in command args. Stop processing
+	an arg when you hit a backslash so the quoted-character detection
+	can catch it.
+	[2281438d7f41]
+
+1999-02-26  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	include sys/time.h; aparently AIX needs it. ppz@cdu.elektra.ru
+	[31118a9e9916]
+
+1999-02-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	add missing case statement so --without-sendmail works
+	[ca25614f7dd9]
+
+1999-02-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES:
+	more
+	[4d70e44f7f93]
+
+1999-02-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	only search for -lsun in irix <= 4.x
+	[e604238317b1]
+
+	* configure, configure.in:
+	back out last configure.in change now that I've hacked autoconf to
+	fix the real problem and add a missing newline
+	[2dabf59a79b5]
+
+	* CHANGES:
+	updated
+	[bb35d526552f]
+
+	* getcwd.c:
+	add def of dirfd() for those without it
+	[95f0173d8441]
+
+	* configure, configure.in:
+	When falling back to checking for socket() when linking with
+	"-lsocket -lnsl" check for main() instead since autoconf has already
+	cached the results of checking for socket() in -lsocket. This is
+	really an autoconf bug as it should use the extra libs as part of
+	the cache variable name.
+	[a845f8b710ad]
+
+	* configure.in:
+	typo
+	[a7d62f62a478]
+
+1999-02-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix occurrence of $with_timeout that should be
+	$with_password_timeout; Michael.Neef@neuroinformatik.ruhr-uni-
+	bochum.de
+	[8c4da2cf73d1]
+
+1999-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.cat, sudo.html, sudo.man, sudo.pod:
+	fix grammar; espie@openbsd.org
+	[7031d9dfbc3e] [SUDO_1_5_8]
+
+1999-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc, sudo.c, testsudoers.c:
+	add cast for strdup in places it does not have it
+	[7ce4478d3b0f]
+
+1999-02-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	define for_BSD_TYPES irix
+	[858337ff4af8]
+
+1999-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, sudo.cat, sudo.html, sudo.man, sudo.pod:
+	Make it clear that it is the user's password, not root's, that we
+	want.
+	[ae0f51b35ee4]
+
+	* check.c, sudo.h:
+	If the user enters an empty password and really has no password,
+	accept the empty password they entered. Perviously, they could
+	enter anything
+	*but* an empty password. Also, add GETPASS macro that calls either
+	tgetpass() or getpass() depending on how sudo was configured.
+	Problem noted by jdg@maths.qmw.ac.uk
+	[2fde21ce94c1]
+
+1999-02-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+	dce_pwent.c, emul/utime.h, find_path.c, getspwuid.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, secureware.c, strdup.c, sudo.c, sudo.h,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, version.h,
+	visudo.c:
+	add explicate copyright
+	[d3b4449834a5]
+
+	* CHANGES:
+	mention -lsocket, -lnsl configure changes
+	[9140af4ad8ae]
+
+1999-02-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	Don't clobber errno after calling check_sudoers().
+	[59bd581b2654]
+
+1999-02-01  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	When linking with both -lsocket and -lnsl be sure to do so in that
+	order. Also, when we can't find socket() or inet_addr() and have to
+	try linking with both libs, issue a warning.
+	[0ee547163067]
+
+	* sudo.cat, sudo.man, sudo.pod:
+	clarify bad timestamp and fmt
+	[70e42cf56c75]
+
+1999-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, RUNSON:
+	be clear that pam is linux-only and add a RUNSON entry
+	[7fdeab875e0d]
+
+1999-01-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* CHANGES, INSTALL, configure, configure.in:
+	fix and correctly document --with-umask; problem noted by
+	adap@adap.org
+	[11cd0481d63a]
+
+1999-01-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure, configure.in:
+	only use /usr/{man,catman}/local to store man pages if suer didn't
+	override prefix or mandir
+	[781ad2cbe9be]
+
+	* INSTALL, configure, configure.in:
+	fix typo, make --with-SecurID take an arg
+	[026a9b4014fc]
+
+1999-01-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* RUNSON:
