| blob | a370bd06cc02fa7a814fcbb31c6d467a3765a60c |
1 --- sudo-1.6.8p12.orig/sudoers.man.in
2 +++ sudo-1.6.8p12/sudoers.man.in
3 @@ -759,7 +759,7 @@
4 .IP "exempt_group" 12
5 .IX Item "exempt_group"
6 Users in this group are exempt from password and \s-1PATH\s0 requirements.
7 -This is not set by default.
8 +On Debian systems, this is set to the group 'sudo' by default.
9 .IP "verifypw" 12
10 .IX Item "verifypw"
11 This option controls when a password will be required when a user runs
12 --- sudo-1.6.8p12.orig/sudo.man.in
13 +++ sudo-1.6.8p12/sudo.man.in
14 @@ -185,8 +185,7 @@
15 \&\fBsudo\fR determines who is an authorized user by consulting the file
16 \&\fI@sysconfdir@/sudoers\fR. By giving \fBsudo\fR the \fB\-v\fR flag a user
17 can update the time stamp without running a \fIcommand.\fR The password
18 -prompt itself will also time out if the user's password is not
19 -entered within \f(CW\*(C`@password_timeout@\*(C'\fR minutes (unless overridden via
20 +prompt itself will not time out in Debian's version (unless overridden via
21 \&\fIsudoers\fR).
22 .PP
23 If a user who is not listed in the \fIsudoers\fR file tries to run a
24 --- sudo-1.6.8p12.orig/parse.yacc
25 +++ sudo-1.6.8p12/parse.yacc
26 @@ -120,6 +120,7 @@
27 } \
28 match[top].user = UNSPEC; \
29 match[top].cmnd = UNSPEC; \
30 + match[top].cmndall= UNSPEC; \
31 match[top].host = UNSPEC; \
32 match[top].runas = UNSPEC; \
33 match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
34 @@ -135,6 +136,7 @@
35 } \
36 match[top].user = match[top-1].user; \
37 match[top].cmnd = match[top-1].cmnd; \
38 + match[top].cmndall= match[top-1].cmndall; \
39 match[top].host = match[top-1].host; \
40 match[top].runas = match[top-1].runas; \
41 match[top].nopass = match[top-1].nopass; \
42 @@ -675,6 +677,7 @@
43 }
44 }
46 + SETMATCH(cmnd_all, TRUE);
47 $$ = TRUE;
48 }
49 | ALIAS {
50 @@ -705,6 +708,7 @@
51 $$ = NOMATCH;
52 }
53 free($1);
54 + SETMATCH(cmnd_all, FALSE);
55 }
56 | COMMAND {
57 if (printmatches == TRUE) {
58 @@ -730,6 +734,7 @@
59 free($1.cmnd);
60 if ($1.args)
61 free($1.args);
62 + SETMATCH(cmnd_all, FALSE);
63 }
64 ;
66 --- sudo-1.6.8p12.orig/env.c
67 +++ sudo-1.6.8p12/env.c
68 @@ -77,7 +77,7 @@
69 /*
70 * Prototypes
71 */
72 -char **rebuild_env __P((char **, int, int));
73 +char **rebuild_env __P((char **, int, int, int));
74 char **zero_env __P((char **));
75 static void insert_env __P((char *, int));
76 static char *format_env __P((char *, ...));
77 @@ -89,6 +89,8 @@
78 static const char *initial_badenv_table[] = {
79 "IFS",
80 "CDPATH",
81 + "SHELLOPTS",
82 + "PS4",
83 "LOCALDOMAIN",
84 "RES_OPTIONS",
85 "HOSTALIASES",
86 @@ -140,6 +142,12 @@
87 "LC_*",
88 "LANG",
89 "LANGUAGE",
90 + "TERM",
91 + "HOME",
92 + "LOGNAME",
93 + "DISPLAY",
94 + "XAUTHORITY",
95 + "XAUTHORIZATION",
96 NULL
97 };
99 @@ -321,10 +329,11 @@
100 * Also adds sudo-specific variables (SUDO_*).
101 */
102 char **
103 -rebuild_env(envp, sudo_mode, noexec)
104 +rebuild_env(envp, sudo_mode, noexec, noclean)
105 char **envp;
106 int sudo_mode;
107 int noexec;
108 + int noclean;
109 {
110 char **ep, *cp, *ps1;
111 int okvar, iswild, didvar;
112 @@ -429,7 +438,7 @@
113 * env_check.
114 */
115 for (ep = envp; *ep; ep++) {
116 - okvar = 1;
117 + okvar = noclean;
119 /* Skip variables with values beginning with () (bash functions) */
120 if ((cp = strchr(*ep, '=')) != NULL) {
121 @@ -438,6 +447,7 @@
122 }
124 /* Skip anything listed in env_delete. */
125 +#if 0
126 for (cur = def_env_delete; cur && okvar; cur = cur->next) {
127 len = strlen(cur->value);
128 /* Deal with '*' wildcard */
129 @@ -451,9 +461,10 @@
130 okvar = 0;
131 }
132 }
133 +#endif
135 /* Check certain variables for '%' and '/' characters. */
136 - for (cur = def_env_check; cur && okvar; cur = cur->next) {
137 + for (cur = def_env_check; cur; cur = cur->next) {
138 len = strlen(cur->value);
139 /* Deal with '*' wildcard */
140 if (cur->value[len - 1] == '*') {
141 @@ -463,8 +474,24 @@
142 iswild = 0;
143 if (strncmp(cur->value, *ep, len) == 0 &&
144 (iswild || (*ep)[len] == '=') &&
145 - strpbrk(*ep, "/%")) {
146 - okvar = 0;
147 + strpbrk(*ep, "/%") == NULL) {
148 + okvar = 1;
149 + }
150 + }
151 +
152 + /* keep variables in env_keep */
153 + for (cur = def_env_keep; cur; cur = cur->next) {
154 + len = strlen(cur->value);
155 + /* Deal with '*' wildcard */
156 + if (cur->value[len - 1] == '*') {
157 + len--;
158 + iswild = 1;
159 + } else
160 + iswild = 0;
161 + if (strncmp(cur->value, *ep, len) == 0 &&
162 + (iswild || (*ep)[len] == '=')) {
163 + okvar = 1;
164 + break;
165 }
166 }
168 --- sudo-1.6.8p12.orig/sudoers.pod
169 +++ sudo-1.6.8p12/sudoers.pod
170 @@ -93,7 +93,7 @@
172 Cmnd_Alias ::= NAME '=' Cmnd_List
174 - NAME ::= [A-Z]([A-Z][0-9]_)*
175 + NAME ::= [A-Z]([a-z][A-Z][0-9]_)*
177 Each I<alias> definition is of the form
179 @@ -568,7 +568,7 @@
181 =item C<%%>
183 -two consecutive C<%> characters are collaped into a single C<%> character
184 +two consecutive C<%> characters are collapsed into a single C<%> character
186 =back
188 @@ -669,8 +669,8 @@
190 =item exempt_group
192 -Users in this group are exempt from password and PATH requirements.
193 -This is not set by default.
194 +Users in this group are exempt from password and PATH requirements. This
195 +option is turned on for Debian.
197 =item verifypw
199 --- sudo-1.6.8p12.orig/ins_classic.h
200 +++ sudo-1.6.8p12/ins_classic.h
201 @@ -32,7 +32,7 @@
202 "Where did you learn to type?",
203 "Are you on drugs?",
204 "My pet ferret can type better than you!",
205 - "You type like i drive.",
206 + "You type like I drive.",
207 "Do you think like you type?",
208 "Your mind just hasn't been the same since the electro-shock, has it?",
210 --- sudo-1.6.8p12.orig/config.guess
211 +++ sudo-1.6.8p12/config.guess
212 @@ -1,11 +1,9 @@
213 #! /bin/sh
214 # Attempt to guess a canonical system name.
215 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
216 -# 2000, 2001, 2002 Free Software Foundation, Inc.
217 -#
218 -# $Sudo: config.guess,v 1.10 2004/08/09 23:04:35 millert Exp $
219 +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
221 -timestamp='2002-11-30'
222 +timestamp='2005-08-03'
224 # This file is free software; you can redistribute it and/or modify it
225 # under the terms of the GNU General Public License as published by
226 @@ -19,13 +17,15 @@
227 #
228 # You should have received a copy of the GNU General Public License
229 # along with this program; if not, write to the Free Software
230 -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
231 +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
232 +# 02110-1301, USA.
233 #
234 # As a special exception to the GNU General Public License, if you
235 # distribute this file as part of a program that contains a
236 # configuration script generated by Autoconf, you may include it under
237 # the same distribution terms that you use for the rest of that program.
239 +
240 # Originally written by Per Bothner <per@bothner.com>.
241 # Please send patches to <config-patches@gnu.org>. Submit a context
242 # diff and a properly formatted ChangeLog entry.
243 @@ -55,7 +55,7 @@
244 GNU config.guess ($timestamp)
246 Originally written by Per Bothner.
247 -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
248 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
249 Free Software Foundation, Inc.
251 This is free software; see the source for copying conditions. There is NO
252 @@ -68,11 +68,11 @@
253 while test $# -gt 0 ; do
254 case $1 in
255 --time-stamp | --time* | -t )
256 - echo "$timestamp" ; exit 0 ;;
257 + echo "$timestamp" ; exit ;;
258 --version | -v )
259 - echo "$version" ; exit 0 ;;
260 + echo "$version" ; exit ;;
261 --help | --h* | -h )
262 - echo "$usage"; exit 0 ;;
263 + echo "$usage"; exit ;;
264 -- ) # Stop option processing
265 shift; break ;;
266 - ) # Use stdin as input.
267 @@ -100,14 +100,18 @@
268 # Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
269 # use `HOST_CC' if defined, but it is deprecated.
271 -# This shell variable is my proudest work .. or something. --bje
272 +# Portable tmp directory creation inspired by the Autoconf team.
274 -set_cc_for_build='tmpdir=${TMPDIR-/tmp}/config-guess-$$ ;
275 -(old=`umask` && umask 077 && mkdir $tmpdir && umask $old && unset old)
276 - || (echo "$me: cannot create $tmpdir" >&2 && exit 1) ;
277 -dummy=$tmpdir/dummy ;
278 -files="$dummy.c $dummy.o $dummy.rel $dummy" ;
279 -trap '"'"'rm -f $files; rmdir $tmpdir; exit 1'"'"' 1 2 15 ;
280 +set_cc_for_build='
281 +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
282 +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
283 +: ${TMPDIR=/tmp} ;
284 + { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
285 + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
286 + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
287 + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
288 +dummy=$tmp/dummy ;
289 +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
290 case $CC_FOR_BUILD,$HOST_CC,$CC in
291 ,,) echo "int x;" > $dummy.c ;
292 for c in cc gcc c89 c99 ; do
293 @@ -115,15 +119,13 @@
294 CC_FOR_BUILD="$c"; break ;
295 fi ;
296 done ;
297 - rm -f $files ;
298 if test x"$CC_FOR_BUILD" = x ; then
299 CC_FOR_BUILD=no_compiler_found ;
300 fi
301 ;;
302 ,,*) CC_FOR_BUILD=$CC ;;
303 ,*,*) CC_FOR_BUILD=$HOST_CC ;;
304 -esac ;
305 -unset files'
306 +esac ; set_cc_for_build= ;'
308 # This is needed to find uname on a Pyramid OSx when run in the BSD universe.
309 # (ghazi@noc.rutgers.edu 1994-08-24)
310 @@ -196,104 +198,109 @@
311 # contains redundant information, the shorter form:
312 # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
313 echo "${machine}-${os}${release}"
314 - exit 0 ;;
315 + exit ;;
316 *:OpenBSD:*:*)
317 UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
318 echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
319 - exit 0 ;;
320 + exit ;;
321 + *:ekkoBSD:*:*)
322 + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
323 + exit ;;
324 + macppc:MirBSD:*:*)
325 + echo powerppc-unknown-mirbsd${UNAME_RELEASE}
326 + exit ;;
327 + *:MirBSD:*:*)
328 + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
329 + exit ;;
330 alpha:OSF1:*:*)
331 - if test $UNAME_RELEASE = "V4.0"; then
332 + case $UNAME_RELEASE in
333 + *4.0)
334 UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
335 - fi
336 + ;;
337 + *5.*)
338 + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
339 + ;;
340 + esac
341 + # According to Compaq, /usr/sbin/psrinfo has been available on
342 + # OSF/1 and Tru64 systems produced since 1995. I hope that
343 + # covers most systems running today. This code pipes the CPU
344 + # types through head -n 1, so we only detect the type of CPU 0.
