Update to sudo 1.6.6

23 files changed, 198 insertions, 171 deletions

diff --git a/usr.bin/sudo/BUGS b/usr.bin/sudo/BUGS
index ffe31364318..628f98e3dbd 100644
--- a/usr.bin/sudo/BUGS
+++ b/usr.bin/sudo/BUGS
@@ -1,4 +1,4 @@
-Known bugs in sudo version 1.6.5
+Known bugs in sudo version 1.6.6
 ================================
 
 1) Sudo should have an option to log when removing "dangerous"
diff --git a/usr.bin/sudo/CHANGES b/usr.bin/sudo/CHANGES
index e5167dea944..ee37c482402 100644
--- a/usr.bin/sudo/CHANGES
+++ b/usr.bin/sudo/CHANGES
@@ -1519,3 +1519,13 @@ Sudo 1.6.5p1 released.
      BSD authentication, FWTK or PAM was in use.
 
 Sudo 1.6.5p2 released.
+
+474) Fixed compilation problem on HP-UX 9.x.
+
+475) Moved call to endpwent() and added a call to endgrent().
+
+476) Fixed a warning conflicting declaration of VOID with AFS.
+
+477) Fixed a security hole in prompt rewriting found by Global InterSec.
+
+Sudo 1.6.6 released.
diff --git a/usr.bin/sudo/INSTALL b/usr.bin/sudo/INSTALL
index 47291630aa7..c2a9cf59bb0 100644
--- a/usr.bin/sudo/INSTALL
+++ b/usr.bin/sudo/INSTALL
@@ -1,4 +1,4 @@
-Installation instructions for Sudo 1.6.5
+Installation instructions for Sudo 1.6.6
 ========================================
 
 Sudo uses a `configure' script to probe the capabilities and type
@@ -105,25 +105,28 @@ Directory and file names:
 	Find the sources in DIR [configure dir or ..]
 
 Special features/options:
-  --with-CC=path
+  --with-CC=PATH
 	Specifies path to C compiler you wish to use.
 
-  --with-incpath
-	Adds the specified directories to CPPFLAGS so configure and the
-	compiler will look there for include files.  Multiple directories
-	may be specified as long as they are space separated.
+  --with-incpath=DIR
+        Adds the specified directory (or directories) to CPPFLAGS
+        so configure and the compiler will look there for include
+        files.  Multiple directories may be specified as long as
+        they are space separated.
 	Eg: --with-incpath="/usr/local/include /opt/include"
 
-  --with-libpath
-	Adds the specified directories to SUDO_LDFLAGS and VISUDO_LDFLAGS so
-	configure and the compiler will look there for libraries.  Multiple
-	directories may be specified as with --with-incpath.
+  --with-libpath=DIR
+        Adds the specified directory (or directories_ to SUDO_LDFLAGS
+        and VISUDO_LDFLAGS so configure and the compiler will look
+        there for libraries.  Multiple directories may be specified
+        as with --with-incpath.
 
-  --with-libraries
-	Adds the specified libaries to SUDO_LIBS and and VISUDO_LIBS so sudo
-	will link against them.  If the library doesn't start with `-l' or end
-	in `.a' or `.o' a `-l' will be prepended to it.  Multiple libraries may
-	be specified as long as they are space separated.
+  --with-libraries=LIBRARY
+        Adds the specified library (or libaries) to SUDO_LIBS and
+        and VISUDO_LIBS so sudo will link against them.  If the
+        library doesn't start with `-l' or end in `.a' or `.o' a
+        `-l' will be prepended to it.  Multiple libraries may be
+        specified as long as they are space separated.
 
   --with-csops
 	Add CSOps standard options.  You probably aren't interested in this.
@@ -134,11 +137,11 @@ Special features/options:
   --with-opie
 	Enable NRL OPIE OTP (One Time Password) support.
 
-  --with-SecurID=DIR
+  --with-SecurID[=DIR]
 	Enable SecurID support.  If specified, DIR is directory containing
 	sdiclient.a, sdi_athd.h, sdconf.h, and sdacmvls.h.
 
-  --with-fwtk=DIR
+  --with-fwtk[=DIR]
 	Enable TIS Firewall Toolkit (FWTK) 'authsrv' support. If specified,
 	DIR is the base directory containing the compiled FWTK package
 	(or at least the library and header files).
@@ -197,12 +200,11 @@ Special features/options:
 
   --with-bsdauth
         Enable support for BSD authentication on BSD/OS and OpenBSD.
-        This option assumes --with-logincap as well.  It is not
-        possible to mix BSD authentication with other authentication
-        methods (and there really should be no need to do so).  Note
-        that only the newer BSD authentication API is supported.
-        If you don't have /usr/include/bsd_auth.h then you cannot
-        use this.
+        This option implies --with-logincap.  It is not possible
+        to mix BSD authentication with other authentication methods
+        (and there really should be no need to do so).  Note that
+        only the newer BSD authentication API is supported.  If you
+        don't have /usr/include/bsd_auth.h then you cannot use this.
 
   --disable-root-mailer
         By default sudo will run the mailer as root when tattling
@@ -211,37 +213,40 @@ Special features/options:
         user which some people consider to be safer.
 
   --disable-saved-ids
-	Disable use of POSIX saved IDs.  Normally, sudo will try to
-	use POSIX saved IDs if they are supported.  However, some
-	implementations are broken.
+        Disable use of POSIX saved IDs.  Normally, sudo will try
+        to use POSIX saved IDs if they are supported.  However,
+        some implementations are broken.
 
   --disable-setreuid
-	Disable use of the setreuid() function for operating systems
-	where it is broken.  4.4BSD has setreuid() but it doesn't really work.
+        Disable use of the setreuid() function for operating systems
+        where it is broken.  4.4BSD has setreuid() but it doesn't
+        really work.
 
