This patch will upgrade Sudo version 1.9.8 patchlevel 1 to Sudo
version 1.9.8 patchlevel 2.  To apply:

    $ cd sudo-1.9.8p1
    $ patch -p1 < sudo-1.9.8p2.patch

diff -urNa sudo-1.9.8p1/ChangeLog sudo-1.9.8p2/ChangeLog
--- sudo-1.9.8p1/ChangeLog	Thu Sep 16 11:39:13 2021
+++ sudo-1.9.8p2/ChangeLog	Mon Sep 20 18:45:19 2021
@@ -1,8 +1,48 @@
+2021-09-20  Todd C. Miller  <Todd.Miller@sudo.ws>
+
+	* .hgtags:
+	Added tag SUDO_1_9_8p2 for changeset 9edebc604c58
+	[67357c8687d3] [tip] <1.9>
+
+	* NEWS, configure, configure.ac:
+	Sudo 1.9.8p2
+	[9edebc604c58] [SUDO_1_9_8p2] <1.9>
+
+	* logsrvd/logsrvd_journal.c:
+	Reuse existing journal file for an accepted/rejected sub-command.
+	Otherwise we end up with zero-length files in the incoming queue dir
+	and may end up relaying one of those instead of the actual journal
+	file.
+	[4789371a43f3] <1.9>
+
+	* plugins/sudoers/auth/pam.c:
+	Don't re-initialize PAM for sub-commands.
+	[41d7d61e4ac5] <1.9>
+
+	* logsrvd/logsrvd_local.c:
+	sudo_logsrvd: only send log ID for first command of a session There
+	is no need to send the log ID for each sub-command.
+	[e21b40af74f2] <1.9>
+
+	* plugins/sudoers/log_client.c:
+	Only store the first log id received from the server. Plugs a small
+	memory leak in intercept mode if the log server sends the log ID
+	again for sub-commands.
+	[e20563f3e152] <1.9>
+
+2021-09-19  Todd C. Miller  <Todd.Miller@sudo.ws>
+
+	* plugins/sudoers/sudoers.c:
+	sudo -i: missing NULL terminator when moving argv to make room for
+	--login Fixes a potential crash for "sudo -i" when the target user
+	has bash as the shell (which needs the --login option). Bug #998.
+	[32644aae1eab] <1.9>
+
 2021-09-16  Todd C. Miller  <Todd.Miller@sudo.ws>
 
 	* .hgtags:
 	Added tag SUDO_1_9_8p1 for changeset feb396a0d60d
-	[e5f560a935fc] [tip] <1.9>
+	[e5f560a935fc] <1.9>
 
 	* configure, configure.ac:
 	Merge sudo 1.9.8p1 from tip
diff -urNa sudo-1.9.8p1/NEWS sudo-1.9.8p2/NEWS
--- sudo-1.9.8p1/NEWS	Thu Sep 16 11:37:37 2021
+++ sudo-1.9.8p2/NEWS	Mon Sep 20 18:41:06 2021
@@ -1,3 +1,19 @@
+What's new in Sudo 1.9.8p2
+
+ * Fixed a potential out-of-bounds read with "sudo -i" when the
+   target user's shell is bash.  This is a regression introduced
+   in sudo 1.9.8.  Bug #998.
+
+ * sudo_logsrvd now only sends a log ID for first command of a session.
+   There is no need to send the log ID for each sub-command.
+
+ * Fixed a few minor memory leaks in intercept mode.
+
+ * Fixed a problem with sudo_logsrvd in relay mode if "store_first"
+   was enabled when handling sub-commands.  A new zero-length journal
+   file was created for each sub-command instead of simply using
+   the existing journal file.
+
 What's new in Sudo 1.9.8p1
 
