Merge sudo 1.9.16 from tip.

--HG--
branch : 1.9

INSTALL.md

@@ -240,7 +240,7 @@ Defaults are listed in brackets after the description.
         production environment.
 
     --enable-pie
-        Build sudo and related programs as as a position independent
+        Build sudo and related programs as position independent
         executables (PIE).  This improves the effectiveness of address
         space layout randomization (ASLR) on systems that support it.
         Sudo will create PIE binaries by default on Linux systems.
@@ -476,10 +476,6 @@ Defaults are listed in brackets after the description.
         Specify the path to the SSSD shared library, which is loaded
         at run-time.
 
-    --enable-offensive-insults
-        Enable potentially offensive sudo insults from the classic
-        version of sudo.
-
     --enable-pvs-studio
         Generate a sample PVS-Studio.cfg file based on the compiler and
         platform type.  The "pvs-studio" Makefile target can then be
@@ -811,14 +807,16 @@ Defaults are listed in brackets after the description.
 
     --with-classic-insults
         Uses insults from sudo "classic."  If you just specify --with-insults
-        you will get the classic and CSOps insults.  This is on by default if
+	you will get the classic and CSOps insults.  You must either specify
-        --with-insults is given.
+	--with-insults or enable insults in the sudoers file for this to have
+	any effect.
 
     --with-csops-insults
         Insults the user with an extra set of insults (some quotes, some
-        original) from a sysadmin group at CU (CSOps).  You must specify
+	original) from a sysadmin group at CU (CSOps).  If you just specify
-        --with-insults as well for this to have any effect.  This is on by
+	--with-insults you will get the classic and CSOps insults.  You
-        default if --with-insults is given.
+	must either specify --with-insults or enable insults in the sudoers
+	file for this to have any effect.
 
     --with-editor=PATH
         Specify the default editor path for use by visudo.  This may be a
@@ -884,13 +882,19 @@ Defaults are listed in brackets after the description.
         Sudoers option: ignore_dot
 
     --with-insults
-        Define this if you want to be insulted for typing an incorrect password
+        Define this if you want to be insulted by default for typing
-        just like the original sudo(8).  This is off by default.  
+        an incorrect password just like the original sudo(8).
+        Insults may be optionally disabled in the sudoers file.
         Sudoers option: insults
 
+    --with-insults=no, --without-insults
+        By default, sudo will include support for insults that can be
+        enabled via the sudoers file.  However, if --with-insults=no is
+	used, no insults will be available, even if enabled in sudoers.
+
     --with-insults=disabled
         Include support for insults but disable them unless explicitly
-        enabled in sudoers.  
+        enabled in the sudoers file.  This is the default.
         Sudoers option: !insults
 
     --with-iologdir[=DIR]
@@ -995,9 +999,17 @@ Defaults are listed in brackets after the description.
         be separate from the "user path."  You will need to customize the
         path for your site.  This is not applied to users in the group
         specified by --with-exemptgroup.  If you do not specify a path,
-        "/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc" is used.  
+        "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+        is used.  
         Sudoers option: secure_path
 
+    --with-secure-path-value[=PATH]
+        Sets the value of "secure_path" that is substituted into
+        the default sudoers file.  This option is intended to be
+        used by package maintainers who wish to set "secure_path"
+        to a system-specific value in the default sudoers file.
+        It does not actually enable "secure-path".
+
     --with-sendmail=PATH
         Override configure's guess as to the location of sendmail.  
         Sudoers option: mailerpath
@@ -1077,7 +1089,7 @@ You need to have a C compiler in order to build sudo.  Since Solaris
 does not come with one by default this means that you either need
 to either install the Solaris Studio compiler suite, available for
 free from www.oracle.com, or install the GNU C compiler (gcc) which
-is can be installed via the pkg utility on Solaris 11 and higher
+can be installed via the pkg utility on Solaris 11 and higher
 and is distributed on the Solaris Companion CD for older Solaris
 releases.  You can also download gcc packages from
 https://www.opencsw.org/packages/CSWgcc4core/.

LICENSE.md

@@ -1,6 +1,6 @@
 Sudo is distributed under the following license:
 
-    Copyright (c) 1994-1996, 1998-2023
+    Copyright (c) 1994-1996, 1998-2024
         Todd C. Miller <Todd.Miller@sudo.ws>
 
     Permission to use, copy, modify, and distribute this software for any
@@ -299,7 +299,7 @@ The file getentropy.c bears the following license:
 
 The embedded copy of zlib bears the following license:
 
-    Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+    Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
 
     This software is provided 'as-is', without any express or implied
     warranty.  In no event will the authors be held liable for any damages

MANIFEST

@@ -32,6 +32,7 @@ docs/cvtsudoers.mdoc.in
 docs/fixman.sh
 docs/fixmdoc.sed
 docs/schema.ActiveDirectory
+docs/schema.IBM_LDAP
 docs/schema.OpenLDAP
 docs/schema.iPlanet
 docs/schema.olcSudo
@@ -716,6 +717,8 @@ plugins/sudoers/po/hr.mo
 plugins/sudoers/po/hr.po
 plugins/sudoers/po/hu.mo
 plugins/sudoers/po/hu.po
+plugins/sudoers/po/id.mo
+plugins/sudoers/po/id.po
 plugins/sudoers/po/it.mo
 plugins/sudoers/po/it.po
 plugins/sudoers/po/ja.mo

Makefile.in

@@ -221,20 +221,24 @@ depend: siglist.c signame.c tsgetusershell.c
 	    lib/util/Makefile.in lib/zlib/Makefile.in \
 	    lib/fuzzstub/Makefile.in lib/eventlog/Makefile.in \
 	    lib/iolog/Makefile.in lib/logsrv/Makefile.in logsrvd/Makefile.in \
-	    lib/protobuf-c/Makefile.in plugins/group_file/Makefile.in \
+	    lib/protobuf-c/Makefile.in lib/ssl_compat/Makefile.in \
-	    plugins/sample/Makefile.in plugins/sudoers/Makefile.in \
+	    plugins/group_file/Makefile.in plugins/audit_json/Makefile.in \
-	    plugins/system_group/Makefile.in plugins/python/Makefile.in \
+	    plugins/sample/Makefile.in plugins/sample_approval/Makefile.in \
-	    src/Makefile.in && \
+	    plugins/sudoers/Makefile.in plugins/system_group/Makefile.in \
+	    plugins/python/Makefile.in src/Makefile.in && \
 	$(top_builddir)/config.status --file $(top_builddir)/lib/util/Makefile \
 	    --file $(top_builddir)/lib/zlib/Makefile \
-	    --file $(top_builddir)/lib/eventlog/Makefile \
 	    --file $(top_builddir)/lib/fuzzstub/Makefile \
+	    --file $(top_builddir)/lib/eventlog/Makefile \
 	    --file $(top_builddir)/lib/iolog/Makefile \
 	    --file $(top_builddir)/lib/logsrv/Makefile \
 	    --file $(top_builddir)/lib/protobuf-c/Makefile \
+	    --file $(top_builddir)/lib/ssl_compat/Makefile \
 	    --file $(top_builddir)/logsrvd/Makefile \
-	    --file $(top_builddir)/plugins/sample/Makefile \
 	    --file $(top_builddir)/plugins/group_file/Makefile \
+	    --file $(top_builddir)/plugins/audit_json/Makefile \
+	    --file $(top_builddir)/plugins/sample/Makefile \
+	    --file $(top_builddir)/plugins/sample_approval/Makefile \
 	    --file $(top_builddir)/plugins/sudoers/Makefile \
 	    --file $(top_builddir)/plugins/system_group/Makefile \
 	    --file $(top_builddir)/plugins/python/Makefile \

NEWS

@@ -1,3 +1,72 @@
+What's new in Sudo 1.9.16
+
+ * Added the "cmddenial_message" sudoers option to provide additional
+   information to the user when a command is denied by the sudoers
+   policy.  The default message is still displayed.
+
+ * The time stamp used for file-based logs is now more consistent
+   with the time stamp produced by syslog.  GitHub issues #327.
+
+ * Sudo will now warn the user if it can detect the user's terminal
+   but cannot determine the path to the terminal device.  The sudoers
+   time stamp file will now use the terminal device number directly.
+   GitHub issue #329.
+
+ * The embedded copy of zlib has been updated to version 1.3.1.
+
+ * Improved error handling if generating the list of signals and signal
+   names fails at build time.
+
+ * Fixed a compilation issue on Linux systems without process_vm_readv().
+
+ * Fixed cross-compilation with WolfSSL.
+
+ * Added a "json_compact" value for the sudoers "log_format" option
+   which can be used when logging to a file.  The existing "json"
+   value has been aliased to "json_pretty".  In a future release,
+   "json" will be an alias for "json_compact".  GitHub issue #357.
+
+ * A new "pam_silent" sudoers option has been added which may be
+   negated to avoid suppressing output from PAM authentication modules.
+   GitHub issue #216.
+
+ * Fixed several cvtsudoers JSON output problems.
+   GitHub issues #369, #370, #371, #373, #381.
+
+ * When sudo runs a command in a pseudo-terminal and the user's
+   terminal is revoked, the pseudo-terminal's foreground process
+   group will now receive SIGHUP before the terminal is revoked.
+   This emulates the behavior of the session leader exiting and is
+   consistent with what happens when, for example, an ssh session
+   is closed.  GitHub issue #367.
+
+ * Fixed "make test" with Python 3.12.  GitHub issue #374.
+
+ * In schema.ActiveDirectory, fixed the quoting in the example command.
+   GitHub issue #376.
+
+ * Paths specified via a Chdir_Spec or Chroot_Spec in sudoers may
+   now be double-quoted.
+
+ * Sudo insults are now included by default, but disabled unless
+   the --with-insults configure option is specified or the "insults"
+   sudoers option is enabled.
+
+ * The default sudoers file now enables the "secure_path" option by
+   default and preserves the EDITOR, VISUAL, and SUDO_EDITOR environment
+   variables when running visudo.  The new --with-secure-path-value
+   configure option can be used to set the value of "secure_path" in
+   the default sudoers file.  GitHub issue #387.
+
+ * A sudoers schema for IBM Directory Server (aka IBM Tivoli Directory
+   Server, IBM Security Directory Server, and IBM Security Verify
+   Directory) is now included.
+
+ * When cross-compiling sudo, the configure script now assumes that
+   the snprintf() function is C99-compliant if the C compiler
+   supports the C99 standard.  Previously, configure would use
+   sudo's own snprintf() when cross-compiling.  GitHub issue #386.
+
 What's new in Sudo 1.9.15p5
 
  * Fixed evaluation of the "lecture", "listpw", "verifypw", and

README.LDAP.md

@@ -96,8 +96,17 @@ copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif.
 On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/.
 For Fedora Directory Server, they are stored in /etc/dirsrv/schema/.
 
-After copying the schema file to the appropriate directory, restart
+For IBM Directory Server, IBM Tivoli Directory Server, IBM Security
-the LDAP server.
+Directory Server, and IBM Security Verify Directory, the schema is
+supplied in LDIF format.  It can be installed using the ldapmodify
+utility:
+
+    # ldapmodify -c -f schema.IBM_LDAP -h ldapserver:port -w passwod \
+      -D cn=Manager,dc=example,dc=com
+
+For schema files other than schema.olcSudo and schema.IBM_LDAP, you
+will need to restart the LDAP server after copying the schema file
+into place.
 
 Finally, using an LDAP browser/editor, enable indexing by editing the
 client profile to provide a Service Search Descriptor (SSD) for sudoers,

config.h.in

@@ -1203,10 +1203,6 @@
 /* Define if your C preprocessor does not support variadic macros. */
 #undef NO_VARIADIC_MACROS
 
-/* Define to 1 to include offensive insults from the classic version of sudo.
-   */
-#undef OFFENSIVE_INSULTS
-
 /* Define to the address where bug reports for this package should be sent. */
 #undef PACKAGE_BUGREPORT
 

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.72c for sudo 1.9.15p5.
+# Generated by GNU Autoconf 2.72 for sudo 1.9.16.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -614,8 +614,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.15p5'
+PACKAGE_VERSION='1.9.16'
-PACKAGE_STRING='sudo 1.9.15p5'
+PACKAGE_STRING='sudo 1.9.16'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -704,6 +704,7 @@ host_os
 host_vendor
 host_cpu
 host
+JQ
 LDFLAGS_FOR_BUILD
 CPPFLAGS_FOR_BUILD
 CFLAGS_FOR_BUILD
@@ -732,6 +733,7 @@ plugindir
 pam_login_service
 pam_session
 editor
+secure_path_status
 secure_path
 netsvc_conf
 nsswitch_conf
@@ -826,6 +828,7 @@ PRELOAD_MODULE
 INSTALL_NOEXEC
 INSTALL_INTERCEPT
 INSTALL_BACKUP
+visudo
 sesh_file
 noexec_file
 NOEXECDIR
@@ -924,7 +927,6 @@ ac_user_opts='
 enable_option_checking
 with_otp_only
 with_alertmail
-with_pc_insults
 with_devel
 with_CC
 with_rpath
@@ -1000,6 +1002,7 @@ with_nsswitch
 with_ldap
 with_ldap_conf_file
 with_ldap_secret_file
+with_secure_path_value
 with_secure_path
 with_interfaces
 with_askpass
@@ -1043,7 +1046,6 @@ with_selinux
 with_apparmor
 enable_sasl
 enable_timestamp_type
-enable_offensive_insults
 enable_package_build
 enable_gss_krb5_ccache_name
 enable_pvs_studio
@@ -1642,7 +1644,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-'configure' configures sudo 1.9.15p5 to adapt to many kinds of systems.
+'configure' configures sudo 1.9.16 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1708,7 +1710,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.15p5:";;
+     short | recursive ) echo "Configuration of sudo 1.9.16:";;
    esac
   cat <<\_ACEOF
 
@@ -1760,8 +1762,6 @@ Optional Features:
   --enable-sasl           Enable/disable LDAP SASL support
   --timestamp-type=TYPE   Set the default time stamp record type to global,
                           ppid or tty.
-  --enable-offensive-insults
-                          Enable potentially offensive sudo insults.
   --enable-package-build  Enable options for package building.
   --enable-gss-krb5-ccache-name
                           Use GSS-API to set the Kerberos V cred cache name
@@ -1797,7 +1797,6 @@ Optional Packages:
   --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
   --with-otp-only         deprecated
   --with-alertmail        deprecated
-  --with-pc-insults       deprecated
   --with-devel            add development options
   --with-CC               C compiler to use
   --with-rpath            deprecated, use --disable-rpath
@@ -1885,6 +1884,8 @@ Optional Packages:
   --with-ldap[=DIR]       enable LDAP support
   --with-ldap-conf-file   path to LDAP configuration file
   --with-ldap-secret-file path to LDAP secret password file
+  --with-secure-path-value
+                          value of secure_path in the default sudoers file
   --with-secure-path      override the user's path with a built-in one
   --without-interfaces    don't try to read the ip addr of network interfaces
   --with-askpass=PATH     Fully qualified pathname of askpass helper
@@ -2003,8 +2004,8 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.15p5
+sudo configure 1.9.16
-generated by GNU Autoconf 2.72c
+generated by GNU Autoconf 2.72
 
 Copyright (C) 2023 Free Software Foundation, Inc.
 This configure script is free software; the Free Software Foundation
@@ -2823,8 +2824,8 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.15p5, which was
+It was created by sudo $as_me 1.9.16, which was
-generated by GNU Autoconf 2.72c.  Invocation command line was
+generated by GNU Autoconf 2.72.  Invocation command line was
 
   $ $0$ac_configure_args_raw
 
@@ -3166,11 +3167,13 @@ ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]);
 
 # Test code for whether the C compiler supports C99 (global declarations)
 ac_c_conftest_c99_globals='
-// Does the compiler advertise C99 conformance?
+/* Does the compiler advertise C99 conformance? */
 #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L
 # error "Compiler does not advertise C99 conformance"
 #endif
 
+// See if C++-style comments work.
+
 #include <stdbool.h>
 extern int puts (const char *);
 extern int printf (const char *, ...);
@@ -3226,7 +3229,6 @@ typedef const char *ccp;
 static inline int
 test_restrict (ccp restrict text)
 {
-  // See if C++-style comments work.
   // Iterate through items via the restricted pointer.
   // Also check for declarations in for loops.
   for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i)
@@ -3315,7 +3317,7 @@ ac_c_conftest_c99_main='
 
 # Test code for whether the C compiler supports C11 (global declarations)
 ac_c_conftest_c11_globals='
-// Does the compiler advertise C11 conformance?
+/* Does the compiler advertise C11 conformance? */
 #if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L
 # error "Compiler does not advertise C11 conformance"
 #endif
@@ -3682,6 +3684,7 @@ sudoers_path='$(sysconfdir)/sudoers'
 
 
 
+
 
 
 #
@@ -3727,8 +3730,10 @@ netsvc_conf=/etc/netsvc.conf
 intercept_file="$libexecdir/sudo/sudo_intercept.so"
 noexec_file="$libexecdir/sudo/sudo_noexec.so"
 sesh_file="$libexecdir/sudo/sesh"
+visudo="$sbindir/visudo"
 nsswitch_conf=/etc/nsswitch.conf
-secure_path="not set"
+secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+secure_path_status="disabled"
 pam_session=on
 pam_login_service=sudo
 plugindir="$libexecdir/sudo"
@@ -4388,6 +4393,8 @@ int
 main (void)
 {
 FILE *f = fopen ("conftest.out", "w");
+ if (!f)
+  return 1;
  return ferror (f) || fclose (f) != 0;
 
   ;
@@ -4999,23 +5006,6 @@ fi
 
 
 
-# Check whether --with-pc-insults was given.
-if test ${with_pc_insults+y}
-then :
-  withval=$with_pc_insults; case $with_pc_insults in
-    yes)	enable_offensive_insults=no
-		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: --with-pc-insults option deprecated, it is now the default" >&5
-printf "%s\n" "$as_me: --with-pc-insults option deprecated, it is now the default" >&6;}
-		;;
-    no)		enable_offensive_insults=yes
-		{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: --without-pc-insults option deprecated, use --enable-offensive-insults" >&5
-printf "%s\n" "$as_me: --without-pc-insults option deprecated, use --enable-offensive-insults" >&6;}
-		;;
-esac
-fi
-
-
-
 
 # Check whether --with-devel was given.
 if test ${with_devel+y}
@@ -5313,8 +5303,6 @@ printf "%s\n" "$as_me: adding CSOps standard options" >&6;}
 		CHECKSIA=false
 		with_ignore_dot=yes
 		insults=on
-		with_classic_insults=yes
-		with_csops_insults=yes
 		with_env_editor=yes
 		: ${mansectsu='8'}
 		: ${mansectform='5'}
@@ -6153,6 +6141,8 @@ esac
 fi
 
 
+with_classic_insults=yes
+with_csops_insults=yes
 
 # Check whether --with-insults was given.
 if test ${with_insults+y}
@@ -6161,14 +6151,12 @@ then :
     yes)	insults=on
 		printf "%s\n" "#define USE_INSULTS 1" >>confdefs.h
 
-		with_classic_insults=yes
-		with_csops_insults=yes
 		;;
     disabled)	insults=off
-		with_classic_insults=yes
-		with_csops_insults=yes
 		;;
     no)		insults=off
+		with_classic_insults=no
+		with_csops_insults=no
 		;;
     *)		as_fn_error $? "--with-insults does not take an argument." "$LINENO" 5
 		;;
@@ -6322,25 +6310,41 @@ EOF
 
 
 
-# Check whether --with-secure-path was given.
+# Check whether --with-secure-path-value was given.
-if test ${with_secure_path+y}
+if test ${with_secure_path_value+y}
 then :
-  withval=$with_secure_path; case $with_secure_path in
+  withval=$with_secure_path_value; case $with_secure_path_value in
-    yes)	with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+    yes|no)	as_fn_error $? "must give --secure-path-value an argument." "$LINENO" 5
-		printf "%s\n" "#define SECURE_PATH \"$with_secure_path\"" >>confdefs.h
-
-		secure_path="set to $with_secure_path"
 		;;
-    no)		;;
+    *)		secure_path="$with_secure_path_value"
-    *)		printf "%s\n" "#define SECURE_PATH \"$with_secure_path\"" >>confdefs.h
-
-		secure_path="set to $with_secure_path"
 		;;
 esac
 fi
 
 
 
+# Check whether --with-secure-path was given.
+if test ${with_secure_path+y}
+then :
+  withval=$with_secure_path; case $with_secure_path in
+    yes)	with_secure_path="$secure_path"
+		;;
+    no)		;;
+    *)		secure_path="$with_secure_path"
+		;;
+esac
+fi
+
+if test "${with_secure_path-no}" != "no"
+then :
+
+	printf "%s\n" "#define SECURE_PATH \"$secure_path\"" >>confdefs.h
+
+	secure_path_status="set to $secure_path"
+
+fi
+
+
 # Check whether --with-interfaces was given.
 if test ${with_interfaces+y}
 then :
@@ -7063,21 +7067,6 @@ fi
 printf "%s\n" "#define TIMESTAMP_TYPE $timestamp_type" >>confdefs.h
 
 
-# Check whether --enable-offensive_insults was given.
-if test ${enable_offensive_insults+y}
-then :
-  enableval=$enable_offensive_insults;
-else case e in #(
-  e) enable_offensive_insults=no ;;
-esac
-fi
-
-if test "$enable_offensive_insults" = "yes"
-then :
-  printf "%s\n" "#define OFFENSIVE_INSULTS 1" >>confdefs.h
-
-fi
-
 # Check whether --enable-package_build was given.
 if test ${enable_package_build+y}
 then :
@@ -8578,6 +8567,8 @@ int
 main (void)
 {
 FILE *f = fopen ("conftest.out", "w");
+ if (!f)
+  return 1;
  return ferror (f) || fclose (f) != 0;
 