+	updates from users
+	[2286982b31e6]
+
+	* CHANGES, INSTALL, check.c, configure, configure.in:
+	FWTK 'authsrv' support from Kevin Kadow <kadow@MSG.NET>
+	[23aa4e5c6b02]
+
+	* configure, configure.in:
+	better fix for the problem of unresolved symbols in -lnsl or
+	-lsocket
+	[82fe70fc287f]
+
+	* configure, configure.in:
+	when checking for functions in -lnsl and -lsocket link with both of
+	them to avoid unresolved symbols on some weirdo systems
+	[1734a591808e]
+
+1999-01-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, CHANGES, RUNSON, TODO:
+	old changes that didn't make it into RCS before the RCS->CVS switch
+	[846eb2b8f9aa]
+
+1999-01-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, check_sia.c, compat.h, config.h.in,
+	configure.in, dce_pwent.c, emul/search.h, emul/utime.h, find_path.c,
+	getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, interfaces.c, lex.yy.c, logging.c,
+	lsearch.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+	secureware.c, strdup.c, sudo.c, sudo.pod, sudo_setenv.c,
+	sudoers.pod, testsudoers.c, tgetpass.c, utime.c, visudo.c,
+	visudo.pod:
+	add sudo tags
+	[962f81eaa5ab]
+
+	* sudo.h:
+	testing Sudo tag
+	[e84cbc521129]
+
+	* version.h:
+	testing Sudo tag
+	[a8c3a3998b88]
+
+	* BUGS, INSTALL, Makefile.in, README, check.c, check_sia.c, compat.h,
+	config.h.in, configure, configure.in, dce_pwent.c, emul/utime.h,
+	find_path.c, getspwuid.c, goodpath.c, ins_2001.h, ins_classic.h,
+	ins_csops.h, ins_goons.h, insults.h, interfaces.c, lex.yy.c,
+	logging.c, parse.c, parse.lex, parse.yacc, pathnames.h.in, putenv.c,
+	secureware.c, strdup.c, sudo.c, sudo.cat, sudo.h, sudo.man,
+	sudo_setenv.c, sudoers.cat, sudoers.man, testsudoers.c, tgetpass.c,
+	utime.c, version.h, visudo.c, visudo.cat, visudo.man:
+	crank version and regen files
+	[23eacf00a1a4]
+
+	* Makefile.in:
+	kill rcs goop in update_version and fix now that version is a const
+	[e6e50bd8d1e1]
+
+	* INSTALL, check.c, config.h.in, configure, configure.in, logging.c,
+	sudo.c, sudo.h, sudo.pod:
+	kerb5 support from fcusack@iconnet.net
+	[8134027986e2]
+
+	* realpath.c, sudo_realpath.c:
+	we no longer use realpath
+	[0f5f64abc646]
+
+	* qualify.c:
+	replaced by find_path.c
+	[9e32a87e09c4]
+
+	* options.h:
+	all options are now configure flags
+	[ee6bd9610102]
+
+	* lex.yy.c:
+	regen
+	[bdbf8a18161f]
+
+	* getwd.c:
+	superceded by getcwd.c
+	[1e54ee0990b4]
+
+	* getpass.c:
+	superceded by tgetpass.c
+	[4e0d1edc30e3]
+
+	* SUPPORTED:
+	superceded by RUNSON
+	[854c5a21cb53]
+
+	* OPTIONS:
+	No longer used now that we have configure options for everything.
+	[9b1ae1c89259]
+
+	* configure:
+	regen based on configure.in
+	[3a4d73936973]
+
+	* sudo.cat, sudo.html, sudo.man, sudoers.cat, sudoers.html,
+	sudoers.man, visudo.cat, visudo.html, visudo.man:
+	regen based on sudo.pod, sudoers.pod, and visudo.pod
+	[c267beb90778]
+
+1998-12-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fix tty tickets in remove_timestamp (didn't use ':')
+	[fd964a74a32b]
+
+1998-12-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	close sock when we are done with it
+	[95de0380f8a4]
+
+1998-11-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.yacc:
+	never say "error on line -1"
+	[361db1491121]
+
+1998-11-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	check for -lnsl before -lsocket
+	[8e966d6bbcb5]
+
+	* configure.in:
+	quote '[', ']' used in ranges correctly
+	[fa4f9c6ff651]
+
+1998-11-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add missing NO_ROOT_SUDO noted by drno@tsd.edu
+	[c969f25d1667]
+
+1998-11-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* version.h:
+	1.5.7
+	[7a22de0bc148]
+
+	* INSTALL:
+	more info for 1.5.7
+	[30ad9e784799]
+
+	* README:
+	update for 1.5.7
+	[cd03a0a27cd2]
+
+	* parse.yacc:
+	make increases of cm_list_size and ga_list_size be similar to
+	increases of stacksize (ie: >= not > in initial compare).
+	[6bd450a896c7]
+
+	* parse.yacc:
+	when we get a syntax error, report it for the previous line since
+	that's generally where the error occurred.