  * Fixed support for passing a prompt (sudo -p) or a login class
diff -urNa sudo-1.9.8p1/configure sudo-1.9.8p2/configure
--- sudo-1.9.8p1/configure	Thu Sep 16 11:37:37 2021
+++ sudo-1.9.8p2/configure	Mon Sep 20 18:41:06 2021
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.71 for sudo 1.9.8p1.
+# Generated by GNU Autoconf 2.71 for sudo 1.9.8p2.
 #
 # Report bugs to <https://bugzilla.sudo.ws/>.
 #
@@ -621,8 +621,8 @@
 # Identity of this package.
 PACKAGE_NAME='sudo'
 PACKAGE_TARNAME='sudo'
-PACKAGE_VERSION='1.9.8p1'
-PACKAGE_STRING='sudo 1.9.8p1'
+PACKAGE_VERSION='1.9.8p2'
+PACKAGE_STRING='sudo 1.9.8p2'
 PACKAGE_BUGREPORT='https://bugzilla.sudo.ws/'
 PACKAGE_URL=''
 
@@ -1631,7 +1631,7 @@
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures sudo 1.9.8p1 to adapt to many kinds of systems.
+\`configure' configures sudo 1.9.8p2 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1697,7 +1697,7 @@
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of sudo 1.9.8p1:";;
+     short | recursive ) echo "Configuration of sudo 1.9.8p2:";;
    esac
   cat <<\_ACEOF
 
@@ -1982,7 +1982,7 @@
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-sudo configure 1.9.8p1
+sudo configure 1.9.8p2
 generated by GNU Autoconf 2.71
 
 Copyright (C) 2021 Free Software Foundation, Inc.
@@ -2639,7 +2639,7 @@
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by sudo $as_me 1.9.8p1, which was
+It was created by sudo $as_me 1.9.8p2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   $ $0$ac_configure_args_raw
@@ -31497,7 +31497,7 @@
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by sudo $as_me 1.9.8p1, which was
+This file was extended by sudo $as_me 1.9.8p2, which was
 generated by GNU Autoconf 2.71.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -31565,7 +31565,7 @@
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config='$ac_cs_config_escaped'
 ac_cs_version="\\
-sudo config.status 1.9.8p1
+sudo config.status 1.9.8p2
 configured by $0, generated by GNU Autoconf 2.71,
   with options \\"\$ac_cs_config\\"
 
diff -urNa sudo-1.9.8p1/configure.ac sudo-1.9.8p2/configure.ac
--- sudo-1.9.8p1/configure.ac	Thu Sep 16 11:37:37 2021
+++ sudo-1.9.8p2/configure.ac	Mon Sep 20 18:41:06 2021
@@ -18,7 +18,7 @@
 dnl OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 dnl
 AC_PREREQ([2.70])
-AC_INIT([sudo], [1.9.8p1], [https://bugzilla.sudo.ws/], [sudo])
+AC_INIT([sudo], [1.9.8p2], [https://bugzilla.sudo.ws/], [sudo])
 AC_CONFIG_HEADERS([config.h pathnames.h])
 AC_CONFIG_SRCDIR([src/sudo.c])
 AC_CONFIG_AUX_DIR([scripts])
diff -urNa sudo-1.9.8p1/logsrvd/logsrvd_journal.c sudo-1.9.8p2/logsrvd/logsrvd_journal.c
--- sudo-1.9.8p1/logsrvd/logsrvd_journal.c	Thu Sep 16 11:02:21 2021
+++ sudo-1.9.8p2/logsrvd/logsrvd_journal.c	Mon Sep 20 15:48:11 2021
@@ -470,6 +470,11 @@
 {
     debug_decl(journal_accept, SUDO_DEBUG_UTIL);
 
+    if (closure->journal_path != NULL) {
+	/* Re-use existing journal file. */
+	debug_return_bool(journal_write(buf, len, closure));
+    }
+
     /* Store message in a journal for later relaying. */
     if (!journal_create(closure))
 	debug_return_bool(false);
@@ -500,8 +505,10 @@
     debug_decl(journal_reject, SUDO_DEBUG_UTIL);
 