   ;
@@ -8836,6 +8827,55 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
 
+for ac_prog in jq
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+printf %s "checking for $ac_word... " >&6; }
+if test ${ac_cv_prog_JQ+y}
+then :
+  printf %s "(cached) " >&6
+else case e in #(
+  e) if test -n "$JQ"; then
+  ac_cv_prog_JQ="$JQ" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  case $as_dir in #(((
+    '') as_dir=./ ;;
+    */) ;;
+    *) as_dir=$as_dir/ ;;
+  esac
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then
+    ac_cv_prog_JQ="$ac_prog"
+    printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi ;;
+esac
+fi
+JQ=$ac_cv_prog_JQ
+if test -n "$JQ"; then
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $JQ" >&5
+printf "%s\n" "$JQ" >&6; }
+else
+  { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5
+printf "%s\n" "no" >&6; }
+fi
+
+
+  test -n "$JQ" && break
+done
+test -n "$JQ" || JQ=":"
+
 
 if test "x$ac_cv_prog_cc_c89" = "xno"
 then :
@@ -19938,13 +19978,16 @@ fi
     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 #include <sys/types.h>
- /* Check that off_t can represent 2**63 - 1 correctly.
+#ifndef FTYPE
-    We can't simply define LARGE_OFF_T to be 9223372036854775807,
+# define FTYPE off_t
+#endif
+ /* Check that FTYPE can represent 2**63 - 1 correctly.
+    We can't simply define LARGE_FTYPE to be 9223372036854775807,
     since some C++ compilers masquerading as C compilers
     incorrectly reject 9223372036854775807.  */
-#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31))
+#define LARGE_FTYPE (((FTYPE) 1 << 31 << 31) - 1 + ((FTYPE) 1 << 31 << 31))
-  int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
+  int FTYPE_is_large[(LARGE_FTYPE % 2147483629 == 721
-		       && LARGE_OFF_T % 2147483647 == 1)
+		       && LARGE_FTYPE % 2147483647 == 1)
 		      ? 1 : -1];
 int
 main (void)
@@ -19956,7 +19999,25 @@ main (void)
 _ACEOF
 if ac_fn_c_try_compile "$LINENO"
 then :
-  ac_cv_sys_largefile_opts="$ac_opt"
+  if test x"$ac_opt" = x"none needed"
+then :
+  # GNU/Linux s390x and alpha need _FILE_OFFSET_BITS=64 for wide ino_t.
+	 CC="$CC -DFTYPE=ino_t"
+	 if ac_fn_c_try_compile "$LINENO"
+then :
+
+else case e in #(
+  e) CC="$CC -D_FILE_OFFSET_BITS=64"
+	    if ac_fn_c_try_compile "$LINENO"
+then :
+  ac_opt='-D_FILE_OFFSET_BITS=64'
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam ;;
+esac
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam
+fi
+      ac_cv_sys_largefile_opts=$ac_opt
       ac_opt_found=yes
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext
@@ -24857,6 +24918,20 @@ printf "%s\n" "$as_me: WARNING: Replacing missing/broken (v)snprintf() with sudo
 
 printf "%s\n" "#define PREFER_PORTABLE_SNPRINTF 1" >>confdefs.h
 
+fi
+if test X"$ac_cv_build_prog_cc_c99" != X"no"
+then :
+
+    # If we have a C99 compiler and are cross-compiling, assume
+    # C99-compliant v?snprintf().
+    if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"crosscross"
+then :
+
+	ac_cv_have_working_snprintf=yes
+	ac_cv_have_working_vsnprintf=yes
+
+fi
+
 fi
 if test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"
 then :
@@ -26326,7 +26401,7 @@ esac
 fi
 
 	    done
-	    if test "$CPPFLAGS" = "$O_CPPFLAGS"; then
+	    if test "$cross_compiling" != "yes" -a "$CPPFLAGS" = "$O_CPPFLAGS"; then
 		# So we find the openssl compat headers under wolfssl (XXX)
 
 if test ${CPPFLAGS+y}
@@ -35802,6 +35877,13 @@ while test X"$noexec_file" != X"$_noexec_file"; do
     eval "noexec_file=\"$_noexec_file\""
 done
 
+# Update exec_prefix in visudo
+_visudo=
+while test X"$visudo" != X"$_visudo"; do
+    _visudo="$visudo"
+    eval "visudo=\"$_visudo\""
+done
+
 # Update exec_prefix in sesh_file
 _sesh_file=
 while test X"$sesh_file" != X"$_sesh_file"; do
@@ -36673,8 +36755,8 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.15p5, which was
+This file was extended by sudo $as_me 1.9.16, which was
-generated by GNU Autoconf 2.72c.  Invocation command line was
+generated by GNU Autoconf 2.72.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
   CONFIG_HEADERS  = $CONFIG_HEADERS
@@ -36741,8 +36823,8 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-sudo config.status 1.9.15p5
+sudo config.status 1.9.16
-configured by $0, generated by GNU Autoconf 2.72c,
+configured by $0, generated by GNU Autoconf 2.72,
   with options \\"\$ac_cs_config\\"
 
 Copyright (C) 2023 Free Software Foundation, Inc.
@@ -38417,18 +38499,18 @@ echo "  password prompt		: ${passprompt}" >&6
 echo "  password prompt timeout	: ${password_timeout} minutes" >&6
 echo "  password tries		: ${passwd_tries}" >&6
 echo "  bad password message		: ${badpass_message}" >&6
-if test "$insults" = "on"; then
+insult_sets=""
-    i=""
+test "$with_python_insults" = "yes" && insult_sets="python ${insult_sets}"
-    test "$enable_offensive_insults" = "yes" && i="offensive ${i}"
+test "$with_goons_insults" = "yes" && insult_sets="goons ${insult_sets}"
-    test "$with_python_insults" = "yes" && i="python ${i}"
+test "$with_hal_insults" = "yes" && insult_sets="hal ${insult_sets}"
-    test "$with_goons_insults" = "yes" && i="goons ${i}"
+test "$with_csops_insults" = "yes" && insult_sets="csops ${insult_sets}"
-    test "$with_hal_insults" = "yes" && i="hal ${i}"
+test "$with_classic_insults" = "yes" && insult_sets="classic ${insult_sets}"
-    test "$with_csops_insults" = "yes" && i="csops ${i}"
+if test -z "$insult_sets"; then
-    test "$with_classic_insults" = "yes" && i="classic ${i}"
+    insult_sets=no
-else
+elif test "$insults" != "on"; then
-    i=no
+    insult_sets="${insult_sets} (disabled)"
 fi
-echo "  insults			: $i" >&6
+echo "  insults			: $insult_sets" >&6
 echo "  display lecture		: ${lecture}" >&6
 echo "  timestamp (credential) type	: ${timestamp_type}" >&6
 echo "  timestamp (credential) timeout: ${timeout} minutes" >&6
@@ -38685,6 +38767,5 @@ fi
 
 
 
-
 
 

configure.ac

@@ -3,7 +3,7 @@ dnl Use the top-level autogen.sh script to generate configure and config.h.in
 dnl
 dnl SPDX-License-Identifier: ISC
 dnl
-dnl Copyright (c) 1994-1996, 1998-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+dnl Copyright (c) 1994-1996, 1998-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 dnl
 dnl Permission to use, copy, modify, and distribute this software for any
 dnl purpose with or without fee is hereby granted, provided that the above
@@ -18,7 +18,7 @@ dnl ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.69])
-AC_INIT([sudo], [1.9.15p5], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.16], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 AC_CONFIG_AUX_DIR([scripts])
@@ -75,6 +75,7 @@ AC_SUBST([NOEXECFILE])dnl
 AC_SUBST([NOEXECDIR])dnl
 AC_SUBST([noexec_file])dnl
 AC_SUBST([sesh_file])dnl
+AC_SUBST([visudo])dnl
 AC_SUBST([INSTALL_BACKUP])dnl
 AC_SUBST([INSTALL_INTERCEPT])dnl
 AC_SUBST([INSTALL_NOEXEC])dnl
@@ -176,6 +177,7 @@ AC_SUBST([sssd_lib])
 AC_SUBST([nsswitch_conf])
 AC_SUBST([netsvc_conf])
 AC_SUBST([secure_path])
+AC_SUBST([secure_path_status])
 AC_SUBST([editor])
 AC_SUBST([pam_session])
 AC_SUBST([pam_login_service])
@@ -225,8 +227,10 @@ netsvc_conf=/etc/netsvc.conf
 intercept_file="$libexecdir/sudo/sudo_intercept.so"
 noexec_file="$libexecdir/sudo/sudo_noexec.so"
 sesh_file="$libexecdir/sudo/sesh"
+visudo="$sbindir/visudo"
 nsswitch_conf=/etc/nsswitch.conf
-secure_path="not set"
+secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+secure_path_status="disabled"
 pam_session=on
 pam_login_service=sudo
 plugindir="$libexecdir/sudo"
@@ -299,16 +303,6 @@ AC_ARG_WITH(alertmail, [AS_HELP_STRING([--with-alertmail], [deprecated])],
 		;;
 esac])
 
-AC_ARG_WITH(pc-insults, [AS_HELP_STRING([--with-pc-insults], [deprecated])],
-[case $with_pc_insults in
-    yes)	enable_offensive_insults=no
-		AC_MSG_NOTICE([--with-pc-insults option deprecated, it is now the default])
-		;;
-    no)		enable_offensive_insults=yes
-		AC_MSG_NOTICE([--without-pc-insults option deprecated, use --enable-offensive-insults])
-		;;
-esac])
-
 dnl
 dnl Options for --with
 dnl
@@ -450,8 +444,6 @@ AC_ARG_WITH(csops, [AS_HELP_STRING([--with-csops], [add CSOps standard options])
 		CHECKSIA=false
 		with_ignore_dot=yes
 		insults=on
-		with_classic_insults=yes
-		with_csops_insults=yes
 		with_env_editor=yes
 		: ${mansectsu='8'}
 		: ${mansectform='5'}
@@ -973,18 +965,23 @@ AC_ARG_WITH(tty-tickets, [AS_HELP_STRING([--with-tty-tickets], [use a different
 		;;
 esac])
 
+dnl
+dnl The order of the insults options is important.  The main option
+dnl must come first, followed by all-insults, then the individual ones.
+dnl The classic and csops insult sets are always included by default.
+dnl
+with_classic_insults=yes
+with_csops_insults=yes
 AC_ARG_WITH(insults, [AS_HELP_STRING([--with-insults], [insult the user for entering an incorrect password])],
 [case $with_insults in
     yes)	insults=on
 		AC_DEFINE(USE_INSULTS)
-		with_classic_insults=yes
-		with_csops_insults=yes
 		;;
     disabled)	insults=off
-		with_classic_insults=yes
-		with_csops_insults=yes
 		;;
     no)		insults=off
+		with_classic_insults=no
+		with_csops_insults=no
 		;;
     *)		AC_MSG_ERROR([--with-insults does not take an argument.])
 		;;
@@ -1071,18 +1068,27 @@ AC_ARG_WITH(ldap-secret-file, [AS_HELP_STRING([--with-ldap-secret-file], [path t
 test -n "$with_ldap_secret_file" && ldap_secret="$with_ldap_secret_file"
 SUDO_DEFINE_UNQUOTED(_PATH_LDAP_SECRET, "$ldap_secret", [Path to the ldap.secret file])
 
-AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
+AC_ARG_WITH(secure-path-value, [AS_HELP_STRING([--with-secure-path-value], [value of secure_path in the default sudoers file])],
-[case $with_secure_path in
+[case $with_secure_path_value in
-    yes)	with_secure_path="/bin:/usr/ucb:/usr/bin:/usr/sbin:/sbin:/usr/etc:/etc"
+    yes|no)	AC_MSG_ERROR([must give --secure-path-value an argument.])
-		AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
-		secure_path="set to $with_secure_path"
 		;;
-    no)		;;
+    *)		secure_path="$with_secure_path_value"
-    *)		AC_DEFINE_UNQUOTED(SECURE_PATH, "$with_secure_path")
-		secure_path="set to $with_secure_path"
 		;;
 esac])
 
+AC_ARG_WITH(secure-path, [AS_HELP_STRING([--with-secure-path], [override the user's path with a built-in one])],
+[case $with_secure_path in
+    yes)	with_secure_path="$secure_path"
+		;;
+    no)		;;
+    *)		secure_path="$with_secure_path"
+		;;
+esac])
+AS_IF([test "${with_secure_path-no}" != "no"], [
+	AC_DEFINE_UNQUOTED(SECURE_PATH, "$secure_path")
+	secure_path_status="set to $secure_path"
+])
+
 AC_ARG_WITH(interfaces, [AS_HELP_STRING([--without-interfaces], [don't try to read the ip addr of network interfaces])],
 [case $with_interfaces in
     yes)	;;
@@ -1483,11 +1489,6 @@ AC_ARG_ENABLE(timestamp-type,
 ])
 AC_DEFINE_UNQUOTED(TIMESTAMP_TYPE, $timestamp_type)
 
-AC_ARG_ENABLE(offensive_insults,
-[AS_HELP_STRING([--enable-offensive-insults], [Enable potentially offensive sudo insults.])],
-[], [enable_offensive_insults=no])
-AS_IF([test "$enable_offensive_insults" = "yes"], [AC_DEFINE(OFFENSIVE_INSULTS)])
-
 AC_ARG_ENABLE(package_build,
 [AS_HELP_STRING([--enable-package-build], [Enable options for package building.])],
 [], [enable_package_build=no])
@@ -1598,6 +1599,7 @@ AS_IF([test X"$AR" = X"false"], [
     AC_MSG_ERROR([the "ar" utility is required to build sudo])
 ])
 AX_PROG_CC_FOR_BUILD
+AC_CHECK_PROGS(JQ, jq, :)
 
 AS_IF([test "x$ac_cv_prog_cc_c89" = "xno"], [
     AC_MSG_ERROR([Sudo version $PACKAGE_VERSION requires an ANSI C compiler to build.])
@@ -2380,7 +2382,7 @@ break)
 AC_SYS_LARGEFILE
 m4_ifdef([AC_SYS_YEAR2038], [AC_SYS_YEAR2038], [
     # GNU libc only allows setting _TIME_BITS when FILE_OFFSET_BITS is also set.    # GNU libc defines __TIMESIZE on systems where _TIME_BITS can be set.
-    AS_IF([test X"$ac_cv_sys_file_offset_bits" = X"yes"], [
+    AS_IF([test X"$ac_cv_sys_file_offset_bits" = X"64"], [
 	AC_CHECK_DECL(__TIMESIZE, [
 	    AC_DEFINE([_TIME_BITS], [64], [Number of bits in a timestamp, on hosts where this is settable.])
 	], [], [
@@ -3059,6 +3061,14 @@ AS_IF([test X"$sudo_mktemp" = X"yes"], [
     COMPAT_TEST_PROGS="${COMPAT_TEST_PROGS}${COMPAT_TEST_PROGS+ }mktemp_test"
 ])
 AX_FUNC_SNPRINTF
+AS_IF([test X"$ac_cv_prog_cc_c99" != X"no"], [
+    # If we have a C99 compiler and are cross-compiling, assume
+    # C99-compliant v?snprintf().
+    AS_IF([test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"crosscross"], [
+	ac_cv_have_working_snprintf=yes
+	ac_cv_have_working_vsnprintf=yes
+    ])
+])
 AS_IF([test X"$ac_cv_have_working_snprintf$ac_cv_have_working_vsnprintf" = X"yesyes"], [
     # System has a C99-compliant v?snprintf(), check for v?asprintf()
     AC_CHECK_FUNCS([asprintf], [], [
@@ -4312,6 +4322,13 @@ while test X"$noexec_file" != X"$_noexec_file"; do
     eval "noexec_file=\"$_noexec_file\""
 done
 
+# Update exec_prefix in visudo
+_visudo=
+while test X"$visudo" != X"$_visudo"; do
+    _visudo="$visudo"
+    eval "visudo=\"$_visudo\""
+done
+
 # Update exec_prefix in sesh_file
 _sesh_file=
 while test X"$sesh_file" != X"$_sesh_file"; do
@@ -4524,18 +4541,18 @@ echo "  password prompt		: ${passprompt}" >&AS_MESSAGE_FD
 echo "  password prompt timeout	: ${password_timeout} minutes" >&AS_MESSAGE_FD
 echo "  password tries		: ${passwd_tries}" >&AS_MESSAGE_FD
 echo "  bad password message		: ${badpass_message}" >&AS_MESSAGE_FD
-if test "$insults" = "on"; then
+insult_sets=""
-    i=""
+test "$with_python_insults" = "yes" && insult_sets="python ${insult_sets}"
-    test "$enable_offensive_insults" = "yes" && i="offensive ${i}"
+test "$with_goons_insults" = "yes" && insult_sets="goons ${insult_sets}"
-    test "$with_python_insults" = "yes" && i="python ${i}"
+test "$with_hal_insults" = "yes" && insult_sets="hal ${insult_sets}"
-    test "$with_goons_insults" = "yes" && i="goons ${i}"
+test "$with_csops_insults" = "yes" && insult_sets="csops ${insult_sets}"
-    test "$with_hal_insults" = "yes" && i="hal ${i}"
+test "$with_classic_insults" = "yes" && insult_sets="classic ${insult_sets}"
-    test "$with_csops_insults" = "yes" && i="csops ${i}"
+if test -z "$insult_sets"; then
-    test "$with_classic_insults" = "yes" && i="classic ${i}"
+    insult_sets=no
-else
+elif test "$insults" != "on"; then
-    i=no
+    insult_sets="${insult_sets} (disabled)"
 fi
-echo "  insults			: $i" >&AS_MESSAGE_FD
+echo "  insults			: $insult_sets" >&AS_MESSAGE_FD
 echo "  display lecture		: ${lecture}" >&AS_MESSAGE_FD
 echo "  timestamp (credential) type	: ${timestamp_type}" >&AS_MESSAGE_FD
 echo "  timestamp (credential) timeout: ${timeout} minutes" >&AS_MESSAGE_FD
@@ -4735,7 +4752,6 @@ AH_TEMPLATE(NO_PAM_SESSION, [Define to 1 if you don't want to use sudo's PAM ses
 AH_TEMPLATE(NO_ROOT_MAILER, [Define to avoid running the mailer as root.])
 AH_TEMPLATE(NO_ROOT_SUDO, [Define to 1 if root should not be allowed to use sudo.])
 AH_TEMPLATE(TIMESTAMP_TYPE, [Define to global, ppid or tty to set the default timestamp record type.])
-AH_TEMPLATE(OFFENSIVE_INSULTS, [Define to 1 to include offensive insults from the classic version of sudo.])
 AH_TEMPLATE(SECURE_PATH, [A colon-separated list of directories to override the user's PATH with.])
 AH_TEMPLATE(SEND_MAIL_WHEN_NOT_OK, [Define to 1 to send mail when the user is not allowed to run a command.])
 AH_TEMPLATE(SEND_MAIL_WHEN_NO_HOST, [Define to 1 to send mail when the user is not allowed to run sudo on this host.])

docs/HISTORY.md

@@ -66,7 +66,8 @@ In 2010, Quest Software began sponsoring Sudo development by hiring
 Todd to work on Sudo as part of his full-time job.  This enabled
 the addition of I/O logging, the plugin API, the log server,
 additional regression and fuzz tests, support for binary packages
-and more regular releases.
+and more regular releases.  Quest's sponsorship of Sudo ended in
+February of 2024.
 
 ## Present Day
 

docs/Makefile.in

@@ -140,7 +140,7 @@ $(srcdir)/sudo.man.in: $(srcdir)/sudo.mdoc.in $(srcdir)/sudo.man.in.sed
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.man.in.sed > $@; \
+	    $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudo.mdoc.in/' -f $(srcdir)/sudo.man.in.sed > $@; \
 	fi
 
 fixman.sed: $(srcdir)/fixman.sh
@@ -150,189 +150,203 @@ fixman.sed: $(srcdir)/fixman.sh
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.mdoc.in >> $@
 
 $(srcdir)/visudo.man.in: $(srcdir)/visudo.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/visudo.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "VISUDO" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the visudo.mdoc.in/' > $@; \
 	fi
 
 ./visudo.man: $(top_builddir)/config.status $(srcdir)/visudo.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/visudo.man.in | $(SED) -f fixman.sed > $@
 
 ./visudo.mdoc: $(top_builddir)/config.status $(srcdir)/visudo.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the visudo.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/visudo.mdoc.in >> $@
 
 $(srcdir)/sudo.conf.man.in: $(srcdir)/sudo.conf.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudo.conf.man.in.sed > $@; \
+	    $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudo.conf.mdoc.in/' -f $(srcdir)/sudo.conf.man.in.sed > $@; \
 	fi
 
 ./sudo.conf.man: $(top_builddir)/config.status $(srcdir)/sudo.conf.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.conf.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo.conf.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo.conf.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo.conf.mdoc.in >> $@
 
 $(srcdir)/sudoers.man.in: $(srcdir)/sudoers.mdoc.in $(srcdir)/sudoers.man.in.sed
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -f $(srcdir)/sudoers.man.in.sed> $@; \
+	    $(SED) -e 's/^\(\.nr [A-Z][A-Z]\) .[A-Z][A-Z]MAN./\1 1/' -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudoers.mdoc.in/' -f $(srcdir)/sudoers.man.in.sed> $@; \
 	fi
 
 ./sudoers.man: $(top_builddir)/config.status $(srcdir)/sudoers.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.man.in | $(SED) -f fixman.sed > $@
 
 ./sudoers.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.mdoc.in $(srcdir)/fixmdoc.sed
-	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.mdoc.in | $(SED) -f $(srcdir)/fixmdoc.sed > $@
+	printf '.\\" Automatically generated from the sudoers.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.mdoc.in | $(SED) -f $(srcdir)/fixmdoc.sed >> $@
 
 $(srcdir)/sudoers.ldap.man.in: $(srcdir)/sudoers.ldap.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers.ldap.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS.LDAP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudoers.ldap.mdoc.in/' > $@; \
 	fi
 
 ./sudoers.ldap.man: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.ldap.man.in | $(SED) -f fixman.sed > $@
 
 ./sudoers.ldap.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers.ldap.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudoers.ldap.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers.ldap.mdoc.in >> $@
 
 $(srcdir)/sudoers_timestamp.man.in: $(srcdir)/sudoers_timestamp.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS_TIMESTAMP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoers_timestamp.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOERS_TIMESTAMP" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudoers_timestamp.mdoc.in/' > $@; \
 	fi
 
 ./sudoers_timestamp.man: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers_timestamp.man.in | $(SED) -f fixman.sed > $@
 
 ./sudoers_timestamp.mdoc: $(top_builddir)/config.status $(srcdir)/sudoers_timestamp.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudoers_timestamp.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoers_timestamp.mdoc.in >> $@
 
 $(srcdir)/cvtsudoers.man.in: $(srcdir)/cvtsudoers.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/cvtsudoers.mdoc.in | $(MANDOC) -Tman | $(SED) -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the cvtsudoers.mdoc.in/' > $@; \
 	fi
 
 ./cvtsudoers.man: $(top_builddir)/config.status $(srcdir)/cvtsudoers.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/cvtsudoers.man.in | $(SED) -f fixman.sed > $@
 
 ./cvtsudoers.mdoc: $(top_builddir)/config.status $(srcdir)/cvtsudoers.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the cvtsudoers.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/cvtsudoers.mdoc.in >> $@
 
 $(srcdir)/sudoreplay.man.in: $(srcdir)/sudoreplay.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudoreplay.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDOREPLAY" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudoreplay.mdoc.in/' > $@; \
 	fi
 
 ./sudoreplay.man: $(top_builddir)/config.status $(srcdir)/sudoreplay.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoreplay.man.in | $(SED) -f fixman.sed > $@
 
 ./sudoreplay.mdoc: $(top_builddir)/config.status $(srcdir)/sudoreplay.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudoreplay.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudoreplay.mdoc.in >> $@
 