   --disable-sia
-	Disable SIA support.  This is the "Security Integration Architecture"
-	on Digital UNIX. If you disable SIA sudo will use its own
-	authentication routines.
+        Disable SIA support.  This is the "Security Integration
+        Architecture" on Digital UNIX. If you disable SIA sudo will
+        use its own authentication routines.
 
   --disable-shadow
-	Disable shadow password support.  Normally, sudo will compile in shadow
-	password support and use a shadow password if it exists.
-
-  --with-sudoers-mode=mode
-	File mode for the sudoers file (octal).  Note that if you wish to
-	NFS-mount the sudoers file this must be group readable.  Also note
-	that this is actually set in the Makefile.  The default mode is 0440.
-
-  --with-sudoers-uid
-	User id that "owns" the sudoers file.  Note that this is the numeric
-	id, *not* the symbolic name.  Also note that this is actually set in
-	the Makefile.  The default is 0.
-
-  --with-sudoers-gid
-	Group id that "owns" the sudoers file.  Note that this is the numeric
-	id, *not* the symbolic name.  Also note that this is actually set in
-	the Makefile.  The default is 0.
+        Disable shadow password support.  Normally, sudo will compile
+        in shadow password support and use a shadow password if it
+        exists.
+
+  --with-sudoers-mode=MODE
+        File mode for the sudoers file (octal).  Note that if you
+        wish to NFS-mount the sudoers file this must be group
+        readable.  Also note that this is actually set in the
+        Makefile.  The default mode is 0440.
+
+  --with-sudoers-uid=UID
+        User id that "owns" the sudoers file.  Note that this is
+        the numeric id, *not* the symbolic name.  Also note that
+        this is actually set in the Makefile.  The default is 0.
+
+  --with-sudoers-gid=GID
+        Group id that "owns" the sudoers file.  Note that this is
+        the numeric id, *not* the symbolic name.  Also note that
+        this is actually set in the Makefile.  The default is 0.
 
   --with-execv
 	Use execv() to exec the command instead of execvp().  I can't think of
@@ -252,56 +257,60 @@ Special features/options:
 	4.3BSD).  This is off by default.
 
   --without-interfaces
-	This option keeps sudo from trying to glean the ip address from each
-	attached ethernet interface.  It is only useful on a machine where
-	sudo's interface reading support does not work, which may be the case
-	on some SysV-based OS's using STREAMS.
+        This option keeps sudo from trying to glean the ip address
+        from each attached ethernet interface.  It is only useful
+        on a machine where sudo's interface reading support does
+        not work, which may be the case on some SysV-based OS's
+        using STREAMS.
 
   --without-passwd
-	This option excludes authentication via the passwd (or shadow) file.
-	It should only be used when another, alternate, authentication
-	scheme is in use.
+        This option excludes authentication via the passwd (or
+        shadow) file.  It should only be used when another, alternate,
+        authentication scheme is in use.
 
   --with-otp-only
-	This option is now just an alias for --without-passwd.
+        This option is now just an alias for --without-passwd.
 
 The following options are also configurable at runtime:
 
   --with-long-otp-prompt
-	When validating with a One Time Password scheme (S/Key or OPIE), a
-	two-line prompt is used to make it easier to cut and paste the
-	challenge to a local window.  It's not as pretty as the default but
-	some people find it more convenient.
+        When validating with a One Time Password scheme (S/Key or
+        OPIE), a two-line prompt is used to make it easier to cut
+        and paste the challenge to a local window.  It's not as
+        pretty as the default but some people find it more convenient.
 
   --with-logging=TYPE
-	How you want to do your logging.  You may choose "syslog", "file",
-	or "both".  Setting this to "syslog" is nice because you can keep all
-	of your sudo logs in one place (see the sample.syslog.conf file).
-	The default is "syslog".
+        How you want to do your logging.  You may choose "syslog",
+        "file", or "both".  Setting this to "syslog" is nice because
+        you can keep all of your sudo logs in one place (see the
+        sample.syslog.conf file).  The default is "syslog".
 
   --with-logfac=FACILITY
-	Determines which syslog facility to log to.  This requires a 4.3BSD
-	or later version of syslog.  You can still set this for ancient
-	syslogs but it will have no effect.  The following facilities are
-	supported: authpriv (if your OS supports it), auth, daemon, user,
-	local0, local1, local2, local3, local4, local5, local6, and local7.
+        Determines which syslog facility to log to.  This requires
+        a 4.3BSD or later version of syslog.  You can still set
+        this for ancient syslogs but it will have no effect.  The
+        following facilities are supported: authpriv (if your OS
+        supports it), auth, daemon, user, local0, local1, local2,
+        local3, local4, local5, local6, and local7.
 
   --with-goodpri=PRIORITY
-	Determines which syslog priority to log successfully authenticated
-	commands.  The following priorities are supported: alert, crit,
-	debug, emerg, err, info, notice, and warning.
+        Determines which syslog priority to log successfully
+        authenticated commands.  The following priorities are
+        supported: alert, crit, debug, emerg, err, info, notice,
+        and warning.
 
   --with-badpri=PRIORITY
-	Determines which syslog priority to log unauthenticated commands
-	and errors.  The following priorities are supported: alert, crit,
-	debug, emerg, err, info, notice, and warning.
+        Determines which syslog priority to log unauthenticated
+        commands and errors.  The following priorities are supported:
+        alert, crit, debug, emerg, err, info, notice, and warning.
 
-  --with-logpath=path
-	Override the default location of the sudo log file and use "path"
-	instead.  By default will use /var/log/sudo.log if there is a /var/log
-	dir, falling back to /var/adm/sudo.log or /usr/adm/sudo.log if not.
+  --with-logpath=PATH
+        Override the default location of the sudo log file and use
+        "path" instead.  By default will use /var/log/sudo.log if
+        there is a /var/log dir, falling back to /var/adm/sudo.log
+        or /usr/adm/sudo.log if not.
 
