1 --- sudo-1.6.8p12.orig/sudoers.man.in
2 +++ sudo-1.6.8p12/sudoers.man.in
5 .IX Item "exempt_group"
6 Users in this group are exempt from password and \s-1PATH\s0 requirements.
7 -This is not set by default.
8 +On Debian systems, this is set to the group 'sudo' by default.
11 This option controls when a password will be required when a user runs
12 --- sudo-1.6.8p12.orig/sudo.man.in
13 +++ sudo-1.6.8p12/sudo.man.in
15 \&\fBsudo\fR determines who is an authorized user by consulting the file
16 \&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user
17 can update the time stamp without running a \fIcommand.\fR The password
18 -prompt itself will also time out if the user's password is not
19 -entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via
20 +prompt itself will not time out in Debian's version (unless overridden via
23 If a user who is not listed in the \fIsudoers\fR file tries to run a
24 --- sudo-1.6.8p12.orig/parse.yacc
25 +++ sudo-1.6.8p12/parse.yacc
28 match[top].user = UNSPEC; \
29 match[top].cmnd = UNSPEC; \
30 + match[top].cmndall= UNSPEC; \
31 match[top].host = UNSPEC; \
32 match[top].runas = UNSPEC; \
33 match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
36 match[top].user = match[top-1].user; \
37 match[top].cmnd = match[top-1].cmnd; \
38 + match[top].cmndall= match[top-1].cmndall; \
39 match[top].host = match[top-1].host; \
40 match[top].runas = match[top-1].runas; \
41 match[top].nopass = match[top-1].nopass; \
46 + SETMATCH(cmnd_all, TRUE);
54 + SETMATCH(cmnd_all, FALSE);
57 if (printmatches == TRUE) {
62 + SETMATCH(cmnd_all, FALSE);
66 --- sudo-1.6.8p12.orig/env.c
67 +++ sudo-1.6.8p12/env.c
72 -char **rebuild_env __P((char **, int, int));
73 +char **rebuild_env __P((char **, int, int, int));
74 char **zero_env __P((char **));
75 static void insert_env __P((char *, int));
76 static char *format_env __P((char *, ...));
78 static const char *initial_badenv_table[] = {
100 * Also adds sudo-specific variables (SUDO_*).
103 -rebuild_env(envp, sudo_mode, noexec)
104 +rebuild_env(envp, sudo_mode, noexec, noclean)
110 char **ep, *cp, *ps1;
111 int okvar, iswild, didvar;
115 for (ep = envp; *ep; ep++) {
119 /* Skip variables with values beginning with () (bash functions) */
120 if ((cp = strchr(*ep, '=')) != NULL) {
124 /* Skip anything listed in env_delete. */
126 for (cur = def_env_delete; cur && okvar; cur = cur->next) {
127 len = strlen(cur->value);
128 /* Deal with '*' wildcard */
135 /* Check certain variables for '%' and '/' characters. */
136 - for (cur = def_env_check; cur && okvar; cur = cur->next) {
137 + for (cur = def_env_check; cur; cur = cur->next) {
138 len = strlen(cur->value);
139 /* Deal with '*' wildcard */
140 if (cur->value[len - 1] == '*') {
143 if (strncmp(cur->value, *ep, len) == 0 &&
144 (iswild || (*ep)[len] == '=') &&
145 - strpbrk(*ep, "/%")) {
147 + strpbrk(*ep, "/%") == NULL) {
152 + /* keep variables in env_keep */
153 + for (cur = def_env_keep; cur; cur = cur->next) {
154 + len = strlen(cur->value);
155 + /* Deal with '*' wildcard */
156 + if (cur->value[len - 1] == '*') {
161 + if (strncmp(cur->value, *ep, len) == 0 &&
162 + (iswild || (*ep)[len] == '=')) {
168 --- sudo-1.6.8p12.orig/sudoers.pod
169 +++ sudo-1.6.8p12/sudoers.pod
172 Cmnd_Alias ::= NAME '=' Cmnd_List
174 - NAME ::= [A-Z]([A-Z][0-9]_)*
175 + NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
177 Each I<alias> definition is of the form
183 -two consecutive C<%> characters are collaped into a single C<%> character
184 +two consecutive C<%> characters are collapsed into a single C<%> character
192 -Users in this group are exempt from password and PATH requirements.
193 -This is not set by default.
194 +Users in this group are exempt from password and PATH requirements. This
195 +option is turned on for Debian.
199 --- sudo-1.6.8p12.orig/ins_classic.h
200 +++ sudo-1.6.8p12/ins_classic.h
202 "Where did you learn to type?",
204 "My pet ferret can type better than you!",
205 - "You type like i drive.",
206 + "You type like I drive.",
207 "Do you think like you type?",
208 "Your mind just hasn't been the same since the electro-shock, has it?",
210 --- sudo-1.6.8p12.orig/config.guess
211 +++ sudo-1.6.8p12/config.guess
214 # Attempt to guess a canonical system name.
215 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
216 -# 2000, 2001, 2002 Free Software Foundation, Inc.
218 -# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $
219 +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
221 -timestamp='2002-11-30'
222 +timestamp='2005-08-03'
224 # This file is free software; you can redistribute it and/or modify it
225 # under the terms of the GNU General Public License as published by
228 # You should have received a copy of the GNU General Public License
229 # along with this program; if not, write to the Free Software
230 -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
231 +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
234 # As a special exception to the GNU General Public License, if you
235 # distribute this file as part of a program that contains a
236 # configuration script generated by Autoconf, you may include it under
237 # the same distribution terms that you use for the rest of that program.
240 # Originally written by Per Bothner <per@bothner.com>.
241 # Please send patches to <config-patches@gnu.org>. Submit a context
242 # diff and a properly formatted ChangeLog entry.
244 GNU config.guess ($timestamp)
246 Originally written by Per Bothner.
247 -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
248 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
249 Free Software Foundation, Inc.
251 This is free software; see the source for copying conditions. There is NO
253 while test $# -gt 0 ; do
255 --time-stamp | --time* | -t )
256 - echo "$timestamp" ; exit 0 ;;
257 + echo "$timestamp" ; exit ;;
259 - echo "$version" ; exit 0 ;;
260 + echo "$version" ; exit ;;
262 - echo "$usage"; exit 0 ;;
263 + echo "$usage"; exit ;;
264 -- ) # Stop option processing
266 - ) # Use stdin as input.
267 @@ -100,14 +100,18 @@
268 # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
269 # use `HOST_CC' if defined, but it is deprecated.
271 -# This shell variable is my proudest work .. or something. --bje
272 +# Portable tmp directory creation inspired by the Autoconf team.
274 -set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
275 -(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
276 - || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
277 -dummy=$tmpdir/dummy ;
278 -files="$dummy.c $dummy.o $dummy.rel $dummy" ;
279 -trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
281 +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
282 +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
284 + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
285 + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
286 + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
287 + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
289 +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
290 case $CC_FOR_BUILD,$HOST_CC,$CC in
291 ,,) echo "int x;" > $dummy.c ;
292 for c in cc gcc c89 c99 ; do
293 @@ -115,15 +119,13 @@
294 CC_FOR_BUILD="$c"; break ;
298 if test x"$CC_FOR_BUILD" = x ; then
299 CC_FOR_BUILD=no_compiler_found ;
302 ,,*) CC_FOR_BUILD=$CC ;;
303 ,*,*) CC_FOR_BUILD=$HOST_CC ;;
306 +esac ; set_cc_for_build= ;'
308 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
309 # (ghazi@noc.rutgers.edu 1994-08-24)
310 @@ -196,104 +198,109 @@
311 # contains redundant information, the shorter form:
312 # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
313 echo "${machine}-${os}${release}"
317 UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
318 echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
322 + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
325 + echo powerppc-unknown-mirbsd${UNAME_RELEASE}
328 + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
331 - if test $UNAME_RELEASE = "V4.0"; then
332 + case $UNAME_RELEASE in
334 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
338 + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
341 + # According to Compaq, /usr/sbin/psrinfo has been available on
342 + # OSF/1 and Tru64 systems produced since 1995. I hope that
343 + # covers most systems running today. This code pipes the CPU
344 + # types through head -n 1, so we only detect the type of CPU 0.
345 + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
346 + case "$ALPHA_CPU_TYPE" in
348 + UNAME_MACHINE="alpha" ;;
350 + UNAME_MACHINE="alpha" ;;
351 + "LCA4 (21066/21068)")
352 + UNAME_MACHINE="alpha" ;;
354 + UNAME_MACHINE="alphaev5" ;;
356 + UNAME_MACHINE="alphaev56" ;;
358 + UNAME_MACHINE="alphapca56" ;;
360 + UNAME_MACHINE="alphapca57" ;;
362 + UNAME_MACHINE="alphaev6" ;;
364 + UNAME_MACHINE="alphaev67" ;;
365 + "EV6.8CB (21264C)")
366 + UNAME_MACHINE="alphaev68" ;;
367 + "EV6.8AL (21264B)")
368 + UNAME_MACHINE="alphaev68" ;;
369 + "EV6.8CX (21264D)")
370 + UNAME_MACHINE="alphaev68" ;;
371 + "EV6.9A (21264/EV69A)")
372 + UNAME_MACHINE="alphaev69" ;;
374 + UNAME_MACHINE="alphaev7" ;;
376 + UNAME_MACHINE="alphaev79" ;;
378 + # A Pn.n version is a patched version.
379 # A Vn.n version is a released version.
380 # A Tn.n version is a released field test version.
381 # A Xn.n version is an unreleased experimental baselevel.
382 # 1.2 uses "1.2" for uname -r.
383 - eval $set_cc_for_build
384 - cat <<EOF >$dummy.s
387 - .byte 37,100,45,37,120,10,0 # "%d-%x\n"
394 - .frame \$30,16,\$26,0
397 - .long 0x47e03d80 # implver \$0
399 - .long 0x47e20c21 # amask \$2,\$1
409 - $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null
410 - if test "$?" = 0 ; then
413 - UNAME_MACHINE="alpha"
416 - UNAME_MACHINE="alphaev5"
419 - UNAME_MACHINE="alphaev56"
422 - UNAME_MACHINE="alphapca56"
425 - UNAME_MACHINE="alphaev6"
428 - UNAME_MACHINE="alphaev67"
431 - UNAME_MACHINE="alphaev68"
434 - UNAME_MACHINE="alphaev7"
438 - rm -f $dummy.s $dummy && rmdir $tmpdir
439 - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
441 + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
443 Alpha\ *:Windows_NT*:*)
444 # How do we know it's Interix rather than the generic POSIX subsystem?
445 # Should we change UNAME_MACHINE based on the output of uname instead
446 # of the specific Alpha model?
447 echo alpha-pc-interix
450 21064:Windows_NT:50:3)
451 echo alpha-dec-winnt3.5
454 Amiga*:UNIX_System_V:4.0:*)
455 echo m68k-unknown-sysv4
458 *:[Aa]miga[Oo][Ss]:*:*)
459 echo ${UNAME_MACHINE}-unknown-amigaos
462 *:[Mm]orph[Oo][Ss]:*:*)
463 echo ${UNAME_MACHINE}-unknown-morphos
467 echo i370-ibm-openedition
471 + echo s390-ibm-zvmoe
474 + echo powerpc-ibm-os400
476 arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
477 echo arm-acorn-riscix${UNAME_RELEASE}
480 + arm:riscos:*:*|arm:RISCOS:*:*)
481 + echo arm-unknown-riscos
483 SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
484 echo hppa1.1-hitachi-hiuxmpp
487 Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
488 # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
489 if test "`(/bin/universe) 2>/dev/null`" = att ; then
490 @@ -301,29 +308,32 @@
492 echo pyramid-pyramid-bsd
497 echo pyramid-pyramid-svr4
499 - DRS?6000:UNIX_SV:4.2*:7*)
501 + DRS?6000:unix:4.0:6*)
504 + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
505 case `/usr/bin/uname -p` in
506 - sparc) echo sparc-icl-nx7 && exit 0 ;;
507 + sparc) echo sparc-icl-nx7; exit ;;
510 echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
513 sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
514 echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
518 echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
522 # According to config.sub, this is the proper way to canonicalize
523 # SunOS6. Hard to guess exactly what SunOS6 will be like, but
524 # it's likely to be more like Solaris than SunOS4.