 $(srcdir)/sudo_logsrvd.man.in: $(srcdir)/sudo_logsrvd.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudo_logsrvd.mdoc.in/' > $@; \
 	fi
 
 ./sudo_logsrvd.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo_logsrvd.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo_logsrvd.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.mdoc.in >> $@
 
 $(srcdir)/sudo_logsrv.proto.man.in: $(srcdir)/sudo_logsrv.proto.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrv.proto.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRV.PROTO" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrv.proto.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRV.PROTO" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" -e 's/an mdoc input/the sudo_logsrv.proto.mdoc.in/' > $@; \
 	fi
 
 ./sudo_logsrv.proto.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrv.proto.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo_logsrv.proto.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrv.proto.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo_logsrv.proto.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrv.proto.mdoc.in >> $@
 
 $(srcdir)/sudo_logsrvd.conf.man.in: $(srcdir)/sudo_logsrvd.conf.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_logsrvd.conf.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_LOGSRVD.CONF" \)"5"\(.*\)/\1"'$$mansectform'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(5)/($$mansectform)/g" -e 's/an mdoc input/the sudo_logsrvd.conf.mdoc.in/' > $@; \
 	fi
 
 ./sudo_logsrvd.conf.man: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.conf.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo_logsrvd.conf.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_logsrvd.conf.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo_logsrvd.conf.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_logsrvd.conf.mdoc.in >> $@
 
 $(srcdir)/sudo_plugin.man.in: $(srcdir)/sudo_plugin.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudo_plugin.mdoc.in/' > $@; \
 	fi
 
 ./sudo_plugin.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo_plugin.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo_plugin.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin.mdoc.in >> $@
 
 $(srcdir)/sudo_plugin_python.man.in: $(srcdir)/sudo_plugin_python.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin_python.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN_PYTHON" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_plugin_python.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_PLUGIN_PYTHON" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudo_plugin_python.mdoc.in/' > $@; \
 	fi
 
 ./sudo_plugin_python.man: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin_python.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo_plugin_python.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_plugin_python.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo_plugin_python.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_plugin_python.mdoc.in >> $@
 
 $(srcdir)/sudo_sendlog.man.in: $(srcdir)/sudo_sendlog.mdoc.in
 	@if [ -n "$(DEVEL)" ]; then \
 	    echo "Generating $@"; \
 	    mansectsu=`echo @MANSECTSU@|$(TR) A-Z a-z`; \
 	    mansectform=`echo @MANSECTFORM@|$(TR) A-Z a-z`; \
-	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_sendlog.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_SENDLOG" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" > $@; \
+	    $(SED) -e "s/$$mansectsu/8/g" -e "s/$$mansectform/5/g" $(srcdir)/sudo_sendlog.mdoc.in | $(MANDOC) -Tman | $(SED) -e 's/^\(\.TH "SUDO_SENDLOG" \)"8"\(.*\)/\1"'$$mansectsu'"\2/' -e "s/(5)/($$mansectform)/g" -e "s/(8)/($$mansectsu)/g" -e 's/an mdoc input/the sudo_sendlog.mdoc.in/' > $@; \
 	fi
 
 ./sudo_sendlog.man: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.man.in fixman.sed
 	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_sendlog.man.in | $(SED) -f fixman.sed > $@
 
 ./sudo_sendlog.mdoc: $(top_builddir)/config.status $(srcdir)/sudo_sendlog.mdoc.in
-	cd $(top_builddir) && $(SHELL) config.status --file=docs/$@
+	printf '.\\" Automatically generated from the sudo_sendlog.mdoc.in file.  Do not edit.\n' > $@
+	(cd $(top_builddir) && $(SHELL) config.status --file=-) < $(srcdir)/sudo_sendlog.mdoc.in >> $@
 
 pre-install:
 

docs/UPGRADE.md

@@ -542,7 +542,7 @@ Notes on upgrading from an older release
 
         Defaults !env_reset
 
-   There have  also been changes to how the "env_keep" and
+   There have also been changes to how the "env_keep" and
    "env_check" options behave.
 
    Prior to sudo 1.6.9, the TERM and PATH environment variables
@@ -593,7 +593,7 @@ Notes on upgrading from an older release
    without a password and `/bin/ls` as root with a password.
 
    As of sudo 1.6, the same line now means that millert is able
-   to run run both `/usr/bin/whoami` and `/bin/ls` as user daemon
+   to run both `/usr/bin/whoami` and `/bin/ls` as user daemon
    without a password.  To expand on this, take the following
    example:
 

docs/cvtsudoers.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the cvtsudoers.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "CVTSUDOERS" "1" "January 16, 2023" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
+.TH "CVTSUDOERS" "1" "April 26, 2024" "Sudo @PACKAGE_VERSION@" "General Commands Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -912,20 +912,28 @@ A boolean value that, if true, will negate any comparison performed
 with the object.
 .TP 9n
 sha224
-A string containing the SHA224 digest of the
+One or more SHA224 digests for the
-\fIcommand\fR.
+\fIcommand\fR
+in string form.
+Multiple digests of the same type are stored as an array.
 .TP 9n
 sha256
-A string containing the SHA256 digest of the
+One or more SHA256 digests for the
-\fIcommand\fR.
+\fIcommand\fR
+in string form.
+Multiple digests of the same type are stored as an array.
 .TP 9n
 sha384
-A string containing the SHA384 digest of the
+One or more SHA384 digests for the
-\fIcommand\fR.
+\fIcommand\fR
+in string form.
+Multiple digests of the same type are stored as an array.
 .TP 9n
 sha512
-A string containing the SHA512 digest of the
+One or more SHA512 digests for the
-\fIcommand\fR.
+\fIcommand\fR
+in string form.
+Multiple digests of the same type are stored as an array.
 .PP
 The
 \fIrunasusers\fR
@@ -1374,7 +1382,19 @@ exhaustive list of people who have contributed to
 .SH "BUGS"
 If you believe you have found a bug in
 \fBcvtsudoers\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/cvtsudoers.mdoc.in

@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 16, 2023
+.Dd April 26, 2024
 .Dt CVTSUDOERS 1
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -793,17 +793,25 @@ it will match any command.
 A boolean value that, if true, will negate any comparison performed
 with the object.
 .It sha224
-A string containing the SHA224 digest of the
+One or more SHA224 digests for the
-.Em command .
+.Em command
+in string form.
+Multiple digests of the same type are stored as an array.
 .It sha256
-A string containing the SHA256 digest of the
+One or more SHA256 digests for the
-.Em command .
+.Em command
+in string form.
+Multiple digests of the same type are stored as an array.
 .It sha384
-A string containing the SHA384 digest of the
+One or more SHA384 digests for the
-.Em command .
+.Em command
+in string form.
+Multiple digests of the same type are stored as an array.
 .It sha512
-A string containing the SHA512 digest of the
+One or more SHA512 digests for the
-.Em command .
+.Em command
+in string form.
+Multiple digests of the same type are stored as an array.
 .El
 .Pp
 The
@@ -1190,7 +1198,19 @@ exhaustive list of people who have contributed to
 .Sh BUGS
 If you believe you have found a bug in
 .Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/schema.ActiveDirectory

@@ -4,7 +4,7 @@
 # To extend your Active Directory schema, run one of the following command
 # on your Windows DC (default port - Active Directory):
 # 
-#  ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext
+#  ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" "#schemaNamingContext"
 #
 # or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode)
 # Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance

docs/schema.IBM_LDAP

@@ -0,0 +1,91 @@
+#
+# sudoers schema for IBM Directory Server, also known as Tivoli Directory
+# Server, IBM Security Directory Server, and IBM Security Verify Directory.
+#
+# To import: ldapmodify -c -D binddn -h host:port -w password -f schema.IBM_LDAP
+# Substitute the correct values for binddn, host:port and password.
+#
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.1 DBNAME( 'sudoUser' 'sudoUser' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.2 DBNAME( 'sudoHost' 'sudoHost' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.3 DBNAME( 'sudoCommand' 'sudoCommand' ) ACCESS-CLASS normal LENGTH 2048 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.4 DBNAME( 'sudoRunAs' 'sudoRunAs' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.5 DBNAME( 'sudoOption' 'sudoOption' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.6 DBNAME( 'sudoRunAsUser' 'sudoRunAsUser' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.7 DBNAME( 'sudoRunAsGroup' 'sudoRunAsGroup' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.8 DBNAME( 'sudoNotBefore' 'sudoNotBefore' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.9 DBNAME( 'sudoNotAfter' 'sudoNotAfter' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.10 DBNAME( 'sudoOrder' 'sudoOrder' ) ACCESS-CLASS normal )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) )

docs/sudo.conf.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo.conf.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -911,8 +911,20 @@ exhaustive list of people who have contributed to
 \fBsudo\fR.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudo.conf\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo.conf.mdoc.in

@@ -841,8 +841,20 @@ exhaustive list of people who have contributed to
 .Nm sudo .
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -1415,6 +1415,9 @@ Default editor to use in
 \fRSUDO_GID\fR
 Set to the group-ID of the user who invoked sudo.
 .TP 17n
+\fRSUDO_HOME\fR
+Set to the home directory of the user who invoked sudo.
+.TP 17n
 \fRSUDO_PROMPT\fR
 Used as the default password prompt unless the
 \fB\-p\fR
@@ -1722,7 +1725,19 @@ set-user-ID shell scripts are generally safe).
 .SH "BUGS"
 If you believe you have found a bug in
 \fBsudo\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo.mdoc.in

@@ -1345,6 +1345,8 @@ Default editor to use in
 (sudoedit) mode.
 .It Ev SUDO_GID
 Set to the group-ID of the user who invoked sudo.
+.It Ev SUDO_HOME
+Set to the home directory of the user who invoked sudo.
 .It Ev SUDO_PROMPT
 Used as the default password prompt unless the
 .Fl p
@@ -1611,7 +1613,19 @@ set-user-ID shell scripts are generally safe).
 .Sh BUGS
 If you believe you have found a bug in
 .Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_logsrv.proto.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo_logsrv.proto.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -893,8 +893,20 @@ exhaustive list of people who have contributed to
 \fBsudo\fR.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudo_logsrv.proto\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_logsrv.proto.mdoc.in

@@ -810,8 +810,20 @@ exhaustive list of people who have contributed to
 .Nm sudo .
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_logsrvd.conf.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo_logsrvd.conf.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "January 16, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_LOGSRVD.CONF" "@mansectform@" "March 9, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -682,15 +682,58 @@ Defaults to
 .TP 6n
 log_format = string
 The event log format.
-Supported log formats are
+Supported log formats are:
-\(lqsudo\(rq
+.PP
-for traditional sudo-style logs and
+.RS 6n
-\(lqjson\(rq
+.PD 0
-for JSON-format logs.
+.TP 6n
-The JSON log entries contain the full contents of the accept, reject, exit
+json
+Currently, this is an alias for
+\fIjson_pretty\fR.
+In a future version of
+\fBsudo_logsrvd\fR,
+\fIjson\fR
+will be equivalent to
+\fIjson_compact\fR.
+JSON log entries contain the full contents of the accept, reject, exit
 and alert messages.
+.PD
+.TP 6n
+json_compact
+Log events in
+\(lqcompact\(rq
+(minified) JSON format.
+Each event is written as a separate JSON object on single line without
+extraneous white space.
+Due to limitations of the protocol, JSON events sent via
+\fIsyslog\fR
+may be truncated.
+.TP 6n
+json_pretty
+Log events in
+\(lqpretty\(rq
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
+When logging via
+\fIsyslog\fR,
+there is no difference between the
+\fIjson_pretty\fR
+and
+\fIjson_compact\fR
+formats.
+.TP 6n
+sudo
+Log events in traditional sudo-style log format.
+See the
+\fIEVENT LOGGING\fR
+section in
+sudoers(@mansectform@)
+for details.
+.PP
 The default value is
 \fIsudo\fR.
+.RE
 .SS "syslog"
 The
 \fIsyslog\fR
@@ -1096,8 +1139,20 @@ exhaustive list of people who have contributed to
 \fBsudo\fR.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudo_logsrvd.conf\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_logsrvd.conf.mdoc.in

@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 16, 2023
+.Dd March 9, 2024
 .Dt SUDO_LOGSRVD.CONF @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -611,13 +611,49 @@ Defaults to
 .Em false .
 .It log_format = string
 The event log format.
-Supported log formats are
+Supported log formats are:
-.Dq sudo
+.Bl -tag -width 4n
-for traditional sudo-style logs and
+.It json
-.Dq json
+Currently, this is an alias for
-for JSON-format logs.
+.Em json_pretty .
-The JSON log entries contain the full contents of the accept, reject, exit
+In a future version of
+.Nm sudo_logsrvd ,
+.Em json
+will be equivalent to
+.Em json_compact .
+JSON log entries contain the full contents of the accept, reject, exit
 and alert messages.
+.It json_compact
+Log events in
+.Dq compact
+(minified) JSON format.
+Each event is written as a separate JSON object on single line without
+extraneous white space.
+Due to limitations of the protocol, JSON events sent via
+.Em syslog
+may be truncated.
+.It json_pretty
+Log events in
+.Dq pretty
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
+When logging via
+.Em syslog ,
+there is no difference between the
+.Em json_pretty
+and
+.Em json_compact
+formats.
+.It sudo
+Log events in traditional sudo-style log format.
+See the
+.Em "EVENT LOGGING"
+section in
+.Xr sudoers @mansectform@
+for details.
+.El
+.Pp
 The default value is
 .Em sudo .
 .El
@@ -1020,8 +1056,20 @@ exhaustive list of people who have contributed to
 .Nm sudo .
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_logsrvd.man.in

@@ -1,8 +1,8 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo_logsrvd.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_LOGSRVD" "@mansectsu@" "January 16, 2023" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO_LOGSRVD" "@mansectsu@" "July 14, 2024" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -277,7 +277,7 @@ If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:US
 State or Province Name (full name) [Some-State]:Colorado
 Locality Name (eg, city) []:
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo
+Organization Name (eg, company) [Internet Widgets Pty Ltd]:sudo
 Organizational Unit Name (eg, section) []:sudo Certificate Authority
 Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA
 Email Address []:
@@ -335,7 +335,7 @@ If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:US
 State or Province Name (full name) [Some-State]:Colorado
 Locality Name (eg, city) []:
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo
+Organization Name (eg, company) [Internet Widgets Pty Ltd]:sudo
 Organizational Unit Name (eg, section) []:sudo log server
 Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com
 Email Address []:
@@ -440,6 +440,7 @@ If peer authentication is enabled on the client, a copy of
 must be present on the client system too.
 .SH "SEE ALSO"
 sudo.conf(@mansectform@),
+sudo_logsrv.proto(@mansectform@),
 sudo_logsrvd.conf(@mansectform@),
 sudoers(@mansectform@),
 sudo(@mansectsu@),
@@ -462,7 +463,19 @@ exhaustive list of people who have contributed to
 .SH "BUGS"
 If you believe you have found a bug in
 \fBsudo_logsrvd\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_logsrvd.mdoc.in

@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 16, 2023
+.Dd July 14, 2024
 .Dt SUDO_LOGSRVD @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -253,7 +253,7 @@ If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:US
 State or Province Name (full name) [Some-State]:Colorado
 Locality Name (eg, city) []:
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo
+Organization Name (eg, company) [Internet Widgets Pty Ltd]:sudo
 Organizational Unit Name (eg, section) []:sudo Certificate Authority
 Common Name (e.g., server FQDN or YOUR name) []:sudo Root CA
 Email Address []:
@@ -302,7 +302,7 @@ If you enter '.', the field will be left blank.
 Country Name (2 letter code) [AU]:US
 State or Province Name (full name) [Some-State]:Colorado
 Locality Name (eg, city) []:
-Organization Name (eg, company) [Internet Widgits Pty Ltd]:sudo
+Organization Name (eg, company) [Internet Widgets Pty Ltd]:sudo
 Organizational Unit Name (eg, section) []:sudo log server
 Common Name (e.g., server FQDN or YOUR name) []:logserver.example.com
 Email Address []:
@@ -397,6 +397,7 @@ If peer authentication is enabled on the client, a copy of
 must be present on the client system too.
 .Sh SEE ALSO
 .Xr sudo.conf @mansectform@ ,
+.Xr sudo_logsrv.proto @mansectform@ ,
 .Xr sudo_logsrvd.conf @mansectform@ ,
 .Xr sudoers @mansectform@ ,
 .Xr sudo @mansectsu@ ,
@@ -418,7 +419,19 @@ exhaustive list of people who have contributed to
 .Sh BUGS
 If you believe you have found a bug in
 .Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_plugin.man.in

@@ -1,8 +1,8 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo_plugin.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2009-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2009-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_PLUGIN" "5" "July 10, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDO_PLUGIN" "5" "August 14, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -674,10 +674,18 @@ process or 0 if there is no terminal present.
 Only available starting with API version 1.2.
 .TP 6n
 tty=string
-The path to the user's terminal device.
+The path to the user's terminal device, if one exists.
-If the user has no terminal device associated with the session,
+This entry is only present if the user has a terminal device
-the value will be empty, as in
+associated with the session.
-\(oqtty=\(cq.
+.TP 6n
+ttydev=dev_t
+The number of the user's terminal device, if one exists,
+formatted as a
+\fIlong long\fR
+value.
+This entry is only present if the user has a terminal device
+associated with the session.
+Only available starting with API version 1.22.
 .TP 6n
 uid=uid_t
 The real user-ID of the user invoking
@@ -1552,7 +1560,7 @@ front-end to determine which elements of the
 vector are files to be edited.
 The
 \(oq--\(cq
-element must immediately precede the first file to be editied.
+element must immediately precede the first file to be edited.
 If
 \fIsudoedit_nfiles\fR
 is not specified, the
@@ -5474,6 +5482,13 @@ The
 entry was added to the
 \fIcommand_info\fR
 list.
+.TP 6n
+Version 1.22 (sudo 1.9.16)
+The
+\fIttydev\fR
+entry was added to the
+\fIuser_info\fR
+list.
 .SH "SEE ALSO"
 sudo.conf(@mansectform@),
 sudoers(@mansectform@),
@@ -5494,8 +5509,20 @@ exhaustive list of people who have contributed to
 \fBsudo\fR.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudo_plugin\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_plugin.mdoc.in

@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2009-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2009-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd July 10, 2023
+.Dd August 14, 2024
 .Dt SUDO_PLUGIN @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -600,10 +600,17 @@ device associated with the
 process or 0 if there is no terminal present.
 Only available starting with API version 1.2.
 .It tty=string
-The path to the user's terminal device.
+The path to the user's terminal device, if one exists.
-If the user has no terminal device associated with the session,
+This entry is only present if the user has a terminal device
-the value will be empty, as in
+associated with the session.
-.Ql tty= .
+.It ttydev=dev_t
+The number of the user's terminal device, if one exists,
+formatted as a
+.Vt long long
+value.
+This entry is only present if the user has a terminal device
+associated with the session.
+Only available starting with API version 1.22.
 .It uid=uid_t
 The real user-ID of the user invoking
 .Nm sudo .
@@ -1393,7 +1400,7 @@ front-end to determine which elements of the
 vector are files to be edited.
 The
 .Ql --
-element must immediately precede the first file to be editied.
+element must immediately precede the first file to be edited.
 If
 .Em sudoedit_nfiles
 is not specified, the
@@ -4857,6 +4864,12 @@ The
 entry was added to the
 .Fa command_info
 list.
+.It Version 1.22 (sudo 1.9.16)
+The
+.Em ttydev
+entry was added to the
+.Fa user_info
+list.
 .El
 .Sh SEE ALSO
 .Xr sudo.conf @mansectform@ ,
@@ -4877,8 +4890,20 @@ exhaustive list of people who have contributed to
 .Nm sudo .
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_plugin_python.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo_plugin_python.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -1868,8 +1868,20 @@ exhaustive list of people who have contributed to
 Python plugin support is currently considered experimental.
 .PP
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudo_plugin_python\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SECURITY CONSIDERATIONS"
 All Python plugin handling is implemented inside the
 \fI@python_plugin@\fR

docs/sudo_plugin_python.mdoc.in

@@ -1519,8 +1519,20 @@ exhaustive list of people who have contributed to
 Python plugin support is currently considered experimental.
 .Pp
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SECURITY CONSIDERATIONS
 All Python plugin handling is implemented inside the
 .Pa @python_plugin@

docs/sudo_sendlog.man.in

@@ -1,8 +1,8 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudo_sendlog.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDO_SENDLOG" "@mansectsu@" "January 16, 2023" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO_SENDLOG" "@mansectsu@" "July 14, 2024" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -169,6 +169,7 @@ Sudo front-end configuration
 .SH "SEE ALSO"
 sudo.conf(@mansectform@),
 sudo(@mansectsu@),
+sudo_logsrv.proto(@mansectform@),
 sudo_logsrvd(@mansectsu@)
 .SH "AUTHORS"
 Many people have worked on
@@ -187,7 +188,19 @@ exhaustive list of people who have contributed to
 .SH "BUGS"
 If you believe you have found a bug in
 \fBsudo_sendlog\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudo_sendlog.mdoc.in

@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 2019-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+.\" Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd January 16, 2023
+.Dd July 14, 2024
 .Dt SUDO_SENDLOG @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -155,6 +155,7 @@ Sudo front-end configuration
 .Sh SEE ALSO
 .Xr sudo.conf @mansectform@ ,
 .Xr sudo @mansectsu@ ,
+.Xr sudo_logsrv.proto @mansectform@ ,
 .Xr sudo_logsrvd @mansectsu@
 .Sh AUTHORS
 Many people have worked on
@@ -172,7 +173,19 @@ exhaustive list of people who have contributed to
 .Sh BUGS
 If you believe you have found a bug in
 .Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoers.ldap.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudoers.ldap.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDOERS.LDAP" "@mansectform@" "June 7, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS.LDAP" "@mansectform@" "June 25, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -651,20 +651,24 @@ distribution includes versions of the
 \fBsudoers\fR
 schema for multiple LDAP servers:
 .TP 6n
-\fIschema.OpenLDAP\fR
+\fIschema.ActiveDirectory\fR
-OpenLDAP slapd and
+Microsoft Active Directory
-OpenBSD
-ldapd
 .TP 6n
-\fIschema.olcSudo\fR
+\fIschema.IBM_LDAP\fR
-OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+IBM Directory Server, also known as IBM Tivoli Directory Server,
+IBM Security Directory Server, and IBM Security Verify Directory
 .TP 6n
 \fIschema.iPlanet\fR
 Netscape-derived servers such as the iPlanet, Oracle,
 and 389 Directory Servers
 .TP 6n
-\fIschema.ActiveDirectory\fR
+\fIschema.olcSudo\fR
-Microsoft Active Directory
+OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
+.TP 6n
+\fIschema.OpenLDAP\fR
+OpenLDAP slapd and
+OpenBSD
+ldapd
 .PP
 The schema in OpenLDAP format is also included in the
 \fIEXAMPLES\fR
@@ -1783,8 +1787,20 @@ See the
 section for more information.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudoers.ldap\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoers.ldap.mdoc.in