-  --with-loglen
+  --with-loglen=NUMBER
 	Number of characters per line for the file log.  This is only used if
 	you are to "file" or "both".  This value is used to decide when to wrap
 	lines for nicer log files.  The default is 80.  Setting this to 0
@@ -311,11 +320,11 @@ The following options are also configurable at runtime:
 	If set, sudo will ignore '.' or '' (current dir) in $PATH.
 	The $PATH itself is not modified.
 
-  --with-mailto
-	User that mail from sudo is sent to.  This should go to a sysadmin at
-	your site.  The default is "root".
+  --with-mailto=USER|MAIL_ALIAS
+	User (or mail alias) that mail from sudo is sent to.
+	This should go to a sysadmin at your site.  The default is "root".
 
-  --with-mailsubject
+  --with-mailsubject="SUBJECT OF MAIL"
 	Subject of the mail sent to the "mailto" user. The token "%h"
 	will expand to the hostname of the machine.
 	Default is "*** SECURITY information for %h ***".
@@ -332,13 +341,13 @@ The following options are also configurable at runtime:
 	Send mail to the "alermail" user if the user is allowed to use sudo but
 	the command they are trying is not listed in their sudoers file entry.
 
-  --with-passprompt
+  --with-passprompt="PASSWORD PROMPT"
 	Default prompt to use when asking for a password; can be overridden
 	via the -p option and the SUDO_PROMPT environment variable. Supports
 	two escapes: "%u" expands to the user's login name and "%h" expands
 	to the local hostname.  Default is "Password:".
 
-  --with-badpass-message
+  --with-badpass-message="BAD PASSWORD MESSAGE"
 	Message that is displayed if a user enters an incorrect password.
 	The default is "Sorry, try again." unless insults are turned on.
 
@@ -352,42 +361,42 @@ The following options are also configurable at runtime:
 	a host alias (CNAME entry) due to performance issues and the fact that
 	there is no way to get all aliases from DNS.
 
-  --with-timedir=path
+  --with-timedir=PATH
 	Override the default location of the sudo timestamp directory and
 	use "path" instead.
 
-  --with-sendmail=path
+  --with-sendmail=PATH
 	Override configure's guess as to the location of sendmail.
 
   --without-sendmail
 	Do not use sendmail to mail messages to the "mailto" user.
 	Use only if don't run sendmail or the equivalent.
 
-  --with-umask
+  --with-umask=MASK
 	Umask to use when running the root command.  The default is 0022.
 
   --without-umask
 	Preserves the umask of the user invoking sudo.
 
-  --with-runas-default=user
+  --with-runas-default=USER
 	The default user to run commands as if the -u flag is not specified
 	on the command line.  This defaults to "root".
 
-  --with-exempt=group
+  --with-exempt=GROUP
 	Users in the specified group don't need to enter a password when
 	running sudo.  This may be useful for sites that don't want their
 	"core" sysadmins to have to enter a password but where Jr. sysadmins
 	need to.  You should probably use NOPASSWD in sudoers instead.
 
-  --with-passwd-tries=tries
+  --with-passwd-tries=NUMBER
 	Number of tries a user gets to enter his/her password before sudo logs
 	the failure and exits.  The default is 3.
 
-  --with-timeout=minutes
+  --with-timeout=NUMBER
 	Number of minutes that can elapse before sudo will ask for a passwd
 	again.  The default is 5, set this to 0 to always prompt for a password.
 
-  --with-password-timeout=minutes
+  --with-password-timeout=NUMBER
 	Number of minutes before the sudo password prompt times out.
 	The default is 5, set this to 0 for no password timeout.
 
@@ -429,7 +438,7 @@ The following options are also configurable at runtime:
 	password is entered.  You must either specify --with-insults or
 	enable insults in the sudoers file for this to have any effect.
 
-  --with-secure-path[=path]
+  --with-secure-path[=PATH]
 	Path used for every command run from sudo(8).  If you don't trust the
 	people running sudo to have a sane PATH environment variable you may
 	want to use this.  Another use is if you want to have the "root path"
@@ -441,7 +450,7 @@ The following options are also configurable at runtime:
   --without-lecture
 	Don't print the lecture the first time a user runs sudo.
 
-  --with-editor=path
+  --with-editor=PATH
 	Specify the default editor path for use by visudo.  This may be
 	a single pathname or a colon-separated list of editors.  In
 	the latter case, visudo will choose the editor that matches
diff --git a/usr.bin/sudo/Makefile.in b/usr.bin/sudo/Makefile.in
index 94c57f9be95..1a5f76f049b 100644
--- a/usr.bin/sudo/Makefile.in
+++ b/usr.bin/sudo/Makefile.in
@@ -34,7 +34,7 @@
 #
 # @configure_input@
 #
-# $Sudo: Makefile.in,v 1.224 2002/01/20 00:43:16 millert Exp $
+# $Sudo: Makefile.in,v 1.225 2002/04/18 15:41:30 millert Exp $
 #
 
 #### Start of system configuration section. ####
@@ -138,7 +138,7 @@ TESTOBJS = interfaces.o testsudoers.o $(PARSEOBJS)
 
 LIBOBJS = @LIBOBJS@ @ALLOCA@
 
-VERSION = 1.6.5
+VERSION = 1.6.6
 
 DISTFILES = $(SRCS) $(HDRS) BUGS CHANGES HISTORY INSTALL INSTALL.configure \
 	    LICENSE Makefile.in PORTING README RUNSON TODO TROUBLESHOOTING \
diff --git a/usr.bin/sudo/README b/usr.bin/sudo/README
index 0386d2ec152..9ab603d03e1 100644
--- a/usr.bin/sudo/README
+++ b/usr.bin/sudo/README
@@ -1,4 +1,4 @@
-This is Sudo version 1.6.5
+This is Sudo version 1.6.6
 