     /* Store message in a journal for later relaying. */
-    if (!journal_create(closure))
-	debug_return_bool(false);
+    if (closure->journal_path == NULL) {
+	if (!journal_create(closure))
+	    debug_return_bool(false);
+    }
     if (!journal_write(buf, len, closure))
 	debug_return_bool(false);
 
diff -urNa sudo-1.9.8p1/logsrvd/logsrvd_local.c sudo-1.9.8p2/logsrvd/logsrvd_local.c
--- sudo-1.9.8p1/logsrvd/logsrvd_local.c	Thu Sep 16 11:02:21 2021
+++ sudo-1.9.8p2/logsrvd/logsrvd_local.c	Mon Sep 20 15:48:10 2021
@@ -140,6 +140,7 @@
     struct connection_closure *closure)
 {
     struct logsrvd_info_closure info = { msg->info_msgs, msg->n_info_msgs };
+    bool new_session = closure->evlog == NULL;
     struct eventlog *evlog = NULL;
     char *log_id = NULL;
     bool ret = false;
@@ -154,7 +155,7 @@
     }
 
     /* Additional setup for the initial command in the session. */
-    if (closure->evlog == NULL) {
+    if (new_session) {
 	closure->evlog = evlog;
 
 	/* Create I/O log info file and parent directories. */
@@ -187,7 +188,7 @@
 	goto done;
     }
 
-    if (log_id != NULL) {
+    if (new_session && log_id != NULL) {
 	/* Send log ID to client for restarting connections. */
 	if (!fmt_log_id_message(log_id, closure))
 	    goto done;
diff -urNa sudo-1.9.8p1/plugins/sudoers/auth/pam.c sudo-1.9.8p2/plugins/sudoers/auth/pam.c
--- sudo-1.9.8p1/plugins/sudoers/auth/pam.c	Thu Sep 16 11:02:22 2021
+++ sudo-1.9.8p2/plugins/sudoers/auth/pam.c	Mon Sep 20 15:48:11 2021
@@ -198,12 +198,10 @@
     /* Stash pointer to last pam status. */
     auth->data = &pam_status;
 
-#ifdef _AIX
     if (pamh != NULL) {
-	/* Already initialized (may happen with AIX). */
+	/* Already initialized (may happen with AIX or with sub-commands). */
 	debug_return_int(AUTH_SUCCESS);
     }
-#endif /* _AIX */
 
     /* Initial PAM. */
     pam_service = ISSET(sudo_mode, MODE_LOGIN_SHELL) ?
diff -urNa sudo-1.9.8p1/plugins/sudoers/log_client.c sudo-1.9.8p2/plugins/sudoers/log_client.c
--- sudo-1.9.8p1/plugins/sudoers/log_client.c	Thu Sep 16 11:02:22 2021
+++ sudo-1.9.8p2/plugins/sudoers/log_client.c	Mon Sep 20 15:48:10 2021
@@ -1553,8 +1553,10 @@
     debug_decl(handle_log_id, SUDOERS_DEBUG_UTIL);
 
     sudo_debug_printf(SUDO_DEBUG_INFO, "%s: remote log ID: %s", __func__, id);
-    if ((closure->iolog_id = strdup(id)) == NULL)
-	sudo_fatal(NULL);
+    if (closure->iolog_id != NULL) {
+	if ((closure->iolog_id = strdup(id)) == NULL)
+	    sudo_fatal(NULL);
+    }
     debug_return_bool(true);
 }
 
diff -urNa sudo-1.9.8p1/plugins/sudoers/sudoers.c sudo-1.9.8p2/plugins/sudoers/sudoers.c
--- sudo-1.9.8p1/plugins/sudoers/sudoers.c	Thu Sep 16 11:02:23 2021
+++ sudo-1.9.8p2/plugins/sudoers/sudoers.c	Mon Sep 20 15:48:09 2021
@@ -725,7 +725,7 @@
 	if (NewArgc > 1 && strcmp(NewArgv[0], "-bash") == 0 &&
 	    strcmp(NewArgv[1], "-c") == 0) {
 	    /* We allocated extra space for the --login above. */
-	    memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * (NewArgc - 1));
+	    memmove(&NewArgv[2], &NewArgv[1], sizeof(char *) * NewArgc);
 	    NewArgv[1] = "--login";
 	    NewArgc++;
 	}