@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd June 7, 2023
+.Dd June 25, 2024
 .Dt SUDOERS.LDAP @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -616,17 +616,20 @@ distribution includes versions of the
 .Nm sudoers
 schema for multiple LDAP servers:
 .Bl -tag -width 4n
+.It Pa schema.ActiveDirectory
+Microsoft Active Directory
+.It Pa schema.IBM_LDAP
+IBM Directory Server, also known as IBM Tivoli Directory Server,
+IBM Security Directory Server, and IBM Security Verify Directory
+.It Pa schema.iPlanet
+Netscape-derived servers such as the iPlanet, Oracle,
+and 389 Directory Servers
+.It Pa schema.olcSudo
+OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
 .It Pa schema.OpenLDAP
 OpenLDAP slapd and
 .Ox
 ldapd
-.It Pa schema.olcSudo
-OpenLDAP slapd 2.3 and higher when on-line configuration is enabled
-.It Pa schema.iPlanet
-Netscape-derived servers such as the iPlanet, Oracle,
-and 389 Directory Servers
-.It Pa schema.ActiveDirectory
-Microsoft Active Directory
 .El
 .Pp
 The schema in OpenLDAP format is also included in the
@@ -1635,8 +1638,20 @@ See the
 section for more information.
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoers.man.in

@@ -1,8 +1,8 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudoers.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2023
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2024
 .\"	Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDOERS" "@mansectform@" "December 19, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS" "@mansectform@" "July 14, 2024" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -292,6 +292,14 @@ The
 option can be used to select the type of time stamp record
 \fBsudoers\fR
 will use.
+.PP
+The
+\fBtsdump\fR
+utility, included with the sudo source distribution, can be used to
+display the contents of a time stamp file.
+See
+sudoers_timestamp(@mansectform@)
+for details of the time stamp file format.
 .SS "Logging"
 By default,
 \fBsudoers\fR
@@ -3816,6 +3824,22 @@ by default.
 .sp
 This setting is only supported by version 1.8.8 or higher.
 .TP 18n
+pam_silent
+If set, PAM authentication will be performed in silent mode.
+This prevents PAM authentication modules from generating output.
+In some cases, this may suppress important information about why
+authentication failed.
+For example, PAM modules such as
+\fIpam_faillock\fR
+will only display a warning if
+\fIpam_silent\fR
+is disabled.
+This flag is
+\fIon\fR
+by default.
+.sp
+This setting is only supported by version 1.8.16 or higher.
+.TP 18n
 passprompt_override
 If set, the prompt specified by
 \fIpassprompt\fR
@@ -4280,6 +4304,14 @@ user's terminal device even after the main program has finished
 executing.
 By running the command in a separate pseudo-terminal, this attack is
 no longer possible.
+.sp
+A side effect of running the command in a new pseudo-terminal is
+that input will be passed to the command even if it is non-interactive.
+This means that, for example, keys pressed while a non-interactive
+command is running will be consumed by
+\fBsudo\fR
+instead of being passed to the shell after the command exits.
+.sp
 This flag is
 \fIon\fR
 by default for
@@ -4388,7 +4420,7 @@ it will
 \(lqroll over\(rq
 to zero, after which
 \fBsudoers\fR
-will truncate and re-use any existing I/O log path names.
+will truncate and reuse any existing I/O log path names.
 .sp
 This setting is only supported by version 1.8.7 or higher.
 .TP 18n
@@ -4499,6 +4531,19 @@ option.
 This option is only available when sudo is built with AppArmor
 support.
 .TP 18n
+cmddenial_message
+.br
+It set,
+\fBsudo\fR
+will display this message when a user is denied access to run the
+specified command, but is listed in the
+\fIsudoers\fR
+file for the host.
+This can be used to provide additional, site-specific information
+to the user when a command is denied by the security policy.
+It does not override the standard warning the user receives when
+a command is denied.
+.TP 18n
 authfail_message
 Message that is displayed after a user fails to authenticate.
 The message may include the
@@ -5352,18 +5397,45 @@ Supported log formats are:
 .PD 0
 .TP 6n
 json
-Logs in JSON format.
+Currently, this is an alias for
+\fIjson_pretty\fR.
+In a future version of
+\fBsudo\fR,
+\fIjson\fR
+will be equivalent to
+\fIjson_compact\fR.
 JSON log entries contain the full user details as well as the execution
 environment if the command was allowed.
+.PD
+.TP 6n
+json_compact
+Log events in
+\(lqcompact\(rq
+(minified) JSON format.
+Each event is written as a separate JSON object on single line without
+extraneous white space.
 Due to limitations of the protocol, JSON events sent via
 \fIsyslog\fR
 may be truncated.
-.PD
+.TP 6n
+json_pretty
+Log events in
+\(lqpretty\(rq
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
+When logging via
+\fIsyslog\fR,
+there is no difference between the
+\fIjson_pretty\fR
+and
+\fIjson_compact\fR
+formats.
 .TP 6n
 sudo
-Traditional sudo-style logs, see
+Log events in traditional sudo-style format, see
 \fIEVENT LOGGING\fR
-for a description of the log file format.
+for details.
 .PP
 This setting affects logs sent via
 syslog(3)
@@ -5576,17 +5648,37 @@ If set,
 will use this value in place of the user's
 \fRPATH\fR
 environment variable.
-This option can be used to reset the
+There are two basic use cases for
-\fRPATH\fR
+\fIsecure_path\fR:
-to a known good value that contains directories for system administrator
+.PP
-commands such as
+.RS 14n
+.PD 0
+.TP 3n
+1.\&
+To make it possible for
+\fBsudo\fR
+to find system administrator commands located in directories that
+may not be in the default user path, such as
 \fI/usr/sbin\fR.
-.sp
+.PD
+.TP 3n
+2.\&
+To help protect scripts and programs that execute other commands without
+first setting
+\fRPATH\fR
+to a safe value.
+Otherwise, a user with limited privileges may be able to run arbitrary
+commands by manipulating the
+\fRPATH\fR
+if the command being run executes other commands without using a
+fully-qualified path name.
+.PP
 Users in the group specified by the
 \fIexempt_group\fR
 option are not affected by
 \fIsecure_path\fR.
-This option is @secure_path@ by default.
+This option is @secure_path_status@ by default.
+.RE
 .TP 14n
 syslog
 Syslog facility if syslog is being used for logging (negate to
@@ -6757,7 +6849,7 @@ Once the I/O log sequence number reaches
 \fImaxseq\fR,
 it will be reset to zero and
 \fBsudoers\fR
-will truncate and re-use any existing I/O logs.
+will truncate and reuse any existing I/O logs.
 .SH "FILES"
 .TP 26n
 \fI@sysconfdir@/sudo.conf\fR
@@ -7834,7 +7926,7 @@ If no terminal is present or the
 option is set to
 \(lqppid\(rq,
 the start time of the parent process is used instead.
-In most cases this will prevent a time stamp record from being re-used
+In most cases this will prevent a time stamp record from being reused
 without the user entering a password when logging out and back in again.
 .SH "DEBUGGING"
 Versions 1.8.4 and higher of the
@@ -7958,10 +8050,12 @@ glob(3),
 mktemp(3),
 strftime(3),
 sudo.conf(@mansectform@),
+sudo_logsrv.proto(@mansectform@),
 sudo_plugin(@mansectform@),
 sudoers.ldap(@mansectform@),
 sudoers_timestamp(@mansectform@),
 sudo(@mansectsu@),
+sudo_logsrvd(@mansectsu@),
 visudo(@mansectsu@)
 .SH "AUTHORS"
 Many people have worked on
@@ -8013,8 +8107,20 @@ option in
 \fIsudoers\fR.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudoers\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoers.mdoc.in

@@ -1,7 +1,7 @@
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
-.\" Copyright (c) 1994-1996, 1998-2005, 2007-2023
+.\" Copyright (c) 1994-1996, 1998-2005, 2007-2024
 .\"	Todd C. Miller <Todd.Miller@sudo.ws>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd December 19, 2023
+.Dd July 14, 2024
 .Dt SUDOERS @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -280,6 +280,14 @@ The
 option can be used to select the type of time stamp record
 .Nm
 will use.
+.Pp
+The
+.Nm tsdump
+utility, included with the sudo source distribution, can be used to
+display the contents of a time stamp file.
+See
+.Xr sudoers_timestamp @mansectform@
+for details of the time stamp file format.
 .Ss Logging
 By default,
 .Nm
@@ -3615,6 +3623,21 @@ This flag is
 by default.
 .Pp
 This setting is only supported by version 1.8.8 or higher.
+.It pam_silent
+If set, PAM authentication will be performed in silent mode.
+This prevents PAM authentication modules from generating output.
+In some cases, this may suppress important information about why
+authentication failed.
+For example, PAM modules such as
+.Em pam_faillock
+will only display a warning if
+.Em pam_silent
+is disabled.
+This flag is
+.Em on
+by default.
+.Pp
+This setting is only supported by version 1.8.16 or higher.
 .It passprompt_override
 If set, the prompt specified by
 .Em passprompt
@@ -4052,6 +4075,14 @@ user's terminal device even after the main program has finished
 executing.
 By running the command in a separate pseudo-terminal, this attack is
 no longer possible.
+.Pp
+A side effect of running the command in a new pseudo-terminal is
+that input will be passed to the command even if it is non-interactive.
+This means that, for example, keys pressed while a non-interactive
+command is running will be consumed by
+.Nm sudo
+instead of being passed to the shell after the command exits.
+.Pp
 This flag is
 .Em on
 by default for
@@ -4155,7 +4186,7 @@ it will
 .Dq roll over
 to zero, after which
 .Nm
-will truncate and re-use any existing I/O log path names.
+will truncate and reuse any existing I/O log path names.
 .Pp
 This setting is only supported by version 1.8.7 or higher.
 .It passwd_tries
@@ -4263,6 +4294,17 @@ option.
 This option is only available when sudo is built with AppArmor
 support.
 .\}
+.It cmddenial_message
+It set,
+.Nm sudo
+will display this message when a user is denied access to run the
+specified command, but is listed in the
+.Em sudoers
+file for the host.
+This can be used to provide additional, site-specific information
+to the user when a command is denied by the security policy.
+It does not override the standard warning the user receives when
+a command is denied.
 .It authfail_message
 Message that is displayed after a user fails to authenticate.
 The message may include the
@@ -5027,16 +5069,41 @@ The event log format.
 Supported log formats are:
 .Bl -tag -width 4n
 .It json
-Logs in JSON format.
+Currently, this is an alias for
+.Em json_pretty .
+In a future version of
+.Nm sudo ,
+.Em json
+will be equivalent to
+.Em json_compact .
 JSON log entries contain the full user details as well as the execution
 environment if the command was allowed.
+.It json_compact
+Log events in
+.Dq compact
+(minified) JSON format.
+Each event is written as a separate JSON object on single line without
+extraneous white space.
 Due to limitations of the protocol, JSON events sent via
 .Em syslog
 may be truncated.
+.It json_pretty
+Log events in
+.Dq pretty
+JSON format.
+When logging to a file, the entire file is treated as a single JSON
+object consisting of multiple events, each event spanning multiple lines.
+When logging via
+.Em syslog ,
+there is no difference between the
+.Em json_pretty
+and
+.Em json_compact
+formats.
 .It sudo
-Traditional sudo-style logs, see
+Log events in traditional sudo-style format, see
 .Sx "EVENT LOGGING"
-for a description of the log file format.
+for details.
 .El
 .Pp
 This setting affects logs sent via
@@ -5228,17 +5295,32 @@ If set,
 will use this value in place of the user's
 .Ev PATH
 environment variable.
-This option can be used to reset the
+There are two basic use cases for
-.Ev PATH
+.Em secure_path :
-to a known good value that contains directories for system administrator
+.Bl -enum -width 1n
-commands such as
+.It
+To make it possible for
+.Nm sudo
+to find system administrator commands located in directories that
+may not be in the default user path, such as
 .Pa /usr/sbin .
+.It
+To help protect scripts and programs that execute other commands without
+first setting
+.Ev PATH
+to a safe value.
+Otherwise, a user with limited privileges may be able to run arbitrary
+commands by manipulating the
+.Ev PATH
+if the command being run executes other commands without using a
+fully-qualified path name.
+.El
 .Pp
 Users in the group specified by the
 .Em exempt_group
 option are not affected by
 .Em secure_path .
-This option is @secure_path@ by default.
+This option is @secure_path_status@ by default.
 .It syslog
 Syslog facility if syslog is being used for logging (negate to
 disable syslog logging).
@@ -6286,7 +6368,7 @@ Once the I/O log sequence number reaches
 .Em maxseq ,
 it will be reset to zero and
 .Nm
-will truncate and re-use any existing I/O logs.
+will truncate and reuse any existing I/O logs.
 .Sh FILES
 .Bl -tag -width 24n
 .It Pa @sysconfdir@/sudo.conf
@@ -7266,7 +7348,7 @@ If no terminal is present or the
 option is set to
 .Dq ppid ,
 the start time of the parent process is used instead.
-In most cases this will prevent a time stamp record from being re-used
+In most cases this will prevent a time stamp record from being reused
 without the user entering a password when logging out and back in again.
 .Sh DEBUGGING
 Versions 1.8.4 and higher of the
@@ -7371,10 +7453,12 @@ manual.
 .Xr mktemp 3 ,
 .Xr strftime 3 ,
 .Xr sudo.conf @mansectform@ ,
+.Xr sudo_logsrv.proto @mansectform@ ,
 .Xr sudo_plugin @mansectform@ ,
 .Xr sudoers.ldap @mansectform@ ,
 .Xr sudoers_timestamp @mansectform@ ,
 .Xr sudo @mansectsu@ ,
+.Xr sudo_logsrvd @mansectsu@ ,
 .Xr visudo @mansectsu@
 .Sh AUTHORS
 Many people have worked on
@@ -7425,8 +7509,20 @@ option in
 .Em sudoers .
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoers_timestamp.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudoers_timestamp.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -16,7 +16,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.TH "SUDOERS_TIMESTAMP" "@mansectform@" "September 20, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
+.TH "SUDOERS_TIMESTAMP" "@mansectform@" "November 26, 2023" "Sudo @PACKAGE_VERSION@" "File Formats Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -60,14 +60,14 @@ Time stamp records have the following structure:
 .sp
 .RS 0n
 /* Time stamp entry types */
-#define TS_GLOBAL               0x01    /* not restricted by tty or ppid */
+#define TS_GLOBAL               0x01U   /* not restricted by tty or ppid */
-#define TS_TTY                  0x02    /* restricted by tty */
+#define TS_TTY                  0x02U   /* restricted by tty */
-#define TS_PPID                 0x03    /* restricted by ppid */
+#define TS_PPID                 0x03U   /* restricted by ppid */
-#define TS_LOCKEXCL             0x04    /* special lock record */
+#define TS_LOCKEXCL             0x04U   /* special lock record */
 
 /* Time stamp flags */
-#define TS_DISABLED             0x01    /* entry disabled */
+#define TS_DISABLED             0x01U   /* entry disabled */
-#define TS_ANYUID               0x02    /* ignore uid, only valid in key */
+#define TS_ANYUID               0x02U   /* ignore uid, only valid in key */
 
 struct timestamp_entry {
     unsigned short version;     /* version number */
@@ -138,7 +138,7 @@ or of the parent process for records of type
 \fRTS_PPID\fR.
 The
 \fIstart_time\fR
-is used to help prevent re-use of a time stamp record after a
+is used to help prevent reuse of a time stamp record after a
 user has logged out.
 Not all systems support a method to easily retrieve a process's
 start time.
@@ -174,6 +174,13 @@ records of type
 u.ppid
 The ID of the parent process for records of type
 \fRTS_PPID\fR.
+.PP
+The
+\fBtsdump\fR
+utility, included with the sudo source distribution, can be used to
+display the contents of a
+\fIsudoers\fR
+time stamp file.
 .SH "LOCKING"
 In
 \fBsudoers\fR
@@ -250,13 +257,13 @@ Information about the terminal device was stored in
 tty-based time stamp files for validity checks.
 This included the terminal device numbers, inode number and, on systems
 where it was not updated when the device was written to, the inode change time.
-This helped prevent re-use of the time stamp file after logout.
+This helped prevent reuse of the time stamp file after logout.
 .TP 6n
 1.8.6p7
 The terminal session ID was added to tty-based time stamp files to
-prevent re-use of the time stamp by the same user in a different
+prevent reuse of the time stamp by the same user in a different
 terminal session.
-It also helped prevent re-use of the time stamp file on systems where
+It also helped prevent reuse of the time stamp file on systems where
 the terminal device's inode change time was updated by writing.
 .TP 6n
 1.8.10
@@ -273,7 +280,7 @@ entire file and the lock is held until authentication is complete.
 1.8.22
 The start time of the terminal session leader or parent process is
 now stored in non-global time stamp records.
-This prevents re-use of the time stamp file after logout in most cases.
+This prevents reuse of the time stamp file after logout in most cases.
 .sp
 Support was added for the kernel-based tty time stamps available in
 OpenBSD
@@ -300,8 +307,20 @@ exhaustive list of people who have contributed to
 \fBsudo\fR.
 .SH "BUGS"
 If you believe you have found a bug in
-\fBsudo\fR,
+\fBsudoers_timestamp\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoers_timestamp.mdoc.in

@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd September 20, 2023
+.Dd November 26, 2023
 .Dt SUDOERS_TIMESTAMP @mansectform@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -58,14 +58,14 @@ number and a 16-bit record size.
 Time stamp records have the following structure:
 .Bd -literal
 /* Time stamp entry types */
-#define TS_GLOBAL               0x01    /* not restricted by tty or ppid */
+#define TS_GLOBAL               0x01U   /* not restricted by tty or ppid */
-#define TS_TTY                  0x02    /* restricted by tty */
+#define TS_TTY                  0x02U   /* restricted by tty */
-#define TS_PPID                 0x03    /* restricted by ppid */
+#define TS_PPID                 0x03U   /* restricted by ppid */
-#define TS_LOCKEXCL             0x04    /* special lock record */
+#define TS_LOCKEXCL             0x04U   /* special lock record */
 
 /* Time stamp flags */
-#define TS_DISABLED             0x01    /* entry disabled */
+#define TS_DISABLED             0x01U   /* entry disabled */
-#define TS_ANYUID               0x02    /* ignore uid, only valid in key */
+#define TS_ANYUID               0x02U   /* ignore uid, only valid in key */
 
 struct timestamp_entry {
     unsigned short version;     /* version number */
@@ -128,7 +128,7 @@ or of the parent process for records of type
 .Dv TS_PPID .
 The
 .Em start_time
-is used to help prevent re-use of a time stamp record after a
+is used to help prevent reuse of a time stamp record after a
 user has logged out.
 Not all systems support a method to easily retrieve a process's
 start time.
@@ -162,6 +162,13 @@ records of type
 The ID of the parent process for records of type
 .Dv TS_PPID .
 .El
+.Pp
+The
+.Nm tsdump
+utility, included with the sudo source distribution, can be used to
+display the contents of a
+.Em sudoers
+time stamp file.
 .Sh LOCKING
 In
 .Nm sudoers
@@ -232,12 +239,12 @@ Information about the terminal device was stored in
 tty-based time stamp files for validity checks.
 This included the terminal device numbers, inode number and, on systems
 where it was not updated when the device was written to, the inode change time.
-This helped prevent re-use of the time stamp file after logout.
+This helped prevent reuse of the time stamp file after logout.
 .It 1.8.6p7
 The terminal session ID was added to tty-based time stamp files to
-prevent re-use of the time stamp by the same user in a different
+prevent reuse of the time stamp by the same user in a different
 terminal session.
-It also helped prevent re-use of the time stamp file on systems where
+It also helped prevent reuse of the time stamp file on systems where
 the terminal device's inode change time was updated by writing.
 .It 1.8.10
 A new, multi-record time stamp file format was introduced that uses a
@@ -251,7 +258,7 @@ entire file and the lock is held until authentication is complete.
 .It 1.8.22
 The start time of the terminal session leader or parent process is
 now stored in non-global time stamp records.
-This prevents re-use of the time stamp file after logout in most cases.
+This prevents reuse of the time stamp file after logout in most cases.
 .Pp
 Support was added for the kernel-based tty time stamps available in
 .Ox
@@ -277,8 +284,20 @@ exhaustive list of people who have contributed to
 .Nm sudo .
 .Sh BUGS
 If you believe you have found a bug in
-.Nm sudo ,
+.Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoreplay.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the sudoreplay.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -170,7 +170,7 @@ In this mode,
 will list available sessions in a format similar to the
 \fBsudo\fR
 log file format, sorted by file name (or sequence number).
-Any control characters present in the log data are formated in octal
+Any control characters present in the log data are formatted in octal
 with a leading
 \(oq#\(cq
 character.
@@ -178,6 +178,7 @@ For example, a horizontal tab is displayed as
 \(oq#011\(cq
 and an embedded carriage return is displayed as
 \(oq#015\(cq.
+Space characters in the command name and arguments are also formatted in octal.
 .sp
 If a
 \fIsearch expression\fR
@@ -517,7 +518,19 @@ exhaustive list of people who have contributed to
 .SH "BUGS"
 If you believe you have found a bug in
 \fBsudoreplay\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/sudoreplay.mdoc.in

@@ -460,7 +460,19 @@ exhaustive list of people who have contributed to
 .Sh BUGS
 If you believe you have found a bug in
 .Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/visudo.man.in

@@ -1,4 +1,4 @@
-.\" Automatically generated from an mdoc input file.  Do not edit.
+.\" Automatically generated from the visudo.mdoc.in file.  Do not edit.
 .\"
 .\" SPDX-License-Identifier: ISC
 .\"
@@ -531,7 +531,19 @@ allows shell escapes.
 .SH "BUGS"
 If you believe you have found a bug in
 \fBvisudo\fR,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.PP
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .SH "SUPPORT"
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

docs/visudo.mdoc.in

@@ -508,7 +508,19 @@ allows shell escapes.
 .Sh BUGS
 If you believe you have found a bug in
 .Nm ,
-you can submit a bug report at https://bugzilla.sudo.ws/
+you can either file a bug report in the sudo bug database,
+https://bugzilla.sudo.ws/, or open an issue at
+https://github.com/sudo-project/sudo/issues.
+If you would prefer to use email, messages may be sent to the
+sudo-workers mailing list,
+https://www.sudo.ws/mailman/listinfo/sudo-workers (public)
+or <sudo@sudo.ws> (private).
+.Pp
+Please not report security vulnerabilities through public GitHub
+issues, Bugzilla or mailing lists.
+Instead, report them via email to <Todd.Miller@sudo.ws>.
+You may encrypt your message with PGP if you would like, using
+the key found at https://www.sudo.ws/dist/PGPKEYS.
 .Sh SUPPORT
 Limited free support is available via the sudo-users mailing list,
 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or

etc/codespell.exclude

@@ -1,4 +1,4 @@
-    "You empty-headed animal food trough wiper!",
+    N_("You empty-headed animal food trough wiper!"),
  * Returns true if any tags set in nt differ between ot and nt, else false.
 #define TAGS_CHANGED(ot, nt) \
     ((TAG_SET((nt).follow) && (nt).follow != (ot).follow) || \
@@ -33,3 +33,4 @@
  *	Tim Fraser
 	    echo ".Nd sudo" >> conftest
  * as per FIPS 180-4: Secure Hash Standard (SHS)
+    { "wast",	tZONE,     -HOUR(7) },	/* West Australian Standard */

etc/sudo-logsrvd.pp

@@ -5,7 +5,7 @@
 from sudo clients.
 This makes it possible to have all sudo I/O logs on a central server."
 	vendor="Todd C. Miller"
-	copyright="(c) 2019-2021 Todd C. Miller"
+	copyright="Copyright 2019-2024 Todd C. Miller"
 