 The sudo philosophy
 ===================
diff --git a/usr.bin/sudo/RUNSON b/usr.bin/sudo/RUNSON
index 1654cc89729..d0de74918fb 100644
--- a/usr.bin/sudo/RUNSON
+++ b/usr.bin/sudo/RUNSON
@@ -6,10 +6,10 @@ the current version of sudo does not mean it won't work...
 Name	Rev	Arch	Used		Version	By		 Options
 =======	=======	=======	===============	======= ===============  ===============
 Auspex	1.6.1	sun4	bundled cc	1.3.4	Alek Komarnitsky none
-SunOS	4.1.3	sun4	bundled cc	1.6.5p1	Todd Miller	 none
-SunOS	4.1.3	sun4	gcc2.9.5.2	1.6.5p1	Todd Miller	 none
+SunOS	4.1.3	sun4	bundled cc	1.6.6	Todd Miller	 none
+SunOS	4.1.3	sun4	gcc2.9.5.2	1.6.6	Todd Miller	 none
 SunOS	4.1.3	sun4	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
-SunOS	4.1.3	sun4	gcc2.9.5.2	1.6.5p1	Todd Miller	 --with-skey
+SunOS	4.1.3	sun4	gcc2.9.5.2	1.6.6	Todd Miller	 --with-skey
 Solaris	2.5.1	sparc	SC4.0		1.5.6p1	Brian Jackson	 none 
 Solaris	2.5.1	sun4u	gcc2.7.2.3	1.5.4	Leon von Stauber none
 Solaris	2.5.1	i386	gcc2.7.2	1.5.4	Leon von Stauber none
@@ -22,12 +22,12 @@ Solaris	2.6	i386	unbundled cc	1.5.8p2	Udo Keller	 none
 Solaris	7	i386	gcc 2.8.1	1.6.1	Ido Dubrawsky	 none
 Solaris	7	i386	Workshop 5.0	1.6	Brian Jackson	 none
 Solaris	7	sun4u	egcs 1.1.2	1.5.9p4	Scott Kinnane	 none
-Solaris	7	sparc	SC4.2		1.6.5p1	Todd Miller	 none
+Solaris	7	sparc	SC4.2		1.6.6	Todd Miller	 none
 Solaris	7	sun4u	Workshop 6.2	1.6.3p7	Donna Dickerson	 none
-Solaris	7	sparc	2.95.2		1.6.5p1	Todd Miller	 --with-skey
+Solaris	7	sparc	2.95.2		1.6.6	Todd Miller	 --with-skey
 Solaris	2.6	sun4u	egcs 1.1.2	1.5.9p4	Scott Kinnane	 none
-Solaris	8	sparc	2.95.2		1.6.5p1	Todd Miller	 --with-skey
-Solaris	8	sparc	SC4.2		1.6.5p1	Todd Miller	 none
+Solaris	8	sparc	2.95.2		1.6.6	Todd Miller	 --with-skey
+Solaris	8	sparc	SC4.2		1.6.6	Todd Miller	 none
 Solaris	8	sun4u	Workshop 6.2	1.6.3p7	Donna Dickerson	 none
 ISC	4.0	i386	bundled cc	1.4	Andy Smith	 none
 ISC	4.0	i386	gcc2.7.0	1.4	Andy Smith	 none
@@ -40,13 +40,14 @@ HP-UX	9.05	hp700	gcc2.7.2.1	1.5.3	Todd Miller	 none
 HP-UX	9.05	hp700	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
 HP-UX	9.07	hp700	unbundled cc	1.5	Alek Komarnitsky --with-C2
 HP-UX	9.05	hp700	unbundled cc	1.4	Todd Miller	 none
-HP-UX	10.10	hp700	unbundled cc	1.6.5p1	Todd Miller	 --with-skey
-HP-UX	10.20	hp700	gcc2.9.5.2	1.6.5p1	Todd Miller	 --with-skey
-HP-UX	10.20	hp700	bundled cc	1.6.5p1	Todd Miller	 none
+HP-UX	10.10	hp700	unbundled cc	1.6.6	Todd Miller	 --with-skey
+HP-UX	10.20	hp700	gcc2.9.5.2	1.6.6	Todd Miller	 --with-skey
+HP-UX	10.20	hp700	bundled cc	1.6.6	Todd Miller	 none
+HP-UX	10.20	hp700	gcc 2.95.2	1.6.2	Jeff Earickson 	 --with-DCE
 HP-UX	11.00	hp700	ansi-c		1.5.5b1	Alek Komarnitsky --with-C2
 HP-UX	11.00	hp700	bundled cc	1.5.5p5	Lynn Osburn	 none
 HP-UX	11.00	hp700	HP C compiler	1.6.2	Jeff Earickson 	 --with-pam
-HP-UX	10.20	hp700	gcc 2.95.2	1.6.2	Jeff Earickson 	 --with-DCE
+HP-UX	11.11	hp800	HP C compiler	1.6.5p2	Bill Marmagas 	 --with-pam
 Ultrix	4.3	mips	bundled cc	1.6.3b2	Todd Miller	 none
 Ultrix	4.3	mips	gcc2.7.2.1	1.5.9	Todd Miller	 --with-skey
 IRIX	4.05H	mips	gcc2.6.3	1.5.3	Todd Miller	 none
@@ -55,8 +56,8 @@ IRIX	5.2	mips	MipsPro C	1.5.6p1	Brian Jackson	 none
 IRIX	5.3	mips	MipsPro C	1.5.6p1	Brian Jackson	 none 