525 echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
529 case "`/usr/bin/arch -k`" in
531 @@ -332,10 +342,10 @@
533 # Japanese Language versions have a version number like `4.1.3-JL'.
534 echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
538 echo m68k-sun-sunos${UNAME_RELEASE}
542 UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
543 test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
544 @@ -347,10 +357,10 @@
545 echo sparc-sun-sunos${UNAME_RELEASE}
551 echo sparc-auspex-sunos${UNAME_RELEASE}
554 # The situation for MiNT is a little confusing. The machine name
555 # can be virtually everything (everything which is not
556 # "atarist" or "atariste" at least should have a processor
557 @@ -361,37 +371,40 @@
559 atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
560 echo m68k-atari-mint${UNAME_RELEASE}
563 atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
564 echo m68k-atari-mint${UNAME_RELEASE}
567 *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
568 echo m68k-atari-mint${UNAME_RELEASE}
571 milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
572 echo m68k-milan-mint${UNAME_RELEASE}
575 hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
576 echo m68k-hades-mint${UNAME_RELEASE}
579 *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
580 echo m68k-unknown-mint${UNAME_RELEASE}
584 + echo m68k-apple-machten${UNAME_RELEASE}
587 echo powerpc-apple-machten${UNAME_RELEASE}
591 echo mips-dec-mach_bsd4.3
595 echo mips-dec-ultrix${UNAME_RELEASE}
599 echo vax-dec-ultrix${UNAME_RELEASE}
602 2020:CLIX:*:* | 2430:CLIX:*:*)
603 echo clipper-intergraph-clix${UNAME_RELEASE}
606 mips:*:*:UMIPS | mips:*:*:RISCos)
607 eval $set_cc_for_build
608 sed 's/^ //' << EOF >$dummy.c
609 @@ -415,33 +428,33 @@
613 - $CC_FOR_BUILD -o $dummy $dummy.c \
614 - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
615 - && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
616 - rm -f $dummy.c $dummy && rmdir $tmpdir
617 + $CC_FOR_BUILD -o $dummy $dummy.c &&
618 + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
619 + SYSTEM_NAME=`$dummy $dummyarg` &&
620 + { echo "$SYSTEM_NAME"; exit; }
621 echo mips-mips-riscos${UNAME_RELEASE}
624 Motorola:PowerMAX_OS:*:*)
625 echo powerpc-motorola-powermax
628 Motorola:*:4.3:PL8-*)
629 echo powerpc-harris-powermax
632 Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
633 echo powerpc-harris-powermax
636 Night_Hawk:Power_UNIX:*:*)
637 echo powerpc-harris-powerunix
641 echo m88k-harris-cxux7
645 echo m88k-motorola-sysv4
649 echo m88k-motorola-sysv3
653 # DG/UX returns AViiON for all architectures
654 UNAME_PROCESSOR=`/usr/bin/uname -p`
655 @@ -457,29 +470,29 @@
657 echo i586-dg-dgux${UNAME_RELEASE}
661 M88*:DolphinOS:*:*) # DolphinOS (SVR3)
662 echo m88k-dolphin-sysv3
666 # Delta 88k system running SVR3
667 echo m88k-motorola-sysv3
670 XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
671 echo m88k-tektronix-sysv3
674 Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
675 echo m68k-tektronix-bsd
679 echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
682 ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
683 - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
684 - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
685 + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
686 + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
692 if [ -x /usr/bin/oslevel ] ; then
693 IBM_REV=`/usr/bin/oslevel`
695 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
697 echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
701 if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
702 eval $set_cc_for_build
703 @@ -502,15 +515,18 @@
707 - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
708 - rm -f $dummy.c $dummy && rmdir $tmpdir
709 - echo rs6000-ibm-aix3.2.5
710 + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
712 + echo "$SYSTEM_NAME"
714 + echo rs6000-ibm-aix3.2.5
716 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
717 echo rs6000-ibm-aix3.2.4
719 echo rs6000-ibm-aix3.2
724 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
725 if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
726 @@ -524,28 +540,28 @@
727 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
729 echo ${IBM_ARCH}-ibm-aix${IBM_REV}
736 ibmrt:4.4BSD:*|romp-ibm:BSD:*)
740 ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
741 echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
742 - exit 0 ;; # report: romp-ibm BSD 4.3
743 + exit ;; # report: romp-ibm BSD 4.3
745 echo rs6000-bull-bosx
752 9000/[34]??:4.3bsd:1.*:*)
756 hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
760 9000/[34678]??:HP-UX:*:*)
761 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
762 case "${UNAME_MACHINE}" in
763 @@ -602,16 +618,36 @@
766 (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
767 - if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
768 - rm -f $dummy.c $dummy && rmdir $tmpdir
769 + test -z "$HP_ARCH" && HP_ARCH=hppa
772 + if [ ${HP_ARCH} = "hppa2.0w" ]
774 + eval $set_cc_for_build
776 + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
777 + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
778 + # generating 64-bit code. GNU and HP use different nomenclature:
780 + # $ CC_FOR_BUILD=cc ./config.guess
781 + # => hppa2.0w-hp-hpux11.23
782 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
783 + # => hppa64-hp-hpux11.23
785 + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
786 + grep __LP64__ >/dev/null
793 echo ${HP_ARCH}-hp-hpux${HPUX_REV}
797 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
798 echo ia64-hp-hpux${HPUX_REV}
802 eval $set_cc_for_build
803 sed 's/^ //' << EOF >$dummy.c
804 @@ -639,149 +675,166 @@
808 - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
809 - rm -f $dummy.c $dummy && rmdir $tmpdir
810 + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
811 + { echo "$SYSTEM_NAME"; exit; }
812 echo unknown-hitachi-hiuxwe2
815 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
823 *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
824 echo hppa1.0-hp-mpeix
827 hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
836 if [ -x /usr/sbin/sysversion ] ; then
837 echo ${UNAME_MACHINE}-unknown-osf1mk
839 echo ${UNAME_MACHINE}-unknown-osf1
844 echo hppa1.1-hp-lites
847 C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
851 C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
852 if getsysinfo -f scalar_acc
853 then echo c32-convex-bsd
854 else echo c2-convex-bsd
858 C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
862 C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
866 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
871 echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
875 echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
876 | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
877 -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
882 echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
885 - echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
889 echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
893 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
897 + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
899 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
900 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
901 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
902 FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
903 echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
906 + 5000:UNIX_System_V:4.*:*)
907 + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
908 + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
909 + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
911 i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
912 echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
916 echo sparc-unknown-bsdi${UNAME_RELEASE}
920 echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
924 - # Determine whether the default compiler uses glibc.
925 - eval $set_cc_for_build
926 - sed 's/^ //' << EOF >$dummy.c
927 - #include <features.h>
934 - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
935 - rm -f $dummy.c && rmdir $tmpdir
936 - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
938 + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
941 echo ${UNAME_MACHINE}-pc-cygwin
945 echo ${UNAME_MACHINE}-pc-mingw32
949 + # uname -m includes "-pc" on this system.
950 + echo ${UNAME_MACHINE}-mingw32
953 echo ${UNAME_MACHINE}-pc-pw32
956 - echo i586-pc-interix3
959 + x86:Interix*:[34]*)
960 + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
962 [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
963 echo i${UNAME_MACHINE}-pc-mks
966 i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
967 # How do we know it's Interix rather than the generic POSIX subsystem?
968 # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
969 # UNAME_MACHINE based on the output of uname instead of i386?
974 echo ${UNAME_MACHINE}-pc-uwin
977 + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
978 + echo x86_64-unknown-cygwin
981 echo powerpcle-unknown-cygwin
985 echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
990 echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
994 + # other systems with GNU libc and userland
995 + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
998 echo ${UNAME_MACHINE}-pc-minix
1002 echo ${UNAME_MACHINE}-unknown-linux-gnu
1006 + echo cris-axis-linux-gnu
1008 + crisv32:Linux:*:*)
1009 + echo crisv32-axis-linux-gnu
1012 + echo frv-unknown-linux-gnu
1015 echo ${UNAME_MACHINE}-unknown-linux-gnu
1019 + echo ${UNAME_MACHINE}-unknown-linux-gnu
1022 echo ${UNAME_MACHINE}-unknown-linux-gnu
1026 eval $set_cc_for_build
1027 sed 's/^ //' << EOF >$dummy.c
1031 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
1032 - rm -f $dummy.c && rmdir $tmpdir
1033 - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
1034 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
1037 eval $set_cc_for_build
1038 @@ -819,15 +871,17 @@
1041 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
1042 - rm -f $dummy.c && rmdir $tmpdir
1043 - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
1044 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
1047 + echo or32-unknown-linux-gnu
1050 echo powerpc-unknown-linux-gnu
1054 echo powerpc64-unknown-linux-gnu
1058 case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
1059 EV5) UNAME_MACHINE=alphaev5 ;;
1061 objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
1062 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
1063 echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
1066 parisc:Linux:*:* | hppa:Linux:*:*)
1067 # Look for CPU level
1068 case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
1069 @@ -849,22 +903,25 @@
1070 PA8*) echo hppa2.0-unknown-linux-gnu ;;
1071 *) echo hppa-unknown-linux-gnu ;;
1075 parisc64:Linux:*:* | hppa64:Linux:*:*)
1076 echo hppa64-unknown-linux-gnu
1079 s390:Linux:*:* | s390x:Linux:*:*)
1080 echo ${UNAME_MACHINE}-ibm-linux
1084 + echo ${UNAME_MACHINE}-unknown-linux-gnu
1087 echo ${UNAME_MACHINE}-unknown-linux-gnu
1090 sparc:Linux:*:* | sparc64:Linux:*:*)
1091 echo ${UNAME_MACHINE}-unknown-linux-gnu
1095 echo x86_64-unknown-linux-gnu
1099 # The BFD linker knows what the default object file format is, so
1100 # first see if it will tell us. cd to the root directory to prevent
1101 @@ -882,15 +939,15 @@
1104 echo "${UNAME_MACHINE}-pc-linux-gnuaout"
1108 echo "${UNAME_MACHINE}-pc-linux-gnucoff"
1112 # Either a pre-BFD a.out linker (linux-gnuoldld) or
1113 # one that does not give us useful --help.
1114 echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
1118 # Determine whether the default compiler is a.out or elf
1119 eval $set_cc_for_build
1120 @@ -913,18 +970,23 @@
1124 + #ifdef __dietlibc__
1128 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
1129 - rm -f $dummy.c && rmdir $tmpdir
1130 - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
1131 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
1132 + test x"${LIBC}" != x && {
1133 + echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
1136 + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
1138 i*86:DYNIX/ptx:4*:*)
1139 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
1140 # earlier versions are messed up and put the nodename in both
1141 # sysname and nodename.
1142 echo i386-sequent-sysv4
1145 i*86:UNIX_SV:4.2MP:2.*)
1146 # Unixware is an offshoot of SVR4, but it has its own version
1147 # number series starting with 2...
1148 @@ -932,24 +994,27 @@
1149 # I just have to hope. -- rms.
1150 # Use sysv4.2uw... so that sysv4* matches it.
1151 echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
1155 # If we were able to find `uname', then EMX Unix compatibility
1156 # is probably installed.
1157 echo ${UNAME_MACHINE}-pc-os2-emx
1160 i*86:XTS-300:*:STOP)
1161 echo ${UNAME_MACHINE}-unknown-stop
1165 echo ${UNAME_MACHINE}-unknown-atheos
1168 + i*86:syllable:*:*)
1169 + echo ${UNAME_MACHINE}-pc-syllable
1171 i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
1172 echo i386-unknown-lynxos${UNAME_RELEASE}
1176 echo ${UNAME_MACHINE}-pc-msdosdjgpp
1179 i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
1180 UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
1181 if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
1182 @@ -957,15 +1022,16 @@
1184 echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
1190 + # UnixWare 7.x, OpenUNIX and OpenServer 6.