+	[c4ac84058f0b]
+
+1998-11-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in, configure.in, interfaces.c:
+	add back check for sys/sockio.h but only use it if SIOCGIFCONF is
+	not defined
+	[d197f31fd1e4] [SUDO_1_5_7]
+
+	* config.h.in:
+	define BSD_COMP for svr4
+	[87ac1147ff79]
+
+	* check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+	goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+	parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	more -Wall
+	[d98e2d32db2a]
+
+	* configure.in:
+	kill check for sockio,h
+	[4399779014c1]
+
+	* config.h.in:
+	no more HAVE_SYS_SOCKIO_H
+	[67484528e347]
+
+	* check.c, check_sia.c, find_path.c, getcwd.c, getspwuid.c,
+	goodpath.c, interfaces.c, logging.c, lsearch.c, parse.c, parse.lex,
+	parse.yacc, putenv.c, secureware.c, strdup.c, sudo.c, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	-Wall
+	[2b7e83976788]
+
+1998-11-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	add missing inform_user()
+	[8689528c6d55]
+
+1998-11-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* find_path.c:
+	return NOT_FOUND if given fully qualified path and it does not exist
+	previously it would perror(ENOENT) which bypasses the option to not
+	leak path info
+	[ccbc3d0130ae]
+
+	* configure.in:
+	for kerb5, check for -lkerb4, fall back on -lkrb for kerb, check for
+	-ldes
+	[c77d3b484ece]
+
+1998-11-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	tty tickets are user:tty now
+	[a53a303a614d]
+
+	* check.c:
+	when using tty tickets make it user:tty not user.tty as a username
+	could have a '.' in it
+	[3160b3f5c890]
+
+1998-11-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	add "ignoring foo found in ." for auth successful case
+	[24257169e0bd]
+
+1998-11-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	add missing printf param
+	[8c905124f777]
+
+1998-11-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL, config.h.in, configure.in, find_path.c, sudo.c, sudo.h:
+	go back to printing "command not found" unless --disable-path-info
+	specified. Also, tell user when we ignore '.' in their path and it
+	would have been used but for --with-ignore-dot.
+	[066e118c11e4]
+
+	* check.c, sudo.c:
+	Only one space after a colon, not two, in printf's
+	[38452f4c8007]
+
+1998-11-05  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.pod:
+	document setting $USER
+	[80557fe6aede]
+
+	* check.c:
+	fix bugs with prompt expansion
+	[44c4fca5f009]
+
+	* sudo.c:
+	set $USER for root too
+	[4b525e1c6269]
+
+1998-11-04  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* getspwuid.c:
+	typo
+	[5107446f43e0]
+
+	* configure.in:
+	HP-UX's iscomsec is in -lsec, not libc
+	[03c9f700b795]
+
+	* configure.in:
+	remove some entries in the OS case statement that did nothing
+	[ea96e7e0f624]
+
+	* TROUBLESHOOTING:
+	add "cd" section and flush out syslog section
+	[5107f7363b78]
+
+	* Makefile.in:
+	no more sudo-lex.yy.c
+	[ed50826efbbc]
+
+	* check_sia.c:
+	add custom prompt support
+	[6a285cea10b7]
+
+	* testsudoers.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity
+	[eee31052921e]
+
+	* sudo.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity set $USER if -u specified
+	[9f3753461f8a]
+
+	* parse.yacc:
+	kill perror("malloc") since we already have a good error messages
+	[849459088ac3]
+
+	* parse.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity when checking if %group matches, look up
+	user in password file so that %groups works in a RunAs spec.
+	[0489b4ecc59a]
+
+	* logging.c:
+	kill perror("malloc") since we already have a good error messages
+	[3191a18b3526]
+
+	* check.c, getspwuid.c, interfaces.c:
+	kill perror("malloc") since we already have a good error messages
+	pw_ent -> pw for brevity
+	[7193fdb38cf9]
+
+1998-11-03  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	the prompt is expanded before tgetpass is called
+	[0f408f508041]
+
+	* sudo.h:
+	tgetpass now has the same args as getpass again
+	[b6778cd9d79f]
+
+	* getspwuid.c:
+	add iscomsec, issecure support
+	[007be7ec7ae7]
+
+	* check.c:
+	we now expand any %h or %u in the prompt before passing to tgetpass
+	[f3db8c9ee387]
+
+	* configure.in:
+	add check for syslog(3) in -lsocket, -lnsl, -linet
+	[5a96f902ce00]
+
+	* config.h.in:
+	add HAVE_ISCOMSEC and HAVE_ISSECURE
+	[f640b0d4cf05]
+
+	* configure.in:
+	add check for iscomsec in HP-UX
+	[b28b249040f0]
+
+	* configure.in:
+	check for issecure if we have getpwanam on SunOS some options are
+	incompatible with DUNIX SIA check for dispcrypt on DUNIX
+	[a49d05d9c913]
+
+1998-10-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add HAVE_DISPCRYPT
+	[7376d543d8d6]
+
+	* secureware.c:
+	add back support for non-dispcrypt based checking for older DUNIX
+	[977b98e936be]
+
+	* INSTALL:
+	sia changes
+	[c5387c06e30f]
+
+	* configure.in:
+	SIA becomes the default on Digital UNIX now havbe --disable-sia to
+	turn it off...