345 + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
346 + case "$ALPHA_CPU_TYPE" in
347 + "EV4 (21064)")
348 + UNAME_MACHINE="alpha" ;;
349 + "EV4.5 (21064)")
350 + UNAME_MACHINE="alpha" ;;
351 + "LCA4 (21066/21068)")
352 + UNAME_MACHINE="alpha" ;;
353 + "EV5 (21164)")
354 + UNAME_MACHINE="alphaev5" ;;
355 + "EV5.6 (21164A)")
356 + UNAME_MACHINE="alphaev56" ;;
357 + "EV5.6 (21164PC)")
358 + UNAME_MACHINE="alphapca56" ;;
359 + "EV5.7 (21164PC)")
360 + UNAME_MACHINE="alphapca57" ;;
361 + "EV6 (21264)")
362 + UNAME_MACHINE="alphaev6" ;;
363 + "EV6.7 (21264A)")
364 + UNAME_MACHINE="alphaev67" ;;
365 + "EV6.8CB (21264C)")
366 + UNAME_MACHINE="alphaev68" ;;
367 + "EV6.8AL (21264B)")
368 + UNAME_MACHINE="alphaev68" ;;
369 + "EV6.8CX (21264D)")
370 + UNAME_MACHINE="alphaev68" ;;
371 + "EV6.9A (21264/EV69A)")
372 + UNAME_MACHINE="alphaev69" ;;
373 + "EV7 (21364)")
374 + UNAME_MACHINE="alphaev7" ;;
375 + "EV7.9 (21364A)")
376 + UNAME_MACHINE="alphaev79" ;;
377 + esac
378 + # A Pn.n version is a patched version.
379 # A Vn.n version is a released version.
380 # A Tn.n version is a released field test version.
381 # A Xn.n version is an unreleased experimental baselevel.
382 # 1.2 uses "1.2" for uname -r.
383 - eval $set_cc_for_build
384 - cat <<EOF >$dummy.s
385 - .data
386 -\$Lformat:
387 - .byte 37,100,45,37,120,10,0 # "%d-%x\n"
388 -
389 - .text
390 - .globl main
391 - .align 4
392 - .ent main
393 -main:
394 - .frame \$30,16,\$26,0
395 - ldgp \$29,0(\$27)
396 - .prologue 1
397 - .long 0x47e03d80 # implver \$0
398 - lda \$2,-1
399 - .long 0x47e20c21 # amask \$2,\$1
400 - lda \$16,\$Lformat
401 - mov \$0,\$17
402 - not \$1,\$18
403 - jsr \$26,printf
404 - ldgp \$29,0(\$26)
405 - mov 0,\$16
406 - jsr \$26,exit
407 - .end main
408 -EOF
409 - $CC_FOR_BUILD -o $dummy $dummy.s 2>/dev/null
410 - if test "$?" = 0 ; then
411 - case `$dummy` in
412 - 0-0)
413 - UNAME_MACHINE="alpha"
414 - ;;
415 - 1-0)
416 - UNAME_MACHINE="alphaev5"
417 - ;;
418 - 1-1)
419 - UNAME_MACHINE="alphaev56"
420 - ;;
421 - 1-101)
422 - UNAME_MACHINE="alphapca56"
423 - ;;
424 - 2-303)
425 - UNAME_MACHINE="alphaev6"
426 - ;;
427 - 2-307)
428 - UNAME_MACHINE="alphaev67"
429 - ;;
430 - 2-1307)
431 - UNAME_MACHINE="alphaev68"
432 - ;;
433 - 3-1307)
434 - UNAME_MACHINE="alphaev7"
435 - ;;
436 - esac
437 - fi
438 - rm -f $dummy.s $dummy && rmdir $tmpdir
439 - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
440 - exit 0 ;;
441 + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
442 + exit ;;
443 Alpha\ *:Windows_NT*:*)
444 # How do we know it's Interix rather than the generic POSIX subsystem?
445 # Should we change UNAME_MACHINE based on the output of uname instead
446 # of the specific Alpha model?
447 echo alpha-pc-interix
448 - exit 0 ;;
449 + exit ;;
450 21064:Windows_NT:50:3)
451 echo alpha-dec-winnt3.5
452 - exit 0 ;;
453 + exit ;;
454 Amiga*:UNIX_System_V:4.0:*)
455 echo m68k-unknown-sysv4
456 - exit 0;;
457 + exit ;;
458 *:[Aa]miga[Oo][Ss]:*:*)
459 echo ${UNAME_MACHINE}-unknown-amigaos
460 - exit 0 ;;
461 + exit ;;
462 *:[Mm]orph[Oo][Ss]:*:*)
463 echo ${UNAME_MACHINE}-unknown-morphos
464 - exit 0 ;;
465 + exit ;;
466 *:OS/390:*:*)
467 echo i370-ibm-openedition
468 - exit 0 ;;
469 + exit ;;
470 + *:z/VM:*:*)
471 + echo s390-ibm-zvmoe
472 + exit ;;
473 + *:OS400:*:*)
474 + echo powerpc-ibm-os400
475 + exit ;;
476 arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
477 echo arm-acorn-riscix${UNAME_RELEASE}
478 - exit 0;;
479 + exit ;;
480 + arm:riscos:*:*|arm:RISCOS:*:*)
481 + echo arm-unknown-riscos
482 + exit ;;
483 SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
484 echo hppa1.1-hitachi-hiuxmpp
485 - exit 0;;
486 + exit ;;
487 Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
488 # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
489 if test "`(/bin/universe) 2>/dev/null`" = att ; then
490 @@ -301,29 +308,32 @@
491 else
492 echo pyramid-pyramid-bsd
493 fi
494 - exit 0 ;;
495 + exit ;;
496 NILE*:*:*:dcosx)
497 echo pyramid-pyramid-svr4
498 - exit 0 ;;
499 - DRS?6000:UNIX_SV:4.2*:7*)
500 + exit ;;
501 + DRS?6000:unix:4.0:6*)
502 + echo sparc-icl-nx6
503 + exit ;;
504 + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
505 case `/usr/bin/uname -p` in
506 - sparc) echo sparc-icl-nx7 && exit 0 ;;
507 + sparc) echo sparc-icl-nx7; exit ;;
508 esac ;;
509 sun4H:SunOS:5.*:*)
510 echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
511 - exit 0 ;;
512 + exit ;;
513 sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
514 echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
515 - exit 0 ;;
516 + exit ;;
517 i86pc:SunOS:5.*:*)
518 echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
519 - exit 0 ;;
520 + exit ;;
521 sun4*:SunOS:6*:*)
522 # According to config.sub, this is the proper way to canonicalize
523 # SunOS6. Hard to guess exactly what SunOS6 will be like, but
524 # it's likely to be more like Solaris than SunOS4.
525 echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
526 - exit 0 ;;
527 + exit ;;
528 sun4*:SunOS:*:*)
529 case "`/usr/bin/arch -k`" in
530 Series*|S4*)
531 @@ -332,10 +342,10 @@
532 esac
533 # Japanese Language versions have a version number like `4.1.3-JL'.
534 echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
535 - exit 0 ;;
536 + exit ;;
537 sun3*:SunOS:*:*)
538 echo m68k-sun-sunos${UNAME_RELEASE}
539 - exit 0 ;;
540 + exit ;;
541 sun*:*:4.2BSD:*)
542 UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
543 test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
544 @@ -347,10 +357,10 @@
545 echo sparc-sun-sunos${UNAME_RELEASE}
546 ;;
547 esac
548 - exit 0 ;;
549 + exit ;;
550 aushp:SunOS:*:*)
551 echo sparc-auspex-sunos${UNAME_RELEASE}
552 - exit 0 ;;
553 + exit ;;
554 # The situation for MiNT is a little confusing. The machine name
555 # can be virtually everything (everything which is not
556 # "atarist" or "atariste" at least should have a processor
557 @@ -361,37 +371,40 @@
558 # be no problem.
559 atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
560 echo m68k-atari-mint${UNAME_RELEASE}
561 - exit 0 ;;
562 + exit ;;
563 atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
564 echo m68k-atari-mint${UNAME_RELEASE}
565 - exit 0 ;;
566 + exit ;;
567 *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
568 echo m68k-atari-mint${UNAME_RELEASE}
569 - exit 0 ;;
570 + exit ;;
571 milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
572 echo m68k-milan-mint${UNAME_RELEASE}
573 - exit 0 ;;
574 + exit ;;
575 hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
576 echo m68k-hades-mint${UNAME_RELEASE}
577 - exit 0 ;;
578 + exit ;;
579 *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
580 echo m68k-unknown-mint${UNAME_RELEASE}
581 - exit 0 ;;
582 + exit ;;
583 + m68k:machten:*:*)
584 + echo m68k-apple-machten${UNAME_RELEASE}
585 + exit ;;
586 powerpc:machten:*:*)
587 echo powerpc-apple-machten${UNAME_RELEASE}
588 - exit 0 ;;
589 + exit ;;
590 RISC*:Mach:*:*)
591 echo mips-dec-mach_bsd4.3
592 - exit 0 ;;
593 + exit ;;
594 RISC*:ULTRIX:*:*)
595 echo mips-dec-ultrix${UNAME_RELEASE}
596 - exit 0 ;;
597 + exit ;;
598 VAX*:ULTRIX*:*:*)
599 echo vax-dec-ultrix${UNAME_RELEASE}
600 - exit 0 ;;
601 + exit ;;
602 2020:CLIX:*:* | 2430:CLIX:*:*)
603 echo clipper-intergraph-clix${UNAME_RELEASE}
604 - exit 0 ;;
605 + exit ;;
606 mips:*:*:UMIPS | mips:*:*:RISCos)
607 eval $set_cc_for_build
608 sed 's/^ //' << EOF >$dummy.c
609 @@ -415,33 +428,33 @@
610 exit (-1);
611 }
612 EOF
613 - $CC_FOR_BUILD -o $dummy $dummy.c \
614 - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \
615 - && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
616 - rm -f $dummy.c $dummy && rmdir $tmpdir
617 + $CC_FOR_BUILD -o $dummy $dummy.c &&
618 + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
619 + SYSTEM_NAME=`$dummy $dummyarg` &&
620 + { echo "$SYSTEM_NAME"; exit; }
621 echo mips-mips-riscos${UNAME_RELEASE}
622 - exit 0 ;;
623 + exit ;;
624 Motorola:PowerMAX_OS:*:*)
625 echo powerpc-motorola-powermax
626 - exit 0 ;;
627 + exit ;;
628 Motorola:*:4.3:PL8-*)
629 echo powerpc-harris-powermax
630 - exit 0 ;;
631 + exit ;;
632 Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
633 echo powerpc-harris-powermax
634 - exit 0 ;;
635 + exit ;;
636 Night_Hawk:Power_UNIX:*:*)
637 echo powerpc-harris-powerunix
638 - exit 0 ;;
639 + exit ;;
640 m88k:CX/UX:7*:*)
641 echo m88k-harris-cxux7
642 - exit 0 ;;
643 + exit ;;
644 m88k:*:4*:R4*)
645 echo m88k-motorola-sysv4
646 - exit 0 ;;
647 + exit ;;
648 m88k:*:3*:R3*)
649 echo m88k-motorola-sysv3
650 - exit 0 ;;
651 + exit ;;
652 AViiON:dgux:*:*)
653 # DG/UX returns AViiON for all architectures
654 UNAME_PROCESSOR=`/usr/bin/uname -p`
655 @@ -457,29 +470,29 @@
656 else
657 echo i586-dg-dgux${UNAME_RELEASE}
658 fi
659 - exit 0 ;;
660 + exit ;;
661 M88*:DolphinOS:*:*) # DolphinOS (SVR3)
662 echo m88k-dolphin-sysv3
663 - exit 0 ;;
664 + exit ;;
665 M88*:*:R3*:*)
666 # Delta 88k system running SVR3
667 echo m88k-motorola-sysv3
668 - exit 0 ;;
669 + exit ;;
670 XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
671 echo m88k-tektronix-sysv3
672 - exit 0 ;;
673 + exit ;;
674 Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
675 echo m68k-tektronix-bsd
676 - exit 0 ;;
677 + exit ;;
678 *:IRIX*:*:*)
679 echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
680 - exit 0 ;;
681 + exit ;;
682 ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
683 - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
684 - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX '
685 + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
686 + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
687 i*86:AIX:*:*)
688 echo i386-ibm-aix
689 - exit 0 ;;
690 + exit ;;
691 ia64:AIX:*:*)
692 if [ -x /usr/bin/oslevel ] ; then
693 IBM_REV=`/usr/bin/oslevel`
694 @@ -487,7 +500,7 @@
695 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
696 fi
697 echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
698 - exit 0 ;;
699 + exit ;;
700 *:AIX:2:3)
701 if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
702 eval $set_cc_for_build
703 @@ -502,15 +515,18 @@
704 exit(0);
705 }
706 EOF
707 - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
708 - rm -f $dummy.c $dummy && rmdir $tmpdir
709 - echo rs6000-ibm-aix3.2.5
710 + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
711 + then
712 + echo "$SYSTEM_NAME"
713 + else
714 + echo rs6000-ibm-aix3.2.5
715 + fi
716 elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
717 echo rs6000-ibm-aix3.2.4
718 else
719 echo rs6000-ibm-aix3.2
720 fi
721 - exit 0 ;;
722 + exit ;;
723 *:AIX:*:[45])
724 IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
725 if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
726 @@ -524,28 +540,28 @@
727 IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
728 fi
729 echo ${IBM_ARCH}-ibm-aix${IBM_REV}
730 - exit 0 ;;
731 + exit ;;
732 *:AIX:*:*)
733 echo rs6000-ibm-aix
734 - exit 0 ;;
735 + exit ;;
736 ibmrt:4.4BSD:*|romp-ibm:BSD:*)