1191 case `/bin/uname -X | grep "^Machine"` in
1192 *486*) UNAME_MACHINE=i486 ;;
1193 *Pentium) UNAME_MACHINE=i586 ;;
1194 *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
1196 echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
1200 if test -f /usr/options/cb.name; then
1201 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
1202 @@ -983,73 +1049,73 @@
1204 echo ${UNAME_MACHINE}-pc-sysv32
1209 # Left here for compatibility:
1210 # uname -m prints for DJGPP always 'pc', but it prints nothing about
1211 # the processor, so we play safe by assuming i386.
1212 echo i386-pc-msdosdjgpp
1220 echo i860-intel-osf1
1223 i860:*:4.*:*) # i860-SVR4
1224 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
1225 echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
1226 else # Add other i860-SVR4 vendors below as they are discovered.
1227 echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
1233 echo m68010-convergent-sysv
1236 mc68k:UNIX:SYSTEM5:3.51m)
1237 echo m68k-convergent-sysv
1243 - M68*:*:R3V[567]*:*)
1244 - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
1245 - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
1247 + M68*:*:R3V[5678]*:*)
1248 + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
1249 + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
1251 test -r /etc/.relid \
1252 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
1253 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
1254 - && echo i486-ncr-sysv4.3${OS_REL} && exit 0
1255 + && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
1256 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
1257 - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
1258 + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
1259 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
1260 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
1261 - && echo i486-ncr-sysv4 && exit 0 ;;
1262 + && { echo i486-ncr-sysv4; exit; } ;;
1263 m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
1264 echo m68k-unknown-lynxos${UNAME_RELEASE}
1267 mc68030:UNIX_System_V:4.*:*)
1268 echo m68k-atari-sysv4
1271 TSUNAMI:LynxOS:2.*:*)
1272 echo sparc-unknown-lynxos${UNAME_RELEASE}
1275 rs6000:LynxOS:2.*:*)
1276 echo rs6000-unknown-lynxos${UNAME_RELEASE}
1279 PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
1280 echo powerpc-unknown-lynxos${UNAME_RELEASE}
1283 SM[BE]S:UNIX_SV:*:*)
1284 echo mips-dde-sysv${UNAME_RELEASE}
1287 RM*:ReliantUNIX-*:*:*)
1296 if uname -p 2>/dev/null >/dev/null ; then
1297 UNAME_MACHINE=`(uname -p) 2>/dev/null`
1298 @@ -1057,64 +1123,73 @@
1304 PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
1305 # says <Richard.M.Bartel@ccMail.Census.GOV>
1306 echo i586-unisys-sysv4
1309 *:UNIX_System_V:4*:FTX*)
1310 # From Gerald Hewes <hewes@openmarket.com>.
1311 # How about differentiating between stratus architectures? -djm
1312 echo hppa1.1-stratus-sysv4
1316 # From seanf@swdc.stratus.com.
1317 echo i860-stratus-sysv4
1321 + # From Paul.Green@stratus.com.
1322 + echo ${UNAME_MACHINE}-stratus-vos
1325 # From Paul.Green@stratus.com.
1326 echo hppa1.1-stratus-vos
1330 echo m68k-apple-aux${UNAME_RELEASE}
1334 echo mips-sony-newsos6
1337 R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
1338 if [ -d /usr/nec ]; then
1339 echo mips-nec-sysv${UNAME_RELEASE}
1341 echo mips-unknown-sysv${UNAME_RELEASE}
1345 BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
1346 echo powerpc-be-beos
1349 BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
1350 echo powerpc-apple-beos
1353 BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
1358 echo sx4-nec-superux${UNAME_RELEASE}
1362 echo sx5-nec-superux${UNAME_RELEASE}
1366 echo sx6-nec-superux${UNAME_RELEASE}
1369 Power*:Rhapsody:*:*)
1370 echo powerpc-apple-rhapsody${UNAME_RELEASE}
1374 echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
1378 - echo `uname -p`-apple-darwin${UNAME_RELEASE}
1380 + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
1381 + case $UNAME_PROCESSOR in
1382 + *86) UNAME_PROCESSOR=i686 ;;
1383 + unknown) UNAME_PROCESSOR=powerpc ;;
1385 + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
1387 *:procnto*:*:* | *:QNX:[0123456789]*:*)
1388 UNAME_PROCESSOR=`uname -p`
1389 if test "$UNAME_PROCESSOR" = "x86"; then
1390 @@ -1122,22 +1197,25 @@
1393 echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
1399 - NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
1401 + NSE-?:NONSTOP_KERNEL:*:*)
1402 + echo nse-tandem-nsk${UNAME_RELEASE}
1404 + NSR-?:NONSTOP_KERNEL:*:*)
1405 echo nsr-tandem-nsk${UNAME_RELEASE}
1409 echo mips-compaq-nonstopux
1413 echo bs2000-siemens-sysv
1416 DS/*:UNIX_System_V:*:*)
1417 echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
1421 # "uname -m" is not consistent, so use $cputype instead. 386
1422 # is converted to i386 for consistency with other x86
1423 @@ -1148,25 +1226,44 @@
1424 UNAME_MACHINE="$cputype"
1426 echo ${UNAME_MACHINE}-unknown-plan9
1430 echo pdp10-unknown-tops10
1434 echo pdp10-unknown-tenex
1437 KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
1438 echo pdp10-dec-tops20
1441 XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
1442 echo pdp10-xkl-tops20
1446 echo pdp10-unknown-tops20
1450 echo pdp10-unknown-its
1454 + echo mips-sei-seiux${UNAME_RELEASE}
1457 + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
1460 + UNAME_MACHINE=`(uname -p) 2>/dev/null`
1461 + case "${UNAME_MACHINE}" in
1462 + A*) echo alpha-dec-vms ; exit ;;
1463 + I*) echo ia64-dec-vms ; exit ;;
1464 + V*) echo vax-dec-vms ; exit ;;
1467 + echo i386-pc-xenix
1470 + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
1474 #echo '(No uname command or uname output not recognized.)' 1>&2
1475 @@ -1198,7 +1295,7 @@
1478 #if defined (__arm) && defined (__acorn) && defined (__unix)
1479 - printf ("arm-acorn-riscix"); exit (0);
1480 + printf ("arm-acorn-riscix\n"); exit (0);
1483 #if defined (hp300) && !defined (hpux)
1484 @@ -1287,12 +1384,12 @@
1488 -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
1489 -rm -f $dummy.c $dummy && rmdir $tmpdir
1490 +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
1491 + { echo "$SYSTEM_NAME"; exit; }
1493 # Apollos put the system type in the environment.
1495 -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
1496 +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
1498 # Convex versions that predate uname can use getsysinfo(1)
1500 @@ -1301,22 +1398,22 @@
1501 case `getsysinfo -f cpu_type` in
1507 if getsysinfo -f scalar_acc
1508 then echo c32-convex-bsd
1509 else echo c2-convex-bsd
1528 @@ -1327,7 +1424,9 @@
1529 the operating system you are using. It is advised that you
1530 download the most up to date version of the config scripts from
1532 - ftp://ftp.gnu.org/pub/gnu/config/
1533 + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
1535 + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
1537 If the version you run ($0) is already up to date, please
1538 send the following data and any information you think might be
1539 --- sudo-1.6.8p12.orig/config.sub
1540 +++ sudo-1.6.8p12/config.sub
1543 # Configuration validation subroutine script.
1544 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
1545 -# 2000, 2001, 2002 Free Software Foundation, Inc.
1547 -# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $
1548 +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
1550 -timestamp='2002-11-30'
1551 +timestamp='2005-07-08'
1553 # This file is (in principle) common to ALL GNU software.
1554 # The presence of a machine in this file suggests that SOME GNU software
1557 # You should have received a copy of the GNU General Public License
1558 # along with this program; if not, write to the Free Software
1559 -# Foundation, Inc., 59 Temple Place - Suite 330,
1560 -# Boston, MA 02111-1307, USA.
1562 +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
1565 # As a special exception to the GNU General Public License, if you
1566 # distribute this file as part of a program that contains a
1567 # configuration script generated by Autoconf, you may include it under
1568 # the same distribution terms that you use for the rest of that program.
1571 # Please send patches to <config-patches@gnu.org>. Submit a context
1572 # diff and a properly formatted ChangeLog entry.
1576 GNU config.sub ($timestamp)
1578 -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
1579 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
1580 Free Software Foundation, Inc.
1582 This is free software; see the source for copying conditions. There is NO
1584 while test $# -gt 0 ; do
1586 --time-stamp | --time* | -t )
1587 - echo "$timestamp" ; exit 0 ;;
1588 + echo "$timestamp" ; exit ;;
1590 - echo "$version" ; exit 0 ;;
1591 + echo "$version" ; exit ;;
1592 --help | --h* | -h )
1593 - echo "$usage"; exit 0 ;;
1594 + echo "$usage"; exit ;;
1595 -- ) # Stop option processing
1597 - ) # Use stdin as input.
1600 # First pass through any local machine types.
1608 # Here we must recognize all the valid KERNEL-OS combinations.
1609 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
1611 - nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
1612 + nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
1613 + kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
1615 basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
1618 -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
1619 -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
1620 -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
1621 - -apple | -axis | -sr2201*)
1622 + -apple | -axis | -knuth | -cray)
1626 @@ -230,14 +230,16 @@
1628 | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
1629 | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
1631 | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
1635 | d10v | d30v | dlx | dsp16xx \
1637 | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
1638 | i370 | i860 | i960 | ia64 \
1640 - | m32r | m68000 | m68k | m88k | mcore \
1642 + | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
1643 | mips | mipsbe | mipseb | mipsel | mipsle \
1645 | mips64 | mips64el \
1646 @@ -246,28 +248,37 @@
1647 | mips64vr4100 | mips64vr4100el \
1648 | mips64vr4300 | mips64vr4300el \
1649 | mips64vr5000 | mips64vr5000el \
1650 + | mips64vr5900 | mips64vr5900el \
1651 | mipsisa32 | mipsisa32el \
1652 + | mipsisa32r2 | mipsisa32r2el \
1653 | mipsisa64 | mipsisa64el \
1654 + | mipsisa64r2 | mipsisa64r2el \
1655 | mipsisa64sb1 | mipsisa64sb1el \
1656 | mipsisa64sr71k | mipsisa64sr71kel \
1657 | mipstx39 | mipstx39el \
1658 | mn10200 | mn10300 \
1662 - | openrisc | or32 \
1664 | pdp10 | pdp11 | pj | pjl \
1665 | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
1667 - | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
1668 + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
1670 - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
1671 + | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
1672 + | sparcv8 | sparcv9 | sparcv9b \
1674 - | tahoe | thumb | tic80 | tron \
1675 + | tahoe | thumb | tic4x | tic80 | tron \
1678 - | x86 | xscale | xstormy16 | xtensa \
1679 + | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
1681 basic_machine=$basic_machine-unknown
1684 + basic_machine=$basic_machine-unknown
1686 m6811 | m68hc11 | m6812 | m68hc12)
1687 # Motorola 68HC11/12.