+	[3b647558ea13]
+
+	* check.c:
+	move local includes after system ones
+	[b2abad4c4aef]
+
+1998-10-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, check_sia.c, sudo.h:
+	add pass_warn() which prints out INCORRECT_PASSWORD or an insult to
+	stderr
+	[547cbf299661]
+
+	* check_sia.c:
+	fix while loop in sia_attempt_auth() that checks the password. Only
+	the first iteration was working.
+	[1886fd1ac831]
+
+1998-10-22  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* aclocal.m4:
+	don't trust UID_MAX or MAXUID
+	[2aeddb1654d8]
+
+	* configure.in:
+	fix two pastos
+	[c18f0a10b75d]
+
+	* configure.in:
+	fix typo
+	[1eb3190ef12d]
+
+	* getspwuid.c, secureware.c:
+	init crypt_type to INT_MAX since it is legal to be negative in DUNX
+	5.0
+	[cefbde04822d]
+
+	* configure.in:
+	for secureware on dunix, use -lsecurity -ldb -laud -lm but check for
+	-ldb since DUNX < 4.0 lacks it
+	[e6b11d971068]
+
+1998-10-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c, compat.h, config.h.in, configure.in, getspwuid.c,
+	secureware.c, sudo.c, tgetpass.c:
+	getprpwuid is broken in HP-UX 10.20 at least (it sleeps for 2
+	minutes if the shadow files don't exist).
+	[2f297d095004]
+
+1998-10-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	updated --with-editor blurb
+	[77d8a3ea7328]
+
+	* TROUBLESHOOTING:
+	tell how to put sudoers in a different dir
+	[456cd20eb1d0]
+
+	* configure.in:
+	add missing quotes around $with_editor
+	[22881748ab1b]
+
+	* configure.in:
+	typo in --with-editor bits
+	[ab6964580681]
+
+	* INSTALL:
+	I don't expect it to work on Solaris
+	[1c2fceaaf56e]
+
+	* check.c:
+	add back security/pam_misc.h
+	[6ffd30033c1e]
+
+1998-10-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	remove dunix note since configure checks for this now
+	[e9904512b8e8]
+
+	* configure.in:
+	add check for broken dunix prot.h (4.0 < 4.0D is bad)
+	[8a4c1e6aef3b]
+
+	* getspwuid.c, secureware.c, tgetpass.c:
+	new dunix shadow code, use dispcrypt(3)
+	[1b936bc7268c]
+
+	* config.h.in:
+	add HAVE_INITPRIVS
+	[4369f4c4f914]
+
+	* sudo.c:
+	call initprivs() if we have it for getprpwuid later on
+	[11cf5915d826]
+
+	* Makefile.in:
+	clean pathnames.h too
+	[5f1df3262613]
+
+	* configure.in:
+	quote "Sorry, try again." with [] since it has a comma in it set
+	LIBS when we add stuff to SUDO_LIBS set SECUREWARE when we find
+	getprpwuid() so we can check for bigcrypt, set_auth_parameters, and
+	initprivs later.
+	[e226b0a3f250]
+
+	* INSTALL:
+	update Digital UNIX note about acl.h
+	[80132b71d73a]
+
+	* INSTALL:
+	add --with-sia
+	--without-root-sudo -> --disable-root-sudo some reordering
+	[198386358818]
+
+	* secureware.c:
+	add whitespace
+	[4aadaf1a54b0]
+
+	* Makefile.in, check.c, config.h.in, configure.in, logging.c, sudo.h:
+	add SIA support
+	[fa3ddbb9cc51]
+
+	* check_sia.c:
+	Initial revision
+	[2968551d40e4]
+
+1998-10-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	when checking for -lsocket, -lnsl, and -linet, check for the
+	specific functions we need from them.