737 echo romp-ibm-bsd4.4
738 - exit 0 ;;
739 + exit ;;
740 ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
741 echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
742 - exit 0 ;; # report: romp-ibm BSD 4.3
743 + exit ;; # report: romp-ibm BSD 4.3
744 *:BOSX:*:*)
745 echo rs6000-bull-bosx
746 - exit 0 ;;
747 + exit ;;
748 DPX/2?00:B.O.S.:*:*)
749 echo m68k-bull-sysv3
750 - exit 0 ;;
751 + exit ;;
752 9000/[34]??:4.3bsd:1.*:*)
753 echo m68k-hp-bsd
754 - exit 0 ;;
755 + exit ;;
756 hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
757 echo m68k-hp-bsd4.4
758 - exit 0 ;;
759 + exit ;;
760 9000/[34678]??:HP-UX:*:*)
761 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
762 case "${UNAME_MACHINE}" in
763 @@ -602,16 +618,36 @@
764 }
765 EOF
766 (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
767 - if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi
768 - rm -f $dummy.c $dummy && rmdir $tmpdir
769 + test -z "$HP_ARCH" && HP_ARCH=hppa
770 fi ;;
771 esac
772 + if [ ${HP_ARCH} = "hppa2.0w" ]
773 + then
774 + eval $set_cc_for_build
775 +
776 + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
777 + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
778 + # generating 64-bit code. GNU and HP use different nomenclature:
779 + #
780 + # $ CC_FOR_BUILD=cc ./config.guess
781 + # => hppa2.0w-hp-hpux11.23
782 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
783 + # => hppa64-hp-hpux11.23
784 +
785 + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
786 + grep __LP64__ >/dev/null
787 + then
788 + HP_ARCH="hppa2.0w"
789 + else
790 + HP_ARCH="hppa64"
791 + fi
792 + fi
793 echo ${HP_ARCH}-hp-hpux${HPUX_REV}
794 - exit 0 ;;
795 + exit ;;
796 ia64:HP-UX:*:*)
797 HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
798 echo ia64-hp-hpux${HPUX_REV}
799 - exit 0 ;;
800 + exit ;;
801 3050*:HI-UX:*:*)
802 eval $set_cc_for_build
803 sed 's/^ //' << EOF >$dummy.c
804 @@ -639,149 +675,166 @@
805 exit (0);
806 }
807 EOF
808 - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
809 - rm -f $dummy.c $dummy && rmdir $tmpdir
810 + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
811 + { echo "$SYSTEM_NAME"; exit; }
812 echo unknown-hitachi-hiuxwe2
813 - exit 0 ;;
814 + exit ;;
815 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
816 echo hppa1.1-hp-bsd
817 - exit 0 ;;
818 + exit ;;
819 9000/8??:4.3bsd:*:*)
820 echo hppa1.0-hp-bsd
821 - exit 0 ;;
822 + exit ;;
823 *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
824 echo hppa1.0-hp-mpeix
825 - exit 0 ;;
826 + exit ;;
827 hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
828 echo hppa1.1-hp-osf
829 - exit 0 ;;
830 + exit ;;
831 hp8??:OSF1:*:*)
832 echo hppa1.0-hp-osf
833 - exit 0 ;;
834 + exit ;;
835 i*86:OSF1:*:*)
836 if [ -x /usr/sbin/sysversion ] ; then
837 echo ${UNAME_MACHINE}-unknown-osf1mk
838 else
839 echo ${UNAME_MACHINE}-unknown-osf1
840 fi
841 - exit 0 ;;
842 + exit ;;
843 parisc*:Lites*:*:*)
844 echo hppa1.1-hp-lites
845 - exit 0 ;;
846 + exit ;;
847 C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
848 echo c1-convex-bsd
849 - exit 0 ;;
850 + exit ;;
851 C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
852 if getsysinfo -f scalar_acc
853 then echo c32-convex-bsd
854 else echo c2-convex-bsd
855 fi
856 - exit 0 ;;
857 + exit ;;
858 C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
859 echo c34-convex-bsd
860 - exit 0 ;;
861 + exit ;;
862 C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
863 echo c38-convex-bsd
864 - exit 0 ;;
865 + exit ;;
866 C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
867 echo c4-convex-bsd
868 - exit 0 ;;
869 + exit ;;
870 CRAY*Y-MP:*:*:*)
871 echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
872 - exit 0 ;;
873 + exit ;;
874 CRAY*[A-Z]90:*:*:*)
875 echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
876 | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
877 -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
878 -e 's/\.[^.]*$/.X/'
879 - exit 0 ;;
880 + exit ;;
881 CRAY*TS:*:*:*)
882 echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
883 - exit 0 ;;
884 - CRAY*T3D:*:*:*)
885 - echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
886 - exit 0 ;;
887 + exit ;;
888 CRAY*T3E:*:*:*)
889 echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
890 - exit 0 ;;
891 + exit ;;
892 CRAY*SV1:*:*:*)
893 echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
894 - exit 0 ;;
895 + exit ;;
896 + *:UNICOS/mp:*:*)
897 + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
898 + exit ;;
899 F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
900 FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
901 FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
902 FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
903 echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
904 - exit 0 ;;
905 + exit ;;
906 + 5000:UNIX_System_V:4.*:*)
907 + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
908 + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
909 + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
910 + exit ;;
911 i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
912 echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
913 - exit 0 ;;
914 + exit ;;
915 sparc*:BSD/OS:*:*)
916 echo sparc-unknown-bsdi${UNAME_RELEASE}
917 - exit 0 ;;
918 + exit ;;
919 *:BSD/OS:*:*)
920 echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
921 - exit 0 ;;
922 + exit ;;
923 *:FreeBSD:*:*)
924 - # Determine whether the default compiler uses glibc.
925 - eval $set_cc_for_build
926 - sed 's/^ //' << EOF >$dummy.c
927 - #include <features.h>
928 - #if __GLIBC__ >= 2
929 - LIBC=gnu
930 - #else
931 - LIBC=
932 - #endif
933 -EOF
934 - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
935 - rm -f $dummy.c && rmdir $tmpdir
936 - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC}
937 - exit 0 ;;
938 + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
939 + exit ;;
940 i*:CYGWIN*:*)
941 echo ${UNAME_MACHINE}-pc-cygwin
942 - exit 0 ;;
943 + exit ;;
944 i*:MINGW*:*)
945 echo ${UNAME_MACHINE}-pc-mingw32
946 - exit 0 ;;
947 + exit ;;
948 + i*:windows32*:*)
949 + # uname -m includes "-pc" on this system.
950 + echo ${UNAME_MACHINE}-mingw32
951 + exit ;;
952 i*:PW*:*)
953 echo ${UNAME_MACHINE}-pc-pw32
954 - exit 0 ;;
955 - x86:Interix*:3*)
956 - echo i586-pc-interix3
957 - exit 0 ;;
958 + exit ;;
959 + x86:Interix*:[34]*)
960 + echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//'
961 + exit ;;
962 [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
963 echo i${UNAME_MACHINE}-pc-mks
964 - exit 0 ;;
965 + exit ;;
966 i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
967 # How do we know it's Interix rather than the generic POSIX subsystem?
968 # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
969 # UNAME_MACHINE based on the output of uname instead of i386?
970 echo i586-pc-interix
971 - exit 0 ;;
972 + exit ;;
973 i*:UWIN*:*)
974 echo ${UNAME_MACHINE}-pc-uwin
975 - exit 0 ;;
976 + exit ;;
977 + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
978 + echo x86_64-unknown-cygwin
979 + exit ;;
980 p*:CYGWIN*:*)
981 echo powerpcle-unknown-cygwin
982 - exit 0 ;;
983 + exit ;;
984 prep*:SunOS:5.*:*)
985 echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
986 - exit 0 ;;
987 + exit ;;
988 *:GNU:*:*)
989 + # the GNU system
990 echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
991 - exit 0 ;;
992 + exit ;;
993 + *:GNU/*:*:*)
994 + # other systems with GNU libc and userland
995 + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
996 + exit ;;
997 i*86:Minix:*:*)
998 echo ${UNAME_MACHINE}-pc-minix
999 - exit 0 ;;
1000 + exit ;;
1001 arm*:Linux:*:*)
1002 echo ${UNAME_MACHINE}-unknown-linux-gnu
1003 - exit 0 ;;
1004 + exit ;;
1005 + cris:Linux:*:*)
1006 + echo cris-axis-linux-gnu
1007 + exit ;;
1008 + crisv32:Linux:*:*)
1009 + echo crisv32-axis-linux-gnu
1010 + exit ;;
1011 + frv:Linux:*:*)
1012 + echo frv-unknown-linux-gnu
1013 + exit ;;
1014 ia64:Linux:*:*)
1015 echo ${UNAME_MACHINE}-unknown-linux-gnu
1016 - exit 0 ;;
1017 + exit ;;
1018 + m32r*:Linux:*:*)
1019 + echo ${UNAME_MACHINE}-unknown-linux-gnu
1020 + exit ;;
1021 m68*:Linux:*:*)
1022 echo ${UNAME_MACHINE}-unknown-linux-gnu
1023 - exit 0 ;;
1024 + exit ;;
1025 mips:Linux:*:*)
1026 eval $set_cc_for_build
1027 sed 's/^ //' << EOF >$dummy.c
1028 @@ -799,8 +852,7 @@
1029 #endif
1030 EOF
1031 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
1032 - rm -f $dummy.c && rmdir $tmpdir
1033 - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
1034 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
1035 ;;
1036 mips64:Linux:*:*)
1037 eval $set_cc_for_build
1038 @@ -819,15 +871,17 @@
1039 #endif
1040 EOF
1041 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=`
1042 - rm -f $dummy.c && rmdir $tmpdir
1043 - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0
1044 + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
1045 ;;
1046 + or32:Linux:*:*)
1047 + echo or32-unknown-linux-gnu
1048 + exit ;;
1049 ppc:Linux:*:*)
1050 echo powerpc-unknown-linux-gnu
1051 - exit 0 ;;
1052 + exit ;;
1053 ppc64:Linux:*:*)
1054 echo powerpc64-unknown-linux-gnu
1055 - exit 0 ;;
1056 + exit ;;
1057 alpha:Linux:*:*)
1058 case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
1059 EV5) UNAME_MACHINE=alphaev5 ;;
1060 @@ -841,7 +895,7 @@
1061 objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null
1062 if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
1063 echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
1064 - exit 0 ;;
1065 + exit ;;
1066 parisc:Linux:*:* | hppa:Linux:*:*)
1067 # Look for CPU level
1068 case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
1069 @@ -849,22 +903,25 @@
1070 PA8*) echo hppa2.0-unknown-linux-gnu ;;
1071 *) echo hppa-unknown-linux-gnu ;;
1072 esac
1073 - exit 0 ;;
1074 + exit ;;
1075 parisc64:Linux:*:* | hppa64:Linux:*:*)
1076 echo hppa64-unknown-linux-gnu
1077 - exit 0 ;;
1078 + exit ;;
1079 s390:Linux:*:* | s390x:Linux:*:*)
1080 echo ${UNAME_MACHINE}-ibm-linux
1081 - exit 0 ;;
1082 + exit ;;
1083 + sh64*:Linux:*:*)
1084 + echo ${UNAME_MACHINE}-unknown-linux-gnu
1085 + exit ;;
1086 sh*:Linux:*:*)
1087 echo ${UNAME_MACHINE}-unknown-linux-gnu
1088 - exit 0 ;;
1089 + exit ;;
1090 sparc:Linux:*:* | sparc64:Linux:*:*)
1091 echo ${UNAME_MACHINE}-unknown-linux-gnu
1092 - exit 0 ;;
1093 + exit ;;
1094 x86_64:Linux:*:*)
1095 echo x86_64-unknown-linux-gnu
1096 - exit 0 ;;
1097 + exit ;;
1098 i*86:Linux:*:*)
1099 # The BFD linker knows what the default object file format is, so
1100 # first see if it will tell us. cd to the root directory to prevent
1101 @@ -882,15 +939,15 @@
1102 ;;
1103 a.out-i386-linux)
1104 echo "${UNAME_MACHINE}-pc-linux-gnuaout"
1105 - exit 0 ;;
1106 + exit ;;
1107 coff-i386)
1108 echo "${UNAME_MACHINE}-pc-linux-gnucoff"
1109 - exit 0 ;;
1110 + exit ;;
1111 "")
1112 # Either a pre-BFD a.out linker (linux-gnuoldld) or
1113 # one that does not give us useful --help.