 %if [aix]
 	# Convert to 4 part version for AIX, including patch level
@@ -261,7 +261,7 @@ This makes it possible to have all sudo I/O logs on a central server."
 	    pp_systemd_service_exec_args="-n"
 	    pp_systemd_service_man="man:sudo_logsrvd(8) man:sudo_logsrvd.conf(5)"
 	    pp_systemd_service_documentation="https://www.sudo.ws/man.html"
-	    pp_systemd_service_after="syslog.target network.target auditd.service"
+	    pp_systemd_service_after="network.target auditd.service"
 	    pp_systemd_service_killmode="process"
 	    pp_systemd_service_type="exec"
 	    pp_systemd_system_target="multi-user.target"

etc/sudo-python.pp

@@ -3,7 +3,7 @@
 	summary="Sudo Python plugin framework"
 	description="The sudo Python plugin allows you to extend sudo using Python."
 	vendor="Todd C. Miller"
-	copyright="(c) 2019-2021 Todd C. Miller"
+	copyright="Copyright 2019-2024 Todd C. Miller"
 
 %if [aix]
 	# Convert to 4 part version for AIX, including patch level

etc/sudo.pp

@@ -10,7 +10,7 @@ limited root privileges to users and log root activity.  \
 The basic philosophy is to give as few privileges as possible but \
 still allow people to get their work done."
 	vendor="Todd C. Miller"
-	copyright="(c) 1993-1996,1998-2021 Todd C. Miller"
+	copyright="Copyright 1994-1996,1998-2024 Todd C. Miller"
 	sudoedit_man=`echo ${pp_destdir}$mandir/*/sudoedit.*|sed "s:^${pp_destdir}::"`
 	sudoedit_man_target=`basename $sudoedit_man | sed 's/edit//'`
 

include/compat/glob.h

@@ -69,7 +69,7 @@ typedef struct {
 #define	GLOB_NOMATCH	(-3)	/* No match and GLOB_NOCHECK not set. */
 #define	GLOB_NOSYS	(-4)	/* Function not supported. */
 
-sudo_dso_public int  sudo_glob(const char *, int, int (*)(const char *, int), glob_t *);
+sudo_dso_public int  sudo_glob(const char * restrict, int, int (*)(const char *, int), glob_t * restrict);
 sudo_dso_public void sudo_globfree(glob_t *);
 
 #define glob(_a, _b, _c, _d) sudo_glob((_a), (_b), (_c), (_d))

include/sudo_compat.h

@@ -28,6 +28,9 @@
 #include <sys/stat.h>	/* to avoid problems with mismatched headers and libc */
 #include <unistd.h>	/* to avoid problems with mismatched headers and libc */
 #include <stdio.h>
+#if !defined(HAVE_UTIMENSAT) || !defined(HAVE_FUTIMENS)
+# include <time.h>
+#endif
 #if !defined(HAVE_VSNPRINTF) || !defined(HAVE_VASPRINTF) || \
     !defined(HAVE_VSYSLOG) || defined(PREFER_PORTABLE_SNPRINTF)
 # include <stdarg.h>
@@ -347,7 +350,7 @@ sudo_dso_public ssize_t sudo_getdelim(char ** restrict bufp, size_t * restrict b
 # define getdelim(_a, _b, _c, _d) sudo_getdelim((_a), (_b), (_c), (_d))
 #elif defined(HAVE_DECL_GETDELIM) && !HAVE_DECL_GETDELIM
 /* getdelim present in libc but missing prototype (old gcc fixed includes?) */
-ssize_t getdelim(char **bufp, size_t *bufsizep, int delim, FILE *fp);
+ssize_t getdelim(char ** restrict bufp, size_t * restrict bufsizep, int delim, FILE * restrict fp);
 #endif /* HAVE_GETDELIM */
 #ifndef HAVE_GETUSERSHELL
 sudo_dso_public char *sudo_getusershell(void);
@@ -366,12 +369,12 @@ void setusershell(void);
 void endusershell(void);
 #endif /* HAVE_GETUSERSHELL */
 #ifndef HAVE_GMTIME_R
-sudo_dso_public struct tm *sudo_gmtime_r(const time_t *, struct tm *);
+sudo_dso_public struct tm *sudo_gmtime_r(const time_t * restrict, struct tm * restrict);
 # undef gmtime_r
 # define gmtime_r(_a, _b) sudo_gmtime_r((_a), (_b))
 #endif /* HAVE_GMTIME_R */
 #ifndef HAVE_LOCALTIME_R
-sudo_dso_public struct tm *sudo_localtime_r(const time_t *, struct tm *);
+sudo_dso_public struct tm *sudo_localtime_r(const time_t * restrict, struct tm * restrict);
 # undef localtime_r
 # define localtime_r(_a, _b) sudo_localtime_r((_a), (_b))
 #endif /* HAVE_LOCALTIME_R */
@@ -379,7 +382,7 @@ sudo_dso_public struct tm *sudo_localtime_r(const time_t *, struct tm *);
 sudo_dso_public time_t sudo_timegm(struct tm *);
 #endif /* HAVE_TIMEGM */
 #ifndef HAVE_UTIMENSAT
-sudo_dso_public int sudo_utimensat(int fd, const char *file, const struct timespec *times, int flag);
+sudo_dso_public int sudo_utimensat(int fd, const char *file, const struct timespec times[2], int flag);
 # undef utimensat
 # define utimensat(_a, _b, _c, _d) sudo_utimensat((_a), (_b), (_c), (_d))
 #endif /* HAVE_UTIMENSAT */
@@ -389,12 +392,12 @@ sudo_dso_public int sudo_fchmodat(int dfd, const char *path, mode_t mode, int fl
 # define fchmodat(_a, _b, _c, _d) sudo_fchmodat((_a), (_b), (_c), (_d))
 #endif /* HAVE_FCHMODAT */
 #ifndef HAVE_FSTATAT
-sudo_dso_public int sudo_fstatat(int dfd, const char *path, struct stat *sb, int flag);
+sudo_dso_public int sudo_fstatat(int dfd, const char * restrict path, struct stat * restrict sb, int flag);
 # undef fstatat
 # define fstatat(_a, _b, _c, _d) sudo_fstatat((_a), (_b), (_c), (_d))
 #endif /* HAVE_FSTATAT */
 #ifndef HAVE_FUTIMENS
-sudo_dso_public int sudo_futimens(int fd, const struct timespec *times);
+sudo_dso_public int sudo_futimens(int fd, const struct timespec times[2]);
 # undef futimens
 # define futimens(_a, _b) sudo_futimens((_a), (_b))
 #endif /* HAVE_FUTIMENS */
@@ -508,12 +511,12 @@ sudo_dso_public int sudo_str2sig(const char *signame, int *signum);
 # define str2sig(_a, _b) sudo_str2sig((_a), (_b))
 #endif /* HAVE_STR2SIG */
 #if !defined(HAVE_INET_NTOP) && defined(NEED_INET_NTOP)
-sudo_dso_public char *sudo_inet_ntop(int af, const void *src, char *dst, socklen_t size);
+sudo_dso_public const char *sudo_inet_ntop(int af, const void * restrict src, char * restrict dst, socklen_t size);
 # undef inet_ntop
 # define inet_ntop(_a, _b, _c, _d) sudo_inet_ntop((_a), (_b), (_c), (_d))
 #endif /* HAVE_INET_NTOP */
 #ifndef HAVE_INET_PTON
-sudo_dso_public int sudo_inet_pton(int af, const char *src, void *dst);
+sudo_dso_public int sudo_inet_pton(int af, const char * restrict src, void * restrict dst);
 # undef inet_pton
 # define inet_pton(_a, _b, _c) sudo_inet_pton((_a), (_b), (_c))
 #endif /* HAVE_INET_PTON */

include/sudo_debug.h

@@ -153,6 +153,13 @@ struct sudo_conf_debug_file_list;
 	    "<- %s @ %s:%d := %ld", (_func), (_file), (_line), (_ret));	       \
     } while (0)
 
+# define sudo_debug_exit_dev_t(_func, _file, _line, _sys, _ret)		       \
+    do {								       \
+	sudo_debug_printf2(NULL, NULL, 0, (_sys) | SUDO_DEBUG_TRACE,	       \
+	    "<- %s @ %s:%d := %lu", (_func), (_file), (_line),		       \
+	    (unsigned long)(_ret));					       \
+    } while (0)
+
 # if SIZEOF_ID_T == 8
 #  define sudo_debug_exit_id_t(_func, _file, _line, _sys, _ret)		       \
     do {								       \
@@ -231,6 +238,7 @@ struct sudo_conf_debug_file_list;
 # define sudo_debug_exit_int(_a, _b, _c, _d, _e)	((void)&(_d))
 # define sudo_debug_exit_uint(_a, _b, _c, _d, _e)	((void)&(_d))
 # define sudo_debug_exit_long(_a, _b, _c, _d, _e)	((void)&(_d))
+# define sudo_debug_exit_dev_t(_a, _b, _c, _d, _e)	((void)&(_d))
 # define sudo_debug_exit_id_t(_a, _b, _c, _d, _e)	((void)&(_d))
 # define sudo_debug_exit_size_t(_a, _b, _c, _d, _e)	((void)&(_d))
 # define sudo_debug_exit_ssize_t(_a, _b, _c, _d, _e)	((void)&(_d))
@@ -267,6 +275,14 @@ struct sudo_conf_debug_file_list;
 	return sudo_debug_ret;						       \
     } while (0)
 
+#define debug_return_dev_t(ret)					       \
+    do {								       \
+	dev_t sudo_debug_ret = (ret);				       \
+	sudo_debug_exit_dev_t(__func__, __FILE__, __LINE__, sudo_debug_subsys,\
+	    sudo_debug_ret);						       \
+	return sudo_debug_ret;						       \
+    } while (0)
+
 #define debug_return_id_t(ret)					       \
     do {								       \
 	id_t sudo_debug_ret = (ret);				       \

include/sudo_eventlog.h

@@ -43,7 +43,8 @@ enum event_type {
 /* Supported eventlog formats. */
 enum eventlog_format {
     EVLOG_SUDO,
-    EVLOG_JSON
+    EVLOG_JSON_COMPACT,
+    EVLOG_JSON_PRETTY
 };
 
 /* Eventlog flag values. */
@@ -114,7 +115,7 @@ struct eventlog {
     char **runargv;
     char **runenv;
     char **env_add;
-    struct timespec submit_time;
+    struct timespec event_time;
     struct timespec iolog_offset;
     struct timespec run_time;
     int exit_value;

include/sudo_iolog.h

@@ -94,7 +94,7 @@ struct iolog_file {
 
 struct iolog_path_escape {
     const char *name;
-    size_t (*copy_fn)(char *, size_t, void *);
+    size_t (*copy_fn)(char * restrict, size_t, void * restrict );
 };
 
 /* host_port.c */

include/sudo_plugin.h

@@ -21,7 +21,7 @@
 
 /* API version major/minor */
 #define SUDO_API_VERSION_MAJOR 1
-#define SUDO_API_VERSION_MINOR 21
+#define SUDO_API_VERSION_MINOR 22
 #define SUDO_API_MKVERSION(x, y) (((x) << 16) | (y))
 #define SUDO_API_VERSION SUDO_API_MKVERSION(SUDO_API_VERSION_MAJOR, SUDO_API_VERSION_MINOR)
 

include/sudo_util.h

@@ -195,7 +195,7 @@ sudo_dso_public int sudo_getgrouplist2_v1(const char *name, gid_t basegid, GETGR
 #define sudo_getgrouplist2(_a, _b, _c, _d) sudo_getgrouplist2_v1((_a), (_b), (_c), (_d))
 
 /* hexchar.c */
-sudo_dso_public int sudo_hexchar_v1(const char *s);
+sudo_dso_public int sudo_hexchar_v1(const char s[restrict static 2]);
 #define sudo_hexchar(_a) sudo_hexchar_v1(_a)
 
 /* key_val.c */
@@ -242,7 +242,7 @@ sudo_dso_public int sudo_mmap_protect_v1(void *ptr);
 #define sudo_mmap_protect(_a) sudo_mmap_protect_v1(_a)
 
 /* multiarch.c */
-sudo_dso_public char *sudo_stat_multiarch_v1(const char *path, struct stat *sb);
+sudo_dso_public char *sudo_stat_multiarch_v1(const char * restrict path, struct stat * restrict sb);
 #define sudo_stat_multiarch(_a, _b) sudo_stat_multiarch_v1((_a), (_b))
 
 /* parseln.c */
@@ -350,9 +350,9 @@ sudo_dso_public void sudo_get_ttysize_v2(int fd, int *rowp, int *colp);
 #define sudo_get_ttysize(_a, _b, _c) sudo_get_ttysize_v2((_a), (_b), (_c))
 
 /* uuid.c */
-sudo_dso_public void sudo_uuid_create_v1(unsigned char uuid_out[16]);
+sudo_dso_public void sudo_uuid_create_v1(unsigned char uuid_out[restrict static 16]);
 #define sudo_uuid_create(_a) sudo_uuid_create_v1((_a))
-sudo_dso_public char *sudo_uuid_to_string_v1(unsigned char uuid[16], char *dst, size_t dstsiz);
+sudo_dso_public char *sudo_uuid_to_string_v1(const unsigned char uuid[restrict static 16], char * restrict dst, size_t dstsiz);
 #define sudo_uuid_to_string(_a, _b, _c) sudo_uuid_to_string_v1((_a), (_b), (_c))
 
 #endif /* SUDO_UTIL_H */

lib/eventlog/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2020-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2020-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,7 @@ incdir = $(top_srcdir)/include
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 EGREP = @EGREP@
 SED = @SED@
@@ -117,7 +118,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
@@ -223,9 +224,9 @@ check_parse_json.i: $(srcdir)/regress/parse_json/check_parse_json.c \
                      $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \
                      $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                      $(srcdir)/parse_json.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/parse_json/check_parse_json.c > $@
 check_parse_json.plog: check_parse_json.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parse_json/check_parse_json.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/parse_json/check_parse_json.c --i-file check_parse_json.i --output-file $@
 check_wrap.lo: $(srcdir)/regress/logwrap/check_wrap.c \
                $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -237,9 +238,9 @@ check_wrap.i: $(srcdir)/regress/logwrap/check_wrap.c \
                $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
                $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/logwrap/check_wrap.c > $@
 check_wrap.plog: check_wrap.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/logwrap/check_wrap.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/logwrap/check_wrap.c --i-file check_wrap.i --output-file $@
 eventlog.lo: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \
              $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
              $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -255,9 +256,9 @@ eventlog.i: $(srcdir)/eventlog.c $(incdir)/compat/stdbool.h \
              $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \
              $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
              $(top_builddir)/config.h $(top_builddir)/pathnames.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/eventlog.c > $@
 eventlog.plog: eventlog.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog.c --i-file eventlog.i --output-file $@
 eventlog_conf.lo: $(srcdir)/eventlog_conf.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                   $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -273,9 +274,9 @@ eventlog_conf.i: $(srcdir)/eventlog_conf.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                   $(incdir)/sudo_util.h $(top_builddir)/config.h \
                   $(top_builddir)/pathnames.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/eventlog_conf.c > $@
 eventlog_conf.plog: eventlog_conf.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_conf.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_conf.c --i-file eventlog_conf.i --output-file $@
 eventlog_free.lo: $(srcdir)/eventlog_free.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                   $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
@@ -285,9 +286,9 @@ eventlog_free.i: $(srcdir)/eventlog_free.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                   $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
                   $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/eventlog_free.c > $@
 eventlog_free.plog: eventlog_free.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_free.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/eventlog_free.c --i-file eventlog_free.i --output-file $@
 logwrap.lo: $(srcdir)/logwrap.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
             $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
@@ -297,9 +298,9 @@ logwrap.i: $(srcdir)/logwrap.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
             $(incdir)/sudo_eventlog.h $(incdir)/sudo_queue.h \
             $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logwrap.c > $@
 logwrap.plog: logwrap.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logwrap.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logwrap.c --i-file logwrap.i --output-file $@
 parse_json.lo: $(srcdir)/parse_json.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -315,9 +316,9 @@ parse_json.i: $(srcdir)/parse_json.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                $(incdir)/sudo_util.h $(srcdir)/parse_json.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/parse_json.c > $@
 parse_json.plog: parse_json.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parse_json.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/parse_json.c --i-file parse_json.i --output-file $@
 store_json_test.lo: $(srcdir)/regress/eventlog_store/store_json_test.c \
                     $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                     $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -331,9 +332,9 @@ store_json_test.i: $(srcdir)/regress/eventlog_store/store_json_test.c \
                     $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \
                     $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                     $(srcdir)/parse_json.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/eventlog_store/store_json_test.c > $@
 store_json_test.plog: store_json_test.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/eventlog_store/store_json_test.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/eventlog_store/store_json_test.c --i-file store_json_test.i --output-file $@
 store_sudo_test.lo: $(srcdir)/regress/eventlog_store/store_sudo_test.c \
                     $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                     $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -345,6 +346,6 @@ store_sudo_test.i: $(srcdir)/regress/eventlog_store/store_sudo_test.c \
                     $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
                     $(incdir)/sudo_lbuf.h $(incdir)/sudo_plugin.h \
                     $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/eventlog_store/store_sudo_test.c > $@
 store_sudo_test.plog: store_sudo_test.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/eventlog_store/store_sudo_test.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/eventlog_store/store_sudo_test.c --i-file store_sudo_test.i --output-file $@

lib/eventlog/eventlog.c

@@ -264,7 +264,7 @@ closefrom_nodebug(int lowfd)
 
     /* Close fds [lowfd, startfd) that are not in debug_fds. */
     for (fd = lowfd; fd < startfd; fd++) {
-	if (sudo_isset(debug_fds, fd))
+	if (fd < 0 || sudo_isset(debug_fds, fd))
 	    continue;
 	sudo_debug_printf(SUDO_DEBUG_DEBUG|SUDO_DEBUG_LINENO,
 	    "closing fd %d", fd);
@@ -620,7 +620,7 @@ oom:
 
 /*
  * Store the contents of struct eventlog as JSON.
- * The submit_time and iolog_path members are not stored, they should
+ * The event_time and iolog_path members are not stored, they should
  * be stored and formatted by the caller.
  */
 bool
@@ -638,7 +638,7 @@ eventlog_store_json(struct json_container *jsonc, const struct eventlog *evlog)
     /*
      * The most important values are written first in case
      * the log record gets truncated.
-     * Note: submit_time and iolog_path are not stored here.
+     * Note: event_time and iolog_path are not stored here.
      */
 
     json_value.type = JSON_STRING;
@@ -1130,7 +1130,8 @@ do_syslog(int event_type, int flags, struct eventlog_args *args,
     case EVLOG_SUDO:
 	ret = do_syslog_sudo(pri, lbuf.buf, evlog);
 	break;
-    case EVLOG_JSON:
+    case EVLOG_JSON_COMPACT:
+    case EVLOG_JSON_PRETTY:
 	ret = do_syslog_json(pri, event_type, args, evlog);
 	break;
     default:
@@ -1205,11 +1206,12 @@ done:
 }
 
 static bool
-do_logfile_json(int event_type, struct eventlog_args *args,
+do_logfile_json(enum eventlog_format format, int event_type,
-    const struct eventlog *evlog)
+    struct eventlog_args *args, const struct eventlog *evlog)
 {
     const struct eventlog_config *evl_conf = eventlog_getconf();
     const char *logfile = evl_conf->logpath;
+    const bool compact = format == EVLOG_JSON_COMPACT;
     struct stat sb;
     char *json_str;
     int ret = false;
@@ -1219,7 +1221,7 @@ do_logfile_json(int event_type, struct eventlog_args *args,
     if ((fp = evl_conf->open_log(EVLOG_FILE, logfile)) == NULL)
 	debug_return_bool(false);
 
-    json_str = format_json(event_type, args, evlog, false);
+    json_str = format_json(event_type, args, evlog, compact);
     if (json_str == NULL)
 	goto done;
 
@@ -1229,25 +1231,32 @@ do_logfile_json(int event_type, struct eventlog_args *args,
 	goto done;
     }
 
-    /* Note: assumes file ends in "\n}\n" */
+    if (!compact) {
-    if (fstat(fileno(fp), &sb) == -1) {
+	/* Note: assumes file ends in "\n}\n" */
-	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+	if (fstat(fileno(fp), &sb) == -1) {
-	    "unable to stat %s", logfile);
+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
-	goto done;
+		"unable to stat %s", logfile);
-    }
+	    goto done;
-    if (sb.st_size == 0) {
+	}
-	/* New file */
+	if (sb.st_size == 0) {
-	putc('{', fp);
+	    /* New file */
-    } else if (fseeko(fp, -3, SEEK_END) == 0) {
+	    putc('{', fp);
-	/* Continue file, overwrite the final "\n}\n" */
+	} else if (fseeko(fp, -3, SEEK_END) == 0) {
-	putc(',', fp);
+	    /* Continue file, overwrite the final "\n}\n" */
+	    putc(',', fp);
+	} else {
+	    sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+		"unable to seek %s", logfile);
+	    goto done;
+	}
+	fputs(json_str, fp);
+	fputs("\n}\n", fp);			/* close JSON */
     } else {
-	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_ERRNO|SUDO_DEBUG_LINENO,
+	/* Compact (minified) JSON records, one per line. */
-	    "unable to seek %s", logfile);
+	putc('{', fp);
-	goto done;
+	fputs(json_str, fp);
+	fputs("}\n", fp);
     }
-    fputs(json_str, fp);
-    fputs("\n}\n", fp);			/* close JSON */
     fflush(fp);
     /* XXX - check for file error and recover */
 
@@ -1293,8 +1302,9 @@ do_logfile(int event_type, int flags, struct eventlog_args *args,
 	ret = do_logfile_sudo(lbuf.buf ? lbuf.buf : args->reason, evlog,
 	    args->event_time);
 	break;
-    case EVLOG_JSON:
+    case EVLOG_JSON_COMPACT:
-	ret = do_logfile_json(event_type, args, evlog);
+    case EVLOG_JSON_PRETTY:
+	ret = do_logfile_json(evl_conf->format, event_type, args, evlog);
 	break;
     default:
 	sudo_debug_printf(SUDO_DEBUG_ERROR|SUDO_DEBUG_LINENO,
@@ -1317,7 +1327,7 @@ eventlog_accept(const struct eventlog *evlog, int flags,
     bool ret = true;
     debug_decl(eventlog_accept, SUDO_DEBUG_UTIL);
 