+	[8d33e64362a3]
+
+	* config.h.in, sudo.h:
+	move Syslog_* defs into sudo.h
+	[03d1774f25c7]
+
+	* Makefile.in, sudo.h:
+	added check_secureware
+	[e46e3cbb9a97]
+
+	* configure.in:
+	finished adding AC_MSG_CHECKING and AC_MSG_RESULT bits
+	[dbefe1856503]
+
+	* insults.h:
+	don't define CLASSIC_INSULTS and CSOPS_INSULTS if no other sets
+	defined. configure now does that for us
+	[e4520ea0581f]
+
+	* configure.in:
+	move some --with options around change a bunch of echo's to
+	AC_MSG_CHECKING, AC_MSG_RESULT pairs
+	[ffdf6869fdd7]
+
+	* configure.in:
+	change $with_foo-bar -> $with_foo_bar kill extra " that caused a
+	syntax error add some echo verbage
+	[3278c49bf74b]
+
+1998-10-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	moved SecureWare stuff into secureware.c
+	[42d3d3ac35dc]
+
+	* secureware.c:
+	Initial revision
+	[aa7f72a249cf]
+
+	* INSTALL:
+	update url to solaris gcc bins
+	[36a3eb668777]
+
+	* INSTALL:
+	change option formatter and flesh out someentries
+	[6fbd1db4a8ad]
+
+	* TROUBLESHOOTING, sudo.pod, visudo.pod:
+	environmental variable -> environment variable
+	[6f14d708e32d]
+
+	* BUGS:
+	everything is now done via configure
+	[c217858f58ab]
+
+	* README:
+	prev rev was 1.5.6
+	[7b4177103c35]
+
+	* Makefile.in:
+	passing SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID correctly
+	[31c6b0a5e0e2]
+
+	* config.h.in:
+	SUDOERS_MODE, SUDOERS_UID, SUDOERS_GID now come from the Makefile
+	[d406a1ef6d25]
+
+	* Makefile.in:
+	merge OSDEFS and OPTIONS into DEFS get sudoers_uid, sudoers_gid,
+	sudoers_mode from configure
+	[1c509500655a]
+
+	* configure.in:
+	SUDOERS_MODE, SUDOERS_UID, and SUDOERS_GID now get substituted into
+	the Makefile, not config.h
+	[d4482f1492fe]
+
+	* INSTALL:
+	document all --with/--enable options
+	[22d81b312d7f]
+
+1998-10-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* insults.h:
+	options.h is no more
+	[560946a33f7f]
+
+	* config.h.in:
+	assimilated options.h
+	[dd8ce74613c1]
+
+	* configure.in:
+	moved options from options.h to configure
+	[d39662f71b4e]
+
+	* check.c, find_path.c, getspwuid.c, goodpath.c, interfaces.c,
+	logging.c, parse.c, parse.lex, parse.yacc, sudo.c, sudo.pod,
+	sudo_setenv.c, visudo.c:
+	no more options.h
+	[43924bf0858d]
+
+	* INSTALL, Makefile.in, PORTING, TROUBLESHOOTING:
+	remove references to options.h
+	[ef3474295395]
+
+	* dce_pwent.c, interfaces.c, sudo.c:
+	kill sys/time.h
+	[4d833f0034e4]
+
+	* tgetpass.c:
+	if select return < -1 still prompt for pw
+	[e0009e5c93a2]
+
+	* options.h:
+	convert LOGGING, LOGFAC, MAXLOGFILELEN, IGNORE_DOT_PATH into
+	configure options
+	[e60a1e546516]
+
+	* parse.c:
+	FAST_MATCH is no longer an optino
+	[c448dbb3464b]
+
+	* check.c:
+	remove_timestamp() if timestamp is preposterous
+	[70d9a86c6ecd]
+
+	* options.h:
+	convert more options to --with/--enable
+	[34646d9b09dc]
+
+	* INSTALL, aclocal.m4:
+	logfile -> logpath
+	[42de502bc637]
+
+	* configure.in:
+	convert more options into --with and --enable
+	[92d0898c9844]
+
+	* tgetpass.c:
+	catch EINTR in select and restart
+	[f045d2f234d7]
+
+	* logging.c:
+	sys/errno -> errno
+	[7f0c5beab6f2]
+
+1998-09-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sudo.c:
+	UMASK -> SUDO_UMASK.
+	[48f308661514]
+
+	* check.c, logging.c:
+	time.h, not sys/time.h
+	[91de049c79e4]
+
+1998-09-21  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* logging.c:
+	MAILER -> _PATH_SENDMAIL
+	[df65d6896639]
+
+	* INSTALL, configure.in:
+	no more --with-C2, now it is --disable-shadow
+	[18bfcab3b9ab]
+
+	* aclocal.m4, check.c, compat.h, config.h.in, configure.in,
+	getspwuid.c, sudo.c, tgetpass.c:
+	new shadow password scheme. Always include shadow support if the
+	platform supports it and the user did not disable it via configure
+	[2135d93bb4a9]
+
+1998-09-20  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	--with-getpass -> --{enable,disable}-tgetpass
+	[451b33fdd4c7]
+
+	* Makefile.in:
+	pathnames.h -> pathnames.h.in
+	[b109022eca69]
+
+	* check.c:
+	fix version string
+	[761b25c314ea]
+
+	* check.c:
+	move pam_conv to be static to auth function remove pam_misc.h
+	(solaris doesn't have one)
+	[a682e4da987a]
+
+	* aclocal.m4:
+	_CONFIG_PATH_* -> _PATH_* or _PATH_SUDO_* kill SUDO_PROG_PWD
+	[e6005d0599b5]
+
+	* configure.in:
+	munge pathnames.h.in -> pathnames.h kill SUDO_PROG_PWD
+	[24c0ac2155ef]
+
+	* pathnames.h.in:
+	convert to pathnames.h.in
+	[013bddf7f684]
+
+1998-09-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix typo in sysv4 matching case /.