1688 basic_machine=$basic_machine-unknown
1689 @@ -295,19 +306,19 @@
1690 | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
1691 | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
1694 - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
1695 - | clipper-* | cydra-* \
1696 + | bfin-* | bs2000-* \
1697 + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
1698 + | clipper-* | craynv-* | cydra-* \
1699 | d10v-* | d30v-* | dlx-* \
1701 | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
1702 | h8300-* | h8500-* \
1703 | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
1704 | i*86-* | i860-* | i960-* | ia64-* \
1707 + | ip2k-* | iq2000-* \
1708 + | m32r-* | m32rle-* \
1709 | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
1710 - | m88110-* | m88k-* | mcore-* \
1711 + | m88110-* | m88k-* | maxq-* | mcore-* \
1712 | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
1714 | mips64-* | mips64el-* \
1715 @@ -316,29 +327,40 @@
1716 | mips64vr4100-* | mips64vr4100el-* \
1717 | mips64vr4300-* | mips64vr4300el-* \
1718 | mips64vr5000-* | mips64vr5000el-* \
1719 + | mips64vr5900-* | mips64vr5900el-* \
1720 | mipsisa32-* | mipsisa32el-* \
1721 + | mipsisa32r2-* | mipsisa32r2el-* \
1722 | mipsisa64-* | mipsisa64el-* \
1723 + | mipsisa64r2-* | mipsisa64r2el-* \
1724 | mipsisa64sb1-* | mipsisa64sb1el-* \
1725 | mipsisa64sr71k-* | mipsisa64sr71kel-* \
1726 - | mipstx39 | mipstx39el \
1727 + | mipstx39-* | mipstx39el-* \
1731 | none-* | np1-* | ns16k-* | ns32k-* \
1733 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
1734 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
1736 | romp-* | rs6000-* \
1737 - | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
1738 + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
1739 | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
1740 - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
1741 - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
1742 - | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
1743 + | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
1745 + | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
1746 + | tahoe-* | thumb-* \
1747 + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
1749 | v850-* | v850e-* | vax-* \
1751 - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
1753 + | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
1754 + | xstormy16-* | xtensa-* \
1760 # Recognize the various machine names and aliases which stand
1761 # for a CPU type and a company and sometimes even an OS.
1764 basic_machine=a29k-amd
1768 + basic_machine=abacus-unknown
1771 basic_machine=m68010-adobe
1773 @@ -434,12 +459,27 @@
1774 basic_machine=j90-cray
1778 + basic_machine=craynv-cray
1782 + basic_machine=cr16c-unknown
1786 basic_machine=m68k-crds
1788 + crisv32 | crisv32-* | etraxfs*)
1789 + basic_machine=crisv32-axis
1791 cris | cris-* | etrax*)
1792 basic_machine=cris-axis
1795 + basic_machine=crx-unknown
1799 basic_machine=m68k-da30
1801 @@ -462,6 +502,10 @@
1802 basic_machine=m88k-motorola
1806 + basic_machine=i586-pc
1810 basic_machine=rs6000-bull
1812 @@ -515,10 +559,6 @@
1813 basic_machine=h8500-hitachi
1817 - basic_machine=harp1e-hitachi
1821 basic_machine=m88k-harris
1823 @@ -644,10 +684,6 @@
1825 basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
1828 - basic_machine=mmix-knuth
1832 basic_machine=m68k-rom68k
1834 @@ -735,9 +771,12 @@
1835 basic_machine=hppa1.1-oki
1839 + openrisc | openrisc-*)
1840 basic_machine=or32-unknown
1844 + basic_machine=powerpc-ibm
1847 OSE68000 | ose68000)
1848 basic_machine=m68000-ericsson
1849 @@ -770,18 +809,24 @@
1850 pentiumpro | p6 | 6x86 | athlon | athlon_*)
1851 basic_machine=i686-pc
1853 - pentiumii | pentium2)
1854 + pentiumii | pentium2 | pentiumiii | pentium3)
1855 basic_machine=i686-pc
1858 + basic_machine=i786-pc
1860 pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
1861 basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
1863 pentiumpro-* | p6-* | 6x86-* | athlon-*)
1864 basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
1866 - pentiumii-* | pentium2-*)
1867 + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
1868 basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
1871 + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
1874 basic_machine=pn-gould
1876 @@ -840,6 +885,10 @@
1878 basic_machine=mipsisa64sb1el-unknown
1881 + basic_machine=mips-sei
1885 basic_machine=i386-sequent
1888 basic_machine=sh-hitachi
1892 + basic_machine=sh64-unknown
1894 sparclite-wrs | simso-wrs)
1895 basic_machine=sparclite-wrs
1897 @@ -913,10 +965,6 @@
1898 basic_machine=i386-sequent
1902 - basic_machine=alpha-cray
1906 basic_machine=alphaev5-cray
1908 @@ -925,14 +973,18 @@
1909 basic_machine=t90-cray
1913 - basic_machine=tic4x-unknown
1917 basic_machine=tic54x-unknown
1921 + basic_machine=tic55x-unknown
1925 + basic_machine=tic6x-unknown
1929 basic_machine=mipstx39-unknown
1931 @@ -946,6 +998,10 @@
1933 basic_machine=m68k-ncr
1936 + basic_machine=s390x-ibm
1940 basic_machine=a29k-amd
1942 @@ -989,6 +1045,10 @@
1943 basic_machine=hppa1.1-winbond
1947 + basic_machine=i686-pc
1951 basic_machine=xps100-honeywell
1953 @@ -1019,6 +1079,9 @@
1955 basic_machine=romp-ibm
1958 + basic_machine=mmix-knuth
1961 basic_machine=rs6000-ibm
1963 @@ -1035,13 +1098,10 @@
1965 basic_machine=we32k-att
1967 - sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
1968 + sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
1969 basic_machine=sh-unknown
1972 - basic_machine=sh64-unknown
1974 - sparc | sparcv9 | sparcv9b)
1975 + sparc | sparcv8 | sparcv9 | sparcv9b)
1976 basic_machine=sparc-sun
1979 @@ -1114,19 +1174,21 @@
1981 | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
1982 | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
1983 - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
1984 - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
1985 + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
1986 + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
1987 + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
1988 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
1989 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
1990 | -chorusos* | -chorusrdb* \
1991 | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
1992 - | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
1993 + | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
1994 | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
1995 | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
1996 | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
1997 | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
1998 | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
1999 - | -powermax* | -dnix*)
2000 + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
2001 + | -skyos* | -haiku*)
2002 # Remember, each alternative MUST END IN *, to match a version number.
2005 @@ -1144,12 +1206,15 @@
2006 os=`echo $os | sed -e 's|nto|nto-qnx|'`
2008 -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
2009 - | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
2010 + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
2011 | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
2014 os=`echo $os | sed -e 's|mac|macos|'`
2017 + os=-linux-dietlibc
2020 os=`echo $os | sed -e 's|linux|linux-gnu|'`
2022 @@ -1162,6 +1227,9 @@
2032 @@ -1183,6 +1251,9 @@
2042 @@ -1205,6 +1276,9 @@
2052 @@ -1235,6 +1309,15 @@
2053 -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
2068 @@ -1266,6 +1349,9 @@
2075 # This must come before the *-dec entry.
2078 @@ -1309,9 +1395,15 @@
2094 @@ -1444,9 +1536,15 @@
2107 -vxsim* | -vxworks* | -windiss*)
2110 @@ -1471,7 +1569,7 @@
2113 echo $basic_machine$os
2118 # eval: (add-hook 'write-file-hooks 'time-stamp)
2119 --- sudo-1.6.8p12.orig/sudoers
2120 +++ sudo-1.6.8p12/sudoers
2124 # This file MUST be edited with the 'visudo' command as root.
2125 +# 'visudo' edits the suoders file in a safe fashion. visudo
2126 +# locks the sudoers file against multiple simultaneous edits,
2127 +# provides basic sanity checks, and checks for syntax errors. If
2128 +# the sudoers file is currently being edited you will receive a
2129 +# message to try again later.
2131 # See the sudoers man page for the details on how to write a sudoers file.
2134 +# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
2136 # Host alias specification
2138 # User alias specification
2139 --- sudo-1.6.8p12.orig/debian/dirs
2140 +++ sudo-1.6.8p12/debian/dirs
2147 +usr/share/doc/sudo/examples
2148 +usr/share/lintian/overrides
2149 --- sudo-1.6.8p12.orig/debian/docs
2150 +++ sudo-1.6.8p12/debian/docs
2161 --- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d
2162 +++ sudo-1.6.8p12/debian/sudo-ldap.init.d
2166 +### BEGIN INIT INFO
2168 +# Required-Start: $local_fs $remote_fs
2170 +# Default-Start: S 1 2 3 4 5
2171 +# Default-Stop: 0 6
2180 + # make sure privileges don't persist across reboots
2181 + if [ -d /var/run/sudo ]
2183 + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
2186 + stop|reload|restart|force-reload)
2189 + echo "Usage: $N {start|stop|restart|force-reload}" >&2
2195 --- sudo-1.6.8p12.orig/debian/control
2196 +++ sudo-1.6.8p12/debian/control
2201 +Maintainer: Bdale Garbee <bdale@gag.com>
2202 +Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev
2203 +Standards-Version: 3.6.2.1
2207 +Depends: ${shlibs:Depends}, libpam-modules
2208 +Conflicts: sudo-ldap
2209 +Replaces: sudo-ldap
2210 +Description: Provide limited super user privileges to specific users
2211 + Sudo is a program designed to allow a sysadmin to give limited root
2212 + privileges to users and log root activity. The basic philosophy is to give
2213 + as few privileges as possible but still allow people to get their work done.
2215 + This version is built with minimal shared library dependencies, use the
2216 + sudo-ldap package instead if you need LDAP support.
2220 +Depends: ${shlibs:Depends}, libpam-modules
2224 +Description: Provide limited super user privileges to specific users
2225 + Sudo is a program designed to allow a sysadmin to give limited root
2226 + privileges to users and log root activity. The basic philosophy is to give
2227 + as few privileges as possible but still allow people to get their work done.
2229 + This version is built with LDAP support.
2230 --- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm
2231 +++ sudo-1.6.8p12/debian/sudo-ldap.postrm
2239 + rm -f /etc/sudoers
2242 + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
2246 + echo "postrm called with unknown argument \`$1'" >&2
2254 --- sudo-1.6.8p12.orig/debian/prerm
2255 +++ sudo-1.6.8p12/debian/prerm
2262 + if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
2263 + # let's check whether the root account is locked.
2264 + # if it is, we're not going another step. No Sirreee!
2265 + passwd=$(getent shadow root|cut -f2 -d:)
2266 + if [ "$passwd" = "*" -o "$passwd" = "!" ]; then
2267 + # yup, password is locked
2268 + echo "You have asked that the sudo package be removed,"
2269 + echo "but no root password has been set."
2270 + echo "Without sudo, you may not be able to gain administrative privileges."
2272 + echo "If you would prefer to access the root account with su(1)"
2273 + echo "or by logging in directly,"
2274 + echo "you must set a root password with \"sudo passwd\"."
2276 + echo "If you have arranged other means to access the root account,"
2277 + echo "and you are sure this is what you want,"
2278 + echo "you may bypass this check by setting an environment variable "
2279 + echo "(export SUDO_FORCE_REMOVE=yes)."
2281 + echo "Refusing to remove sudo."