-    args.event_time = &evlog->submit_time;
+    args.event_time = &evlog->event_time;
     args.json_info_cb = info_cb;
     args.json_info = info;
 
@@ -1345,7 +1355,7 @@ eventlog_reject(const struct eventlog *evlog, int flags, const char *reason,
     debug_decl(eventlog_reject, SUDO_DEBUG_UTIL);
 
     args.reason = reason;
-    args.event_time = &evlog->submit_time;
+    args.event_time = &evlog->event_time;
     args.json_info_cb = info_cb;
     args.json_info = info;
 
@@ -1444,7 +1454,7 @@ eventlog_exit(const struct eventlog *evlog, int flags)
     debug_decl(eventlog_exit, SUDO_DEBUG_UTIL);
 
     if (sudo_timespecisset(&evlog->run_time)) {
-	sudo_timespecadd(&evlog->submit_time, &evlog->run_time, &exit_time);
+	sudo_timespecadd(&evlog->event_time, &evlog->run_time, &exit_time);
 	args.event_time = &exit_time;
     }
 

lib/eventlog/parse_json.c

@@ -424,7 +424,7 @@ json_store_run_time(struct json_item *item, struct eventlog *evlog)
 static bool
 json_store_timestamp(struct json_item *item, struct eventlog *evlog)
 {
-    return json_store_timespec(item, &evlog->submit_time);
+    return json_store_timespec(item, &evlog->event_time);
 }
 
 static bool

lib/fuzzstub/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2021 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2021-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,7 @@ incdir = $(top_srcdir)/include
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 
 # C preprocessor flags
@@ -102,7 +103,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
@@ -171,6 +172,6 @@ fuzzstub.lo: $(srcdir)/fuzzstub.c $(incdir)/compat/stdbool.h \
 fuzzstub.i: $(srcdir)/fuzzstub.c $(incdir)/compat/stdbool.h \
              $(incdir)/sudo_compat.h $(incdir)/sudo_util.h \
              $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/fuzzstub.c > $@
 fuzzstub.plog: fuzzstub.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fuzzstub.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/fuzzstub.c --i-file fuzzstub.i --output-file $@

lib/iolog/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2011-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2011-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -33,6 +33,7 @@ cross_compiling = @CROSS_COMPILING@
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 SHA1SUM = @SHA1SUM@
 EGREP = @EGREP@
@@ -154,7 +155,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
@@ -370,9 +371,9 @@ check_iolog_filter.i: $(srcdir)/regress/iolog_filter/check_iolog_filter.c \
                        $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                        $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
                        $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/iolog_filter/check_iolog_filter.c > $@
 check_iolog_filter.plog: check_iolog_filter.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_filter/check_iolog_filter.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_filter/check_iolog_filter.c --i-file check_iolog_filter.i --output-file $@
 check_iolog_mkpath.lo: $(srcdir)/regress/iolog_mkpath/check_iolog_mkpath.c \
                        $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                        $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
@@ -384,9 +385,9 @@ check_iolog_mkpath.i: $(srcdir)/regress/iolog_mkpath/check_iolog_mkpath.c \
                        $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                        $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
                        $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/iolog_mkpath/check_iolog_mkpath.c > $@
 check_iolog_mkpath.plog: check_iolog_mkpath.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_mkpath/check_iolog_mkpath.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_mkpath/check_iolog_mkpath.c --i-file check_iolog_mkpath.i --output-file $@
 check_iolog_path.lo: $(srcdir)/regress/iolog_path/check_iolog_path.c \
                      $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                      $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
@@ -398,9 +399,9 @@ check_iolog_path.i: $(srcdir)/regress/iolog_path/check_iolog_path.c \
                      $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                      $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
                      $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/iolog_path/check_iolog_path.c > $@
 check_iolog_path.plog: check_iolog_path.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_path/check_iolog_path.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_path/check_iolog_path.c --i-file check_iolog_path.i --output-file $@
 check_iolog_timing.lo: $(srcdir)/regress/iolog_timing/check_iolog_timing.c \
                        $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                        $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
@@ -412,9 +413,9 @@ check_iolog_timing.i: $(srcdir)/regress/iolog_timing/check_iolog_timing.c \
                        $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                        $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
                        $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/iolog_timing/check_iolog_timing.c > $@
 check_iolog_timing.plog: check_iolog_timing.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_timing/check_iolog_timing.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/iolog_timing/check_iolog_timing.c --i-file check_iolog_timing.i --output-file $@
 fuzz_iolog_json.lo: $(srcdir)/regress/fuzz/fuzz_iolog_json.c \
                     $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                     $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
@@ -428,9 +429,9 @@ fuzz_iolog_json.i: $(srcdir)/regress/fuzz/fuzz_iolog_json.c \
                     $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                     $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                     $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_iolog_json.c > $@
 fuzz_iolog_json.plog: fuzz_iolog_json.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_json.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_json.c --i-file fuzz_iolog_json.i --output-file $@
 fuzz_iolog_legacy.lo: $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c \
                       $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                       $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
@@ -444,9 +445,9 @@ fuzz_iolog_legacy.i: $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c \
                       $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                       $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                       $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c > $@
 fuzz_iolog_legacy.plog: fuzz_iolog_legacy.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_legacy.c --i-file fuzz_iolog_legacy.i --output-file $@
 fuzz_iolog_timing.lo: $(srcdir)/regress/fuzz/fuzz_iolog_timing.c \
                       $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                       $(incdir)/sudo_debug.h $(incdir)/sudo_eventlog.h \
@@ -460,9 +461,9 @@ fuzz_iolog_timing.i: $(srcdir)/regress/fuzz/fuzz_iolog_timing.c \
                       $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                       $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                       $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_iolog_timing.c > $@
 fuzz_iolog_timing.plog: fuzz_iolog_timing.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_timing.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_iolog_timing.c --i-file fuzz_iolog_timing.i --output-file $@
 host_port.lo: $(srcdir)/host_port.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
               $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \
@@ -474,9 +475,9 @@ host_port.i: $(srcdir)/host_port.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \
               $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
               $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/host_port.c > $@
 host_port.plog: host_port.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/host_port.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/host_port.c --i-file host_port.i --output-file $@
 host_port_test.lo: $(srcdir)/regress/host_port/host_port_test.c \
                    $(incdir)/compat/stdbool.h $(incdir)/sudo_compat.h \
                    $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
@@ -488,9 +489,9 @@ host_port_test.i: $(srcdir)/regress/host_port/host_port_test.c \
                    $(incdir)/sudo_fatal.h $(incdir)/sudo_iolog.h \
                    $(incdir)/sudo_plugin.h $(incdir)/sudo_util.h \
                    $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/host_port/host_port_test.c > $@
 host_port_test.plog: host_port_test.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/host_port/host_port_test.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/host_port/host_port_test.c --i-file host_port_test.i --output-file $@
 hostcheck.lo: $(srcdir)/hostcheck.c $(incdir)/compat/stdbool.h \
               $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \
               $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \
@@ -500,9 +501,9 @@ hostcheck.i: $(srcdir)/hostcheck.c $(incdir)/compat/stdbool.h \
               $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \
               $(incdir)/sudo_debug.h $(incdir)/sudo_queue.h \
               $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/hostcheck.c > $@
 hostcheck.plog: hostcheck.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hostcheck.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/hostcheck.c --i-file hostcheck.i --output-file $@
 iolog_clearerr.lo: $(srcdir)/iolog_clearerr.c $(incdir)/compat/stdbool.h \
                    $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                    $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -512,9 +513,9 @@ iolog_clearerr.i: $(srcdir)/iolog_clearerr.c $(incdir)/compat/stdbool.h \
                    $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                    $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                    $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_clearerr.c > $@
 iolog_clearerr.plog: iolog_clearerr.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_clearerr.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_clearerr.c --i-file iolog_clearerr.i --output-file $@
 iolog_close.lo: $(srcdir)/iolog_close.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -524,9 +525,9 @@ iolog_close.i: $(srcdir)/iolog_close.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                 $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_close.c > $@
 iolog_close.plog: iolog_close.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_close.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_close.c --i-file iolog_close.i --output-file $@
 iolog_conf.lo: $(srcdir)/iolog_conf.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -538,9 +539,9 @@ iolog_conf.i: $(srcdir)/iolog_conf.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                $(incdir)/sudo_util.h $(top_builddir)/config.h \
                $(top_builddir)/pathnames.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_conf.c > $@
 iolog_conf.plog: iolog_conf.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_conf.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_conf.c --i-file iolog_conf.i --output-file $@
 iolog_eof.lo: $(srcdir)/iolog_eof.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
               $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -550,9 +551,9 @@ iolog_eof.i: $(srcdir)/iolog_eof.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
               $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
               $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_eof.c > $@
 iolog_eof.plog: iolog_eof.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_eof.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_eof.c --i-file iolog_eof.i --output-file $@
 iolog_filter.lo: $(srcdir)/iolog_filter.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -566,9 +567,9 @@ iolog_filter.i: $(srcdir)/iolog_filter.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                  $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_filter.c > $@
 iolog_filter.plog: iolog_filter.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_filter.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_filter.c --i-file iolog_filter.i --output-file $@
 iolog_flush.lo: $(srcdir)/iolog_flush.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -578,9 +579,9 @@ iolog_flush.i: $(srcdir)/iolog_flush.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                 $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_flush.c > $@
 iolog_flush.plog: iolog_flush.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_flush.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_flush.c --i-file iolog_flush.i --output-file $@
 iolog_gets.lo: $(srcdir)/iolog_gets.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -590,9 +591,9 @@ iolog_gets.i: $(srcdir)/iolog_gets.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_gets.c > $@
 iolog_gets.plog: iolog_gets.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_gets.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_gets.c --i-file iolog_gets.i --output-file $@
 iolog_json.lo: $(srcdir)/iolog_json.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_eventlog.h $(incdir)/sudo_iolog.h \
@@ -602,9 +603,9 @@ iolog_json.i: $(srcdir)/iolog_json.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_eventlog.h $(incdir)/sudo_iolog.h \
                $(incdir)/sudo_queue.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_json.c > $@
 iolog_json.plog: iolog_json.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_json.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_json.c --i-file iolog_json.i --output-file $@
 iolog_legacy.lo: $(srcdir)/iolog_legacy.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -618,9 +619,9 @@ iolog_legacy.i: $(srcdir)/iolog_legacy.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \
                  $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                  $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_legacy.c > $@
 iolog_legacy.plog: iolog_legacy.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_legacy.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_legacy.c --i-file iolog_legacy.i --output-file $@
 iolog_loginfo.lo: $(srcdir)/iolog_loginfo.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                   $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -636,9 +637,9 @@ iolog_loginfo.i: $(srcdir)/iolog_loginfo.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_json.h $(incdir)/sudo_plugin.h \
                   $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                   $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_loginfo.c > $@
 iolog_loginfo.plog: iolog_loginfo.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_loginfo.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_loginfo.c --i-file iolog_loginfo.i --output-file $@
 iolog_mkdirs.lo: $(srcdir)/iolog_mkdirs.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -652,9 +653,9 @@ iolog_mkdirs.i: $(srcdir)/iolog_mkdirs.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                  $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_mkdirs.c > $@
 iolog_mkdirs.plog: iolog_mkdirs.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkdirs.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkdirs.c --i-file iolog_mkdirs.i --output-file $@
 iolog_mkdtemp.lo: $(srcdir)/iolog_mkdtemp.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                   $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -668,9 +669,9 @@ iolog_mkdtemp.i: $(srcdir)/iolog_mkdtemp.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                   $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                   $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_mkdtemp.c > $@
 iolog_mkdtemp.plog: iolog_mkdtemp.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkdtemp.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkdtemp.c --i-file iolog_mkdtemp.i --output-file $@
 iolog_mkpath.lo: $(srcdir)/iolog_mkpath.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -680,9 +681,9 @@ iolog_mkpath.i: $(srcdir)/iolog_mkpath.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                  $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_mkpath.c > $@
 iolog_mkpath.plog: iolog_mkpath.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkpath.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_mkpath.c --i-file iolog_mkpath.i --output-file $@
 iolog_nextid.lo: $(srcdir)/iolog_nextid.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -696,9 +697,9 @@ iolog_nextid.i: $(srcdir)/iolog_nextid.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                  $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_nextid.c > $@
 iolog_nextid.plog: iolog_nextid.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_nextid.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_nextid.c --i-file iolog_nextid.i --output-file $@
 iolog_open.lo: $(srcdir)/iolog_open.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -708,9 +709,9 @@ iolog_open.i: $(srcdir)/iolog_open.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_open.c > $@
 iolog_open.plog: iolog_open.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_open.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_open.c --i-file iolog_open.i --output-file $@
 iolog_openat.lo: $(srcdir)/iolog_openat.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -724,9 +725,9 @@ iolog_openat.i: $(srcdir)/iolog_openat.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                  $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                  $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_openat.c > $@
 iolog_openat.plog: iolog_openat.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_openat.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_openat.c --i-file iolog_openat.i --output-file $@
 iolog_path.lo: $(srcdir)/iolog_path.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -740,9 +741,9 @@ iolog_path.i: $(srcdir)/iolog_path.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_path.c > $@
 iolog_path.plog: iolog_path.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_path.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_path.c --i-file iolog_path.i --output-file $@
 iolog_read.lo: $(srcdir)/iolog_read.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -752,9 +753,9 @@ iolog_read.i: $(srcdir)/iolog_read.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_read.c > $@
 iolog_read.plog: iolog_read.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_read.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_read.c --i-file iolog_read.i --output-file $@
 iolog_seek.lo: $(srcdir)/iolog_seek.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -764,9 +765,9 @@ iolog_seek.i: $(srcdir)/iolog_seek.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_seek.c > $@
 iolog_seek.plog: iolog_seek.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_seek.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_seek.c --i-file iolog_seek.i --output-file $@
 iolog_swapids.lo: $(srcdir)/iolog_swapids.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                   $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -778,9 +779,9 @@ iolog_swapids.i: $(srcdir)/iolog_swapids.c $(incdir)/compat/stdbool.h \
                   $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
                   $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                   $(incdir)/sudo_queue.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_swapids.c > $@
 iolog_swapids.plog: iolog_swapids.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_swapids.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_swapids.c --i-file iolog_swapids.i --output-file $@
 iolog_timing.lo: $(srcdir)/iolog_timing.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                  $(incdir)/sudo_eventlog.h $(incdir)/sudo_fatal.h \
@@ -794,9 +795,9 @@ iolog_timing.i: $(srcdir)/iolog_timing.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_gettext.h $(incdir)/sudo_iolog.h \
                  $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
                  $(incdir)/sudo_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_timing.c > $@
 iolog_timing.plog: iolog_timing.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_timing.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_timing.c --i-file iolog_timing.i --output-file $@
 iolog_util.lo: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -806,9 +807,9 @@ iolog_util.i: $(srcdir)/iolog_util.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_util.c > $@
 iolog_util.plog: iolog_util.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_util.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_util.c --i-file iolog_util.i --output-file $@
 iolog_write.lo: $(srcdir)/iolog_write.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
@@ -818,6 +819,6 @@ iolog_write.i: $(srcdir)/iolog_write.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                 $(incdir)/sudo_iolog.h $(incdir)/sudo_queue.h \
                 $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_write.c > $@
 iolog_write.plog: iolog_write.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_write.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_write.c --i-file iolog_write.i --output-file $@

lib/iolog/iolog_legacy.c

@@ -84,7 +84,7 @@ iolog_parse_loginfo_legacy(FILE *fp, const char *iolog_dir,
 	goto done;
     }
     *ep = '\0';
-    evlog->submit_time.tv_sec =
+    evlog->event_time.tv_sec =
 	(time_t)sudo_strtonum(cp, 0, TIME_T_MAX, &errstr);
     if (errstr != NULL) {
 	sudo_warn(U_("%s: time stamp %s: %s"), iolog_dir, cp, errstr);

lib/iolog/iolog_loginfo.c

@@ -123,7 +123,7 @@ iolog_write_info_file_legacy(int dfd, struct eventlog *evlog)
     }
 
     fprintf(fp, "%lld:%s:%s:%s:%s:%d:%d\n%s\n",
-	(long long)evlog->submit_time.tv_sec,
+	(long long)evlog->event_time.tv_sec,
 	evlog->submituser ? evlog->submituser : "unknown",
 	evlog->runuser ? evlog->runuser : RUNAS_DEFAULT,
 	evlog->rungroup ? evlog->rungroup : "",
@@ -168,12 +168,12 @@ iolog_write_info_file_json(int dfd, struct eventlog *evlog)
 	goto oom;
 
     json_value.type = JSON_NUMBER;
-    json_value.u.number = evlog->submit_time.tv_sec;
+    json_value.u.number = evlog->event_time.tv_sec;
     if (!sudo_json_add_value(&jsonc, "seconds", &json_value))
         goto oom;
 
     json_value.type = JSON_NUMBER;
-    json_value.u.number = evlog->submit_time.tv_nsec;
+    json_value.u.number = evlog->event_time.tv_nsec;
     if (!sudo_json_add_value(&jsonc, "nanoseconds", &json_value))
         goto oom;
 

lib/iolog/regress/iolog_path/check_iolog_path.c

@@ -252,24 +252,24 @@ main(int argc, char *argv[])
 		sudo_fatal(NULL);
 	    break;
 	case 7:
-	    if (dir_in != NULL)
+	    free(dir_in);
-		free(dir_in);
+	    if ((dir_in = strdup(line)) == NULL)
-	    dir_in = strdup(line);
+		sudo_fatal(NULL);
 	    break;
 	case 8:
-	    if (file_in != NULL)
+	    free(file_in);
-		free(file_in);
+	    if ((file_in = strdup(line)) == NULL)
-	    file_in = strdup(line);
+		sudo_fatal(NULL);
 	    break;
 	case 9:
-	    if (dir_out != NULL)
+	    free(dir_out);
-		free(dir_out);
+	    if ((dir_out = strdup(line)) == NULL)
-	    dir_out = strdup(line);
+		sudo_fatal(NULL);
 	    break;
 	case 10:
-	    if (file_out != NULL)
+	    free(file_out);
-		free(file_out);
+	    if ((file_out = strdup(line)) == NULL)
-	    file_out = strdup(line);
+		sudo_fatal(NULL);
 	    break;
 	case 11:
 	    errors += do_check(dir_in, file_in, dir_out, file_out);

lib/logsrv/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,7 @@ incdir = $(top_srcdir)/include
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 
 # Libraries
@@ -100,7 +101,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@

lib/protobuf-c/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2019-2020 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,7 @@ incdir = $(top_srcdir)/include
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 
 # C preprocessor flags
@@ -95,7 +96,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
@@ -175,6 +176,6 @@ protobuf-c.lo: $(srcdir)/protobuf-c.c $(incdir)/compat/endian.h \
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/protobuf-c.c
 protobuf-c.i: $(srcdir)/protobuf-c.c $(incdir)/compat/endian.h \
                $(incdir)/protobuf-c/protobuf-c.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/protobuf-c.c > $@
 protobuf-c.plog: protobuf-c.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/protobuf-c.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/protobuf-c.c --i-file protobuf-c.i --output-file $@

lib/ssl_compat/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2023 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2023-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -32,6 +32,7 @@ incdir = $(top_srcdir)/include
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 
 # Libraries
@@ -100,7 +101,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
@@ -184,6 +185,6 @@ ssl_compat.lo: $(srcdir)/ssl_compat.c $(incdir)/sudo_compat.h \
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c -o $@ $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $(srcdir)/ssl_compat.c
 ssl_compat.i: $(srcdir)/ssl_compat.c $(incdir)/sudo_compat.h \
                $(incdir)/sudo_ssl_compat.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/ssl_compat.c > $@
 ssl_compat.plog: ssl_compat.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ssl_compat.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/ssl_compat.c --i-file ssl_compat.i --output-file $@

lib/util/chacha_private.h

@@ -92,7 +92,7 @@ chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes)
   u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
   u8 *ctarget = NULL;
   u8 tmp[64];
-  u_int i;
+  u32 i;
 
   if (!bytes) return;
 

lib/util/event.c

@@ -637,7 +637,7 @@ sudo_ev_dispatch_v1(struct sudo_event_base *base)
 
 /*
  * Run main event loop.
- * Returns 0 on success, 1 if no events registered  and -1 on error 
+ * Returns 0 on success, 1 if no events registered and -1 on error 
  */
 int
 sudo_ev_loop_v1(struct sudo_event_base *base, unsigned int flags)

lib/util/fatal.c

@@ -303,7 +303,7 @@ sudo_fatal_callback_deregister_v1(sudo_fatal_callback_t func)
 }
 
 /*
- * Set the conversation function to use for output insteaf of the
+ * Set the conversation function to use for output instead of the
  * standard error.  If conv is NULL, switch back to standard error.
  */
 void

lib/util/fnmatch.c

@@ -227,7 +227,7 @@ leadingclosebrace:
 
                 /* NOT a properly balanced [expr] pattern, EOS terminated 
                  * or ranges containing a slash in FNM_PATHNAME mode pattern
-                 * fall out to to the rewind and test '[' literal code path
+                 * fall out to the rewind and test '[' literal code path
                  */
                 if (!**pattern || (slash && (**pattern == '/')))
                     break;

lib/util/fstatat.c

@@ -32,7 +32,7 @@
 
 #ifndef HAVE_FSTATAT
 int
-sudo_fstatat(int dfd, const char *path, struct stat *sb, int flag)
+sudo_fstatat(int dfd, const char * restrict path, struct stat * restrict sb, int flag)
 {
     int odfd, ret = -1;
 

lib/util/gethostname.c

@@ -41,7 +41,7 @@ sudo_gethostname_v1(void)
 
