This patch will upgrade Sudo version 1.9.5 to Sudo version 1.9.5
patchlevel 1.  To apply:

    $ cd sudo-1.9.5
    $ patch -p1 < sudo-1.9.5p1.patch

diff -urNa sudo-1.9.5/ChangeLog sudo-1.9.5p1/ChangeLog
--- sudo-1.9.5/ChangeLog	Sat Jan  9 13:13:31 2021
+++ sudo-1.9.5p1/ChangeLog	Mon Jan 11 18:51:09 2021
@@ -1,8 +1,35 @@
+2021-01-11  Todd C. Miller  <Todd.Miller@sudo.ws>
+
+	* .hgtags:
+	Added tag SUDO_1_9_5p1 for changeset 3a873a732416
+	[e837c76279bc] [tip] <1.9>
+
+	* Merge sudo 1.9.5p1 from tip
+	[3a873a732416] [SUDO_1_9_5p1] <1.9>
+
+	* NEWS, configure, configure.ac:
+	Sudo 1.9.5p1
+	[2dbbab94d4b6]
+
+	* src/sudo_edit.c:
+	Run the editor with the user's real and effective uid and gid. Fixes
+	a bug introduced in sudo 1.9.5 where the editor was run setuid root
+	unless SELinux RBAC was in use.
+	[30fe53c07aa7]
+
+	* NEWS:
+	fix typo
+	[52e7767881ba]
+
+	* src/copy_file.c, src/edit_open.c:
+	Add casts to quiet two warnings on Solaris.
+	[f76126f6d68d]
+
 2021-01-09  Todd C. Miller  <Todd.Miller@sudo.ws>
 
 	* .hgtags:
 	Added tag SUDO_1_9_5 for changeset 4059f5520d9d
-	[ee76c8a938de] [tip] <1.9>
+	[ee76c8a938de] <1.9>
 
 	* Merge sudo 1.9.5 from tip
 	[4059f5520d9d] [SUDO_1_9_5] <1.9>
diff -urNa sudo-1.9.5/NEWS sudo-1.9.5p1/NEWS
--- sudo-1.9.5/NEWS	Sat Jan  9 13:12:16 2021
+++ sudo-1.9.5p1/NEWS	Mon Jan 11 18:48:04 2021
@@ -1,3 +1,9 @@
+What's new in Sudo 1.9.5p1
+
+ * Fixed a regression introduced in sudo 1.9.5 where the editor run
+   by sudoedit was set-user-ID root unless SELinux RBAC was in use.
+   The editor is now run with the user's real and effective user-IDs.
+
 What's new in Sudo 1.9.5
 
  * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an
@@ -15,7 +21,7 @@
    actually exploitable since the allocated buffer is large enough
    to hold the list of addresses.
 
- * If sudo is executed with a name other that "sudo" or "sudoedit",
+ * If sudo is executed with a name other than "sudo" or "sudoedit",
    it will now fall back to "sudo" as the program name.  This affects
    warning, help and usage messages as well as the matching of Debug
    lines in the /etc/sudo.conf file.  Previously, it was possible
diff -urNa sudo-1.9.5/configure sudo-1.9.5p1/configure
--- sudo-1.9.5/configure	Sat Jan  9 13:12:16 2021
+++ sudo-1.9.5p1/configure	Mon Jan 11 18:48:04 2021
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for sudo 1.9.5.
+# Generated by GNU Autoconf 2.69 for sudo 1.9.5p1.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -590,8 +590,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.5'
-PACKAGE_STRING='sudo 1.9.5'
+PACKAGE_VERSION='1.9.5p1'
+PACKAGE_STRING='sudo 1.9.5p1'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1584,7 +1584,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.5 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.5p1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1650,7 +1650,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.5:";;
+     short | recursive ) echo "Configuration of sudo 1.9.5p1:";;
    esac
   cat <<\_ACEOF
 
@@ -1924,7 +1924,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.5
+sudo configure 1.9.5p1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2633,7 +2633,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.5, which was
+It was created by sudo $as_me 1.9.5p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -28816,7 +28816,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.5, which was
+This file was extended by sudo $as_me 1.9.5p1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -28882,7 +28882,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-sudo config.status 1.9.5
+sudo config.status 1.9.5p1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.9.5/configure.ac sudo-1.9.5p1/configure.ac
--- sudo-1.9.5/configure.ac	Sat Jan  9 13:12:16 2021
+++ sudo-1.9.5p1/configure.ac	Mon Jan 11 18:48:04 2021
@@ -18,7 +18,7 @@
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.59])
-AC_INIT([sudo], [1.9.5], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.5p1], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 dnl
diff -urNa sudo-1.9.5/src/copy_file.c sudo-1.9.5p1/src/copy_file.c
--- sudo-1.9.5/src/copy_file.c	Sat Jan  9 13:12:16 2021
+++ sudo-1.9.5p1/src/copy_file.c	Mon Jan 11 18:48:04 2021
@@ -155,7 +155,8 @@
 	debug_return_bool(false);
     }
     if ((sb->st_mode & ALLPERMS) != (S_IRUSR|S_IWUSR)) {
-	sudo_warnx(U_("%s: bad file mode: 0%o"), tfile, sb->st_mode & ALLPERMS);
+	sudo_warnx(U_("%s: bad file mode: 0%o"), tfile,
+	    (unsigned int)(sb->st_mode & ALLPERMS));
 	debug_return_bool(false);
     }
     if (sb->st_uid != uid) {
diff -urNa sudo-1.9.5/src/edit_open.c sudo-1.9.5p1/src/edit_open.c
--- sudo-1.9.5/src/edit_open.c	Sat Jan  9 13:12:16 2021
+++ sudo-1.9.5p1/src/edit_open.c	Mon Jan 11 18:48:04 2021
@@ -132,8 +132,8 @@
     for (i = 0; i < cred->ngroups; i++) {
 	if (target == cred->groups[i]) {
 	    sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
-		"user gid %u matches directory gid %u", cred->groups[i],
-		(unsigned int)target);
+		"user gid %u matches directory gid %u",
+		(unsigned int)cred->groups[i], (unsigned int)target);
 	    debug_return_bool(true);
 	}
     }
diff -urNa sudo-1.9.5/src/sudo_edit.c sudo-1.9.5p1/src/sudo_edit.c
--- sudo-1.9.5/src/sudo_edit.c	Sat Jan  9 13:12:16 2021
+++ sudo-1.9.5p1/src/sudo_edit.c	Mon Jan 11 18:48:04 2021
@@ -709,8 +709,9 @@
     nargv[ac] = NULL;
 
     /*
-     * Run the editor with the invoking user's creds,
-     * keeping track of the time spent in the editor.
+     * Run the editor with the invoking user's creds and drop setuid.
+     * Keep track of the time spent in the editor to distinguish between
+     * a user editing a file and a program doing it.
      * XXX - should run editor with user's context
      */
     if (sudo_gettime_real(&times[0]) == -1) {
@@ -719,6 +720,8 @@
     }
     memcpy(&saved_command_details, command_details, sizeof(struct command_details));
     command_details->cred = user_details.cred;
+    command_details->cred.euid = user_details.cred.uid;
+    command_details->cred.egid = user_details.cred.gid;
     command_details->argv = nargv;
     ret = run_command(command_details);
     if (sudo_gettime_real(&times[1]) == -1) {