1114 echo "${UNAME_MACHINE}-pc-linux-gnuoldld"
1115 - exit 0 ;;
1116 + exit ;;
1117 esac
1118 # Determine whether the default compiler is a.out or elf
1119 eval $set_cc_for_build
1120 @@ -913,18 +970,23 @@
1121 LIBC=gnuaout
1122 #endif
1123 #endif
1124 + #ifdef __dietlibc__
1125 + LIBC=dietlibc
1126 + #endif
1127 EOF
1128 eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=`
1129 - rm -f $dummy.c && rmdir $tmpdir
1130 - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-pc-linux-${LIBC}" && exit 0
1131 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0
1132 + test x"${LIBC}" != x && {
1133 + echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
1134 + exit
1135 + }
1136 + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; }
1137 ;;
1138 i*86:DYNIX/ptx:4*:*)
1139 # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
1140 # earlier versions are messed up and put the nodename in both
1141 # sysname and nodename.
1142 echo i386-sequent-sysv4
1143 - exit 0 ;;
1144 + exit ;;
1145 i*86:UNIX_SV:4.2MP:2.*)
1146 # Unixware is an offshoot of SVR4, but it has its own version
1147 # number series starting with 2...
1148 @@ -932,24 +994,27 @@
1149 # I just have to hope. -- rms.
1150 # Use sysv4.2uw... so that sysv4* matches it.
1151 echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
1152 - exit 0 ;;
1153 + exit ;;
1154 i*86:OS/2:*:*)
1155 # If we were able to find `uname', then EMX Unix compatibility
1156 # is probably installed.
1157 echo ${UNAME_MACHINE}-pc-os2-emx
1158 - exit 0 ;;
1159 + exit ;;
1160 i*86:XTS-300:*:STOP)
1161 echo ${UNAME_MACHINE}-unknown-stop
1162 - exit 0 ;;
1163 + exit ;;
1164 i*86:atheos:*:*)
1165 echo ${UNAME_MACHINE}-unknown-atheos
1166 - exit 0 ;;
1167 + exit ;;
1168 + i*86:syllable:*:*)
1169 + echo ${UNAME_MACHINE}-pc-syllable
1170 + exit ;;
1171 i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*)
1172 echo i386-unknown-lynxos${UNAME_RELEASE}
1173 - exit 0 ;;
1174 + exit ;;
1175 i*86:*DOS:*:*)
1176 echo ${UNAME_MACHINE}-pc-msdosdjgpp
1177 - exit 0 ;;
1178 + exit ;;
1179 i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
1180 UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
1181 if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
1182 @@ -957,15 +1022,16 @@
1183 else
1184 echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
1185 fi
1186 - exit 0 ;;
1187 - i*86:*:5:[78]*)
1188 + exit ;;
1189 + i*86:*:5:[678]*)
1190 + # UnixWare 7.x, OpenUNIX and OpenServer 6.
1191 case `/bin/uname -X | grep "^Machine"` in
1192 *486*) UNAME_MACHINE=i486 ;;
1193 *Pentium) UNAME_MACHINE=i586 ;;
1194 *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
1195 esac
1196 echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
1197 - exit 0 ;;
1198 + exit ;;
1199 i*86:*:3.2:*)
1200 if test -f /usr/options/cb.name; then
1201 UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
1202 @@ -983,73 +1049,73 @@
1203 else
1204 echo ${UNAME_MACHINE}-pc-sysv32
1205 fi
1206 - exit 0 ;;
1207 + exit ;;
1208 pc:*:*:*)
1209 # Left here for compatibility:
1210 # uname -m prints for DJGPP always 'pc', but it prints nothing about
1211 # the processor, so we play safe by assuming i386.
1212 echo i386-pc-msdosdjgpp
1213 - exit 0 ;;
1214 + exit ;;
1215 Intel:Mach:3*:*)
1216 echo i386-pc-mach3
1217 - exit 0 ;;
1218 + exit ;;
1219 paragon:*:*:*)
1220 echo i860-intel-osf1
1221 - exit 0 ;;
1222 + exit ;;
1223 i860:*:4.*:*) # i860-SVR4
1224 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
1225 echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
1226 else # Add other i860-SVR4 vendors below as they are discovered.
1227 echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
1228 fi
1229 - exit 0 ;;
1230 + exit ;;
1231 mini*:CTIX:SYS*5:*)
1232 # "miniframe"
1233 echo m68010-convergent-sysv
1234 - exit 0 ;;
1235 + exit ;;
1236 mc68k:UNIX:SYSTEM5:3.51m)
1237 echo m68k-convergent-sysv
1238 - exit 0 ;;
1239 + exit ;;
1240 M680?0:D-NIX:5.3:*)
1241 echo m68k-diab-dnix
1242 - exit 0 ;;
1243 - M68*:*:R3V[567]*:*)
1244 - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;;
1245 - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0)
1246 + exit ;;
1247 + M68*:*:R3V[5678]*:*)
1248 + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
1249 + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
1250 OS_REL=''
1251 test -r /etc/.relid \
1252 && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
1253 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
1254 - && echo i486-ncr-sysv4.3${OS_REL} && exit 0
1255 + && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
1256 /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
1257 - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;;
1258 + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
1259 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
1260 /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
1261 - && echo i486-ncr-sysv4 && exit 0 ;;
1262 + && { echo i486-ncr-sysv4; exit; } ;;
1263 m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
1264 echo m68k-unknown-lynxos${UNAME_RELEASE}
1265 - exit 0 ;;
1266 + exit ;;
1267 mc68030:UNIX_System_V:4.*:*)
1268 echo m68k-atari-sysv4
1269 - exit 0 ;;
1270 + exit ;;
1271 TSUNAMI:LynxOS:2.*:*)
1272 echo sparc-unknown-lynxos${UNAME_RELEASE}
1273 - exit 0 ;;
1274 + exit ;;
1275 rs6000:LynxOS:2.*:*)
1276 echo rs6000-unknown-lynxos${UNAME_RELEASE}
1277 - exit 0 ;;
1278 + exit ;;
1279 PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*)
1280 echo powerpc-unknown-lynxos${UNAME_RELEASE}
1281 - exit 0 ;;
1282 + exit ;;
1283 SM[BE]S:UNIX_SV:*:*)
1284 echo mips-dde-sysv${UNAME_RELEASE}
1285 - exit 0 ;;
1286 + exit ;;
1287 RM*:ReliantUNIX-*:*:*)
1288 echo mips-sni-sysv4
1289 - exit 0 ;;
1290 + exit ;;
1291 RM*:SINIX-*:*:*)
1292 echo mips-sni-sysv4
1293 - exit 0 ;;
1294 + exit ;;
1295 *:SINIX-*:*:*)
1296 if uname -p 2>/dev/null >/dev/null ; then
1297 UNAME_MACHINE=`(uname -p) 2>/dev/null`
1298 @@ -1057,64 +1123,73 @@
1299 else
1300 echo ns32k-sni-sysv
1301 fi
1302 - exit 0 ;;
1303 + exit ;;
1304 PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
1305 # says <Richard.M.Bartel@ccMail.Census.GOV>
1306 echo i586-unisys-sysv4
1307 - exit 0 ;;
1308 + exit ;;
1309 *:UNIX_System_V:4*:FTX*)
1310 # From Gerald Hewes <hewes@openmarket.com>.
1311 # How about differentiating between stratus architectures? -djm
1312 echo hppa1.1-stratus-sysv4
1313 - exit 0 ;;
1314 + exit ;;
1315 *:*:*:FTX*)
1316 # From seanf@swdc.stratus.com.
1317 echo i860-stratus-sysv4
1318 - exit 0 ;;
1319 + exit ;;
1320 + i*86:VOS:*:*)
1321 + # From Paul.Green@stratus.com.
1322 + echo ${UNAME_MACHINE}-stratus-vos
1323 + exit ;;
1324 *:VOS:*:*)
1325 # From Paul.Green@stratus.com.
1326 echo hppa1.1-stratus-vos
1327 - exit 0 ;;
1328 + exit ;;
1329 mc68*:A/UX:*:*)
1330 echo m68k-apple-aux${UNAME_RELEASE}
1331 - exit 0 ;;
1332 + exit ;;
1333 news*:NEWS-OS:6*:*)
1334 echo mips-sony-newsos6
1335 - exit 0 ;;
1336 + exit ;;
1337 R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
1338 if [ -d /usr/nec ]; then
1339 echo mips-nec-sysv${UNAME_RELEASE}
1340 else
1341 echo mips-unknown-sysv${UNAME_RELEASE}
1342 fi
1343 - exit 0 ;;
1344 + exit ;;
1345 BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
1346 echo powerpc-be-beos
1347 - exit 0 ;;
1348 + exit ;;
1349 BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
1350 echo powerpc-apple-beos
1351 - exit 0 ;;
1352 + exit ;;
1353 BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
1354 echo i586-pc-beos
1355 - exit 0 ;;
1356 + exit ;;
1357 SX-4:SUPER-UX:*:*)
1358 echo sx4-nec-superux${UNAME_RELEASE}
1359 - exit 0 ;;
1360 + exit ;;
1361 SX-5:SUPER-UX:*:*)
1362 echo sx5-nec-superux${UNAME_RELEASE}
1363 - exit 0 ;;
1364 + exit ;;
1365 SX-6:SUPER-UX:*:*)
1366 echo sx6-nec-superux${UNAME_RELEASE}
1367 - exit 0 ;;
1368 + exit ;;
1369 Power*:Rhapsody:*:*)
1370 echo powerpc-apple-rhapsody${UNAME_RELEASE}
1371 - exit 0 ;;
1372 + exit ;;
1373 *:Rhapsody:*:*)
1374 echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
1375 - exit 0 ;;
1376 + exit ;;
1377 *:Darwin:*:*)
1378 - echo `uname -p`-apple-darwin${UNAME_RELEASE}
1379 - exit 0 ;;
1380 + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
1381 + case $UNAME_PROCESSOR in
1382 + *86) UNAME_PROCESSOR=i686 ;;
1383 + unknown) UNAME_PROCESSOR=powerpc ;;
1384 + esac
1385 + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
1386 + exit ;;
1387 *:procnto*:*:* | *:QNX:[0123456789]*:*)
1388 UNAME_PROCESSOR=`uname -p`
1389 if test "$UNAME_PROCESSOR" = "x86"; then
1390 @@ -1122,22 +1197,25 @@
1391 UNAME_MACHINE=pc
1392 fi
1393 echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
1394 - exit 0 ;;
1395 + exit ;;
1396 *:QNX:*:4*)
1397 echo i386-pc-qnx
1398 - exit 0 ;;
1399 - NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*)
1400 + exit ;;
1401 + NSE-?:NONSTOP_KERNEL:*:*)
1402 + echo nse-tandem-nsk${UNAME_RELEASE}
1403 + exit ;;
1404 + NSR-?:NONSTOP_KERNEL:*:*)
1405 echo nsr-tandem-nsk${UNAME_RELEASE}
1406 - exit 0 ;;
1407 + exit ;;
1408 *:NonStop-UX:*:*)
1409 echo mips-compaq-nonstopux
1410 - exit 0 ;;
1411 + exit ;;
1412 BS2000:POSIX*:*:*)
1413 echo bs2000-siemens-sysv
1414 - exit 0 ;;
1415 + exit ;;
1416 DS/*:UNIX_System_V:*:*)
1417 echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
1418 - exit 0 ;;
1419 + exit ;;
1420 *:Plan9:*:*)
1421 # "uname -m" is not consistent, so use $cputype instead. 386
1422 # is converted to i386 for consistency with other x86
1423 @@ -1148,25 +1226,44 @@
1424 UNAME_MACHINE="$cputype"
1425 fi
1426 echo ${UNAME_MACHINE}-unknown-plan9
1427 - exit 0 ;;
1428 + exit ;;
1429 *:TOPS-10:*:*)
1430 echo pdp10-unknown-tops10
1431 - exit 0 ;;
1432 + exit ;;
1433 *:TENEX:*:*)
1434 echo pdp10-unknown-tenex
1435 - exit 0 ;;
1436 + exit ;;
1437 KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
1438 echo pdp10-dec-tops20
1439 - exit 0 ;;
1440 + exit ;;
1441 XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
1442 echo pdp10-xkl-tops20
1443 - exit 0 ;;
1444 + exit ;;
1445 *:TOPS-20:*:*)
1446 echo pdp10-unknown-tops20
1447 - exit 0 ;;
1448 + exit ;;
1449 *:ITS:*:*)
1450 echo pdp10-unknown-its
1451 - exit 0 ;;
1452 + exit ;;
1453 + SEI:*:*:SEIUX)
1454 + echo mips-sei-seiux${UNAME_RELEASE}
1455 + exit ;;
1456 + *:DragonFly:*:*)
1457 + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
1458 + exit ;;
1459 + *:*VMS:*:*)
1460 + UNAME_MACHINE=`(uname -p) 2>/dev/null`
1461 + case "${UNAME_MACHINE}" in
1462 + A*) echo alpha-dec-vms ; exit ;;
1463 + I*) echo ia64-dec-vms ; exit ;;
1464 + V*) echo vax-dec-vms ; exit ;;
1465 + esac ;;
1466 + *:XENIX:*:SysV)
1467 + echo i386-pc-xenix
1468 + exit ;;
1469 + i*86:skyos:*:*)
1470 + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
1471 + exit ;;
1472 esac
1474 #echo '(No uname command or uname output not recognized.)' 1>&2
1475 @@ -1198,7 +1295,7 @@
1476 #endif
1478 #if defined (__arm) && defined (__acorn) && defined (__unix)
1479 - printf ("arm-acorn-riscix"); exit (0);
1480 + printf ("arm-acorn-riscix\n"); exit (0);
1481 #endif
1483 #if defined (hp300) && !defined (hpux)
1484 @@ -1287,12 +1384,12 @@
1485 }
1486 EOF
1488 -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && rm -f $dummy.c $dummy && rmdir $tmpdir && exit 0
1489 -rm -f $dummy.c $dummy && rmdir $tmpdir
1490 +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
1491 + { echo "$SYSTEM_NAME"; exit; }
1493 # Apollos put the system type in the environment.