 #ifdef _SC_HOST_NAME_MAX
     host_name_max = (size_t)sysconf(_SC_HOST_NAME_MAX);
-    if (host_name_max == (size_t)-1)
+    if ((ssize_t)host_name_max <= 0)
 #endif
 	host_name_max = 255;	/* POSIX and historic BSD */
 

lib/util/glob.c

@@ -138,33 +138,33 @@ struct glob_lim {
 };
 
 static int	 compare(const void *, const void *);
-static int	 g_Ctoc(const Char *, char *, size_t);
+static int	 g_Ctoc(const Char * restrict, char * restrict, size_t);
-static int	 g_lstat(Char *, struct stat *, glob_t *);
+static int	 g_lstat(Char * restrict, struct stat * restrict, glob_t *restrict);
 static DIR	*g_opendir(Char *, glob_t *);
 static Char	*g_strchr(const Char *, int);
 static int	 g_strncmp(const Char *, const char *, size_t);
-static int	 g_stat(Char *, struct stat *, glob_t *);
+static int	 g_stat(Char * restrict, struct stat * restrict, glob_t * restrict);
-static int	 glob0(const Char *, glob_t *, struct glob_lim *);
+static int	 glob0(const Char * restrict, glob_t * restrict, struct glob_lim * restrict);
-static int	 glob1(Char *, Char *, glob_t *, struct glob_lim *);
+static int	 glob1(Char *, Char *, glob_t * restrict, struct glob_lim * restrict);
 static int	 glob2(Char *, Char *, Char *, Char *, Char *, Char *,
-		    glob_t *, struct glob_lim *);
+		    glob_t * restrict, struct glob_lim * restrict);
 static int	 glob3(Char *, Char *, Char *, Char *, Char *,
-		    Char *, Char *, glob_t *, struct glob_lim *);
+		    Char *, Char *, glob_t * restrict, struct glob_lim * restrict);
-static int	 globextend(const Char *, glob_t *, struct glob_lim *,
+static int	 globextend(const Char * restrict, glob_t * restrict, struct glob_lim * restrict,
-		    struct stat *);
+		    struct stat * restrict);
 static const Char *
-		 globtilde(const Char *, Char *, size_t, glob_t *);
+		 globtilde(const Char * restrict, Char * restrict, size_t, glob_t * restrict);
-static int	 globexp1(const Char *, glob_t *, struct glob_lim *);
+static int	 globexp1(const Char * restrict, glob_t * restrict, struct glob_lim * restrict);
-static int	 globexp2(const Char *, const Char *, glob_t *,
+static int	 globexp2(const Char *, const Char *, glob_t * restrict,
-		    struct glob_lim *);
+		    struct glob_lim * restrict);
 static int	 match(Char *, Char *, Char *);
 #ifdef DEBUG
-static void	 qprintf(const char *, Char *);
+static void	 qprintf(const char * restrict, Char * restrict);
 #endif
 
 int
-sudo_glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
+sudo_glob(const char * restrict pattern, int flags, int (*errfunc)(const char *, int),
-    glob_t *pglob)
+    glob_t * restrict pglob)
 {
 	const unsigned char *patnext;
 	int c;
@@ -220,7 +220,7 @@ sudo_glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
  * characters
  */
 static int
-globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
+globexp1(const Char * restrict pattern, glob_t * restrict pglob, struct glob_lim * restrict limitp)
 {
 	const Char* ptr = pattern;
 
@@ -241,10 +241,11 @@ globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
  * If it fails then it tries to glob the rest of the pattern and returns.
  */
 static int
-globexp2(const Char *ptr, const Char *pattern, glob_t *pglob,
+globexp2(const Char *ptr, const Char *pattern, glob_t * restrict pglob,
-    struct glob_lim *limitp)
+    struct glob_lim * restrict limitp)
 {
-	int     i, rv;
+	size_t  i;
+	int     rv;
 	Char   *lm, *ls;
 	const Char *pe, *pm, *pl;
 	Char    patbuf[PATH_MAX];
@@ -346,7 +347,7 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob,
  * expand tilde from the passwd file.
  */
 static const Char *
-globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob)
+globtilde(const Char * restrict pattern, Char * restrict patbuf, size_t patbuf_len, glob_t * restrict pglob)
 {
 	struct passwd *pwd;
 	char *h;
@@ -413,7 +414,7 @@ g_strncmp(const Char *s1, const char *s2, size_t n)
 }
 
 static int
-g_charclass(const Char **patternp, Char **bufnextp)
+g_charclass(const Char ** restrict patternp, Char ** restrict bufnextp)
 {
 	const Char *pattern = *patternp + 1;
 	Char *bufnext = *bufnextp;
@@ -447,7 +448,7 @@ g_charclass(const Char **patternp, Char **bufnextp)
  * to find no matches.
  */
 static int
-glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
+glob0(const Char * restrict pattern, glob_t * restrict pglob, struct glob_lim * restrict limitp)
 {
 	const Char *qpatnext;
 	int c, err;
@@ -551,7 +552,7 @@ compare(const void *p, const void *q)
 }
 
 static int
-glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
+glob1(Char *pattern, Char *pattern_last, glob_t * restrict pglob, struct glob_lim * restrict limitp)
 {
 	Char pathbuf[PATH_MAX];
 
@@ -570,7 +571,7 @@ glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
  */
 static int
 glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
-    Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
+    Char *pattern, Char *pattern_last, glob_t * restrict pglob, struct glob_lim * restrict limitp)
 {
 	struct stat sb;
 	Char *p, *q;
@@ -638,8 +639,8 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
 
 static int
 glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
-    Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob,
+    Char *pattern, Char *restpattern, Char *restpattern_last, glob_t * restrict pglob,
-    struct glob_lim *limitp)
+    struct glob_lim * restrict limitp)
 {
 	struct dirent *dp;
 	DIR *dirp;
@@ -721,8 +722,8 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
  *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
  */
 static int
-globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
+globextend(const Char * restrict path, glob_t * restrict pglob, struct glob_lim * restrict limitp,
-    struct stat *sb)
+    struct stat * restrict sb)
 {
 	char **pathv;
 	size_t i, newn, len;
@@ -892,7 +893,7 @@ g_opendir(Char *str, glob_t *pglob)
 }
 
 static int
-g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
+g_lstat(Char * restrict fn, struct stat * restrict sb, glob_t * restrict pglob)
 {
 	char buf[PATH_MAX];
 
@@ -902,7 +903,7 @@ g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
 }
 
 static int
-g_stat(Char *fn, struct stat *sb, glob_t *pglob)
+g_stat(Char * restrict fn, struct stat * restrict sb, glob_t * restrict pglob)
 {
 	char buf[PATH_MAX];
 
@@ -922,7 +923,7 @@ g_strchr(const Char *str, int ch)
 }
 
 static int
-g_Ctoc(const Char *str, char *buf, size_t len)
+g_Ctoc(const Char * restrict str, char * restrict buf, size_t len)
 {
 
 	while (len--) {
@@ -934,20 +935,20 @@ g_Ctoc(const Char *str, char *buf, size_t len)
 
 #ifdef DEBUG
 static void
-qprintf(const char *str, Char *s)
+qprintf(const char * restrict str, Char * restrict s)
 {
 	Char *p;
 
 	(void)printf("%s:\n", str);
 	for (p = s; *p; p++)
-		(void)fputc(CHAR(*p), stdout);
+		(void)putchar(CHAR(*p));
-	(void)fputc('\n', stdout);
+	(void)putchar('\n');
 	for (p = s; *p; p++)
-		(void)fputc(*p & M_PROTECT ? '"' : ' ', stdout);
+		(void)putchar(*p & M_PROTECT ? '"' : ' ');
-	(void)fputc('\n', stdout);
+	(void)putchar('\n');
 	for (p = s; *p; p++)
-		(void)fputc(ismeta(*p) ? '_' : ' ', stdout);
+		(void)putchar(ismeta(*p) ? '_' : ' ');
-	(void)fputc('\n', stdout);
+	(void)putchar('\n');
 }
 #endif /* DEBUG */
 #endif /* HAVE_GLOB */

lib/util/gmtime_r.c

@@ -36,7 +36,7 @@
  * Still has the normal gmtime() side effects.
  */
 struct tm *
-sudo_gmtime_r(const time_t *timer, struct tm *result)
+sudo_gmtime_r(const time_t * restrict timer, struct tm * restrict result)
 {
     struct tm *tm;
 

lib/util/hexchar.c

@@ -32,7 +32,7 @@
  * Returns a value 0-255 on success or -1 for invalid input.
  */
 int
-sudo_hexchar_v1(const char *s)
+sudo_hexchar_v1(const char s[restrict static 2])
 {
     unsigned char result[2];
     unsigned int i;

lib/util/inet_pton.c

@@ -89,7 +89,7 @@ inet_pton4(const char *src, u_char *dst)
 		const char *pch;
 
 		if ((pch = strchr(digits, ch)) != NULL) {
-			u_int new = *tp * 10 + (pch - digits);
+			unsigned int new = *tp * 10 + (pch - digits);
 
 			if (new > 255)
 				return (0);
@@ -135,7 +135,7 @@ inet_pton6(const char *src, u_char *dst)
 	u_char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
 	const char *xdigits, *curtok;
 	int ch, saw_xdigit, count_xdigit;
-	u_int val;
+	unsigned int val;
 
 	/* cppcheck-suppress uninitvar */
 	memset((tp = tmp), 0, NS_IN6ADDRSZ);
@@ -233,7 +233,7 @@ inet_pton6(const char *src, u_char *dst)
  *	Paul Vixie, 1996.
  */
 int
-sudo_inet_pton(int af, const char *src, void *dst)
+sudo_inet_pton(int af, const char * restrict src, void * restrict dst)
 {
 	switch (af) {
 	case AF_INET:

lib/util/json.c

@@ -265,6 +265,7 @@ sudo_json_close_object_v1(struct json_container *jsonc)
     }
     if (!json_append_buf(jsonc, "}"))
 	debug_return_bool(false);
+    jsonc->need_comma = true;
 
     debug_return_bool(true);
 }
@@ -309,6 +310,7 @@ sudo_json_close_array_v1(struct json_container *jsonc)
     }
     if (!json_append_buf(jsonc, "]"))
 	debug_return_bool(false);
+    jsonc->need_comma = true;
 
     debug_return_bool(true);
 }

lib/util/lbuf.c

@@ -415,8 +415,8 @@ sudo_lbuf_println(struct sudo_lbuf *lbuf, char *line, size_t len)
 	cp = ep;
 
 	/*
-	 * If there is more to print, reset have, incremement cp past
+	 * If there is more to print, reset have, increment cp past
-	 * the whitespace, and print a line continuaton char if needed.
+	 * the whitespace, and print a line continuation char if needed.
 	 */
 	if (cp != NULL) {
 	    have = lbuf->cols - indent;
@@ -474,7 +474,7 @@ sudo_lbuf_print_v1(struct sudo_lbuf *lbuf)
     }
 
 done:
-    lbuf->len = 0;		/* reset the buffer for re-use. */
+    lbuf->len = 0;		/* reset the buffer for reuse. */
     lbuf->error = 0;
 
     debug_return;

lib/util/localtime_r.c

@@ -36,7 +36,7 @@
  * Still has the normal localtime() side effects.
  */
 struct tm *
-sudo_localtime_r(const time_t *timer, struct tm *result)
+sudo_localtime_r(const time_t * restrict timer, struct tm * restrict result)
 {
     struct tm *tm;
 

lib/util/multiarch.c

@@ -44,7 +44,7 @@
  * Returns a dynamically allocated string on success and NULL on failure.
  */
 char *
-sudo_stat_multiarch_v1(const char *path, struct stat *sb)
+sudo_stat_multiarch_v1(const char * restrict path, struct stat * restrict sb)
 {
 #  if defined(__ILP32__)
     const char *libdirs[] = { "/libx32/", "/lib/", "/libexec/", NULL };
@@ -96,7 +96,7 @@ sudo_stat_multiarch_v1(const char *path, struct stat *sb)
 }
 #else
 char *
-sudo_stat_multiarch_v1(const char *path, struct stat *sb)
+sudo_stat_multiarch_v1(const char * restrict path, struct stat * restrict sb)
 {
     return NULL;
 }

lib/util/regress/mktemp/mktemp_test.c

@@ -151,6 +151,8 @@ main(int argc, char *argv[])
 	argv += optind;
 
 	pg = (size_t)sysconf(_SC_PAGESIZE);
+	if (pg == (size_t)-1)
+		sudo_fatal("sysconf(_SC_PAGESIZE)");
 	if (getcwd(cwd, sizeof cwd - 1) == NULL)
 		sudo_fatal("getcwd");
 	clen = strlen(cwd);

lib/util/snprintf.c

@@ -412,7 +412,7 @@ xxxprintf(char ** restrict strp, size_t strsize, int alloc, const char * restric
 
 /*
 * Get the argument indexed by nextarg.   If the argument table is
-* built, use it to get the argument.  If its not, get the next
+* built, use it to get the argument.  If it's not, get the next
 * argument (and arguments must be gotten sequentially).
 */
 #define GETARG(type) \

lib/util/sudo_dso.c

@@ -124,7 +124,7 @@ sudo_dso_findsym_v1(void *vhandle, const char *symbol)
     }
 
     /*
-     * Note that the behavior of of SUDO_DSO_NEXT and SUDO_DSO_SELF
+     * Note that the behavior of SUDO_DSO_NEXT and SUDO_DSO_SELF
      * differs from most implementations when called from
      * a shared library.
      */

lib/util/ttyname_dev.c

@@ -29,8 +29,6 @@
 # include <sys/mkdev.h>
 #elif defined(MAJOR_IN_SYSMACROS)
 # include <sys/sysmacros.h>
-#else
-# include <sys/param.h>
 #endif
 #include <stdio.h>
 #include <stdlib.h>

lib/util/utimens.c

@@ -106,7 +106,7 @@ utimens_ts_to_tv(int fd, const char *file, const struct timespec *ts,
  * Emulate futimens() via futimes()
  */
 int
-sudo_futimens(int fd, const struct timespec *ts)
+sudo_futimens(int fd, const struct timespec ts[2])
 {
     struct timeval tv[2], *times = NULL;
 
@@ -122,7 +122,7 @@ sudo_futimens(int fd, const struct timespec *ts)
  * Emulate futimens() via futime()
  */
 int
-sudo_futimens(int fd, const struct timespec *ts)
+sudo_futimens(int fd, const struct timespec ts[2])
 {
     struct utimbuf utb, *times = NULL;
 
@@ -142,7 +142,7 @@ sudo_futimens(int fd, const struct timespec *ts)
  * Nothing to do but fail.
  */
 int
-sudo_futimens(int fd, const struct timespec *ts)
+sudo_futimens(int fd, const struct timespec ts[2])
 {
     errno = ENOSYS;
     return -1;
@@ -154,7 +154,7 @@ sudo_futimens(int fd, const struct timespec *ts)
  * Emulate utimensat() via utimes()
  */
 int
-sudo_utimensat(int fd, const char *file, const struct timespec *ts, int flag)
+sudo_utimensat(int fd, const char *file, const struct timespec ts[2], int flag)
 {
     struct timeval tv[2], *times = NULL;
 
@@ -175,7 +175,7 @@ sudo_utimensat(int fd, const char *file, const struct timespec *ts, int flag)
  * Emulate utimensat() via utime()
  */
 int
-sudo_utimensat(int fd, const char *file, const struct timespec *ts, int flag)
+sudo_utimensat(int fd, const char *file, const struct timespec ts[2], int flag)
 {
     struct utimbuf utb, *times = NULL;
 

lib/util/uuid.c

@@ -50,7 +50,7 @@ struct uuid {
  * As per RFC 4122 section 4.4.
  */
 void
-sudo_uuid_create_v1(unsigned char uuid_out[16])
+sudo_uuid_create_v1(unsigned char uuid_out[restrict static 16])
 {
     struct uuid uuid;
 
@@ -71,7 +71,7 @@ sudo_uuid_create_v1(unsigned char uuid_out[16])
  * Format a uuid as a 36-byte string (plus one for the NUL).
  */
 char *
-sudo_uuid_to_string_v1(unsigned char uuid[16], char *dst, size_t dstsiz)
+sudo_uuid_to_string_v1(const unsigned char uuid[restrict static 16], char * restrict dst, size_t dstsiz)
 {
     const char hex[] = "0123456789abcdef";
     char *cp = dst;

lib/zlib/deflate.c

@@ -1,5 +1,5 @@
 /* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler
+ * Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -52,7 +52,7 @@
 #include "deflate.h"
 
 const char deflate_copyright[] =
-   " deflate 1.3 Copyright 1995-2023 Jean-loup Gailly and Mark Adler ";
+   " deflate 1.3.1 Copyright 1995-2024 Jean-loup Gailly and Mark Adler ";
 /*
   If you use the zlib library in a product, an acknowledgment is welcome
   in the documentation of your product. If for some reason you cannot
@@ -493,7 +493,7 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
      * symbols from which it is being constructed.
      */
 
-    s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
+    s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, LIT_BUFS);
     s->pending_buf_size = (ulg)s->lit_bufsize * 4;
 
     if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
@@ -503,8 +503,14 @@ int ZEXPORT deflateInit2_(z_streamp strm, int level, int method,
         deflateEnd (strm);
         return Z_MEM_ERROR;
     }
+#ifdef LIT_MEM
+    s->d_buf = (ushf *)(s->pending_buf + (s->lit_bufsize << 1));
+    s->l_buf = s->pending_buf + (s->lit_bufsize << 2);
+    s->sym_end = s->lit_bufsize - 1;
+#else
     s->sym_buf = s->pending_buf + s->lit_bufsize;
     s->sym_end = (s->lit_bufsize - 1) * 3;
+#endif
     /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
      * on 16 bit machines and because stored blocks are restricted to
      * 64K-1 bytes.
@@ -720,9 +726,15 @@ int ZEXPORT deflatePrime(z_streamp strm, int bits, int value) {
 
     if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
     s = strm->state;
+#ifdef LIT_MEM
+    if (bits < 0 || bits > 16 ||
+        (uchf *)s->d_buf < s->pending_out + ((Buf_size + 7) >> 3))
+        return Z_BUF_ERROR;
+#else
     if (bits < 0 || bits > 16 ||
         s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
         return Z_BUF_ERROR;
+#endif
     do {
         put = Buf_size - s->bi_valid;
         if (put > bits)
@@ -1294,7 +1306,7 @@ int ZEXPORT deflateCopy(z_streamp dest, z_streamp source) {
     ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
     ds->prev   = (Posf *)  ZALLOC(dest, ds->w_size, sizeof(Pos));
     ds->head   = (Posf *)  ZALLOC(dest, ds->hash_size, sizeof(Pos));
-    ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
+    ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, LIT_BUFS);
 
     if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
         ds->pending_buf == Z_NULL) {
@@ -1305,10 +1317,15 @@ int ZEXPORT deflateCopy(z_streamp dest, z_streamp source) {
     zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
     zmemcpy((voidpf)ds->prev, (voidpf)ss->prev, ds->w_size * sizeof(Pos));
     zmemcpy((voidpf)ds->head, (voidpf)ss->head, ds->hash_size * sizeof(Pos));
-    zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
+    zmemcpy(ds->pending_buf, ss->pending_buf, ds->lit_bufsize * LIT_BUFS);
 
     ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+#ifdef LIT_MEM
+    ds->d_buf = (ushf *)(ds->pending_buf + (ds->lit_bufsize << 1));
+    ds->l_buf = ds->pending_buf + (ds->lit_bufsize << 2);
+#else
     ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
+#endif
 
     ds->l_desc.dyn_tree = ds->dyn_ltree;
     ds->d_desc.dyn_tree = ds->dyn_dtree;
@@ -1539,13 +1556,21 @@ local uInt longest_match(deflate_state *s, IPos cur_match) {
  */
 local void check_match(deflate_state *s, IPos start, IPos match, int length) {
     /* check that the match is indeed a match */
-    if (zmemcmp(s->window + match,
+    Bytef *back = s->window + (int)match, *here = s->window + start;
-                s->window + start, length) != EQUAL) {
+    IPos len = length;
-        fprintf(stderr, " start %u, match %u, length %d\n",
+    if (match == (IPos)-1) {
-                start, match, length);
+        /* match starts one byte before the current window -- just compare the
+           subsequent length-1 bytes */
+        back++;
+        here++;
+        len--;
+    }
+    if (zmemcmp(back, here, len) != EQUAL) {
+        fprintf(stderr, " start %u, match %d, length %d\n",
+                start, (int)match, length);
         do {
-            fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
+            fprintf(stderr, "(%02x %02x)", *back++, *here++);
-        } while (--length != 0);
+        } while (--len != 0);
         z_error("invalid match");
     }
     if (z_verbose > 1) {

lib/zlib/deflate.h

@@ -1,5 +1,5 @@
 /* deflate.h -- internal compression state
- * Copyright (C) 1995-2018 Jean-loup Gailly
+ * Copyright (C) 1995-2024 Jean-loup Gailly
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -23,6 +23,10 @@
 #  define GZIP
 #endif
 
+/* define LIT_MEM to slightly increase the speed of deflate (order 1% to 2%) at
+   the cost of a larger memory footprint */
+/* #define LIT_MEM */
+
 /* ===========================================================================
  * Internal compression state.
  */
@@ -217,7 +221,14 @@ typedef struct internal_state {
     /* Depth of each subtree used as tie breaker for trees of equal frequency
      */
 
+#ifdef LIT_MEM
+#   define LIT_BUFS 5
+    ushf *d_buf;          /* buffer for distances */
+    uchf *l_buf;          /* buffer for literals/lengths */
+#else
+#   define LIT_BUFS 4
     uchf *sym_buf;        /* buffer for distances and literals/lengths */
+#endif
 
     uInt  lit_bufsize;
     /* Size of match buffer for literals/lengths.  There are 4 reasons for
@@ -239,7 +250,7 @@ typedef struct internal_state {
      *   - I can't count above 4
      */
 
-    uInt sym_next;      /* running index in sym_buf */
+    uInt sym_next;      /* running index in symbol buffer */
     uInt sym_end;       /* symbol table full when sym_next reaches this */
 
     ulg opt_len;        /* bit length of current block with optimal trees */
@@ -318,6 +329,25 @@ void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf,
   extern const uch ZLIB_INTERNAL _dist_code[];
 #endif
 
+#ifdef LIT_MEM
+# define _tr_tally_lit(s, c, flush) \
+  { uch cc = (c); \
+    s->d_buf[s->sym_next] = 0; \
+    s->l_buf[s->sym_next++] = cc; \
+    s->dyn_ltree[cc].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+   }
+# define _tr_tally_dist(s, distance, length, flush) \
+  { uch len = (uch)(length); \
+    ush dist = (ush)(distance); \
+    s->d_buf[s->sym_next] = dist; \
+    s->l_buf[s->sym_next++] = len; \
+    dist--; \
+    s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+    s->dyn_dtree[d_code(dist)].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+  }
+#else
 # define _tr_tally_lit(s, c, flush) \
   { uch cc = (c); \
     s->sym_buf[s->sym_next++] = 0; \
@@ -337,6 +367,7 @@ void ZLIB_INTERNAL _tr_stored_block(deflate_state *s, charf *buf,
     s->dyn_dtree[d_code(dist)].Freq++; \
     flush = (s->sym_next == s->sym_end); \
   }
+#endif
 #else
 # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
 # define _tr_tally_dist(s, distance, length, flush) \

lib/zlib/gzguts.h

@@ -1,5 +1,5 @@
 /* gzguts.h -- zlib internal header definitions for gz* operations
- * Copyright (C) 2004-2019 Mark Adler
+ * Copyright (C) 2004-2024 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -210,9 +210,5 @@ char ZLIB_INTERNAL *gz_strwinerror(DWORD error);
 /* GT_OFF(x), where x is an unsigned value, is true if x > maximum z_off64_t
    value -- needed when comparing unsigned to z_off64_t, which is signed
    (possible z_off64_t types off_t, off64_t, and long are all signed) */
-#ifdef INT_MAX
-#  define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > INT_MAX)
-#else
 unsigned ZLIB_INTERNAL gz_intmax(void);
-#  define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > gz_intmax())
+#define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > gz_intmax())
-#endif

lib/zlib/gzlib.c

@@ -1,5 +1,5 @@
 /* gzlib.c -- zlib functions common to reading and writing gzip files
- * Copyright (C) 2004-2019 Mark Adler
+ * Copyright (C) 2004-2024 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -563,20 +563,20 @@ void ZLIB_INTERNAL gz_error(gz_statep state, int err, const char *msg) {
 #endif
 }
 