+	[2994c4f88cf5]
+
+1998-09-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	pam stuff needs to run as root, not user, for shadow passwords
+	[d94ff75de503]
+
+1998-09-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, README, configure.in:
+	updated version
+	[775adc7de7ac]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, goodpath.c, ins_2001.h,
+	ins_classic.h, ins_csops.h, ins_goons.h, insults.h, interfaces.c,
+	logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[5ca599fb6b93]
+
+	* check.c:
+	user version.h for long message
+	[47a52ac7e542]
+
+	* check.c:
+	this is version 1.5.6
+	[8451ac79eee2]
+
+1998-09-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	remove errant backslash
+	[0222a8a650ff]
+
+1998-09-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* options.h, parse.yacc, pathnames.h.in:
+	fix version string
+	[fdee73255d64] [SUDO_1_5_6]
+
+	* BUGS, CHANGES, TODO:
+	updtaed for 1.5.6
+	[752443bf7f26]
+
+	* RUNSON:
+	updated for 1.5.6
+	[0f878123fe6a]
+
+1998-09-14  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* interfaces.c:
+	kill unused localhost_mask var copy if name to ifr_tmp after we zero
+	it
+	[8e89c364cef2]
+
+1998-09-13  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	Better description of new vs. old sudoers modes fix some typos
+	better description of /usr/ucb/cc gotchas on slowaris
+	[c00b2a6fc1e8]
+
+	* Makefile.in:
+	add sample.pam
+	[ec7f6cc19b00]
+
+	* sudo.c:
+	set NewArgv[0] to user_shell, not basename(user_shell)
+	[1e907cbc9f7b]
+
+1998-09-12  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* README:
+	mention TROUBLESHOOTING more fix some typos
+	[2c2e6907d4a4]
+
+	* configure.in:
+	move --enable/--disable to be after --with
+	[9b30097f76c1]
+
+	* INSTALL:
+	document --enable/--disable
+	[c522362e38a8]
+
+	* INSTALL:
+	document --with-pam
+	[7e38932c78ac]
+
+1998-09-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	Add message for pam users
+	[d224f277e3cd]
+
+	* sample.pam:
+	Initial revision
+	[3a84d7045f54]
+
+	* config.h.in:
+	fix HAVE_PAM
+	[2f0f303ebd88]
+
+	* check.c, config.h.in, configure.in:
+	pam support, from Gary Calvin <GCalvin@kenwoodusa.com>
+	[ea3e0a72d707]
+
+1998-09-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.h.in:
+	add HOST_IN_LOG and WRAP_LOG
+	[822c36eeb6a8]
+
+	* logging.c:
+	add WRAP_LOG and HOST_IN_LOG
+	[3cf6052bd27e]
+
+	* configure.in:
+	add --enable-log-host and --enable-log-wrap
+	[c968cc12b353]
+
+	* aclocal.m4:
+	use AC_DEFINE_UNQUOTED for --with-logfile and --with-timedir
+	[915fef7e11a1]
+
+1998-09-09  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* compat.h:
+	add howmany macro
+	[9107a057a7c8]
+
+	* tgetpass.c:
+	include sys/param.h to get howmany macro
+	[7e908b5e1f32]
+
+1998-09-08  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS, options.h, parse.yacc, sudo.c, testsudoers.c, visudo.c:
+	add RUNAS_DEFAULT
+	[1e76398ea3fd]
+
+1998-09-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* fnmatch.c:
+	bring in stdio.h for NULL
+	[69c016610cbb]
+
+	* aclocal.m4:
+	allow /bin/{ksh,bach} and /usr/bin/{ksh,bash} as sh
+	[15ab2972f8d0]
+
+	* sudo.c:
+	use HAVE_SET_AUTH_PARAMETERS
+	[8abfdc8c80f7]
+
+	* config.h.in:
+	add HAVE_SET_AUTH_PARAMETERS
+	[673a5ebd5539]
+
+	* configure.in:
+	add *-*-hiuxmpp* add test for set_auth_parameters() if secureware
+	[a401f5a7469a]
+
+	* config.sub:
+	add support for HI-UX/MPP SR220001 02-03 0 SR2201
+	[cb657b7acaae]
+
+	* interfaces.c:
+	initialize previfname
+	[26a1902f56dc]
+
+	* interfaces.c:
+	Don't use SIOCGIFADDR, we don't need it Use SIOCGIFFLAGS if we have
+	it check ifr_flags against IFF_UP and IFF_LOOPBACK instead of
+	kludging it
+	[fa5c890c313b]
+
+	* configure.in:
+	typo
+	[bff579fbe95c]
+
+	* Makefile.in:
+	don't need special build line for sudo.tab.o
+	[10c0a0a912e4]
+
+	* Makefile.in:
+	don't clean sudo.tab.[ch]
+	[c40d5968efbb]
+
+	* sudo.c:
+	Sudo should prompt for a password before telling the user that a
+	command could not be found.