1495 -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; }
1496 +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
1498 # Convex versions that predate uname can use getsysinfo(1)
1500 @@ -1301,22 +1398,22 @@
1501 case `getsysinfo -f cpu_type` in
1502 c1*)
1503 echo c1-convex-bsd
1504 - exit 0 ;;
1505 + exit ;;
1506 c2*)
1507 if getsysinfo -f scalar_acc
1508 then echo c32-convex-bsd
1509 else echo c2-convex-bsd
1510 fi
1511 - exit 0 ;;
1512 + exit ;;
1513 c34*)
1514 echo c34-convex-bsd
1515 - exit 0 ;;
1516 + exit ;;
1517 c38*)
1518 echo c38-convex-bsd
1519 - exit 0 ;;
1520 + exit ;;
1521 c4*)
1522 echo c4-convex-bsd
1523 - exit 0 ;;
1524 + exit ;;
1525 esac
1526 fi
1528 @@ -1327,7 +1424,9 @@
1529 the operating system you are using. It is advised that you
1530 download the most up to date version of the config scripts from
1532 - ftp://ftp.gnu.org/pub/gnu/config/
1533 + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
1534 +and
1535 + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
1537 If the version you run ($0) is already up to date, please
1538 send the following data and any information you think might be
1539 --- sudo-1.6.8p12.orig/config.sub
1540 +++ sudo-1.6.8p12/config.sub
1541 @@ -1,11 +1,9 @@
1542 #! /bin/sh
1543 # Configuration validation subroutine script.
1544 # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
1545 -# 2000, 2001, 2002 Free Software Foundation, Inc.
1546 -#
1547 -# $Sudo: config.sub,v 1.11 2003/01/20 21:07:51 millert Exp $
1548 +# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
1550 -timestamp='2002-11-30'
1551 +timestamp='2005-07-08'
1553 # This file is (in principle) common to ALL GNU software.
1554 # The presence of a machine in this file suggests that SOME GNU software
1555 @@ -23,14 +21,15 @@
1556 #
1557 # You should have received a copy of the GNU General Public License
1558 # along with this program; if not, write to the Free Software
1559 -# Foundation, Inc., 59 Temple Place - Suite 330,
1560 -# Boston, MA 02111-1307, USA.
1561 -
1562 +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
1563 +# 02110-1301, USA.
1564 +#
1565 # As a special exception to the GNU General Public License, if you
1566 # distribute this file as part of a program that contains a
1567 # configuration script generated by Autoconf, you may include it under
1568 # the same distribution terms that you use for the rest of that program.
1570 +
1571 # Please send patches to <config-patches@gnu.org>. Submit a context
1572 # diff and a properly formatted ChangeLog entry.
1573 #
1574 @@ -72,7 +71,7 @@
1575 version="\
1576 GNU config.sub ($timestamp)
1578 -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001
1579 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
1580 Free Software Foundation, Inc.
1582 This is free software; see the source for copying conditions. There is NO
1583 @@ -85,11 +84,11 @@
1584 while test $# -gt 0 ; do
1585 case $1 in
1586 --time-stamp | --time* | -t )
1587 - echo "$timestamp" ; exit 0 ;;
1588 + echo "$timestamp" ; exit ;;
1589 --version | -v )
1590 - echo "$version" ; exit 0 ;;
1591 + echo "$version" ; exit ;;
1592 --help | --h* | -h )
1593 - echo "$usage"; exit 0 ;;
1594 + echo "$usage"; exit ;;
1595 -- ) # Stop option processing
1596 shift; break ;;
1597 - ) # Use stdin as input.
1598 @@ -101,7 +100,7 @@
1599 *local*)
1600 # First pass through any local machine types.
1601 echo $1
1602 - exit 0;;
1603 + exit ;;
1605 * )
1606 break ;;
1607 @@ -120,7 +119,8 @@
1608 # Here we must recognize all the valid KERNEL-OS combinations.
1609 maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
1610 case $maybe_os in
1611 - nto-qnx* | linux-gnu* | freebsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
1612 + nto-qnx* | linux-gnu* | linux-dietlibc | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | \
1613 + kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | storm-chaos* | os2-emx* | rtmk-nova*)
1614 os=-$maybe_os
1615 basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
1616 ;;
1617 @@ -146,7 +146,7 @@
1618 -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
1619 -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
1620 -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
1621 - -apple | -axis | -sr2201*)
1622 + -apple | -axis | -knuth | -cray)
1623 os=
1624 basic_machine=$1
1625 ;;
1626 @@ -230,14 +230,16 @@
1627 | a29k \
1628 | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
1629 | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
1630 + | am33_2.0 \
1631 | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
1632 - | clipper \
1633 + | bfin \
1634 + | c4x | clipper \
1635 | d10v | d30v | dlx | dsp16xx \
1636 | fr30 | frv \
1637 | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
1638 | i370 | i860 | i960 | ia64 \
1639 - | ip2k \
1640 - | m32r | m68000 | m68k | m88k | mcore \
1641 + | ip2k | iq2000 \
1642 + | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
1643 | mips | mipsbe | mipseb | mipsel | mipsle \
1644 | mips16 \
1645 | mips64 | mips64el \
1646 @@ -246,28 +248,37 @@
1647 | mips64vr4100 | mips64vr4100el \
1648 | mips64vr4300 | mips64vr4300el \
1649 | mips64vr5000 | mips64vr5000el \
1650 + | mips64vr5900 | mips64vr5900el \
1651 | mipsisa32 | mipsisa32el \
1652 + | mipsisa32r2 | mipsisa32r2el \
1653 | mipsisa64 | mipsisa64el \
1654 + | mipsisa64r2 | mipsisa64r2el \
1655 | mipsisa64sb1 | mipsisa64sb1el \
1656 | mipsisa64sr71k | mipsisa64sr71kel \
1657 | mipstx39 | mipstx39el \
1658 | mn10200 | mn10300 \
1659 + | ms1 \
1660 + | msp430 \
1661 | ns16k | ns32k \
1662 - | openrisc | or32 \
1663 + | or32 \
1664 | pdp10 | pdp11 | pj | pjl \
1665 | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
1666 | pyramid \
1667 - | sh | sh[1234] | sh3e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
1668 + | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le | sh3ele \
1669 | sh64 | sh64le \
1670 - | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv9 | sparcv9b \
1671 + | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
1672 + | sparcv8 | sparcv9 | sparcv9b \
1673 | strongarm \
1674 - | tahoe | thumb | tic80 | tron \
1675 + | tahoe | thumb | tic4x | tic80 | tron \
1676 | v850 | v850e \
1677 | we32k \
1678 - | x86 | xscale | xstormy16 | xtensa \
1679 + | x86 | xscale | xscalee[bl] | xstormy16 | xtensa \
1680 | z8k)
1681 basic_machine=$basic_machine-unknown
1682 ;;
1683 + m32c)
1684 + basic_machine=$basic_machine-unknown
1685 + ;;
1686 m6811 | m68hc11 | m6812 | m68hc12)
1687 # Motorola 68HC11/12.
1688 basic_machine=$basic_machine-unknown
1689 @@ -295,19 +306,19 @@
1690 | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
1691 | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
1692 | avr-* \
1693 - | bs2000-* \
1694 - | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* \
1695 - | clipper-* | cydra-* \
1696 + | bfin-* | bs2000-* \
1697 + | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
1698 + | clipper-* | craynv-* | cydra-* \
1699 | d10v-* | d30v-* | dlx-* \
1700 | elxsi-* \
1701 | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
1702 | h8300-* | h8500-* \
1703 | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
1704 | i*86-* | i860-* | i960-* | ia64-* \
1705 - | ip2k-* \
1706 - | m32r-* \
1707 + | ip2k-* | iq2000-* \
1708 + | m32r-* | m32rle-* \
1709 | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
1710 - | m88110-* | m88k-* | mcore-* \
1711 + | m88110-* | m88k-* | maxq-* | mcore-* \
1712 | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
1713 | mips16-* \
1714 | mips64-* | mips64el-* \
1715 @@ -316,29 +327,40 @@
1716 | mips64vr4100-* | mips64vr4100el-* \
1717 | mips64vr4300-* | mips64vr4300el-* \
1718 | mips64vr5000-* | mips64vr5000el-* \
1719 + | mips64vr5900-* | mips64vr5900el-* \
1720 | mipsisa32-* | mipsisa32el-* \
1721 + | mipsisa32r2-* | mipsisa32r2el-* \
1722 | mipsisa64-* | mipsisa64el-* \
1723 + | mipsisa64r2-* | mipsisa64r2el-* \
1724 | mipsisa64sb1-* | mipsisa64sb1el-* \
1725 | mipsisa64sr71k-* | mipsisa64sr71kel-* \
1726 - | mipstx39 | mipstx39el \
1727 + | mipstx39-* | mipstx39el-* \
1728 + | mmix-* \
1729 + | ms1-* \
1730 + | msp430-* \
1731 | none-* | np1-* | ns16k-* | ns32k-* \
1732 | orion-* \
1733 | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
1734 | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
1735 | pyramid-* \
1736 | romp-* | rs6000-* \
1737 - | sh-* | sh[1234]-* | sh3e-* | sh[34]eb-* | shbe-* \
1738 + | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | shbe-* \
1739 | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
1740 - | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
1741 - | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
1742 - | tahoe-* | thumb-* | tic30-* | tic4x-* | tic54x-* | tic80-* | tron-* \
1743 + | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
1744 + | sparclite-* \
1745 + | sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
1746 + | tahoe-* | thumb-* \
1747 + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
1748 + | tron-* \
1749 | v850-* | v850e-* | vax-* \
1750 | we32k-* \
1751 - | x86-* | x86_64-* | xps100-* | xscale-* | xstormy16-* \
1752 - | xtensa-* \
1753 + | x86-* | x86_64-* | xps100-* | xscale-* | xscalee[bl]-* \
1754 + | xstormy16-* | xtensa-* \
1755 | ymp-* \
1756 | z8k-*)
1757 ;;
1758 + m32c-*)
1759 + ;;
1760 # Recognize the various machine names and aliases which stand
1761 # for a CPU type and a company and sometimes even an OS.