2294 --- sudo-1.6.8p12.orig/debian/rules
2295 +++ sudo-1.6.8p12/debian/rules
2299 +export DH_VERBOSE=1
2301 +CFLAGS = -O2 -Wall -Wno-comment
2302 +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
2307 +build: config-stamp
2312 + mkdir -p build-simple
2313 + cd build-simple && ../configure --prefix=/usr -v \
2314 + --with-all-insults \
2315 + --with-exempt=sudo --with-pam --with-fqdn \
2316 + --with-logging=syslog --with-logfac=authpriv \
2317 + --with-env-editor --with-editor=/usr/bin/editor \
2318 + --with-timeout=15 --with-password-timeout=0 \
2319 + --disable-root-mailer --disable-setresuid \
2320 + --with-sendmail=/usr/sbin/sendmail \
2321 + --without-lecture \
2322 + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
2325 + mkdir -p build-ldap
2326 + cd build-ldap && ../configure --prefix=/usr -v \
2327 + --with-all-insults \
2328 + --with-exempt=sudo --with-pam --with-ldap --with-fqdn \
2329 + --with-logging=syslog --with-logfac=authpriv \
2330 + --with-env-editor --with-editor=/usr/bin/editor \
2331 + --with-timeout=15 --with-password-timeout=0 \
2332 + --disable-root-mailer --disable-setresuid \
2333 + --with-sendmail=/usr/sbin/sendmail \
2334 + --with-ldap-conf-file=/etc/ldap/ldap.conf \
2335 + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
2337 + touch config-stamp
2340 +build-stamp: config-stamp
2343 + -$(MAKE) -C build-simple
2344 + -$(MAKE) -C build-ldap
2351 + rm -f config-stamp build-stamp
2352 + rm -rf build-simple build-ldap
2353 + rm -f config.cache
2355 + -test -r /usr/share/misc/config.sub && \
2356 + cp -f /usr/share/misc/config.sub config.sub
2357 + -test -r /usr/share/misc/config.guess && \
2358 + cp -f /usr/share/misc/config.guess config.guess
2362 +install: build-stamp
2369 + install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo
2370 + ln -sf sudo debian/sudo/usr/bin/sudoedit
2371 + install -o root -g root -m 0755 -s build-simple/visudo \
2372 + debian/sudo/usr/sbin/visudo
2373 + install -o root -g root -m 0644 build-simple/sudo.man \
2374 + debian/sudo/usr/share/man/man8/sudo.8
2375 + ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8
2376 + install -o root -g root -m 0644 build-simple/visudo.man \
2377 + debian/sudo/usr/share/man/man8/visudo.8
2378 + install -o root -g root -m 0644 build-simple/sudoers.man \
2379 + debian/sudo/usr/share/man/man5/sudoers.5
2380 + install -o root -g root -m 0644 sample.sudoers \
2381 + debian/sudo/usr/share/doc/sudo/examples/sudoers
2382 + install -o root -g root -m 0644 debian/sudo.pam \
2383 + debian/sudo/etc/pam.d/sudo
2385 + install -o root -g root -m 0644 debian/sudo.lintian \
2386 + debian/sudo/usr/share/lintian/overrides/sudo
2388 + install -o root -g root -m 0644 debian/sudo_root.8 \
2389 + debian/sudo/usr/share/man/man8/sudo_root.8
2392 + install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo
2393 + ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit
2394 + install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo
2395 + install -o root -g root -m 0644 build-ldap/sudo.man \
2396 + debian/sudo-ldap/usr/share/man/man8/sudo.8
2397 + ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8
2398 + install -o root -g root -m 0644 build-ldap/visudo.man \
2399 + debian/sudo-ldap/usr/share/man/man8/visudo.8
2400 + install -o root -g root -m 0644 build-ldap/sudoers.man \
2401 + debian/sudo-ldap/usr/share/man/man5/sudoers.5
2402 + install -o root -g root -m 0644 sample.sudoers \
2403 + debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers
2404 + install -o root -g root -m 0644 debian/sudo.pam \
2405 + debian/sudo-ldap/etc/pam.d/sudo
2407 + install -o root -g root -m 0644 debian/sudo-ldap.lintian \
2408 + debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
2410 + install -o root -g root -m 0644 debian/sudo_root.8 \
2411 + debian/sudo/usr/share/man/man8/sudo_root.8
2413 +binary-indep: build install
2415 +binary-arch: build install
2419 + dh_installexamples -A
2420 +# dh_installinit -psudo -psudo-ldap
2421 + dh_installmanpages fnmatch.3
2423 + dh_installchangelogs CHANGES
2427 + chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
2428 + chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
2435 +binary: binary-indep binary-arch
2436 +.PHONY: build clean binary-indep binary-arch binary install
2437 --- sudo-1.6.8p12.orig/debian/changelog
2438 +++ sudo-1.6.8p12/debian/changelog
2440 +sudo (1.6.8p12-1ubuntu6) dapper; urgency=low
2442 + * env.c: Preserve additional environment variables for non-almighty sudoers:
2443 + HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500
2445 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 17 May 2006 09:29:15 +0200
2447 +sudo (1.6.8p12-1ubuntu5) dapper; urgency=low
2449 + * env.c: Unbreak the env_keep option. Closes: LP#31690
2450 + * sudoers: Add some explanatory text why it is a REALLY good idea to use
2451 + visudo. Closes: LP#11620
2453 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 28 Mar 2006 18:52:24 +0200
2455 +sudo (1.6.8p12-1ubuntu4) dapper; urgency=low
2457 + * Remove the init script, it only cleans up /var/run which is a tmpfs.
2459 + -- Scott James Remnant <scott@ubuntu.com> Wed, 22 Feb 2006 16:28:42 +0000
2461 +sudo (1.6.8p12-1ubuntu3) dapper; urgency=low
2463 + * Add debian/sudo_root.8: Introduction about root handling in ubuntu with
2465 + * debian/rules: Install that new manpage into sudo and sudo-ldap.
2467 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 8 Feb 2006 17:01:50 +0100
2469 +sudo (1.6.8p12-1ubuntu2) dapper; urgency=low
2471 + * sudo.c: If the user successfully authenticated and he is in the 'admin'
2472 + group, then create a stamp ~/.sudo_as_admin_successful. A future
2473 + /etc/profile will evaluate this flag to display a short help about how to
2474 + execute things as root.
2476 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 18 Jan 2006 09:32:02 +0100
2478 +sudo (1.6.8p12-1ubuntu1) dapper; urgency=low
2480 + * Resynchronise with Debian, clean up cruft from Ubuntu diff.
2481 + * debian/postinst: Do not set env_reset flag in newly created sudoers files;
2482 + it's incompatible with upgrades.
2483 + * Clean up environment variable handling to fix vulns like CVE-2005-4158 and
2484 + CVE-2006-0151 once and for all: Only keep known-good variables if user has
2485 + limited sudo privileges (blacklist -> whitelist) and keep them all for
2486 + users with unlimited command privileges (to not drive admins and
2487 + developers up the wall which actually need to pass env variables from time
2489 + - parse.h, parse.yacc:
2490 + + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all'
2492 + + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is
2493 + 'ALL', otherwise to FALSE.
2494 + - sudo.tab.cc: Re-yaccified to match changes to parse.yacc.
2495 + - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL.
2496 + - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched.
2498 + + sudo_ldap_check_command(): Add return parameter all, set to true
2499 + if command specifier is 'ALL'.
2500 + + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command()
2503 + + Apply Martin Schulze's patch to switch from blacklist to whitelist
2504 + environment cleaning.
2505 + + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment
2506 + variables are not cleaned.
2507 + - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set.
2509 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 17 Jan 2006 10:03:05 +0100
2511 +sudo (1.6.8p12-1) unstable; urgency=low
2513 + * new upstream version, closes: #342948 (CVE-2005-4158)
2514 + * add env_reset to the sudoers file we create if none already exists,
2515 + as a further precaution in response to discussion about CVS-2005-4158
2516 + * split ldap support into a new sudo-ldap package. I was trying to avoid
2517 + doing this, but the impact of going from 4 to 17 linked shlibs on the
2518 + autobuilder chroots is sufficient motivation for me.
2521 + -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
2523 +sudo (1.6.8p9-4) unstable; urgency=low
2525 + * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
2526 + * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
2527 + timestamps in the init.d script, closes: #330868
2528 + * add dependency header to init.d script, closes: #332849
2530 + -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
2532 +sudo (1.6.8p9-3ubuntu4) dapper; urgency=low
2534 + * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As
2535 + per TB discussion, we will not use sudo for implementing
2536 + https://wiki.ubuntu.com/HideAdminToolsToUsers.
2538 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 29 Nov 2005 23:27:42 +0100
2540 +sudo (1.6.8p9-3ubuntu3) dapper; urgency=low
2542 + * sudo.c: Log failures even in test mode, to avoid the possibility of
2543 + silently poking around for interesting sudo privileges. This will generate
2544 + a lot of auth log clutter in the desktop case, but will not change sudo
2545 + semantics where it matters (on servers).
2547 + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 17 Nov 2005 10:35:04 +0100
2549 +sudo (1.6.8p9-3ubuntu2) dapper; urgency=low
2551 + * Add option -t which only tests whether the given command can be executed
2552 + and does not require a password. This is required for the
2553 + https://wiki.ubuntu.com/HideAdminToolsToUsers spec.
2554 + * sudo.h: Add MODE_TESTONLY mode.
2555 + * sudo.c: Add -t parsing and do not actually run the command in test mode,
2556 + just return success or failure. Also, add the new option to the "usage"
2558 + * sudo.pod: Document new -t option.
2559 + * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have
2560 + it separate for future merges (requires a manual "make sudo.man.in" to
2561 + actually run pod2man).
2563 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:40:43 -0500
2565 +sudo (1.6.8p9-3ubuntu1) dapper; urgency=low
2567 + * Resynchronise with Debian.
2569 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:12:06 -0500
2571 +sudo (1.6.8p9-3) unstable; urgency=high
2573 + * update debhelper compatibility level from 2 to 4
2574 + * add man page symlink for sudoedit
2575 + * Clean SHELLOPTS and PS4 from the environment before executing programs
2576 + with sudo permissions [env.c, CAN-2005-2959]
2577 + * fix typo in manpage pointed out by Moray Allen, closes: #285995
2578 + * fix paths in sample complex sudoers file, closes: #303542
2579 + * fix type in sudoers man page, closes: #311244
2581 + -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
2583 +sudo (1.6.8p9-2ubuntu2) breezy; urgency=low
2585 + * debian/init.d: When resetting the timestamps of the tty tags, actually
2586 + touch the files, not the per-user directories. Since bootclean.sh removes
2587 + /var/run/* anyway, this is no big deal, but clean it up anyway for the
2588 + sake of correctness. (Ubuntu #16594)
2590 + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 30 Sep 2005 09:52:27 +0200
2592 +sudo (1.6.8p9-2ubuntu1) breezy; urgency=low
2594 + * Resynchronise with Debian, resolve merging conflicts and unscramble
2597 + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 7 Jul 2005 09:01:48 +0000
2599 +sudo (1.6.8p9-2) unstable; urgency=high
2601 + * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
2604 + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
2606 +sudo (1.6.8p9-1) unstable; urgency=high
2608 + * new upstream version, fixes a race condition in sudo's pathname
2609 + validation, which is a security issue (CAN-2005-1993),
2610 + closes: #315115, #315718
2612 + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
2614 +sudo (1.6.8p7-1) unstable; urgency=low
2616 + * new upstream version, closes: #299585
2617 + * update lintian overrides to squelch the postinst warning
2618 + * change sudoedit from a hard to a soft link, closes: #296896
2619 + * fix regex doc in sudoers man page, closes: #300361
2621 + -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
2623 +sudo (1.6.8p5-1ubuntu3) breezy; urgency=low
2625 + * SECURITY UPDATE: Fix privilege escalation.
2626 + * sudo.c, parse.yacc: safe_cmd contains the actually executed program which
2627 + is normally taken from /etc/sudoers. However, if sudoers contains "ALL"
2628 + entries that follow the matching entry, safe_cmd was overwritten with the
2629 + path the user specified on the command line, which opens up the
2630 + possibility of executing arbitrary commands by generating symlinks to
2634 + http://www.securityfocus.com/archive/1/402741
2636 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 21 Jun 2005 13:41:05 +0200
2638 +sudo (1.6.8p5-1ubuntu2) hoary; urgency=low
2640 + * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
2641 + resolve (Ubuntu: 2772)
2643 + -- Thom May <thom@ubuntu.com> Wed, 2 Mar 2005 20:34:20 +0000
2645 +sudo (1.6.8p5-1ubuntu1) hoary; urgency=low
2647 + * Resync with Debian
2649 + -- LaMont Jones <lamont@canonical.com> Mon, 6 Dec 2004 09:31:28 -0700
2651 +sudo (1.6.8p5-1) unstable; urgency=high
2653 + * new upstream version
2654 + * restores ability to use config tuples without a value, which was causing
2655 + problems on upgrade closes: #283306
2656 + * deliver sudoedit, closes: #283078
2657 + * marking urgency high since 283306 is a serious upgrade incompatibility
2659 + -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
2661 +sudo (1.6.8p3-2) unstable; urgency=high
2663 + * update pam.d deliverable so ldap works again, closes: #282191
2665 + -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
2667 +sudo (1.6.8p3-1) unstable; urgency=high
2669 + * new upstream version, fixes a flaw in sudo's environment sanitizing that
2670 + could allow a malicious user with permission to run a shell script that
2671 + utilized the bash shell to run arbitrary commands, closes: #281665
2672 + * patch the sample sudoers to have the proper path for kill on Debian
2673 + systems, closes: #263486
2674 + * patch the sudo manpage to reflect Debian's choice of exempt_group
2675 + default setting, closes: #236465
2676 + * patch the sudo manpage to reflect Debian's choice of no timeout on the
2677 + password prompt, closes: #271194
2679 + -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
2681 +sudo (1.6.7p5-2ubuntu2) hoary; urgency=low
2683 + * SECURITY UPDATE: fix input validation flaw
2684 + * env.c, rebuild_env(): skip variables with values beginnig with "()" to
2685 + ignore exported bash functions in the sudo environment; this prevents
2686 + introducing malicious functions with the name of commands that are
2687 + executed without full path
2689 + http://www.sudo.ws/sudo/alerts/bash_functions.html
2691 + -- Martin Pitt <martin.pitt@canonical.com> Wed, 17 Nov 2004 18:54:30 +0100
2693 +sudo (1.6.7p5-2ubuntu1) hoary; urgency=low
2695 + * Resynchronise with Debian.