 IRIX	6.2	mips	MipsPro C	1.5.6p1	Brian Jackson	 none 
 IRIX	6.5	mips	MipsPro C	1.5.6p1	Brian Jackson	 none 
-IRIX	5.3	mips	unbundled cc	1.6.5p1	Todd Miller	 none
-IRIX	5.3	mips	gcc2.9.5.2	1.6.5p1	Todd Miller	 --with-skey
+IRIX	5.3	mips	unbundled cc	1.6.6	Todd Miller	 none
+IRIX	5.3	mips	gcc2.9.5.2	1.6.6	Todd Miller	 --with-skey
 IRIX	5.3	mips	gcc2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
 IRIX	5.3	mips	unbundled cc	1.4	Wallace Winfrey	 --with-C2
 IRIX	6.2	mips	unbundled cc	1.5	Alek Komarnitsky --with-C2
@@ -68,17 +69,19 @@ IRIX	6.5	mips	unbundled cc	1.5.4	Brian Jackson	 --with-C2
 IRIX	6.5	mips	MipsPro 7.2.1	1.6	Brian Jackson	 none
 IRIX	6.5	mips	gcc 2.8.1	1.6rc1	Jordan Baker	 none
 IRIX	6.5	mips	egcs 1.1.2	1.5.9p4	Scott Kinnane	 none
+IRIX	6.5	mips	MipsPRO 7.3.1	1.6.5p2	David Kaelbling	 --with-pam
+IRIX	6.5	mips	MipsPRO 7.3.1	1.6.5p2	David Kaelbling	 --with-C2
 NEXTSTEP 2.1	m68k	bundled cc	1.3.7	Todd Miller	 none
 NEXTSTEP 3.2	m68k	bundled cc	1.5.5b4	Todd Miller	 --with-skey
 NEXTSTEP 3.2	i386	bundled cc	1.3.2	Jonathan Adams	 none
 NEXTSTEP 3.3	i386	bundled cc	1.4	Jonathan Adams	 none
 NEXTSTEP 3.3	sparc	bundled cc	1.5.3	Mike Kienenberger none
 DEC UNIX 3.2c	alpha	bundled cc	1.5.3	Todd Miller	 none
-DEC UNIX 4.0D	alpha	bundled cc	1.6.5p1	Todd Miller	 --with-skey
+DEC UNIX 4.0D	alpha	bundled cc	1.6.6	Todd Miller	 --with-skey
 DEC UNIX 4.0	alpha	gcc-2.7.2.1	1.5.3	Todd Miller	 --with-kerb4
 DEC UNIX 4.0D	alpha	bundled cc	1.5.3	Randall R. Cable --with-C2
 DEC UNIX 4.0E	alpha	bundled cc	1.5.9p2	Vangelis Haniotakis none
-Tru64	5.1	alpha	bundled cc	1.6.5p1	Todd Miller	 none
+Tru64	5.1	alpha	bundled cc	1.6.6	Todd Miller	 none
 AIX	3.2.X	rs6000	bundled cc	1.4	Todd Miller	 none
 AIX	4.1.3	PowerPC	gcc-2.7.0	1.4	Bob Shair	 none
 AIX	4.1.4	rs6000	gcc-2.8.1	1.6.2p2	Todd Miller	 none
@@ -93,8 +96,8 @@ AIX	4.3.2	rs6000	egcs 1.1.2	1.5.9p4	Scott Kinnane	 none
 ConvexOS 9.1	convex	bundled cc	1.3.6	Todd Miller	 none
 ConvexOS 9.1	convex	gcc2.4.5	1.3.6	Todd Miller	 none
 BSD/OS	4.1	i386	cc		1.6.3	Todd Miller	 --with-skey
-OpenBSD	2.X	all	gcc-2.95.2	1.6.5p1	Todd Miller	 none
-OpenBSD	3.0	all	gcc-2.95.3	1.6.5p1	Todd Miller	 none
+OpenBSD	2.X	all	gcc-2.95.2	1.6.6	Todd Miller	 none
+OpenBSD	3.0	all	gcc-2.95.3	1.6.6	Todd Miller	 none
 FreeBSD	1.1	i386	gcc		1.3.2	Dworkin Muller	 none
 FreeBSD	2.0.5	i386	gcc		1.3.4	Dworkin Muller	 none
 FreeBSD	3.2	i386	gcc 2.7.2.1	1.6	Brian Jackson	 none
@@ -105,7 +108,7 @@ Linux	2.0.34	i586	egcs-2.91.57	1.5.6p2	Darrin Chandler	 none
 Linux	2.0.36	i586	gcc-2.7.2.3	1.5.7p4	Nathan Haney	 none
 Linux	2.0.33pl1 m68k	gcc 2.7.2.3	1.5.6	James Troup	 none
 Linux	2.2.12	i586	gcc-2.95.2	1.6.3	Todd Miller	 --with-pam
-Linux	2.4.9	i686	gcc-2.96	1.6.5p1	Todd Miller	 --with-pam
+Linux	2.4.9	i686	gcc-2.96	1.6.6	Todd Miller	 --with-pam
 Linux	2.2.13	alpha	egcs-2.91.66	1.6.3	Todd Miller	 --with-pam
 Linux	2.2.6-15 ppc	egcs-1.1.2	1.5.9p4	Barbara Schelkle none
 Linux	2.0.34	mips	gcc-2.7.2	1.6	Tristan Roddis	 none
diff --git a/usr.bin/sudo/TODO b/usr.bin/sudo/TODO
index a6f32ce3123..8bfda23ce7e 100644
--- a/usr.bin/sudo/TODO
+++ b/usr.bin/sudo/TODO
@@ -83,7 +83,9 @@ TODO list (most will be addressed in sudo 2.0)
     to go with it.  (See MINUS_I.patch)
 