+	[d718c85a0047]
+
+	* BUGS:
+	for 1.5.6
+	[0cc1fe5b9129]
+
+	* INSTALL, README:
+	no longer require yacc
+	[d9096fc5b8b6]
+
+	* Makefile.in:
+	typo
+	[70feb1aefbd5]
+
+	* Makefile.in:
+	y.tab -> sudo.tab include pre-yacc'd parse.yacc
+	[cc802025fd44]
+
+	* parse.lex:
+	include sudo.tab.h, not y.tab.h don't break out of command args if
+	you get a '='
+	[728ad26dbda5]
+
+	* insults.h:
+	fix version ,
+	[242bbce1b2d4]
+
+	* ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h:
+	fix version
+	[2bb9086fea1e]
+
+	* compat.h:
+	fix version
+	[7e634d498ce6]
+
+	* getcwd.c:
+	getcwd(3) from OpenBSD for those without it.
+	[6c68d0df8f6c]
+
+	* sudo.h:
+	HAVE_GETWD -> HAVE_GETCWD
+	[2ad1e64d60c0]
+
+	* configure.in:
+	pretend sunos doesn't have getcwd(3) since it opens a pipe to
+	getpwd!
+	[677992ba5a6a]
+
+	* parse.c:
+	use NAMLEN() macro
+	[8f5685aa3165]
+
+	* fnmatch.c:
+	remove duplicate include of string.h
+	[6024f3051ac3]
+
+	* configure.in:
+	call SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+	[3d82a9c22cc2]
+
+	* aclocal.m4:
+	add SUDO_TYPE_DEV_T and SUDO_TYPE_INO_T
+	[53fbc47282f9]
+
+	* config.h.in:
+	add dev_t and ino_t
+	[5929bb0c7e1a]
+
+1998-07-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	fix OTP_ONLY for opie
+	[7edcfa78f2ec]
+
+1998-06-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* testsudoers.c, tgetpass.c:
+	include stdlib.h for malloc proto
+	[c9f4b99a2fe9]
+
+1998-05-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in:
+	make update_version saner
+	[d522f93ee04a]
+
+	* config.h.in:
+	add HAVE_WAITPID, HAVE_WAIT3, and sudo_waitpid()
+	[c9a2d21dc608]
+
+	* configure.in:
+	check for waitpid and wait3 or no waitpid
+	[1f18c3224184]
+
+	* logging.c:
+	used waitpid or wait3 if we have 'em
+	[391c3279ee65]
+
+1998-05-02  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* visudo.c:
+	fix some fprintf args, ariel@oz.engr.sgi.com (Ariel Faigon)
+	[fbf53b18178f]
+
+1998-04-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	don't need to explicately mention -lsocket -lnsl for sequent
+	[1898dc055352]
+
+1998-04-25  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	dynix should not link with -linet
+	[278a4b9cfe2a]
+
+1998-04-10  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention that HP-UX doesn't ship with yacc
+	[bde5147198c0]
+
+1998-04-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* check.c:
+	ignore kerberos if we can't get the local realm
+	[1e311a091a27]
+
+1998-04-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* BUGS, INSTALL, README, configure.in:
+	++version
+	[499ffc746018]
+
+	* version.h:
+	++
+	[35ba1ee01bd3]
+
+	* Makefile.in, check.c, config.h.in, dce_pwent.c, emul/utime.h,
+	find_path.c, getcwd.c, getspwuid.c, goodpath.c, interfaces.c,
+	logging.c, parse.c, parse.lex, putenv.c, strdup.c, sudo.c, sudo.h,
+	sudo_setenv.c, testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[b4990a513f31]
+
+	* check.c, sudo.h:
+	fix version
+	[5710795834e8]
+
+	* getcwd.c:
+	don't use popen/pclose. Do it inline.
