This patch will upgrade Sudo version 1.9.4 patchlevel 1 to Sudo
version 1.9.4 patchlevel 2.  To apply:

    $ cd sudo-1.9.4p1
    $ patch -p1 < sudo-1.9.4p2.patch

diff -urNa sudo-1.9.4p1/ChangeLog sudo-1.9.4p2/ChangeLog
--- sudo-1.9.4p1/ChangeLog	Wed Dec 16 18:37:31 2020
+++ sudo-1.9.4p2/ChangeLog	Sun Dec 20 08:51:54 2020
@@ -1,8 +1,37 @@
+2020-12-20  Todd C. Miller  <Todd.Miller@sudo.ws>
+
+	* .hgtags:
+	Added tag SUDO_1_9_4p2 for changeset 8aed5221ede9
+	[a74faf363dbb] [tip] <1.9>
+
+	* merge sudo 1.9.4p2 from tip
+	[8aed5221ede9] [SUDO_1_9_4p2] <1.9>
+
+	* NEWS, configure, configure.ac:
+	Sudo 1.9.4p2
+	[8bb8ec358990]
+
+	* plugins/sudoers/sudoers.c:
+	The runas user must be set before applying runas-based Defaults.
+	This effectively backs out changeset f738f5ac5350, which made it
+	possible to log the command when an invalid user was specified. The
+	policy plugin API doesn't supply the command until the check
+	function, at which point we've already denied the command due to the
+	invalid user. Bug #951.
+	[8a415f555cf9]
+
+2020-12-18  Todd C. Miller  <Todd.Miller@sudo.ws>
+
+	* etc/uncrustify-small.cfg, etc/uncrustify.cfg:
+	Don't enable mod_remove_empty_return We like to use an empty return
+	for stub functions.
+	[018ef129dc24]
+
 2020-12-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 
 	* .hgtags:
 	Added tag SUDO_1_9_4p1 for changeset 8f65fd9f0f57
-	[e27e424f9f56] [tip] <1.9>
+	[e27e424f9f56] <1.9>
 
 	* merge sudo 1.9.4p1 from tip
 	[8f65fd9f0f57] [SUDO_1_9_4p1] <1.9>
diff -urNa sudo-1.9.4p1/NEWS sudo-1.9.4p2/NEWS
--- sudo-1.9.4p1/NEWS	Wed Dec 16 18:34:30 2020
+++ sudo-1.9.4p2/NEWS	Sun Dec 20 08:51:07 2020
@@ -1,3 +1,9 @@
+What's new in Sudo 1.9.4p2
+
+ * Fixed a bug introduced in sudo 1.9.4p1 which could lead to a crash
+   if the sudoers file contains a runas user-specific Defaults entry.
+   Bug #951.
+
 What's new in Sudo 1.9.4p1
 
  * Sudo on macOS now supports users with more than 16 groups without
diff -urNa sudo-1.9.4p1/configure sudo-1.9.4p2/configure
--- sudo-1.9.4p1/configure	Wed Dec 16 18:34:30 2020
+++ sudo-1.9.4p2/configure	Sun Dec 20 08:51:07 2020
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.9.4p1.
+# Generated by GNU Autoconf 2.69 for sudo 1.9.4p2.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.4p1'
-PACKAGE_STRING='sudo 1.9.4p1'
+PACKAGE_VERSION='1.9.4p2'
+PACKAGE_STRING='sudo 1.9.4p2'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1584,7 +1584,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.4p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.4p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1650,7 +1650,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.4p1:";;
+     short | recursive ) echo "Configuration of sudo 1.9.4p2:";;
    esac
   cat <<\_ACEOF
 
@@ -1924,7 +1924,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.4p1
+sudo configure 1.9.4p2
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2633,7 +2633,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.4p1, which was
+It was created by sudo $as_me 1.9.4p2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -28755,7 +28755,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.4p1, which was
+This file was extended by sudo $as_me 1.9.4p2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -28821,7 +28821,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.9.4p1
+sudo config.status 1.9.4p2
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.9.4p1/configure.ac sudo-1.9.4p2/configure.ac
--- sudo-1.9.4p1/configure.ac	Wed Dec 16 18:34:30 2020
+++ sudo-1.9.4p2/configure.ac	Sun Dec 20 08:51:07 2020
@@ -18,7 +18,7 @@
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.9.4p1], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.4p2], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl
diff -urNa sudo-1.9.4p1/plugins/sudoers/sudoers.c sudo-1.9.4p2/plugins/sudoers/sudoers.c
--- sudo-1.9.4p1/plugins/sudoers/sudoers.c	Wed Dec 16 18:34:30 2020
+++ sudo-1.9.4p2/plugins/sudoers/sudoers.c	Sun Dec 20 08:51:07 2020
@@ -393,23 +393,6 @@
 	}
     }
 
-    /*
-     * Set runas passwd/group entries based on command line or sudoers.
-     * Note that if runas_group was specified without runas_user we
-     * run the command as the invoking user.
-     */
-    if (sudo_user.runas_group != NULL) {
-	if (!set_runasgr(sudo_user.runas_group, false))
-	    goto done;
-	if (!set_runaspw(sudo_user.runas_user ?
-		sudo_user.runas_user : user_name, false))
-	    goto done;
-    } else {
-	if (!set_runaspw(sudo_user.runas_user ?
-		sudo_user.runas_user : def_runas_default, false))
-	    goto done;
-    }
-
     /* If given the -P option, set the "preserve_groups" flag. */
     if (ISSET(sudo_mode, MODE_PRESERVE_GROUPS))
 	def_preserve_groups = true;
@@ -873,6 +856,23 @@
 	log_warningx(SLOG_SEND_MAIL, N_("unknown uid: %u"),
 	    (unsigned int) user_uid);
 	debug_return_bool(false);
+    }
+
+    /*
+     * Set runas passwd/group entries based on command line or sudoers.
+     * Note that if runas_group was specified without runas_user we
+     * run the command as the invoking user.
+     */
+    if (sudo_user.runas_group != NULL) {
+	if (!set_runasgr(sudo_user.runas_group, false))
+	    debug_return_bool(false);
+	if (!set_runaspw(sudo_user.runas_user ?
+		sudo_user.runas_user : user_name, false))
+	    debug_return_bool(false);
+    } else {
+	if (!set_runaspw(sudo_user.runas_user ?
+		sudo_user.runas_user : def_runas_default, false))
+	    debug_return_bool(false);
     }
 
     debug_return_bool(true);