 32) Some people want to be able to specify a special password in sudoers
-    in addition or instead of the normal one.
+    in addition or instead of the normal one.  The best argument for
+    this so far is to be able to use separate passwords for the
+    target users that are not the passwd file ones.
 
 33) Add support for trusted users.  E.g. allow user to run a certain
     command regardless of what dir it is in if it is owned by the
diff --git a/usr.bin/sudo/auth/afs.c b/usr.bin/sudo/auth/afs.c
index f17a6e875bd..e00e690acc0 100644
--- a/usr.bin/sudo/auth/afs.c
+++ b/usr.bin/sudo/auth/afs.c
@@ -57,14 +57,15 @@
 #endif /* HAVE_UNISTD_H */
 #include <pwd.h>
 
-#include <afs/stds.h>
-#include <afs/kautils.h>
-
 #include "sudo.h"
 #include "sudo_auth.h"
 
+#undef VOID
+#include <afs/stds.h>
+#include <afs/kautils.h>
+
 #ifndef lint
-static const char rcsid[] = "$Sudo: afs.c,v 1.6 2001/12/14 19:52:53 millert Exp $";
+static const char rcsid[] = "$Sudo: afs.c,v 1.7 2002/04/18 15:39:19 millert Exp $";
 #endif /* lint */
 
 int
diff --git a/usr.bin/sudo/check.c b/usr.bin/sudo/check.c
index 95f17e40d3a..242aa005468 100644
--- a/usr.bin/sudo/check.c
+++ b/usr.bin/sudo/check.c
@@ -67,7 +67,7 @@
 #include "sudo.h"
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: check.c,v 1.202 2001/12/14 19:52:47 millert Exp $";
+static const char rcsid[] = "$Sudo: check.c,v 1.203 2002/04/25 15:30:12 millert Exp $";
 #endif /* lint */
 
 /* Status codes for timestamp_status() */
@@ -196,9 +196,9 @@ expand_prompt(old_prompt, user, host)
 
     if (subst) {
 	new_prompt = (char *) emalloc(len + 1);
-	for (p = old_prompt, np = new_prompt; *p; p++) {
+	for (p = old_prompt, np = new_prompt, lastchar = '\0'; *p; p++) {
 	    if (lastchar == '%' && (*p == 'h' || *p == 'u' || *p == '%')) {
-		/* substiture user/host name */
+		/* substitute user/host name */
 		if (*p == 'h') {
 		    np--;
 		    strcpy(np, user_shost);
diff --git a/usr.bin/sudo/compat.h b/usr.bin/sudo/compat.h
index 2d5c0ad6e79..09f95e371ec 100644
--- a/usr.bin/sudo/compat.h
+++ b/usr.bin/sudo/compat.h
@@ -31,7 +31,7 @@
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $Sudo: compat.h,v 1.62 2002/01/08 15:00:18 millert Exp $
+ * $Sudo: compat.h,v 1.63 2002/01/25 18:38:22 millert Exp $
  */
 
 #ifndef _SUDO_COMPAT_H
@@ -245,4 +245,12 @@ typedef struct sigaction sigaction_t;
 # endif
 #endif
 
+/*
+ * HP-UX 9.x has RLIMIT_* but no RLIM_INFINITY.
+ * Using -1 works because we only check for RLIM_INFINITY and do not set it.
+ */
+#ifndef RLIM_INFINITY
+# define RLIM_INFINITY	(-1)
+#endif
+
 #endif /* _SUDO_COMPAT_H */
diff --git a/usr.bin/sudo/configure b/usr.bin/sudo/configure
index f5bec14b438..629bad316fb 100644
--- a/usr.bin/sudo/configure
+++ b/usr.bin/sudo/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by Autoconf 2.52 for sudo 1.6.5.
+# Generated by Autoconf 2.52 for sudo 1.6.6.
 #
 # Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
 # Free Software Foundation, Inc.
@@ -182,8 +182,8 @@ mandir='${prefix}/man'
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.6.5'
-PACKAGE_STRING='sudo 1.6.5'
+PACKAGE_VERSION='1.6.6'
+PACKAGE_STRING='sudo 1.6.6'
 PACKAGE_BUGREPORT=''
 
 ac_prev=
@@ -600,7 +600,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<EOF
-\`configure' configures sudo 1.6.5 to adapt to many kinds of systems.
+\`configure' configures sudo 1.6.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -661,7 +661,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.6.5:";;
+     short | recursive ) echo "Configuration of sudo 1.6.6:";;
    esac
   cat <<\EOF
 
@@ -804,7 +804,7 @@ fi
 test -n "$ac_init_help" && exit 0
 if $ac_init_version; then
   cat <<\EOF
-sudo configure 1.6.5
+sudo configure 1.6.6
 generated by GNU Autoconf 2.52
 
 Copyright 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001
@@ -819,7 +819,7 @@ cat >&5 <<EOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.6.5, which was
+It was created by sudo $as_me 1.6.6, which was
 generated by GNU Autoconf 2.52.  Invocation command line was
 
   $ $0 $@
@@ -1048,7 +1048,7 @@ rm -f conftest.sh
 
 ac_config_headers="$ac_config_headers config.h pathnames.h"
 
-echo "Configuring Sudo version 1.6.5"
+echo "Configuring Sudo version 1.6.6"
 
 timeout=5
 password_timeout=5
@@ -10971,7 +10971,7 @@ EOF
 
 cat >>$CONFIG_STATUS <<EOF
 ac_cs_version="\\
-sudo config.status 1.6.5
+sudo config.status 1.6.6
 configured by $0, generated by GNU Autoconf 2.52,
   with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\"
 
@@ -11053,7 +11053,7 @@ cat >&5 << _ACEOF
 ## Running config.status.  ##
 ## ----------------------- ##
 