1762 386bsd)
1763 @@ -355,6 +377,9 @@
1764 basic_machine=a29k-amd
1765 os=-udi
1766 ;;
1767 + abacus)
1768 + basic_machine=abacus-unknown
1769 + ;;
1770 adobe68k)
1771 basic_machine=m68010-adobe
1772 os=-scout
1773 @@ -434,12 +459,27 @@
1774 basic_machine=j90-cray
1775 os=-unicos
1776 ;;
1777 + craynv)
1778 + basic_machine=craynv-cray
1779 + os=-unicosmp
1780 + ;;
1781 + cr16c)
1782 + basic_machine=cr16c-unknown
1783 + os=-elf
1784 + ;;
1785 crds | unos)
1786 basic_machine=m68k-crds
1787 ;;
1788 + crisv32 | crisv32-* | etraxfs*)
1789 + basic_machine=crisv32-axis
1790 + ;;
1791 cris | cris-* | etrax*)
1792 basic_machine=cris-axis
1793 ;;
1794 + crx)
1795 + basic_machine=crx-unknown
1796 + os=-elf
1797 + ;;
1798 da30 | da30-*)
1799 basic_machine=m68k-da30
1800 ;;
1801 @@ -462,6 +502,10 @@
1802 basic_machine=m88k-motorola
1803 os=-sysv3
1804 ;;
1805 + djgpp)
1806 + basic_machine=i586-pc
1807 + os=-msdosdjgpp
1808 + ;;
1809 dpx20 | dpx20-*)
1810 basic_machine=rs6000-bull
1811 os=-bosx
1812 @@ -515,10 +559,6 @@
1813 basic_machine=h8500-hitachi
1814 os=-hms
1815 ;;
1816 - sr2201*)
1817 - basic_machine=harp1e-hitachi
1818 - os=-hiuxmpp
1819 - ;;
1820 harris)
1821 basic_machine=m88k-harris
1822 os=-sysv3
1823 @@ -644,10 +684,6 @@
1824 mips3*)
1825 basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
1826 ;;
1827 - mmix*)
1828 - basic_machine=mmix-knuth
1829 - os=-mmixware
1830 - ;;
1831 monitor)
1832 basic_machine=m68k-rom68k
1833 os=-coff
1834 @@ -735,9 +771,12 @@
1835 basic_machine=hppa1.1-oki
1836 os=-proelf
1837 ;;
1838 - or32 | or32-*)
1839 + openrisc | openrisc-*)
1840 basic_machine=or32-unknown
1841 - os=-coff
1842 + ;;
1843 + os400)
1844 + basic_machine=powerpc-ibm
1845 + os=-os400
1846 ;;
1847 OSE68000 | ose68000)
1848 basic_machine=m68000-ericsson
1849 @@ -770,18 +809,24 @@
1850 pentiumpro | p6 | 6x86 | athlon | athlon_*)
1851 basic_machine=i686-pc
1852 ;;
1853 - pentiumii | pentium2)
1854 + pentiumii | pentium2 | pentiumiii | pentium3)
1855 basic_machine=i686-pc
1856 ;;
1857 + pentium4)
1858 + basic_machine=i786-pc
1859 + ;;
1860 pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
1861 basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
1862 ;;
1863 pentiumpro-* | p6-* | 6x86-* | athlon-*)
1864 basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
1865 ;;
1866 - pentiumii-* | pentium2-*)
1867 + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
1868 basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
1869 ;;
1870 + pentium4-*)
1871 + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
1872 + ;;
1873 pn)
1874 basic_machine=pn-gould
1875 ;;
1876 @@ -840,6 +885,10 @@
1877 sb1el)
1878 basic_machine=mipsisa64sb1el-unknown
1879 ;;
1880 + sei)
1881 + basic_machine=mips-sei
1882 + os=-seiux
1883 + ;;
1884 sequent)
1885 basic_machine=i386-sequent
1886 ;;
1887 @@ -847,6 +896,9 @@
1888 basic_machine=sh-hitachi
1889 os=-hms
1890 ;;
1891 + sh64)
1892 + basic_machine=sh64-unknown
1893 + ;;
1894 sparclite-wrs | simso-wrs)
1895 basic_machine=sparclite-wrs
1896 os=-vxworks
1897 @@ -913,10 +965,6 @@
1898 basic_machine=i386-sequent
1899 os=-dynix
1900 ;;
1901 - t3d)
1902 - basic_machine=alpha-cray
1903 - os=-unicos
1904 - ;;
1905 t3e)
1906 basic_machine=alphaev5-cray
1907 os=-unicos
1908 @@ -925,14 +973,18 @@
1909 basic_machine=t90-cray
1910 os=-unicos
1911 ;;
1912 - tic4x | c4x*)
1913 - basic_machine=tic4x-unknown
1914 - os=-coff
1915 - ;;
1916 tic54x | c54x*)
1917 basic_machine=tic54x-unknown
1918 os=-coff
1919 ;;
1920 + tic55x | c55x*)
1921 + basic_machine=tic55x-unknown
1922 + os=-coff
1923 + ;;
1924 + tic6x | c6x*)
1925 + basic_machine=tic6x-unknown
1926 + os=-coff
1927 + ;;
1928 tx39)
1929 basic_machine=mipstx39-unknown
1930 ;;
1931 @@ -946,6 +998,10 @@
1932 tower | tower-32)
1933 basic_machine=m68k-ncr
1934 ;;
1935 + tpf)
1936 + basic_machine=s390x-ibm
1937 + os=-tpf
1938 + ;;
1939 udi29k)
1940 basic_machine=a29k-amd
1941 os=-udi
1942 @@ -989,6 +1045,10 @@
1943 basic_machine=hppa1.1-winbond
1944 os=-proelf
1945 ;;
1946 + xbox)
1947 + basic_machine=i686-pc
1948 + os=-mingw32
1949 + ;;
1950 xps | xps100)
1951 basic_machine=xps100-honeywell
1952 ;;
1953 @@ -1019,6 +1079,9 @@
1954 romp)
1955 basic_machine=romp-ibm
1956 ;;
1957 + mmix)
1958 + basic_machine=mmix-knuth
1959 + ;;
1960 rs6000)
1961 basic_machine=rs6000-ibm
1962 ;;
1963 @@ -1035,13 +1098,10 @@
1964 we32k)
1965 basic_machine=we32k-att
1966 ;;
1967 - sh3 | sh4 | sh3eb | sh4eb | sh[1234]le | sh3ele)
1968 + sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
1969 basic_machine=sh-unknown
1970 ;;
1971 - sh64)
1972 - basic_machine=sh64-unknown
1973 - ;;
1974 - sparc | sparcv9 | sparcv9b)
1975 + sparc | sparcv8 | sparcv9 | sparcv9b)
1976 basic_machine=sparc-sun
1977 ;;
1978 cydra)
1979 @@ -1114,19 +1174,21 @@
1980 | -aos* \
1981 | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
1982 | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
1983 - | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
1984 - | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
1985 + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* | -openbsd* \
1986 + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
1987 + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
1988 | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
1989 | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
1990 | -chorusos* | -chorusrdb* \
1991 | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
1992 - | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
1993 + | -mingw32* | -linux-gnu* | -linux-uclibc* | -uxpv* | -beos* | -mpeix* | -udk* \
1994 | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
1995 | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
1996 | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
1997 | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
1998 | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
1999 - | -powermax* | -dnix*)
2000 + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
2001 + | -skyos* | -haiku*)
2002 # Remember, each alternative MUST END IN *, to match a version number.
2003 ;;
2004 -qnx*)
2005 @@ -1144,12 +1206,15 @@
2006 os=`echo $os | sed -e 's|nto|nto-qnx|'`
2007 ;;
2008 -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
2009 - | -windows* | -osx | -abug | -netware* | -os9* | -beos* \
2010 + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
2011 | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
2012 ;;
2013 -mac*)
2014 os=`echo $os | sed -e 's|mac|macos|'`
2015 ;;
2016 + -linux-dietlibc)
2017 + os=-linux-dietlibc
2018 + ;;
2019 -linux*)
2020 os=`echo $os | sed -e 's|linux|linux-gnu|'`
2021 ;;
2022 @@ -1162,6 +1227,9 @@
2023 -opened*)
2024 os=-openedition
2025 ;;
2026 + -os400*)
2027 + os=-os400
2028 + ;;
2029 -wince*)
2030 os=-wince
2031 ;;
2032 @@ -1183,6 +1251,9 @@
2033 -atheos*)
2034 os=-atheos
2035 ;;
2036 + -syllable*)
2037 + os=-syllable
2038 + ;;
2039 -386bsd)
2040 os=-bsd
2041 ;;
2042 @@ -1205,6 +1276,9 @@
2043 -sinix*)
2044 os=-sysv4
2045 ;;
2046 + -tpf*)
2047 + os=-tpf
2048 + ;;
2049 -triton*)
2050 os=-sysv3
2051 ;;
2052 @@ -1235,6 +1309,15 @@
2053 -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
2054 os=-mint
2055 ;;
2056 + -aros*)
2057 + os=-aros
2058 + ;;
2059 + -kaos*)
2060 + os=-kaos
2061 + ;;
2062 + -zvmoe)
2063 + os=-zvmoe
2064 + ;;
2065 -none)
2066 ;;
2067 *)
2068 @@ -1266,6 +1349,9 @@
2069 arm*-semi)
2070 os=-aout
2071 ;;
2072 + c4x-* | tic4x-*)
2073 + os=-coff
2074 + ;;
2075 # This must come before the *-dec entry.
2076 pdp10-*)
2077 os=-tops20
2078 @@ -1309,9 +1395,15 @@
2079 *-be)
2080 os=-beos
2081 ;;
2082 + *-haiku)
2083 + os=-haiku
2084 + ;;
2085 *-ibm)
2086 os=-aix
2087 ;;
2088 + *-knuth)
2089 + os=-mmixware
2090 + ;;
2091 *-wec)
2092 os=-proelf
2093 ;;
2094 @@ -1444,9 +1536,15 @@
2095 -mvs* | -opened*)
2096 vendor=ibm
2097 ;;
2098 + -os400*)
2099 + vendor=ibm
2100 + ;;
2101 -ptx*)
2102 vendor=sequent
2103 ;;
2104 + -tpf*)
2105 + vendor=ibm
2106 + ;;
2107 -vxsim* | -vxworks* | -windiss*)
2108 vendor=wrs
2109 ;;
2110 @@ -1471,7 +1569,7 @@
2111 esac
2113 echo $basic_machine$os
2114 -exit 0
2115 +exit
2117 # Local variables:
2118 # eval: (add-hook 'write-file-hooks 'time-stamp)
2119 --- sudo-1.6.8p12.orig/sudoers
2120 +++ sudo-1.6.8p12/sudoers
2121 @@ -1,10 +1,17 @@
2122 # sudoers file.
2123 #
2124 # This file MUST be edited with the 'visudo' command as root.
2125 +# 'visudo' edits the suoders file in a safe fashion. visudo
2126 +# locks the sudoers file against multiple simultaneous edits,
2127 +# provides basic sanity checks, and checks for syntax errors. If
2128 +# the sudoers file is currently being edited you will receive a
2129 +# message to try again later.
2130 #
2131 # See the sudoers man page for the details on how to write a sudoers file.
2132 #
2134 +# Defaults syslog=auth, secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
2135 +
2136 # Host alias specification
2138 # User alias specification
2139 --- sudo-1.6.8p12.orig/debian/dirs
2140 +++ sudo-1.6.8p12/debian/dirs
2141 @@ -0,0 +1,7 @@
2142 +etc/pam.d
2143 +usr/bin
2144 +usr/share/man/man8
2145 +usr/share/man/man5
2146 +usr/sbin
2147 +usr/share/doc/sudo/examples
2148 +usr/share/lintian/overrides
2149 --- sudo-1.6.8p12.orig/debian/docs
2150 +++ sudo-1.6.8p12/debian/docs
2151 @@ -0,0 +1,9 @@
2152 +debian/OPTIONS
2153 +BUGS
2154 +RUNSON
2155 +UPGRADE
2156 +PORTING
2157 +TODO
2158 +HISTORY
2159 +README
2160 +TROUBLESHOOTING
2161 --- sudo-1.6.8p12.orig/debian/sudo-ldap.init.d
2162 +++ sudo-1.6.8p12/debian/sudo-ldap.init.d
2163 @@ -0,0 +1,31 @@
2164 +#! /bin/sh
2165 +
2166 +### BEGIN INIT INFO
2167 +# Provides: sudu
2168 +# Required-Start: $local_fs $remote_fs
2169 +# Required-Stop:
2170 +# Default-Start: S 1 2 3 4 5
2171 +# Default-Stop: 0 6
2172 +### END INIT INFO
2173 +
2174 +N=/etc/init.d/sudo
2175 +
2176 +set -e
2177 +
2178 +case "$1" in
2179 + start)
2180 + # make sure privileges don't persist across reboots
2181 + if [ -d /var/run/sudo ]
2182 + then
2183 + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
2184 + fi
2185 + ;;
2186 + stop|reload|restart|force-reload)
2187 + ;;
2188 + *)
2189 + echo "Usage: $N {start|stop|restart|force-reload}" >&2
2190 + exit 1
2191 + ;;
2192 +esac
2193 +
2194 +exit 0
2195 --- sudo-1.6.8p12.orig/debian/control
2196 +++ sudo-1.6.8p12/debian/control
2197 @@ -0,0 +1,32 @@
2198 +Source: sudo
2199 +Section: admin
2200 +Priority: optional
2201 +Maintainer: Bdale Garbee <bdale@gag.com>
2202 +Build-Depends: debhelper (>= 5), libpam0g-dev, libldap2-dev
2203 +Standards-Version: 3.6.2.1
2204 +
2205 +Package: sudo
2206 +Architecture: any
2207 +Depends: ${shlibs:Depends}, libpam-modules
2208 +Conflicts: sudo-ldap
2209 +Replaces: sudo-ldap
2210 +Description: Provide limited super user privileges to specific users
2211 + Sudo is a program designed to allow a sysadmin to give limited root
2212 + privileges to users and log root activity. The basic philosophy is to give
2213 + as few privileges as possible but still allow people to get their work done.
2214 + .
2215 + This version is built with minimal shared library dependencies, use the
2216 + sudo-ldap package instead if you need LDAP support.
2217 +
2218 +Package: sudo-ldap
2219 +Architecture: any
2220 +Depends: ${shlibs:Depends}, libpam-modules
2221 +Conflicts: sudo
2222 +Replaces: sudo
2223 +Provides: sudo
2224 +Description: Provide limited super user privileges to specific users
2225 + Sudo is a program designed to allow a sysadmin to give limited root
2226 + privileges to users and log root activity. The basic philosophy is to give
2227 + as few privileges as possible but still allow people to get their work done.
2228 + .
2229 + This version is built with LDAP support.