+	[29e57b0646a4]
+
+	* lsearch.c:
+	add rcsid
+	[b2b55c39858d]
+
+	* sudo.c:
+	typo
+	[d381ac39ed0f]
+
+	* check.c, compat.h, ins_2001.h, ins_classic.h, ins_csops.h,
+	ins_goons.h, insults.h, options.h, parse.yacc, pathnames.h.in,
+	sudo.h:
+	updated version
+	[462d6e1a2d75]
+
+	* check.c, find_path.c, parse.c, sudo.c, testsudoers.c:
+	MAX* + 1 -> MAX*
+	[2c2eeb78d34f]
+
+	* Makefile.in:
+	getwd.c -> getcwd.c
+	[7d718c32fc02]
+
+	* config.h.in:
+	kill HAVE_GETWD
+	[6ad3d702343f]
+
+	* configure.in:
+	getcwd, not getwd
+	[33e5b9841f58]
+
+	* getcwd.c:
+	use MAX* not MAX* + 1 always run pwd as using getwd() defeats the
+	purpose
+	[24e58d340161]
+
+1998-03-31  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* OPTIONS, options.h:
+	add STUB_LOAD_INTERFACES
+	[d747cb23ca83]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[0798229312cc]
+
+	* configure.in:
+	support *-ccur-sysv4 and fix two typos
+	[24a823ad7cc9]
+
+1998-03-28  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	don't echo about with_logfile and with_timedir
+	[31e4a1e2d9ad]
+
+	* INSTALL:
+	document --with-logfile and --with-timedir
+	[674f811a40e0]
+
+	* aclocal.m4:
+	support --with-logfile and --with-timedir
+	[2fc36b35db12]
+
+	* configure.in:
+	Add --with-logfile and --with-timedir
+	[09045bf07e29]
+
+	* sudo.c:
+	change size computation of NewArgv for UNICOS
+	[b50df07da3a1]
+
+1998-02-19  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	treate -*-sysv4* like *-*-svr4
+	[471b7ef4dbf2]
+
+1998-02-18  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	fix spacing for --with-authenticate help
+	[8321cb37c410]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[dc1ab97312eb]
+
+	* parse.yacc:
+	fix off by one error in push macro
+	[bece59c8c3a9]
+
+1998-02-17  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	removed bogus alloca hack
+	[a68dd720462d]
+
+	* check.c:
+	added AIX 4.x authenticate() support
+	[12985eb448a0]
+
+	* parse.yacc:
+	include alloca.h if using bison and not gcc and it exists. fixes an
+	alloca problem on hpux 10.x
+	[e3b5c4f26072]
+
+	* INSTALL:
+	mention --with-authenticate
+	[78a1c96820e7]
+
+	* configure.in:
+	added AIX authenticate() support
+	[c983193ec252]
+
+	* config.h.in:
+	add HAVE_AUTHENTICATE
+	[7b0e5f5db5d9]
+
+	* interfaces.c:
+	dynamically size ifconf buffer
+	[10afb0e9b2f9]
+
+	* configure.in:
+	quote '[' and ']'
+	[8fc38a4defad]
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[5f66de71ec61]
+
+	* visudo.pod:
+	add ERRORS section
+	[3df3edb73cf6]
+
+1998-02-16  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* TROUBLESHOOTING:
+	add busy stmp file explanation
+	[6c555d469b6f]
+
+1998-02-15  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* configure.in:
+	the name of the cached var that signals whether or not you are cross
+	compiling changed. It is now ac_cv_prog_cc_cross
+	[123911c0658c]
+
+1998-02-11  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* INSTALL:
+	mention glibc 2.07 is fixed wrt lsearch()\.
+	[ded758524582]
+
+1998-02-07  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* sample.sudoers, sudoers.pod:
+	better example of su but not root su
+	[b3199610be21]
+
+1998-02-06  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* Makefile.in, check.c, compat.h, config.h.in, dce_pwent.c,
+	emul/utime.h, find_path.c, getspwuid.c, getwd.c, goodpath.c,
+	ins_2001.h, ins_classic.h, ins_csops.h, ins_goons.h, insults.h,
+	interfaces.c, logging.c, options.h, parse.c, parse.lex, parse.yacc,
+	pathnames.h.in, putenv.c, strdup.c, sudo.c, sudo.h, sudo_setenv.c,
+	testsudoers.c, tgetpass.c, utime.c, visudo.c:
+	updated version
+	[46922b84e86b]
+
+	* Makefile.in:
+	correct regexp for updating version
+	[8032728b2a8a]
+
+	* tgetpass.c:
+	remove bogus flush of stderr spew prompt before turning off echo.
+	Seems to fix a weird problem where if sudo complained about a bogus
+	stamp file the user would sometimes not have a chance to enter a
+	password
+	[7aa1493cc141]
+
+	* check.c:
+	fix bogus flush of stderr
+	[6d047871c5e8]
+
+	* sudo.c:
+	close fd's <=2 not <=3 and move that chunk of code up
+	[553e4faac195]
+
+	* configure.in:
+	support hpux1[0-9] not just hpux10
+	[5a34a000ff8a]
+
+1998-01-30  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* parse.c:
+	set sudoers_fp to nil after closing
+	[221a8b4bbf34]
+
+1998-01-24  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* config.guess, config.sub:
+	updated from autoconf 2.12
+	[6fc86a0fc61b]
+
+	* configure.in:
+	add *-*-svr4 rule
+	[38f0427f7c9d]
+
+1998-01-23  Todd C. Miller  <Todd.Miller@courtesan.com>
+
+	* tgetpass.c:
+	fix select usage for high fd's (dynamically allocate readfds)
+	[c2d1f76e0321]
+
+	* check.c:
+	kill extra whitespace
+	[d784b6c9c514]
+
+	* sudo.