2697 + -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 15:06:39 +0100
2699 +sudo (1.6.7p5-2) unstable; urgency=low
2701 + * Jeff Bailey reports that seteuid works on current sparc systems, so we
2702 + no longer need the "grosshack" stuff in the sudo rules file
2703 + * add a postrm that removes /etc/sudoers on purge. don't do this with the
2704 + normal conffile mechanism since it would generate noise on every upgrade,
2707 + -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
2709 +sudo (1.6.7p5-1ubuntu4) warty; urgency=low
2711 + * Disable lecture by default. (Warty #987)
2713 + -- Thom May <thom@canonical.com> Wed, 6 Oct 2004 14:31:31 +0100
2715 +sudo (1.6.7p5-1ubuntu3) warty; urgency=low
2717 + * Refuse to remove sudo if the root password is not set and the user is
2718 + running us via sudo
2720 + -- Thom May <thom@canonical.com> Mon, 27 Sep 2004 15:30:09 +0100
2722 +sudo (1.6.7p5-1ubuntu2) warty; urgency=low
2724 + * Add 'Defaults !lecture,tty_tickets' to initial sudoers file.
2726 + -- Colin Watson <cjwatson@flatline.org.uk> Mon, 23 Aug 2004 21:03:15 +0100
2728 +sudo (1.6.7p5-1ubuntu1) warty; urgency=low
2730 + * Remove /etc/sudoers on purge. (Closes: #245405)
2732 + -- Fabio M. Di Nitto <fabbione@fabbione.net> Mon, 19 Jul 2004 09:42:04 +0200
2734 +sudo (1.6.7p5-1) unstable; urgency=low
2736 + * new upstream version, closes: #190265, #193222, #197244
2737 + * change from '.' to ':' in postinst chown call, closes: #208369
2739 + -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
2741 +sudo (1.6.7p3-2) unstable; urgency=low
2743 + * add --disable-setresuid to configure call since 2.2 kernels don't support
2744 + setresgid, closes: #189044
2745 + * cosmetic cleanups to debian/rules as long as I'm there
2747 + -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
2749 +sudo (1.6.7p3-1) unstable; urgency=low
2751 + * new upstream version
2752 + * add overrides to quiet lintian about things it doesn't understand,
2753 + except the source one that can't be overridden until 129510 is fixed
2755 + -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
2757 +sudo (1.6.6-3) unstable; urgency=low
2759 + * add code to rules file to update config.sub/guess, closes: #164501
2761 + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
2763 +sudo (1.6.6-2) unstable; urgency=low
2765 + * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
2766 + configure, and lose the build dependency on mail-transport-agent
2767 + * incorporate changes from LaMont's NMU, closes: #144665, #144737
2768 + * update init.d to not try and set time on nonexistent timestamp files,
2770 + * build with --with-all-insults, admin must edit sudoers to turn insults
2771 + on at runtime if desired, closes: #135374
2772 + * stop setting /usr/doc symlink in postinst
2774 + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
2776 +sudo (1.6.6-1.1) unstable; urgency=high
2778 + * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
2779 + * Revert patch to auth/pam.c that left pass uninitialized, causing a
2780 + segfault (Closes: #144665).
2782 + -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
2784 +sudo (1.6.6-1) unstable; urgency=high
2786 + * new upstream version, fixes security problem with crafty prompts,
2789 + -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
2791 +sudo (1.6.5p1-4) unstable; urgency=high
2793 + * apply patch for auth/pam.c to fix yet another way to make sudo segfault
2794 + if ctrl/C'ed at password prompt, closes: #131235
2796 + -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
2798 +sudo (1.6.5p1-3) unstable; urgency=high
2800 + * ugly hack to add --disable-saved-ids when building on sparc in response
2801 + to 131592, which will be reassigned to glibc for a real fix
2802 + * urgency high since the sudo currently in testing for sparc is worthless
2804 + -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
2806 +sudo (1.6.5p1-2) unstable; urgency=high
2808 + * patch from upstream to fix seg faults caused by versions of pam that
2809 + follow a NULL pointer, closes: #129512
2811 + -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
2813 +sudo (1.6.5p1-1) unstable; urgency=high
2815 + * new upstream version
2816 + * add --disable-root-mailer option supported by new version to configure
2817 + call in rules file, closes: #129648
2819 + -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
2821 +sudo (1.6.4p1-1) unstable; urgency=high
2823 + * new upstream version, with fix for segfaulting problem in 1.6.4
2825 + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
2827 +sudo (1.6.4-1) unstable; urgency=high
2829 + * new upstream version, includes an important security fix, closes: #127576
2831 + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
2833 +sudo (1.6.3p7-5) unstable; urgency=low
2835 + * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
2836 + * fix spelling error in init.d, closes: #126847
2838 + -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
2840 +sudo (1.6.3p7-4) unstable; urgency=medium
2842 + * use touch to set status files to an ancient date instead of removing them
2843 + outright on reboot. this achieves the desired effect of keeping elevated
2844 + privs from living across reboots, without forcing everyone to see the
2845 + new-sudo-user lecture after every reboot. pick a time that's 'old enough'
2846 + for systems with good clocks, and 'recent enough' that broken PC hardware
2847 + setting the clock to commonly-seen bogus dates trips over the "don't trust
2848 + future timestamps" rule. closes: #76529, #123559
2849 + * apply patch from Steve Langasek to fix seg faults due to interaction with
2850 + PAM code. upstream confirms the problem, and says they're fixing this
2851 + differently for their next release... but this should be useful in the
2852 + meantime, and would be good to get into woody. closes: #119147
2853 + * only run the init.d at boot, not on each runlevel change... and don't run
2854 + it during package configure. closes: #125935
2855 + * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
2857 + -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
2859 +sudo (1.6.3p7-3) unstable; urgency=low
2861 + * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
2862 + resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
2863 + * fix a typo in the manpage, closes: #97368
2864 + * apply patch to configure.in and run autoconf to fix problem building on
2865 + the hurd, closes: #96325
2866 + * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
2867 + to not last across reboots, closes: #76529
2868 + * clean up lintian-noticed cosmetic packaging issues
2870 + -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
2872 +sudo (1.6.3p7-2) unstable; urgency=low
2874 + * update config.sub/guess for hppa support
2876 + -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
2878 +sudo (1.6.3p7-1) unstable; urgency=low
2880 + * new upstream version
2881 + * add build dependency on mail-transport-agent, closes: #90685
2883 + -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
2885 +sudo (1.6.3p6-1) unstable; urgency=high
2887 + * new upstream version, fixes buffer overflow problem,
2888 + closes: #87259, #87278, #87263
2889 + * revert to using --with-secure-path option at build time, since the option
2890 + available in sudoers is parsed too late to be useful, and upstream says
2891 + it won't get fixed quickly. This reopens 85123, which I will mark as
2892 + forwarded. Closes: #86199, #86117, #85676
2894 + -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
2896 +sudo (1.6.3p5-2) unstable; urgency=low
2898 + * lose the dh_suidregister call since it's obsolete
2899 + * stop using the --with-secure-path option at build time, and instead show
2900 + how to set it in sudoers. Closes: #85123
2901 + * freshen config.sub and config.guess for ia64 and hppa
2902 + * update sudoers man page to indicate exempt_group is on by default,
2905 + -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
2907 +sudo (1.6.3p5-1) unstable; urgency=low
2909 + * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
2910 + * this version restores core dumps before the exec, while leaving them
2911 + disabled during sudo's internal execution, closes: #58289
2912 + * update debhelper calls in rules file
2914 + -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
2916 +sudo (1.6.2p2-1) frozen unstable; urgency=medium
2918 + * new upstream source resulting from direct collaboration with the upstream
2919 + author to fix ugly pam-related problems on Debian in 1.6.1 and later.
2920 + Closes: #56129, #55978, #55979, #56550, #56772
2921 + * include more upstream documentation, closes: #55054
2922 + * pam.d fragment update, closes: #56129
2924 + -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
2926 +sudo (1.6.1-1) unstable; urgency=low
2928 + * new upstream source, closes: #52750
2930 + -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
2932 +sudo (1.6-2) unstable; urgency=low
2934 + * drop suidregister support for this package. The sudo executable is
2935 + essentially worthless unless it is setuid root, and making suidregister
2936 + work involves shipping a non-setuid executable in the .deb and setting the
2937 + perms in the postinst. On a long upgrade run, this can leave the sudo
2938 + executable 'broken' for a long time, which is unacceptable. With this
2939 + version, we ship the executable setuid root in the .deb. Closes: #51742
2941 + -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
2943 +sudo (1.6-1) unstable; urgency=low
2945 + * new upstream version, many options previously set at compile-time are now
2946 + configurable at runtime.
2947 + Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
2950 + -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
2952 +sudo (1.5.9p4-1) unstable; urgency=low
2954 + * new upstream version, closes: #43464
2955 + * empty password handling was fixed in 1.5.8, closes: #31863
2957 + -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
2959 +sudo (1.5.9p1-1) unstable; urgency=low
2961 + * new upstream version
2963 + -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
2965 +sudo (1.5.8p1-1) unstable; urgency=medium
2967 + * new upstream version, closes 33690
2968 + * add dependency on libpam-modules, closes 34215, 33432
2970 + -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
2972 +sudo (1.5.7p4-2) unstable; urgency=medium
2974 + * update the pam fragment provided so that sudo works with latest pam bits,
2977 + -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
2979 +sudo (1.5.7p4-1) unstable; urgency=low
2981 + * new upstream release
2983 + -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
2985 +sudo (1.5.6p5-1) unstable; urgency=low
2987 + * new upstream patch release
2988 + * add PAM support, closes 28594
2990 + -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
2992 +sudo (1.5.6p2-2) unstable; urgency=low
2994 + * update copyright file, closes 24136
2995 + * review and close forwarded bugs believed fixed in this upstream version,
2996 + closes 17606, 15786.
2998 + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
3000 +sudo (1.5.6p2-1) unstable; urgency=low
3002 + * new upstream release
3004 + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
3006 +sudo (1.5.4-4) frozen unstable; urgency=low
3008 + * update postinst to use groupadd, closes 21403
3009 + * move the suidregister stuff earlier in postinst to ensure it always runs
3011 + -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
3013 +sudo (1.5.4-3) frozen unstable; urgency=low
3015 + * change /etc/sudoers from a conffile to being handled in postinst,
3017 + * add suidmanager support, closes 15711
3018 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
3019 + unlikely to ever fix, and which just don't matter. closes 17146
3020 + * fix FSF address in copyright file, and submit exception for lintian
3021 + warning about sudo being setuid root
3023 + -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
3025 +sudo (1.5.4-2) unstable; urgency=high
3027 + * patch from upstream author correcting/improving security fix
3029 + -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
3031 +sudo (1.5.4-1) unstable; urgency=high
3033 + * new upstream version, includes a security fix
3034 + * change default editor from /bin/ae to /usr/bin/editor
3036 + -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
3038 +sudo (1.5.3-1) unstable; urgency=medium
3040 + * new upstream version, closes bug 15911.
3041 + * rules file reworked to use debhelper
3042 + * implement a really gross hack to force use of the sudo-provided
3043 + lsearch(), since the one in libc6 is broken! This closes bugs
3044 + 12552, 12557, 14881, 15259, 15916.