-This file was extended by $as_me (sudo 1.6.5) 2.52, executed with
+This file was extended by $as_me (sudo 1.6.6) 2.52, executed with
   CONFIG_FILES    = $CONFIG_FILES
   CONFIG_HEADERS  = $CONFIG_HEADERS
   CONFIG_LINKS    = $CONFIG_LINKS
diff --git a/usr.bin/sudo/configure.in b/usr.bin/sudo/configure.in
index 977a55a53fc..9a818ff19a0 100644
--- a/usr.bin/sudo/configure.in
+++ b/usr.bin/sudo/configure.in
@@ -1,15 +1,15 @@
 dnl
 dnl Process this file with GNU autoconf to produce a configure script.
-dnl $Sudo: configure.in,v 1.348 2002/01/22 02:01:09 millert Exp $
+dnl $Sudo: configure.in,v 1.349 2002/04/18 15:41:30 millert Exp $
 dnl
 dnl Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
 dnl
-AC_INIT(sudo, 1.6.5)
+AC_INIT(sudo, 1.6.6)
 AC_CONFIG_HEADER(config.h pathnames.h)
 dnl
 dnl This won't work before AC_INIT()
 dnl
-echo "Configuring Sudo version 1.6.5"
+echo "Configuring Sudo version 1.6.6"
 dnl
 dnl Variables that get substituted in the Makefile and man pages
 dnl
diff --git a/usr.bin/sudo/env.c b/usr.bin/sudo/env.c
index 7bf3a0f3812..f49e51e37d5 100644
--- a/usr.bin/sudo/env.c
+++ b/usr.bin/sudo/env.c
@@ -62,7 +62,7 @@
 #include "sudo.h"
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: env.c,v 1.15 2002/01/15 23:43:58 millert Exp $";
+static const char rcsid[] = "$Sudo: env.c,v 1.16 2002/04/18 15:38:52 millert Exp $";
 #endif /* lint */
 
 /*
@@ -434,19 +434,16 @@ rebuild_env(sudo_mode, envp)
 
     /* Add the SUDO_COMMAND envariable (cmnd + args). */
     if (user_args) {
-	cp = emalloc(strlen(user_cmnd) + strlen(user_args) + 15);
-	sprintf(cp, "SUDO_COMMAND=%s %s", user_cmnd, user_args);
+	easprintf(&cp, "SUDO_COMMAND=%s %s", user_cmnd, user_args);
 	insert_env(newenvp, cp);
     } else
 	insert_env(newenvp, format_env("SUDO_COMMAND", user_cmnd));
 
     /* Add the SUDO_USER, SUDO_UID, SUDO_GID environment variables. */
     insert_env(newenvp, format_env("SUDO_USER", user_name));
-    cp = emalloc(MAX_UID_T_LEN + 10);
-    sprintf(cp, "SUDO_UID=%ld", (long) user_uid);
+    easprintf(&cp, "SUDO_UID=%ld", (long) user_uid);
     insert_env(newenvp, cp);
-    cp = emalloc(MAX_UID_T_LEN + 10);
-    sprintf(cp, "SUDO_GID=%ld", (long) user_gid);
+    easprintf(&cp, "SUDO_GID=%ld", (long) user_gid);
     insert_env(newenvp, cp);
 
     return(newenvp);
diff --git a/usr.bin/sudo/find_path.c b/usr.bin/sudo/find_path.c
index d06661e0d38..b4282cfa80b 100644
--- a/usr.bin/sudo/find_path.c
+++ b/usr.bin/sudo/find_path.c
@@ -61,7 +61,7 @@
 #include "sudo.h"
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: find_path.c,v 1.99 2001/12/14 19:52:47 millert Exp $";
+static const char rcsid[] = "$Sudo: find_path.c,v 1.98 2001/12/14 06:40:03 millert Exp $";
 #endif /* lint */
 
 /*
diff --git a/usr.bin/sudo/parse.c b/usr.bin/sudo/parse.c
index 8dd6e1f9827..97c03069fc6 100644
--- a/usr.bin/sudo/parse.c
+++ b/usr.bin/sudo/parse.c
@@ -2,8 +2,7 @@
  * Copyright (c) 1996, 1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
- * This code is derived from software contributed by Chris Jepeway
- * <jepeway@cs.utk.edu>.
+ * This code is derived from software contributed by Chris Jepeway.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -97,7 +96,7 @@
 #endif /* HAVE_FNMATCH */
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: parse.c,v 1.136 2002/01/08 15:00:18 millert Exp $";
+static const char rcsid[] = "$Sudo: parse.c,v 1.137 2002/03/16 00:44:47 millert Exp $";
 #endif /* lint */
 
 /*
diff --git a/usr.bin/sudo/parse.lex b/usr.bin/sudo/parse.lex
index 9daa32afe04..773be1b109e 100644
--- a/usr.bin/sudo/parse.lex
+++ b/usr.bin/sudo/parse.lex
@@ -3,8 +3,7 @@
  * Copyright (c) 1996, 1998-2001 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
- * This code is derived from software contributed by Chris Jepeway
- * <jepeway@cs.utk.edu>
+ * This code is derived from software contributed by Chris Jepeway.
  *
  * This code is derived from software contributed by Chris Jepeway
  * Redistribution and use in source and binary forms, with or without
@@ -69,7 +68,7 @@
 #include <sudo.tab.h>
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: parse.lex,v 1.118 2002/01/15 18:16:31 millert Exp $";
+static const char rcsid[] = "$Sudo: parse.lex,v 1.119 2002/03/16 00:44:47 millert Exp $";
 #endif /* lint */
 
 #undef yywrap		/* guard against a yywrap macro */
diff --git a/usr.bin/sudo/parse.yacc b/usr.bin/sudo/parse.yacc
index 4f7922b54a2..7a6fb4ef57c 100644
--- a/usr.bin/sudo/parse.yacc
+++ b/usr.bin/sudo/parse.yacc
@@ -3,8 +3,7 @@
  * Copyright (c) 1996, 1998-2001 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
- * This code is derived from software contributed by Chris Jepeway
- * <jepeway@cs.utk.edu>
+ * This code is derived from software contributed by Chris Jepeway.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -86,7 +85,7 @@
 #endif /* HAVE_LSEARCH */
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: parse.yacc,v 1.179 2001/12/30 18:41:12 millert Exp $";
+static const char rcsid[] = "$Sudo: parse.yacc,v 1.180 2002/03/16 00:44:47 millert Exp $";
 #endif /* lint */
 