2230 --- sudo-1.6.8p12.orig/debian/sudo-ldap.postrm
2231 +++ sudo-1.6.8p12/debian/sudo-ldap.postrm
2232 @@ -0,0 +1,21 @@
2233 +#! /bin/sh
2234 +
2235 +set -e
2236 +
2237 +case "$1" in
2238 + purge)
2239 + rm -f /etc/sudoers
2240 + ;;
2241 +
2242 + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
2243 + ;;
2244 +
2245 + *)
2246 + echo "postrm called with unknown argument \`$1'" >&2
2247 + exit 1
2248 +
2249 +esac
2250 +
2251 +#DEBHELPER#
2252 +
2253 +exit 0
2254 --- sudo-1.6.8p12.orig/debian/prerm
2255 +++ sudo-1.6.8p12/debian/prerm
2256 @@ -0,0 +1,37 @@
2257 +#!/bin/sh
2258 +
2259 +set -e
2260 +
2261 +check_password() {
2262 + if [ ! "$SUDO_FORCE_REMOVE" = "yes" ]; then
2263 + # let's check whether the root account is locked.
2264 + # if it is, we're not going another step. No Sirreee!
2265 + passwd=$(getent shadow root|cut -f2 -d:)
2266 + if [ "$passwd" = "*" -o "$passwd" = "!" ]; then
2267 + # yup, password is locked
2268 + echo "You have asked that the sudo package be removed,"
2269 + echo "but no root password has been set."
2270 + echo "Without sudo, you may not be able to gain administrative privileges."
2271 + echo
2272 + echo "If you would prefer to access the root account with su(1)"
2273 + echo "or by logging in directly,"
2274 + echo "you must set a root password with \"sudo passwd\"."
2275 + echo
2276 + echo "If you have arranged other means to access the root account,"
2277 + echo "and you are sure this is what you want,"
2278 + echo "you may bypass this check by setting an environment variable "
2279 + echo "(export SUDO_FORCE_REMOVE=yes)."
2280 + echo
2281 + echo "Refusing to remove sudo."
2282 + exit 1
2283 + fi
2284 + fi
2285 +}
2286 +
2287 +case $1 in
2288 + remove)
2289 + check_password;
2290 + ;;
2291 + *)
2292 + ;;
2293 +esac
2294 --- sudo-1.6.8p12.orig/debian/rules
2295 +++ sudo-1.6.8p12/debian/rules
2296 @@ -0,0 +1,140 @@
2297 +#!/usr/bin/make -f
2298 +
2299 +export DH_VERBOSE=1
2300 +
2301 +CFLAGS = -O2 -Wall -Wno-comment
2302 +ifneq (,$(findstring debug,$(DEB_BUILD_OPTIONS)))
2303 +CFLAGS += -g
2304 +endif
2305 +export CFLAGS
2306 +
2307 +build: config-stamp
2308 +config-stamp:
2309 + dh_testdir
2310 +
2311 + # simple version
2312 + mkdir -p build-simple
2313 + cd build-simple && ../configure --prefix=/usr -v \
2314 + --with-all-insults \
2315 + --with-exempt=sudo --with-pam --with-fqdn \
2316 + --with-logging=syslog --with-logfac=authpriv \
2317 + --with-env-editor --with-editor=/usr/bin/editor \
2318 + --with-timeout=15 --with-password-timeout=0 \
2319 + --disable-root-mailer --disable-setresuid \
2320 + --with-sendmail=/usr/sbin/sendmail \
2321 + --without-lecture \
2322 + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
2323 +
2324 + # LDAP version
2325 + mkdir -p build-ldap
2326 + cd build-ldap && ../configure --prefix=/usr -v \
2327 + --with-all-insults \
2328 + --with-exempt=sudo --with-pam --with-ldap --with-fqdn \
2329 + --with-logging=syslog --with-logfac=authpriv \
2330 + --with-env-editor --with-editor=/usr/bin/editor \
2331 + --with-timeout=15 --with-password-timeout=0 \
2332 + --disable-root-mailer --disable-setresuid \
2333 + --with-sendmail=/usr/sbin/sendmail \
2334 + --with-ldap-conf-file=/etc/ldap/ldap.conf \
2335 + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin"
2336 +
2337 + touch config-stamp
2338 +
2339 +build: build-stamp
2340 +build-stamp: config-stamp
2341 + dh_testdir
2342 +
2343 + -$(MAKE) -C build-simple
2344 + -$(MAKE) -C build-ldap
2345 +
2346 + touch build-stamp
2347 +
2348 +clean:
2349 + dh_testdir
2350 + dh_testroot
2351 + rm -f config-stamp build-stamp
2352 + rm -rf build-simple build-ldap
2353 + rm -f config.cache
2354 +
2355 + -test -r /usr/share/misc/config.sub && \
2356 + cp -f /usr/share/misc/config.sub config.sub
2357 + -test -r /usr/share/misc/config.guess && \
2358 + cp -f /usr/share/misc/config.guess config.guess
2359 +
2360 + dh_clean
2361 +
2362 +install: build-stamp
2363 + dh_testdir
2364 + dh_testroot
2365 + dh_clean -k
2366 + dh_installdirs
2367 +
2368 + # simple version
2369 + install -o root -g root -m 4755 -s build-simple/sudo debian/sudo/usr/bin/sudo
2370 + ln -sf sudo debian/sudo/usr/bin/sudoedit
2371 + install -o root -g root -m 0755 -s build-simple/visudo \
2372 + debian/sudo/usr/sbin/visudo
2373 + install -o root -g root -m 0644 build-simple/sudo.man \
2374 + debian/sudo/usr/share/man/man8/sudo.8
2375 + ln -sf sudo.8 debian/sudo/usr/share/man/man8/sudoedit.8
2376 + install -o root -g root -m 0644 build-simple/visudo.man \
2377 + debian/sudo/usr/share/man/man8/visudo.8
2378 + install -o root -g root -m 0644 build-simple/sudoers.man \
2379 + debian/sudo/usr/share/man/man5/sudoers.5
2380 + install -o root -g root -m 0644 sample.sudoers \
2381 + debian/sudo/usr/share/doc/sudo/examples/sudoers
2382 + install -o root -g root -m 0644 debian/sudo.pam \
2383 + debian/sudo/etc/pam.d/sudo
2384 +
2385 + install -o root -g root -m 0644 debian/sudo.lintian \
2386 + debian/sudo/usr/share/lintian/overrides/sudo
2387 +
2388 + install -o root -g root -m 0644 debian/sudo_root.8 \
2389 + debian/sudo/usr/share/man/man8/sudo_root.8
2390 +
2391 + # LDAP version
2392 + install -o root -g root -m 4755 -s build-ldap/sudo debian/sudo-ldap/usr/bin/sudo
2393 + ln -sf sudo debian/sudo-ldap/usr/bin/sudoedit
2394 + install -o root -g root -m 0755 -s build-ldap/visudo debian/sudo-ldap/usr/sbin/visudo
2395 + install -o root -g root -m 0644 build-ldap/sudo.man \
2396 + debian/sudo-ldap/usr/share/man/man8/sudo.8
2397 + ln -sf sudo.8 debian/sudo-ldap/usr/share/man/man8/sudoedit.8
2398 + install -o root -g root -m 0644 build-ldap/visudo.man \
2399 + debian/sudo-ldap/usr/share/man/man8/visudo.8
2400 + install -o root -g root -m 0644 build-ldap/sudoers.man \
2401 + debian/sudo-ldap/usr/share/man/man5/sudoers.5
2402 + install -o root -g root -m 0644 sample.sudoers \
2403 + debian/sudo-ldap/usr/share/doc/sudo-ldap/examples/sudoers
2404 + install -o root -g root -m 0644 debian/sudo.pam \
2405 + debian/sudo-ldap/etc/pam.d/sudo
2406 +
2407 + install -o root -g root -m 0644 debian/sudo-ldap.lintian \
2408 + debian/sudo-ldap/usr/share/lintian/overrides/sudo-ldap
2409 +
2410 + install -o root -g root -m 0644 debian/sudo_root.8 \
2411 + debian/sudo/usr/share/man/man8/sudo_root.8
2412 +
2413 +binary-indep: build install
2414 +
2415 +binary-arch: build install
2416 + dh_testdir
2417 + dh_testroot
2418 + dh_installdocs
2419 + dh_installexamples -A
2420 +# dh_installinit -psudo -psudo-ldap
2421 + dh_installmanpages fnmatch.3
2422 + dh_installinfo -A
2423 + dh_installchangelogs CHANGES
2424 + dh_strip
2425 + dh_compress
2426 + dh_fixperms
2427 + chown root.root debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
2428 + chmod 4755 debian/sudo/usr/bin/sudo debian/sudo-ldap/usr/bin/sudo
2429 + dh_installdeb
2430 + dh_shlibdeps
2431 + dh_gencontrol
2432 + dh_md5sums
2433 + dh_builddeb
2434 +
2435 +binary: binary-indep binary-arch
2436 +.PHONY: build clean binary-indep binary-arch binary install
2437 --- sudo-1.6.8p12.orig/debian/changelog
2438 +++ sudo-1.6.8p12/debian/changelog
2439 @@ -0,0 +1,769 @@
2440 +sudo (1.6.8p12-1ubuntu6) dapper; urgency=low
2441 +
2442 + * env.c: Preserve additional environment variables for non-almighty sudoers:
2443 + HOME, LOGNAME, DISPLAY, XAUTHORITY, XAUTHORIZATION. Closes: LP#44500
2444 +
2445 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 17 May 2006 09:29:15 +0200
2446 +
2447 +sudo (1.6.8p12-1ubuntu5) dapper; urgency=low
2448 +
2449 + * env.c: Unbreak the env_keep option. Closes: LP#31690
2450 + * sudoers: Add some explanatory text why it is a REALLY good idea to use
2451 + visudo. Closes: LP#11620
2452 +
2453 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 28 Mar 2006 18:52:24 +0200
2454 +
2455 +sudo (1.6.8p12-1ubuntu4) dapper; urgency=low
2456 +
2457 + * Remove the init script, it only cleans up /var/run which is a tmpfs.
2458 +
2459 + -- Scott James Remnant <scott@ubuntu.com> Wed, 22 Feb 2006 16:28:42 +0000
2460 +
2461 +sudo (1.6.8p12-1ubuntu3) dapper; urgency=low
2462 +
2463 + * Add debian/sudo_root.8: Introduction about root handling in ubuntu with
2464 + sudo.
2465 + * debian/rules: Install that new manpage into sudo and sudo-ldap.
2466 +
2467 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 8 Feb 2006 17:01:50 +0100
2468 +
2469 +sudo (1.6.8p12-1ubuntu2) dapper; urgency=low
2470 +
2471 + * sudo.c: If the user successfully authenticated and he is in the 'admin'
2472 + group, then create a stamp ~/.sudo_as_admin_successful. A future
2473 + /etc/profile will evaluate this flag to display a short help about how to
2474 + execute things as root.
2475 +
2476 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 18 Jan 2006 09:32:02 +0100
2477 +
2478 +sudo (1.6.8p12-1ubuntu1) dapper; urgency=low
2479 +
2480 + * Resynchronise with Debian, clean up cruft from Ubuntu diff.
2481 + * debian/postinst: Do not set env_reset flag in newly created sudoers files;
2482 + it's incompatible with upgrades.
2483 + * Clean up environment variable handling to fix vulns like CVE-2005-4158 and
2484 + CVE-2006-0151 once and for all: Only keep known-good variables if user has
2485 + limited sudo privileges (blacklist -> whitelist) and keep them all for
2486 + users with unlimited command privileges (to not drive admins and
2487 + developers up the wall which actually need to pass env variables from time
2488 + to time).
2489 + - parse.h, parse.yacc:
2490 + + Add a new flag 'cmdall' to the matchstack, and a new macro 'cmnd_all'
2491 + to access it.
2492 + + In the "cmnd" grammar rule: Set cmdall to TRUE if command specifier is
2493 + 'ALL', otherwise to FALSE.
2494 + - sudo.tab.cc: Re-yaccified to match changes to parse.yacc.
2495 + - sudo.h: Add new sudoers_lookup() return flag FLAG_CMND_ALL.
2496 + - parse.c, sudoers_lookup(): Set flag FLAG_CMND_ALL if cmnd_all matched.
2497 + - ldap.c:
2498 + + sudo_ldap_check_command(): Add return parameter all, set to true
2499 + if command specifier is 'ALL'.
2500 + + sudo_ldap_check(): Set flag FLAG_CMND_ALL if sudo_ldap_check_command()
2501 + returned all=1.
2502 + - env.c:
2503 + + Apply Martin Schulze's patch to switch from blacklist to whitelist
2504 + environment cleaning.
2505 + + Add parameter 'noclean' to rebuild_env(); if it is != 0, environment
2506 + variables are not cleaned.
2507 + - sudo.c: Call rebuild_env() with noclean=1 if FLAG_CMND_ALL is set.