3046 + -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
3048 +sudo (1.5.2-6) unstable; urgency=LOW
3050 + * don't install INSTALL in the doc directory, closes bug 13195.
3052 + -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
3054 +sudo (1.5.2-5) unstable; urgency=LOW
3058 + -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
3060 +sudo (1.5.2-4) unstable; urgency=LOW
3062 + * change TIMEOUT (how long before you have to type your password again)
3063 + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
3064 + packages on slower machines much more tolerable. Closes bug 9076.
3065 + * touch debian/suid before debstd. Closes bug 8709.
3067 + -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
3069 +sudo (1.5.2-3) frozen unstable; urgency=LOW
3071 + * patch from upstream maintainer to close Bug 6828
3072 + * add a debian/suid file to get debstd to leave my perl postinst alone
3074 + -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
3076 +sudo (1.5.2-2) frozen unstable; urgency=LOW
3078 + * change rules to use -O2 -Wall as per standards
3080 + -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
3082 +sudo (1.5.2-1) unstable; urgency=LOW
3084 + * new upstream version
3085 + * cosmetic changes to debian package control files
3087 + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
3089 +sudo (1.5-2) unstable; urgency=LOW
3091 + * add /usr/X11R6/bin to the end of the secure path... this makes it
3092 + much easier to run xmkmf, etc., during package builds. To the extent
3093 + that /usr/local/sbin and /usr/local/bin were already included, I see
3094 + no security reasons not to add this.
3096 + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
3098 +sudo (1.5-1) unstable; urgency=LOW
3100 + * New upstream version
3102 + * New packaging format
3104 + -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
3106 +Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
3110 + * hard code SECURE_PATH to:
3111 + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
3113 + * enable ENV_EDITOR
3115 + * enabled EXEMPTGROUP "sudo"
3117 + * moved timestamp dir to /var/log/sudo
3119 + * changed parser to check for long and short filenames (Bug#1162)
3121 +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
3125 + * New upstream source
3127 + * Fixed postinst script
3128 + (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
3130 + * Removed special shadow binary. This version works with and without
3131 + shadow password file.
3133 +Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
3137 + * Corrected editor path to /bin/ae (Bug#3062)
3139 + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
3141 +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
3145 + * New upstream version
3147 + * Changed sudoers permission to 440 (owner root, group root) to make
3148 + sudo usable via NFS
3150 +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
3154 + * Applied upstream patch 1
3156 +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
3160 + * Applied upstream patch 2
3162 +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
3166 + * Applied upstream patch 3 (fixes problems with an NFS-mounted
3170 +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
3174 + * Corrected postinst to use /usr/bin/perl instead of /bin/perl
3175 + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
3177 +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
3181 + * Applied upstream patch 4 (fixes several bugs)
3183 + * Changed priority to optional
3185 +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
3189 + * Corrected postinst to create correct permission for /etc/sudoers
3192 +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
3196 + * New upstream version
3199 +sudo (1.4.4-2) admin; urgency=HIGH
3201 + * Fixed major security bug reported by Peter Tobias
3202 + <tobias@et-inf.fho-emden.de>
3203 + * Added dchanges support to debian.rules
3205 +sudo (1.4.5-1) admin; urgency=LOW
3207 + * New upstream version
3208 + * Minor changes to debian.rules
3209 --- sudo-1.6.8p12.orig/debian/sudo_root.8
3210 +++ sudo-1.6.8p12/debian/sudo_root.8
3212 +.TH sudo_root 8 "February 8, 2006"
3215 +sudo_root \- How to run administrative commands
3226 +By default, the password for the user "root" (the system
3227 +administrator) is locked. This means you cannot login as root or use
3228 +su. Instead, the installer will set up sudo to allow the user that is
3229 +created during install to run all administrative commands.
3231 +This means that in the terminal you can use sudo for commands that
3232 +require root privileges. All programs in the menu will use a graphical
3233 +sudo to prompt for a password. When sudo asks for a password, it needs
3235 +this means that a root password is not needed.
3237 +To run a command which requires root privileges in a terminal, simply
3240 +in front of it. To get an interactive root shell, use
3243 +.SH ALLOWING OTHER USERS TO RUN SUDO
3245 +By default, only the user who installed the system is permitted to run
3246 +sudo. To add more administrators, i. e. users who can run sudo, you
3247 +have to add these users to the group 'admin' by doing one of the
3260 +Use the graphical "Users & Groups" program in the "System settings"
3261 +menu to add the new user to the
3265 +.SH BENEFITS OF USING SUDO
3267 +The benefits of leaving root disabled by default include the following:
3270 +Users do not have to remember an extra password, which they are likely to forget.
3272 +The installer is able to ask fewer questions.
3274 +It avoids the "I can do anything" interactive login by default \- you
3275 +will be prompted for a password before major changes can happen, which
3276 +should make you think about the consequences of what you are doing.
3278 +Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR).
3280 +Every attacker trying to brute\-force their way into your box will
3281 +know it has an account named root and will try that first. What they
3282 +do not know is what the usernames of your other users are.
3284 +Allows easy transfer for admin rights, in a short term or long term
3285 +period, by adding and removing users from the admin group, while not
3286 +compromising the root account.
3288 +sudo can be set up with a much more fine\-grained security policy.
3290 +.SH DOWNSIDES OF USING SUDO
3292 +Although for desktops the benefits of using sudo are great, there are
3293 +possible issues which need to be noted:
3296 +Redirecting the output of commands run with sudo can be confusing at
3297 +first. For instance consider
3300 +.B sudo ls > /root/somefile
3304 +will not work since it is the shell that tries to write to that file. You can use
3308 +.B ls | sudo tee /root/somefile
3312 +to get the behaviour you want.
3316 +In a lot of office environments the ONLY local user on a system is
3317 +root. All other users are imported using NSS techniques such as
3318 +nss\-ldap. To setup a workstation, or fix it, in the case of a network
3319 +failure where nss\-ldap is broken, root is required. This tends to
3320 +leave the system unusable. An extra local user, or an enabled root
3321 +password is needed here.
3323 +.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT
3325 +.B This is not recommended!
3327 +To enable the root account (i.e. set a password) use:
3330 +.B sudo passwd root
3335 +and comment out the line
3338 +%admin ALL=(ALL) ALL
3341 +to disable sudo access to members of the admin group.
3345 +.B https://wiki.ubuntu.com/RootSudo
3347 --- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst
3348 +++ sudo-1.6.8p12/debian/sudo-ldap.postinst
3354 +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
3356 +# make sure we have a sudoers file
3357 +if ( ! -f "/etc/sudoers") {
3359 + print "No /etc/sudoers found... creating one for you.\n";
3361 + open (SUDOERS, "> /etc/sudoers");
3362 + print SUDOERS "# /etc/sudoers\n",
3364 + "# This file MUST be edited with the 'visudo' command as root.\n",
3366 + "# See the man page for details on how to write a sudoers file.\n",
3367 + "#\n\nDefaults\tenv_reset\n\n",
3368 + "# Host alias specification\n\n",
3369 + "# User alias specification\n\n",
3370 + "# Cmnd alias specification\n\n",
3371 + "# User privilege specification\nroot\tALL=(ALL) ALL\n";
3376 +# make sure sudoers has the correct permissions and owner/group
3377 +system ('chown root:root /etc/sudoers');
3378 +system ('chmod 440 /etc/sudoers');
3380 +# must do a remove first to un-do the "bad" links created by previous version
3381 +system ('update-rc.d -f sudo remove >/dev/null 2>&1');
3383 +#system ('update-rc.d sudo start 75 S . >/dev/null');
3385 +# make sure we have a sudo group
3387 +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
3389 +$gid = 27; # start searcg with gid 27
3391 +while (getgrgid($gid)) {
3397 + print "On Debian we normally use gid 27 for 'sudo'.\n";
3398 + $gname = getgrgid(27);
3399 + print "However, on your system gid 27 is group '$gname'.\n\n";
3400 + print "Would you like me to stop configuring sudo so that you can change this? [n] ";
3402 + if ($ans =~ m/^[yY].*/) {
3403 + print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
3408 +print "Creating group 'sudo' with gid = $gid\n";
3409 +system("groupadd -g $gid sudo");
3412 --- sudo-1.6.8p12.orig/debian/sudo.lintian
3413 +++ sudo-1.6.8p12/debian/sudo.lintian
3415 +sudo: setuid-binary usr/bin/sudo 4755 root/root
3416 +sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo
3417 +sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo
3418 --- sudo-1.6.8p12.orig/debian/postinst
3419 +++ sudo-1.6.8p12/debian/postinst
3425 +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
3427 +# make sure we have a sudoers file
3428 +if ( ! -f "/etc/sudoers") {
3430 + print "No /etc/sudoers found... creating one for you.\n";
3432 + open (SUDOERS, "> /etc/sudoers");
3433 + print SUDOERS "# /etc/sudoers\n",
3435 + "# This file MUST be edited with the 'visudo' command as root.\n",
3437 + "# See the man page for details on how to write a sudoers file.\n",
3438 + "# Host alias specification\n\n",
3439 + "# User alias specification\n\n",
3440 + "# Cmnd alias specification\n\n",
3441 + "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n",
3442 + "# User privilege specification\nroot\tALL=(ALL) ALL\n";
3447 +# make sure sudoers has the correct permissions and owner/group
3448 +system ('chown root:root /etc/sudoers');
3449 +system ('chmod 440 /etc/sudoers');
3451 +# must do a remove first to un-do the "bad" links created by previous version
3452 +system ('update-rc.d -f sudo remove >/dev/null 2>&1');
3454 +#system ('update-rc.d sudo start 75 S . >/dev/null');
3456 +# make sure we have a sudo group
3458 +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
3460 +$gid = 27; # start searcg with gid 27
3462 +while (getgrgid($gid)) {
3468 + print "On Debian we normally use gid 27 for 'sudo'.\n";
3469 + $gname = getgrgid(27);
3470 + print "However, on your system gid 27 is group '$gname'.\n\n";
3471 + print "Would you like me to stop configuring sudo so that you can change this? [n] ";
3473 + if ($ans =~ m/^[yY].*/) {
3474 + print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
3479 +print "Creating group 'sudo' with gid = $gid\n";
3480 +system("groupadd -g $gid sudo");
3483 --- sudo-1.6.8p12.orig/debian/compat
3484 +++ sudo-1.6.8p12/debian/compat
3487 --- sudo-1.6.8p12.orig/debian/init.d
3488 +++ sudo-1.6.8p12/debian/init.d
3492 +### BEGIN INIT INFO
3494 +# Required-Start: $local_fs $remote_fs
3496 +# Default-Start: S 1 2 3 4 5
3497 +# Default-Stop: 0 6
3506 + # make sure privileges don't persist across reboots
3507 + if [ -d /var/run/sudo ]
3509 + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
3512 + stop|reload|restart|force-reload)
3515 + echo "Usage: $N {start|stop|restart|force-reload}" >&2
3521 --- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian
3522 +++ sudo-1.6.8p12/debian/sudo-ldap.lintian
3524 +sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
3525 +sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap
3526 +sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap
3527 --- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs
3528 +++ sudo-1.6.8p12/debian/sudo-ldap.dirs
3535 +usr/share/doc/sudo-ldap/examples
3536 +usr/share/lintian/overrides
3537 --- sudo-1.6.8p12.orig/debian/sudo-ldap.docs
3538 +++ sudo-1.6.8p12/debian/sudo-ldap.docs
3551 --- sudo-1.6.8p12.orig/debian/postrm
3552 +++ sudo-1.6.8p12/debian/postrm
3560 + rm -f /etc/sudoers
3563 + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
3567 + echo "postrm called with unknown argument \`$1'" >&2
3575 --- sudo-1.6.8p12.orig/debian/OPTIONS
3576 +++ sudo-1.6.8p12/debian/OPTIONS
3578 +The following options were used to configure sudo for Debian GNU/Linux.
3580 + --with-exempt=sudo
3582 + Any user in group 'sudo' will not need to type their password. It
3583 + is strongly recommended that no users be put in group sudo, and that
3584 + instead the NOPASSWD option in the sudoers file be used if desired.