 /*
diff --git a/usr.bin/sudo/sudo.8 b/usr.bin/sudo/sudo.8
index 5f84f9df867..3da7d91304b 100644
--- a/usr.bin/sudo/sudo.8
+++ b/usr.bin/sudo/sudo.8
@@ -1,5 +1,5 @@
 .\" Automatically generated by Pod::Man version 1.15
-.\" Wed Jan 16 16:36:09 2002
+.\" Thu Apr 25 09:34:52 2002
 .\"
 .\" Standard preamble:
 .\" ======================================================================
@@ -138,7 +138,7 @@
 .\" ======================================================================
 .\"
 .IX Title "sudo 8"
-.TH sudo 8 "1.6.5" "January 16, 2002" "MAINTENANCE COMMANDS"
+.TH sudo 8 "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS"
 .UC
 .SH "NAME"
 sudo \- execute a command as another user
diff --git a/usr.bin/sudo/sudo.c b/usr.bin/sudo/sudo.c
index d9cb4381fba..7c6f532e88c 100644
--- a/usr.bin/sudo/sudo.c
+++ b/usr.bin/sudo/sudo.c
@@ -370,9 +370,6 @@ main(argc, argv, envp)
 	(void) sigaction(SIGQUIT, &sa, NULL);
 	(void) sigaction(SIGTSTP, &sa, NULL);
 
-	/* Close the password file */
-	endpwent();
-
 	/* Override user's umask if configured to do so. */
 	if (def_ival(I_UMASK) != 0777)
 	    (void) umask(def_mode(I_UMASK));
@@ -385,6 +382,10 @@ main(argc, argv, envp)
 	/* Become specified user or root. */
 	set_perms(PERM_RUNAS, sudo_mode);
 
+	/* Close the password and group files */
+	endpwent();
+	endgrent();
+
 	/* Install the new environment. */
 	environ = new_environ;
 
diff --git a/usr.bin/sudo/sudoers.5 b/usr.bin/sudo/sudoers.5
index af5d9ab0a5b..15ff23b82ee 100644
--- a/usr.bin/sudo/sudoers.5
+++ b/usr.bin/sudo/sudoers.5
@@ -1,5 +1,5 @@
 .\" Automatically generated by Pod::Man version 1.15
-.\" Wed Jan 16 16:36:10 2002
+.\" Thu Apr 25 09:34:54 2002
 .\"
 .\" Standard preamble:
 .\" ======================================================================
@@ -138,7 +138,7 @@
 .\" ======================================================================
 .\"
 .IX Title "sudoers 5"
-.TH sudoers 5 "1.6.5" "January 16, 2002" "MAINTENANCE COMMANDS"
+.TH sudoers 5 "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS"
 .UC
 .SH "NAME"
 sudoers \- list of which users may execute what
diff --git a/usr.bin/sudo/testsudoers.c b/usr.bin/sudo/testsudoers.c
index be629e43252..88fc2afc1bf 100644
--- a/usr.bin/sudo/testsudoers.c
+++ b/usr.bin/sudo/testsudoers.c
@@ -2,8 +2,7 @@
  * Copyright (c) 1996, 1998-2001 Todd C. Miller <Todd.Miller@courtesan.com>
  * All rights reserved.
  *
- * This code is derived from software contributed by Chris Jepeway
- * <jepeway@cs.utk.edu>.
+ * This code is derived from software contributed by Chris Jepeway.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -83,7 +82,7 @@
 #endif /* HAVE_FNMATCH */
 
 #ifndef lint
-static const char rcsid[] = "$Sudo: testsudoers.c,v 1.75 2001/12/15 02:27:17 millert Exp $";
+static const char rcsid[] = "$Sudo: testsudoers.c,v 1.76 2002/03/16 00:44:48 millert Exp $";
 #endif /* lint */
 
 
diff --git a/usr.bin/sudo/version.h b/usr.bin/sudo/version.h
index 2fac13fdf7d..bc7b7c6a4d0 100644
--- a/usr.bin/sudo/version.h
+++ b/usr.bin/sudo/version.h
@@ -31,12 +31,12 @@
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * $Sudo: version.h,v 1.60 2002/01/16 21:26:27 millert Exp $
+ * $Sudo: version.h,v 1.61 2002/04/18 15:41:30 millert Exp $
  */
 
 #ifndef _SUDO_VERSION_H
 #define _SUDO_VERSION_H
 
-static const char version[] = "1.6.5p2";
+static const char version[] = "1.6.6";
 
 #endif /* _SUDO_VERSION_H */
diff --git a/usr.bin/sudo/visudo.8 b/usr.bin/sudo/visudo.8
index b7376bfd3f3..23aaee92ab3 100644
--- a/usr.bin/sudo/visudo.8
+++ b/usr.bin/sudo/visudo.8
@@ -1,5 +1,5 @@
 .\" Automatically generated by Pod::Man version 1.15
-.\" Wed Jan 16 16:36:10 2002
+.\" Thu Apr 25 09:34:54 2002
 .\"
 .\" Standard preamble:
 .\" ======================================================================
@@ -138,7 +138,7 @@
 .\" ======================================================================
 .\"
 .IX Title "visudo 8"
-.TH visudo 8 "1.6.5" "January 16, 2002" "MAINTENANCE COMMANDS"
+.TH visudo 8 "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS"
 .UC
 .SH "NAME"
 visudo \- edit the sudoers file