-#ifndef INT_MAX
 /* portably return maximum value for an int (when limits.h presumed not
    available) -- we need to do this to cover cases where 2's complement not
    used, since C standard permits 1's complement and sign-bit representations,
    otherwise we could just use ((unsigned)-1) >> 1 */
 unsigned ZLIB_INTERNAL gz_intmax(void) {
-    unsigned p, q;
+#ifdef INT_MAX
-
+    return INT_MAX;
-    p = 1;
+#else
+    unsigned p = 1, q;
     do {
         q = p;
         p <<= 1;
         p++;
     } while (p > q);
     return q >> 1;
-}
 #endif
+}

lib/zlib/inflate.c

@@ -1386,7 +1386,7 @@ int ZEXPORT inflateSync(z_streamp strm) {
     /* if first time, start search in bit buffer */
     if (state->mode != SYNC) {
         state->mode = SYNC;
-        state->hold <<= state->bits & 7;
+        state->hold >>= state->bits & 7;
         state->bits -= state->bits & 7;
         len = 0;
         while (state->bits >= 8) {

lib/zlib/inftrees.c

@@ -1,5 +1,5 @@
 /* inftrees.c -- generate Huffman trees for efficient decoding
- * Copyright (C) 1995-2023 Mark Adler
+ * Copyright (C) 1995-2024 Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -9,7 +9,7 @@
 #define MAXBITS 15
 
 const char inflate_copyright[] =
-   " inflate 1.3 Copyright 1995-2023 Mark Adler ";
+   " inflate 1.3.1 Copyright 1995-2024 Mark Adler ";
 /*
   If you use the zlib library in a product, an acknowledgment is welcome
   in the documentation of your product. If for some reason you cannot
@@ -57,7 +57,7 @@ int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens,
         35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
     static const unsigned short lext[31] = { /* Length codes 257..285 extra */
         16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
-        19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 198, 203};
+        19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 203, 77};
     static const unsigned short dbase[32] = { /* Distance codes 0..29 base */
         1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
         257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,

lib/zlib/inftrees.h

@@ -41,8 +41,8 @@ typedef struct {
    examples/enough.c found in the zlib distribution.  The arguments to that
    program are the number of symbols, the initial root table size, and the
    maximum bit length of a code.  "enough 286 9 15" for literal/length codes
-   returns returns 852, and "enough 30 6 15" for distance codes returns 592.
+   returns 852, and "enough 30 6 15" for distance codes returns 592. The
-   The initial root table size (9 or 6) is found in the fifth argument of the
+   initial root table size (9 or 6) is found in the fifth argument of the
    inflate_table() calls in inflate.c and infback.c.  If the root table size is
    changed, then these maximum sizes would be need to be recalculated and
    updated. */

lib/zlib/trees.c

@@ -1,5 +1,5 @@
 /* trees.c -- output deflated data using Huffman coding
- * Copyright (C) 1995-2021 Jean-loup Gailly
+ * Copyright (C) 1995-2024 Jean-loup Gailly
  * detect_data_type() function provided freely by Cosmin Truta, 2006
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
@@ -899,14 +899,19 @@ local void compress_block(deflate_state *s, const ct_data *ltree,
                           const ct_data *dtree) {
     unsigned dist;      /* distance of matched string */
     int lc;             /* match length or unmatched char (if dist == 0) */
-    unsigned sx = 0;    /* running index in sym_buf */
+    unsigned sx = 0;    /* running index in symbol buffers */
     unsigned code;      /* the code to send */
     int extra;          /* number of extra bits to send */
 
     if (s->sym_next != 0) do {
+#ifdef LIT_MEM
+        dist = s->d_buf[sx];
+        lc = s->l_buf[sx++];
+#else
         dist = s->sym_buf[sx++] & 0xff;
         dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
         lc = s->sym_buf[sx++];
+#endif
         if (dist == 0) {
             send_code(s, lc, ltree); /* send a literal byte */
             Tracecv(isgraph(lc), (stderr," '%c' ", lc));
@@ -931,8 +936,12 @@ local void compress_block(deflate_state *s, const ct_data *ltree,
             }
         } /* literal or match pair ? */
 
-        /* Check that the overlay between pending_buf and sym_buf is ok: */
+        /* Check for no overlay of pending_buf on needed symbols */
+#ifdef LIT_MEM
+        Assert(s->pending < 2 * (s->lit_bufsize + sx), "pendingBuf overflow");
+#else
         Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
+#endif
 
     } while (sx < s->sym_next);
 
@@ -1082,9 +1091,14 @@ void ZLIB_INTERNAL _tr_flush_block(deflate_state *s, charf *buf,
  * the current block must be flushed.
  */
 int ZLIB_INTERNAL _tr_tally(deflate_state *s, unsigned dist, unsigned lc) {
+#ifdef LIT_MEM
+    s->d_buf[s->sym_next] = (ush)dist;
+    s->l_buf[s->sym_next++] = (uch)lc;
+#else
     s->sym_buf[s->sym_next++] = (uch)dist;
     s->sym_buf[s->sym_next++] = (uch)(dist >> 8);
     s->sym_buf[s->sym_next++] = (uch)lc;
+#endif
     if (dist == 0) {
         /* lc is the unmatched char */
         s->dyn_ltree[lc].Freq++;

lib/zlib/zconf.h.in

@@ -1,5 +1,5 @@
 /* zconf.h -- configuration of the zlib compression library
- * Copyright (C) 1995-2016 Jean-loup Gailly, Mark Adler
+ * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -329,14 +329,6 @@
 #  endif
 #endif
 
-#ifndef Z_ARG /* function prototypes for stdarg */
-#  if defined(STDC) || defined(Z_HAVE_STDARG_H)
-#    define Z_ARG(args)  args
-#  else
-#    define Z_ARG(args)  ()
-#  endif
-#endif
-
 /* The following definitions for FAR are needed only for MSDOS mixed
  * model programming (small or medium model with some far allocations).
  * This was tested only with MSC; for other MSDOS compilers you may have

lib/zlib/zlib.h

@@ -1,7 +1,7 @@
 /* zlib.h -- interface of the 'zlib' general purpose compression library
-  version 1.3, August 18th, 2023
+  version 1.3.1, January 22nd, 2024
 
-  Copyright (C) 1995-2023 Jean-loup Gailly and Mark Adler
+  Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler
 
   This software is provided 'as-is', without any express or implied
   warranty.  In no event will the authors be held liable for any damages
@@ -37,11 +37,11 @@
 extern "C" {
 #endif
 
-#define ZLIB_VERSION "1.3"
+#define ZLIB_VERSION "1.3.1"
-#define ZLIB_VERNUM 0x1300
+#define ZLIB_VERNUM 0x1310
 #define ZLIB_VER_MAJOR 1
 #define ZLIB_VER_MINOR 3
-#define ZLIB_VER_REVISION 0
+#define ZLIB_VER_REVISION 1
 #define ZLIB_VER_SUBREVISION 0
 
 /*
@@ -936,10 +936,10 @@ ZEXTERN int ZEXPORT inflateSync(z_streamp strm);
      inflateSync returns Z_OK if a possible full flush point has been found,
    Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point
    has been found, or Z_STREAM_ERROR if the stream structure was inconsistent.
-   In the success case, the application may save the current current value of
+   In the success case, the application may save the current value of total_in
-   total_in which indicates where valid compressed data was found.  In the
+   which indicates where valid compressed data was found.  In the error case,
-   error case, the application may repeatedly call inflateSync, providing more
+   the application may repeatedly call inflateSync, providing more input each
-   input each time, until success or end of the input data.
+   time, until success or end of the input data.
 */
 
 ZEXTERN int ZEXPORT inflateCopy(z_streamp dest,
@@ -1758,14 +1758,14 @@ ZEXTERN uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2);
    seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
    calculated for each, crc1 and crc2.  crc32_combine() returns the CRC-32
    check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
-   len2.
+   len2. len2 must be non-negative.
 */
 
 /*
 ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2);
 
      Return the operator corresponding to length len2, to be used with
-   crc32_combine_op().
+   crc32_combine_op(). len2 must be non-negative.
 */
 
 ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op);

lib/zlib/zutil.h

@@ -1,5 +1,5 @@
 /* zutil.h -- internal interface and configuration of the compression library
- * Copyright (C) 1995-2022 Jean-loup Gailly, Mark Adler
+ * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler
  * For conditions of distribution and use, see copyright notice in zlib.h
  */
 
@@ -56,7 +56,7 @@ typedef unsigned long  ulg;
 extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
 /* (size given to avoid silly warnings with Visual C++) */
 
-#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
+#define ERR_MSG(err) z_errmsg[(err) < -6 || (err) > 2 ? 9 : 2 - (err)]
 
 #define ERR_RETURN(strm,err) \
   return (strm->msg = ERR_MSG(err), (err))
@@ -137,17 +137,8 @@ extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
 #  endif
 #endif
 
-#if defined(MACOS) || defined(TARGET_OS_MAC)
+#if defined(MACOS)
 #  define OS_CODE  7
-#  ifndef Z_SOLO
-#    if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
-#      include <unix.h> /* for fdopen */
-#    else
-#      ifndef fdopen
-#        define fdopen(fd,mode) NULL /* No fdopen() */
-#      endif
-#    endif
-#  endif
 #endif
 
 #ifdef __acorn
@@ -170,18 +161,6 @@ extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
 #  define OS_CODE 19
 #endif
 
-#if defined(_BEOS_) || defined(RISCOS)
-#  define fdopen(fd,mode) NULL /* No fdopen() */
-#endif
-
-#if (defined(_MSC_VER) && (_MSC_VER > 600)) && !defined __INTERIX
-#  if defined(_WIN32_WCE)
-#    define fdopen(fd,mode) NULL /* No fdopen() */
-#  else
-#    define fdopen(fd,type)  _fdopen(fd,type)
-#  endif
-#endif
-
 #if defined(__BORLANDC__) && !defined(MSDOS)
   #pragma warn -8004
   #pragma warn -8008

logsrvd/Makefile.in

@@ -1,7 +1,7 @@
 #
 # SPDX-License-Identifier: ISC
 #
-# Copyright (c) 2019-2023 Todd C. Miller <Todd.Miller@sudo.ws>
+# Copyright (c) 2019-2024 Todd C. Miller <Todd.Miller@sudo.ws>
 #
 # Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -34,6 +34,7 @@ cross_compiling = @CROSS_COMPILING@
 
 # Compiler & tools to use
 CC = @CC@
+CPP = @CPP@
 LIBTOOL = @LIBTOOL@
 SHA1SUM = @SHA1SUM@
 EGREP = @EGREP@
@@ -169,7 +170,7 @@ Makefile: $(srcdir)/Makefile.in
 	$(LIBTOOL) $(LTFLAGS) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) $(ASAN_CFLAGS) $(PIE_CFLAGS) $(HARDENING_CFLAGS) $<
 
 .c.i:
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $< > $@
 
 .i.plog:
 	ifile=$<; rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $${ifile%i}c --i-file $< --output-file $@
@@ -333,9 +334,9 @@ fuzz_logsrvd_conf.i: $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c \
                      $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \
                      $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \
                      $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c > $@
 fuzz_logsrvd_conf.plog: fuzz_logsrvd_conf.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/fuzz/fuzz_logsrvd_conf.c --i-file fuzz_logsrvd_conf.i --output-file $@
 iolog_writer.o: $(srcdir)/iolog_writer.c $(incdir)/compat/stdbool.h \
                 $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \
                 $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
@@ -355,9 +356,9 @@ iolog_writer.i: $(srcdir)/iolog_writer.c $(incdir)/compat/stdbool.h \
                 $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
                 $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \
                 $(srcdir)/tls_common.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/iolog_writer.c > $@
 iolog_writer.plog: iolog_writer.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_writer.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/iolog_writer.c --i-file iolog_writer.i --output-file $@
 logsrv_util.o: $(srcdir)/logsrv_util.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
                $(incdir)/sudo_fatal.h $(incdir)/sudo_gettext.h \
@@ -371,9 +372,9 @@ logsrv_util.i: $(srcdir)/logsrv_util.c $(incdir)/compat/stdbool.h \
                $(incdir)/sudo_iolog.h $(incdir)/sudo_plugin.h \
                $(incdir)/sudo_queue.h $(incdir)/sudo_util.h \
                $(srcdir)/logsrv_util.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrv_util.c > $@
 logsrv_util.plog: logsrv_util.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrv_util.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrv_util.c --i-file logsrv_util.i --output-file $@
 logsrvd.o: $(srcdir)/logsrvd.c $(incdir)/compat/getopt.h \
            $(incdir)/compat/stdbool.h $(incdir)/hostcheck.h \
            $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \
@@ -399,9 +400,9 @@ logsrvd.i: $(srcdir)/logsrvd.c $(incdir)/compat/getopt.h \
            $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
            $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \
            $(top_builddir)/config.h $(top_builddir)/pathnames.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrvd.c > $@
 logsrvd.plog: logsrvd.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd.c --i-file logsrvd.i --output-file $@
 logsrvd_conf.o: $(srcdir)/logsrvd_conf.c $(incdir)/compat/getaddrinfo.h \
                 $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \
                 $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
@@ -423,9 +424,9 @@ logsrvd_conf.i: $(srcdir)/logsrvd_conf.c $(incdir)/compat/getaddrinfo.h \
                 $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \
                 $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \
                 $(top_builddir)/config.h $(top_builddir)/pathnames.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrvd_conf.c > $@
 logsrvd_conf.plog: logsrvd_conf.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_conf.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_conf.c --i-file logsrvd_conf.i --output-file $@
 logsrvd_conf_test.o: $(srcdir)/regress/logsrvd_conf/logsrvd_conf_test.c \
                      $(incdir)/compat/stdbool.h $(incdir)/log_server.pb-c.h \
                      $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
@@ -441,9 +442,9 @@ logsrvd_conf_test.i: $(srcdir)/regress/logsrvd_conf/logsrvd_conf_test.c \
                      $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
                      $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \
                      $(srcdir)/tls_common.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/regress/logsrvd_conf/logsrvd_conf_test.c > $@
 logsrvd_conf_test.plog: logsrvd_conf_test.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/logsrvd_conf/logsrvd_conf_test.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/regress/logsrvd_conf/logsrvd_conf_test.c --i-file logsrvd_conf_test.i --output-file $@
 logsrvd_journal.o: $(srcdir)/logsrvd_journal.c $(incdir)/compat/stdbool.h \
                    $(incdir)/log_server.pb-c.h \
                    $(incdir)/protobuf-c/protobuf-c.h $(incdir)/sudo_compat.h \
@@ -467,9 +468,9 @@ logsrvd_journal.i: $(srcdir)/logsrvd_journal.c $(incdir)/compat/stdbool.h \
                    $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \
                    $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \
                    $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrvd_journal.c > $@
 logsrvd_journal.plog: logsrvd_journal.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_journal.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_journal.c --i-file logsrvd_journal.i --output-file $@
 logsrvd_local.o: $(srcdir)/logsrvd_local.c $(incdir)/compat/stdbool.h \
                  $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
@@ -493,9 +494,9 @@ logsrvd_local.i: $(srcdir)/logsrvd_local.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
                  $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \
                  $(srcdir)/tls_common.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrvd_local.c > $@
 logsrvd_local.plog: logsrvd_local.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_local.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_local.c --i-file logsrvd_local.i --output-file $@
 logsrvd_queue.o: $(srcdir)/logsrvd_queue.c $(incdir)/compat/stdbool.h \
                  $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_conf.h \
@@ -517,9 +518,9 @@ logsrvd_queue.i: $(srcdir)/logsrvd_queue.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
                  $(srcdir)/logsrv_util.h $(srcdir)/logsrvd.h \
                  $(srcdir)/tls_common.h $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrvd_queue.c > $@
 logsrvd_queue.plog: logsrvd_queue.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_queue.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_queue.c --i-file logsrvd_queue.i --output-file $@
 logsrvd_relay.o: $(srcdir)/logsrvd_relay.c $(incdir)/compat/stdbool.h \
                  $(incdir)/log_server.pb-c.h $(incdir)/protobuf-c/protobuf-c.h \
                  $(incdir)/sudo_compat.h $(incdir)/sudo_debug.h \
@@ -541,9 +542,9 @@ logsrvd_relay.i: $(srcdir)/logsrvd_relay.c $(incdir)/compat/stdbool.h \
                  $(incdir)/sudo_util.h $(srcdir)/logsrv_util.h \
                  $(srcdir)/logsrvd.h $(srcdir)/tls_common.h \
                  $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/logsrvd_relay.c > $@
 logsrvd_relay.plog: logsrvd_relay.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_relay.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/logsrvd_relay.c --i-file logsrvd_relay.i --output-file $@
 sendlog.o: $(srcdir)/sendlog.c $(incdir)/compat/getaddrinfo.h \
            $(incdir)/compat/getopt.h $(incdir)/compat/stdbool.h \
            $(incdir)/hostcheck.h $(incdir)/log_server.pb-c.h \
@@ -567,9 +568,9 @@ sendlog.i: $(srcdir)/sendlog.c $(incdir)/compat/getaddrinfo.h \
            $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
            $(srcdir)/logsrv_util.h $(srcdir)/sendlog.h $(srcdir)/tls_common.h \
            $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/sendlog.c > $@
 sendlog.plog: sendlog.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sendlog.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/sendlog.c --i-file sendlog.i --output-file $@
 tls_client.o: $(srcdir)/tls_client.c $(incdir)/compat/stdbool.h \
               $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \
               $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
@@ -587,9 +588,9 @@ tls_client.i: $(srcdir)/tls_client.c $(incdir)/compat/stdbool.h \
               $(incdir)/sudo_ssl_compat.h $(incdir)/sudo_util.h \
               $(srcdir)/logsrv_util.h $(srcdir)/tls_common.h \
               $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/tls_client.c > $@
 tls_client.plog: tls_client.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tls_client.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tls_client.c --i-file tls_client.i --output-file $@
 tls_init.o: $(srcdir)/tls_init.c $(incdir)/compat/stdbool.h \
             $(incdir)/hostcheck.h $(incdir)/sudo_compat.h \
             $(incdir)/sudo_debug.h $(incdir)/sudo_event.h \
@@ -605,6 +606,6 @@ tls_init.i: $(srcdir)/tls_init.c $(incdir)/compat/stdbool.h \
             $(incdir)/sudo_plugin.h $(incdir)/sudo_queue.h \
             $(incdir)/sudo_ssl_compat.h $(srcdir)/tls_common.h \
             $(top_builddir)/config.h
-	$(CC) -E -o $@ $(CPPFLAGS) $<
+	$(CPP) $(CPPFLAGS) $(srcdir)/tls_init.c > $@
 tls_init.plog: tls_init.i
-	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tls_init.c --i-file $< --output-file $@
+	rm -f $@; pvs-studio --cfg $(PVS_CFG) --sourcetree-root $(top_srcdir) --skip-cl-exe yes --source-file $(srcdir)/tls_init.c --i-file tls_init.i --output-file $@

logsrvd/iolog_writer.c

@@ -150,8 +150,8 @@ evlog_new(TimeSpec *submit_time, InfoMessage **info_msgs, size_t infolen,
 
     /* Submit time. */
     if (submit_time != NULL) {
-	evlog->submit_time.tv_sec = (time_t)submit_time->tv_sec;
+	evlog->event_time.tv_sec = (time_t)submit_time->tv_sec;
-	evlog->submit_time.tv_nsec = (long)submit_time->tv_nsec;
+	evlog->event_time.tv_nsec = (long)submit_time->tv_nsec;
     }
 
     /* Default values */

logsrvd/logsrvd.c

@@ -1259,15 +1259,24 @@ verify_peer_identity(int preverify_ok, X509_STORE_CTX *ctx)
     X509 *peer_cert;
     debug_decl(verify_peer_identity, SUDO_DEBUG_UTIL);
 
+    current_cert = X509_STORE_CTX_get_current_cert(ctx);
+
     /* if pre-verification of the cert failed, just propagate that result back */
     if (preverify_ok != 1) {
+        int err = X509_STORE_CTX_get_error(ctx);
+        char current_cert_name[256] = "";
+        if (current_cert != NULL)
+            X509_NAME_oneline(X509_get_subject_name(current_cert), current_cert_name, sizeof(current_cert_name));
+
+        sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
+            "TLS verification failed for cert '%s': '%d:%s'", current_cert_name,
+            err, X509_verify_cert_error_string(err));
         debug_return_int(0);
     }
 
     /* since this callback is called for each cert in the chain,
      * check that current cert is the peer's certificate
      */
-    current_cert = X509_STORE_CTX_get_current_cert(ctx);
     peer_cert = X509_STORE_CTX_get0_cert(ctx);
 
     if (current_cert != peer_cert) {

logsrvd/logsrvd_conf.c

@@ -901,8 +901,13 @@ cb_eventlog_format(struct logsrvd_config *config, const char *str, size_t offset
 {
     debug_decl(cb_eventlog_format, SUDO_DEBUG_UTIL);
 
+    /* FFR - make "json" an alias for EVLOG_JSON_COMPACT instead. */
     if (strcmp(str, "json") == 0)
-	config->eventlog.log_format = EVLOG_JSON;
+	config->eventlog.log_format = EVLOG_JSON_PRETTY;
+    else if (strcmp(str, "json_compact") == 0)
+	config->eventlog.log_format = EVLOG_JSON_COMPACT;
+    else if (strcmp(str, "json_pretty") == 0)
+	config->eventlog.log_format = EVLOG_JSON_PRETTY;
     else if (strcmp(str, "sudo") == 0)
 	config->eventlog.log_format = EVLOG_SUDO;
     else
@@ -1292,8 +1297,8 @@ logsrvd_open_eventlog(struct logsrvd_config *config)
     int flags;
     debug_decl(logsrvd_open_eventlog, SUDO_DEBUG_UTIL);
 
-    /* Cannot append to a JSON file. */
+    /* Cannot append to a JSON file that is a single object. */
-    if (config->eventlog.log_format == EVLOG_JSON) {
+    if (config->eventlog.log_format == EVLOG_JSON_PRETTY) {
 	flags = O_RDWR|O_CREAT;
     } else {
 	flags = O_WRONLY|O_APPEND|O_CREAT;