3588 + Support for pluggable authentication modules.
3592 + Support for LDAP authentication.
3596 + Allow use of fully qualified domain names in the sudoers file.
3598 + --disable-root-mailer
3600 + Send mail as the invoking user, not as root.
3602 + --with-logging=syslog
3603 + --with-logfac=authpriv
3605 + Where logging information goes.
3608 + --with-editor=/usr/bin/editor
3610 + Honor the EDITOR and VISUAL environment variables. If they are not
3611 + present, default to the Debian default system editor.
3614 + --with-password-timeout=0
3616 + Allow 15 minutes before a user has to re-type their passord, versus
3617 + the sudo usual default of 5. Never time out while waiting for a
3618 + password to be typed, this is a seriously big deal for Debian package
3619 + developers using 'dpkg-buildpackage -rsudo'.
3621 + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\
3622 + /sbin:/bin:/usr/X11R6/bin"
3624 + Give a reasonable default path for commands run as root via sudo.
3626 + --with-all-insults
3628 + Include all the insults in the binary, won't be enabled unless turned
3629 + on in the sudoers file.
3631 + --with-sendmail=/usr/sbin/sendmail
3633 + Use Debian policy to know the location of sendmail instead of trying
3634 + to detect it at build time.
3636 + --disable-setresuid
3638 + Linux 2.2 kernels don't support setresgid.
3639 --- sudo-1.6.8p12.orig/debian/copyright
3640 +++ sudo-1.6.8p12/debian/copyright
3642 +This is the Debian GNU/Linux prepackaged version of sudo. sudo is
3643 +used to provide limited super user privileges to specific users.
3645 +This package was put together by Bdale Garbee <bdale@gag.com> using sources
3647 + ftp://ftp.cs.colorado.edu/pub/sudo/
3649 +Sudo is distributed under the following BSD-style license:
3651 + Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
3652 + All rights reserved.
3654 + Redistribution and use in source and binary forms, with or without
3655 + modification, are permitted provided that the following conditions
3658 + 1. Redistributions of source code must retain the above copyright
3659 + notice, this list of conditions and the following disclaimer.
3661 + 2. Redistributions in binary form must reproduce the above copyright
3662 + notice, this list of conditions and the following disclaimer in the
3663 + documentation and/or other materials provided with the distribution.
3665 + 3. The name of the author may not be used to endorse or promote products
3666 + derived from this software without specific prior written permission
3669 + 4. Products derived from this software may not be called "Sudo" nor
3670 + may "Sudo" appear in their names without specific prior written
3671 + permission from the author.
3673 + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
3674 + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
3675 + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
3676 + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
3677 + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3678 + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
3679 + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
3680 + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
3681 + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
3682 + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3685 +Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c
3686 +and fnmatch.3 bear the following UCB license:
3688 + Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994
3689 + The Regents of the University of California. All rights reserved.
3691 + Redistribution and use in source and binary forms, with or without
3692 + modification, are permitted provided that the following conditions
3694 + 1. Redistributions of source code must retain the above copyright
3695 + notice, this list of conditions and the following disclaimer.
3696 + 2. Redistributions in binary form must reproduce the above copyright
3697 + notice, this list of conditions and the following disclaimer in the
3698 + documentation and/or other materials provided with the distribution.
3699 + 3. Neither the name of the University nor the names of its contributors
3700 + may be used to endorse or promote products derived from this software
3701 + without specific prior written permission.
3703 + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
3704 + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3705 + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3706 + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
3707 + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3708 + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3709 + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3710 + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3711 + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3712 + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3714 --- sudo-1.6.8p12.orig/debian/sudo.pam
3715 +++ sudo-1.6.8p12/debian/sudo.pam
3719 +@include common-auth
3720 +@include common-account
3721 --- sudo-1.6.8p12.orig/debian/source.lintian-overrides
3722 +++ sudo-1.6.8p12/debian/source.lintian-overrides
3724 +sudo source: maintainer-script-lacks-debhelper-token debian/postinst
3725 --- sudo-1.6.8p12.orig/sample.sudoers
3726 +++ sudo-1.6.8p12/sample.sudoers
3728 # Cmnd alias specification
3730 Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
3731 - /usr/sbin/rrestore, /usr/bin/mt
3732 -Cmnd_Alias KILL = /usr/bin/kill
3733 + /usr/sbin/rrestore, /bin/mt
3734 +Cmnd_Alias KILL = /bin/kill
3735 Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
3736 -Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
3737 -Cmnd_Alias HALT = /usr/sbin/halt
3738 -Cmnd_Alias REBOOT = /usr/sbin/reboot
3739 -Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
3740 - /usr/local/bin/tcsh, /usr/bin/rsh, \
3741 - /usr/local/bin/zsh
3742 -Cmnd_Alias SU = /usr/bin/su
3743 +Cmnd_Alias SHUTDOWN = /sbin/shutdown
3744 +Cmnd_Alias HALT = /sbin/halt
3745 +Cmnd_Alias REBOOT = /sbin/reboot
3746 +Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \
3747 + /usr/bin/tcsh, /usr/bin/rsh, \
3749 +Cmnd_Alias SU = /bin/su
3750 Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
3754 sudoedit /etc/printcap, /usr/oper/bin/
3756 # joe may su only to operator
3757 -joe ALL = /usr/bin/su operator
3758 +joe ALL = /bin/su operator
3760 # pete may change passwords for anyone but root on the hp snakes
3761 pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
3764 # users in the secretaries netgroup need to help manage the printers
3765 # as well as add and remove users
3766 -+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
3767 ++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser
3769 # fred can run commands as oracle or sybase without a password
3770 fred ALL = (DB) NOPASSWD: ALL
3772 # on the alphas, john may su to anyone but root and flags are not allowed
3773 -john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
3774 +john ALPHA = /bin/su [!-]*, !/bin/su *root*
3776 # jen can run anything on all machines except the ones
3777 # in the "SERVERS" Host_Alias
3778 --- sudo-1.6.8p12.orig/sudo.tab.c
3779 +++ sudo-1.6.8p12/sudo.tab.c
3782 match[top].user = UNSPEC; \
3783 match[top].cmnd = UNSPEC; \
3784 + match[top].cmndall= UNSPEC; \
3785 match[top].host = UNSPEC; \
3786 match[top].runas = UNSPEC; \
3787 match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
3790 match[top].user = match[top-1].user; \
3791 match[top].cmnd = match[top-1].cmnd; \
3792 + match[top].cmndall= match[top-1].cmndall; \
3793 match[top].host = match[top-1].host; \
3794 match[top].runas = match[top-1].runas; \
3795 match[top].nopass = match[top-1].nopass; \
3796 @@ -1739,6 +1741,7 @@
3800 + SETMATCH(cmnd_all, TRUE);
3801 yyval.BOOLEAN = TRUE;
3804 @@ -1769,6 +1772,7 @@
3808 + SETMATCH(cmnd_all, FALSE);
3809 yyval.BOOLEAN = NOMATCH;
3811 free(yyvsp[0].string);
3812 @@ -1800,6 +1804,7 @@
3813 free(yyvsp[0].command.cmnd);
3814 if (yyvsp[0].command.args)
3815 free(yyvsp[0].command.args);
3816 + SETMATCH(cmnd_all, FALSE);
3820 --- sudo-1.6.8p12.orig/ldap.c
3821 +++ sudo-1.6.8p12/ldap.c
3822 @@ -256,9 +256,10 @@
3823 * Walks through search result and returns true if we have a
3826 -int sudo_ldap_check_command(ld,entry)
3827 +int sudo_ldap_check_command(ld,entry,all)
3840 if (!entry) return ret;
3842 v=ldap_get_values(ld,entry,"sudoCommand");
3845 /* Match against ALL ? */
3846 if (!strcasecmp(*p,"ALL")) {
3849 if (ldap_conf.debug>1) printf(" MATCH!\n");
3853 int ldap_user_matches=0;
3854 int ldap_host_matches=0;
3855 + int command_all=0;
3857 if (!sudo_ldap_read_config()) return VALIDATE_ERROR;
3860 /* add matches for listing later */
3861 sudo_ldap_add_match(ld,entry) &&
3862 /* verify command match */
3863 - sudo_ldap_check_command(ld,entry) &&
3864 + sudo_ldap_check_command(ld,entry,&command_all) &&
3865 /* verify runas match */
3866 sudo_ldap_check_runas(ld,entry)
3869 sudo_ldap_parse_options(ld,entry);
3870 /* make sure we dont reenter loop */
3872 + if(command_all) SET(ret,FLAG_CMND_ALL);
3873 /* break from inside for loop */
3876 --- sudo-1.6.8p12.orig/sudo.c
3877 +++ sudo-1.6.8p12/sudo.c
3878 @@ -106,10 +106,11 @@
3879 static void set_loginclass __P((struct passwd *));
3880 static void usage __P((int));
3881 static void usage_excl __P((int));
3882 +static void create_admin_success_flag __P((void));
3883 static struct passwd *get_authpw __P((void));
3884 extern int sudo_edit __P((int, char **));
3885 extern void list_matches __P((void));
3886 -extern char **rebuild_env __P((char **, int, int));
3887 +extern char **rebuild_env __P((char **, int, int, int));
3888 extern char **zero_env __P((char **));
3889 extern struct passwd *sudo_getpwnam __P((const char *));
3890 extern struct passwd *sudo_getpwuid __P((uid_t));
3891 @@ -368,11 +369,15 @@
3893 /* Build a new environment that avoids any nasty bits if we have a cmnd. */
3894 if (ISSET(sudo_mode, MODE_RUN))
3895 - new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
3896 + new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL));
3900 if (ISSET(validated, VALIDATE_OK)) {
3901 + /* If the user is in the admin group, create a dotfile to signal that
3902 + * sudo was executed successfully. */
3903 + create_admin_success_flag();
3905 /* Finally tell the user if the command did not exist. */
3906 if (cmnd_status == NOT_FOUND_DOT) {
3907 warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
3908 @@ -1156,3 +1161,46 @@
3913 +static void create_admin_success_flag(void)
3915 + struct group* admin;
3918 + char flagfile[PATH_MAX];
3921 + if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir)
3924 + /* check whether the user is in the admin group */
3925 + admin = getgrnam("admin");
3926 + if (!admin || !admin->gr_mem)
3929 + for (g = admin->gr_mem; *g; ++g) {
3930 + if (!strcmp(*g, sudo_user.pw->pw_name)) {
3938 + /* build path to flag file */
3939 + snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
3940 + sudo_user.pw->pw_dir);
3941 + if (strlen(flagfile) >= sizeof(flagfile)-1)
3944 + /* do nothing if the file already exists */
3945 + if (!access(flagfile, F_OK))
3949 + f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
3951 + fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid);
3955 --- sudo-1.6.8p12.orig/sudo.h
3956 +++ sudo-1.6.8p12/sudo.h
3958 #define FLAG_NO_HOST 0x080
3959 #define FLAG_NO_CHECK 0x100
3960 #define FLAG_NOEXEC 0x200
3961 +#define FLAG_CMND_ALL 0x400
3964 * Pseudo-boolean values
3965 --- sudo-1.6.8p12.orig/parse.c
3966 +++ sudo-1.6.8p12/parse.c
3968 set_perms(PERM_ROOT);
3969 return(VALIDATE_OK |
3970 (no_passwd == TRUE ? FLAG_NOPASS : 0) |
3971 - (no_execve == TRUE ? FLAG_NOEXEC : 0));
3972 + (no_execve == TRUE ? FLAG_NOEXEC : 0) |
3973 + (cmnd_all == TRUE ? FLAG_CMND_ALL : 0));
3974 } else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
3975 (runas_matches == FALSE && cmnd_matches == TRUE)) {
3977 --- sudo-1.6.8p12.orig/parse.h
3978 +++ sudo-1.6.8p12/parse.h
3989 #define user_matches (match[top-1].user)
3990 #define cmnd_matches (match[top-1].cmnd)
3991 +#define cmnd_all (match[top-1].cmndall)
3992 #define host_matches (match[top-1].host)
3993 #define runas_matches (match[top-1].runas)
3994 #define no_passwd (match[top-1].nopass)