2508 +
2509 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 17 Jan 2006 10:03:05 +0100
2510 +
2511 +sudo (1.6.8p12-1) unstable; urgency=low
2512 +
2513 + * new upstream version, closes: #342948 (CVE-2005-4158)
2514 + * add env_reset to the sudoers file we create if none already exists,
2515 + as a further precaution in response to discussion about CVS-2005-4158
2516 + * split ldap support into a new sudo-ldap package. I was trying to avoid
2517 + doing this, but the impact of going from 4 to 17 linked shlibs on the
2518 + autobuilder chroots is sufficient motivation for me.
2519 + closes: #344034
2520 +
2521 + -- Bdale Garbee <bdale@gag.com> Wed, 28 Dec 2005 13:49:10 -0700
2522 +
2523 +sudo (1.6.8p9-4) unstable; urgency=low
2524 +
2525 + * enable ldap support, deliver README.LDAP and sudoers2ldif, closes: #283231
2526 + * merge patch from Martin Pitt / Ubuntu to be more robust about resetting
2527 + timestamps in the init.d script, closes: #330868
2528 + * add dependency header to init.d script, closes: #332849
2529 +
2530 + -- Bdale Garbee <bdale@gag.com> Sat, 10 Dec 2005 07:47:07 -0800
2531 +
2532 +sudo (1.6.8p9-3ubuntu4) dapper; urgency=low
2533 +
2534 + * Revert addition of sudo -t, i. e. revert to version 1.6.8p9-3ubuntu1. As
2535 + per TB discussion, we will not use sudo for implementing
2536 + https://wiki.ubuntu.com/HideAdminToolsToUsers.
2537 +
2538 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 29 Nov 2005 23:27:42 +0100
2539 +
2540 +sudo (1.6.8p9-3ubuntu3) dapper; urgency=low
2541 +
2542 + * sudo.c: Log failures even in test mode, to avoid the possibility of
2543 + silently poking around for interesting sudo privileges. This will generate
2544 + a lot of auth log clutter in the desktop case, but will not change sudo
2545 + semantics where it matters (on servers).
2546 +
2547 + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 17 Nov 2005 10:35:04 +0100
2548 +
2549 +sudo (1.6.8p9-3ubuntu2) dapper; urgency=low
2550 +
2551 + * Add option -t which only tests whether the given command can be executed
2552 + and does not require a password. This is required for the
2553 + https://wiki.ubuntu.com/HideAdminToolsToUsers spec.
2554 + * sudo.h: Add MODE_TESTONLY mode.
2555 + * sudo.c: Add -t parsing and do not actually run the command in test mode,
2556 + just return success or failure. Also, add the new option to the "usage"
2557 + output.
2558 + * sudo.pod: Document new -t option.
2559 + * Put patch into debian/ubuntu-patches/sudo.add-test-option.patch to have
2560 + it separate for future merges (requires a manual "make sudo.man.in" to
2561 + actually run pod2man).
2562 +
2563 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:40:43 -0500
2564 +
2565 +sudo (1.6.8p9-3ubuntu1) dapper; urgency=low
2566 +
2567 + * Resynchronise with Debian.
2568 +
2569 + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 9 Nov 2005 17:12:06 -0500
2570 +
2571 +sudo (1.6.8p9-3) unstable; urgency=high
2572 +
2573 + * update debhelper compatibility level from 2 to 4
2574 + * add man page symlink for sudoedit
2575 + * Clean SHELLOPTS and PS4 from the environment before executing programs
2576 + with sudo permissions [env.c, CAN-2005-2959]
2577 + * fix typo in manpage pointed out by Moray Allen, closes: #285995
2578 + * fix paths in sample complex sudoers file, closes: #303542
2579 + * fix type in sudoers man page, closes: #311244
2580 +
2581 + -- Bdale Garbee <bdale@gag.com> Wed, 28 Sep 2005 01:18:04 -0600
2582 +
2583 +sudo (1.6.8p9-2ubuntu2) breezy; urgency=low
2584 +
2585 + * debian/init.d: When resetting the timestamps of the tty tags, actually
2586 + touch the files, not the per-user directories. Since bootclean.sh removes
2587 + /var/run/* anyway, this is no big deal, but clean it up anyway for the
2588 + sake of correctness. (Ubuntu #16594)
2589 +
2590 + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 30 Sep 2005 09:52:27 +0200
2591 +
2592 +sudo (1.6.8p9-2ubuntu1) breezy; urgency=low
2593 +
2594 + * Resynchronise with Debian, resolve merging conflicts and unscramble
2595 + changelog.
2596 +
2597 + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 7 Jul 2005 09:01:48 +0000
2598 +
2599 +sudo (1.6.8p9-2) unstable; urgency=high
2600 +
2601 + * merge the NMU fix for sudoedit symlink problem that was in 1.6.8p7-1.1,
2602 + closes: #305735
2603 +
2604 + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 16:18:47 -0400
2605 +
2606 +sudo (1.6.8p9-1) unstable; urgency=high
2607 +
2608 + * new upstream version, fixes a race condition in sudo's pathname
2609 + validation, which is a security issue (CAN-2005-1993),
2610 + closes: #315115, #315718
2611 +
2612 + -- Bdale Garbee <bdale@gag.com> Tue, 28 Jun 2005 15:33:11 -0400
2613 +
2614 +sudo (1.6.8p7-1) unstable; urgency=low
2615 +
2616 + * new upstream version, closes: #299585
2617 + * update lintian overrides to squelch the postinst warning
2618 + * change sudoedit from a hard to a soft link, closes: #296896
2619 + * fix regex doc in sudoers man page, closes: #300361
2620 +
2621 + -- Bdale Garbee <bdale@gag.com> Sat, 26 Mar 2005 22:18:34 -0700
2622 +
2623 +sudo (1.6.8p5-1ubuntu3) breezy; urgency=low
2624 +
2625 + * SECURITY UPDATE: Fix privilege escalation.
2626 + * sudo.c, parse.yacc: safe_cmd contains the actually executed program which
2627 + is normally taken from /etc/sudoers. However, if sudoers contains "ALL"
2628 + entries that follow the matching entry, safe_cmd was overwritten with the
2629 + path the user specified on the command line, which opens up the
2630 + possibility of executing arbitrary commands by generating symlinks to
2631 + them.
2632 + * References:
2633 + CAN-2005-1993
2634 + http://www.securityfocus.com/archive/1/402741
2635 +
2636 + -- Martin Pitt <martin.pitt@ubuntu.com> Tue, 21 Jun 2005 13:41:05 +0200
2637 +
2638 +sudo (1.6.8p5-1ubuntu2) hoary; urgency=low
2639 +
2640 + * Add !fqdn to the Defaults so we don't die horribly when localhost doesn't
2641 + resolve (Ubuntu: 2772)
2642 +
2643 + -- Thom May <thom@ubuntu.com> Wed, 2 Mar 2005 20:34:20 +0000
2644 +
2645 +sudo (1.6.8p5-1ubuntu1) hoary; urgency=low
2646 +
2647 + * Resync with Debian
2648 +
2649 + -- LaMont Jones <lamont@canonical.com> Mon, 6 Dec 2004 09:31:28 -0700
2650 +
2651 +sudo (1.6.8p5-1) unstable; urgency=high
2652 +
2653 + * new upstream version
2654 + * restores ability to use config tuples without a value, which was causing
2655 + problems on upgrade closes: #283306
2656 + * deliver sudoedit, closes: #283078
2657 + * marking urgency high since 283306 is a serious upgrade incompatibility
2658 +
2659 + -- Bdale Garbee <bdale@gag.com> Fri, 3 Dec 2004 10:11:16 -0700
2660 +
2661 +sudo (1.6.8p3-2) unstable; urgency=high
2662 +
2663 + * update pam.d deliverable so ldap works again, closes: #282191
2664 +
2665 + -- Bdale Garbee <bdale@gag.com> Mon, 22 Nov 2004 11:44:46 -0700
2666 +
2667 +sudo (1.6.8p3-1) unstable; urgency=high
2668 +
2669 + * new upstream version, fixes a flaw in sudo's environment sanitizing that
2670 + could allow a malicious user with permission to run a shell script that
2671 + utilized the bash shell to run arbitrary commands, closes: #281665
2672 + * patch the sample sudoers to have the proper path for kill on Debian
2673 + systems, closes: #263486
2674 + * patch the sudo manpage to reflect Debian's choice of exempt_group
2675 + default setting, closes: #236465
2676 + * patch the sudo manpage to reflect Debian's choice of no timeout on the
2677 + password prompt, closes: #271194
2678 +
2679 + -- Bdale Garbee <bdale@gag.com> Tue, 16 Nov 2004 23:23:41 -0700
2680 +
2681 +sudo (1.6.7p5-2ubuntu2) hoary; urgency=low
2682 +
2683 + * SECURITY UPDATE: fix input validation flaw
2684 + * env.c, rebuild_env(): skip variables with values beginnig with "()" to
2685 + ignore exported bash functions in the sudo environment; this prevents
2686 + introducing malicious functions with the name of commands that are
2687 + executed without full path
2688 + * References:
2689 + http://www.sudo.ws/sudo/alerts/bash_functions.html
2690 +
2691 + -- Martin Pitt <martin.pitt@canonical.com> Wed, 17 Nov 2004 18:54:30 +0100
2692 +
2693 +sudo (1.6.7p5-2ubuntu1) hoary; urgency=low
2694 +
2695 + * Resynchronise with Debian.
2696 +
2697 + -- Scott James Remnant <scott@canonical.com> Wed, 27 Oct 2004 15:06:39 +0100
2698 +
2699 +sudo (1.6.7p5-2) unstable; urgency=low
2700 +
2701 + * Jeff Bailey reports that seteuid works on current sparc systems, so we
2702 + no longer need the "grosshack" stuff in the sudo rules file
2703 + * add a postrm that removes /etc/sudoers on purge. don't do this with the
2704 + normal conffile mechanism since it would generate noise on every upgrade,
2705 + closes: #245405
2706 +
2707 + -- Bdale Garbee <bdale@gag.com> Tue, 20 Jul 2004 12:29:48 -0400
2708 +
2709 +sudo (1.6.7p5-1ubuntu4) warty; urgency=low
2710 +
2711 + * Disable lecture by default. (Warty #987)
2712 +
2713 + -- Thom May <thom@canonical.com> Wed, 6 Oct 2004 14:31:31 +0100
2714 +
2715 +sudo (1.6.7p5-1ubuntu3) warty; urgency=low
2716 +
2717 + * Refuse to remove sudo if the root password is not set and the user is
2718 + running us via sudo
2719 +
2720 + -- Thom May <thom@canonical.com> Mon, 27 Sep 2004 15:30:09 +0100
2721 +
2722 +sudo (1.6.7p5-1ubuntu2) warty; urgency=low
2723 +
2724 + * Add 'Defaults !lecture,tty_tickets' to initial sudoers file.
2725 +
2726 + -- Colin Watson <cjwatson@flatline.org.uk> Mon, 23 Aug 2004 21:03:15 +0100
2727 +
2728 +sudo (1.6.7p5-1ubuntu1) warty; urgency=low
2729 +
2730 + * Remove /etc/sudoers on purge. (Closes: #245405)
2731 +
2732 + -- Fabio M. Di Nitto <fabbione@fabbione.net> Mon, 19 Jul 2004 09:42:04 +0200
2733 +
2734 +sudo (1.6.7p5-1) unstable; urgency=low
2735 +
2736 + * new upstream version, closes: #190265, #193222, #197244
2737 + * change from '.' to ':' in postinst chown call, closes: #208369
2738 +
2739 + -- Bdale Garbee <bdale@gag.com> Tue, 2 Sep 2003 21:27:06 -0600
2740 +
2741 +sudo (1.6.7p3-2) unstable; urgency=low
2742 +
2743 + * add --disable-setresuid to configure call since 2.2 kernels don't support
2744 + setresgid, closes: #189044
2745 + * cosmetic cleanups to debian/rules as long as I'm there
2746 +
2747 + -- Bdale Garbee <bdale@gag.com> Tue, 15 Apr 2003 16:04:48 -0600
2748 +
2749 +sudo (1.6.7p3-1) unstable; urgency=low
2750 +
2751 + * new upstream version
2752 + * add overrides to quiet lintian about things it doesn't understand,
2753 + except the source one that can't be overridden until 129510 is fixed
2754 +
2755 + -- Bdale Garbee <bdale@gag.com> Mon, 7 Apr 2003 17:34:05 -0600
2756 +
2757 +sudo (1.6.6-3) unstable; urgency=low
2758 +
2759 + * add code to rules file to update config.sub/guess, closes: #164501
2760 +
2761 + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 15:35:22 -0600
2762 +
2763 +sudo (1.6.6-2) unstable; urgency=low
2764 +
2765 + * adopt suggestion from Marcus Brinkmann to feed --with-sendmail option to
2766 + configure, and lose the build dependency on mail-transport-agent
2767 + * incorporate changes from LaMont's NMU, closes: #144665, #144737
2768 + * update init.d to not try and set time on nonexistent timestamp files,
2769 + closes: #132616
2770 + * build with --with-all-insults, admin must edit sudoers to turn insults
2771 + on at runtime if desired, closes: #135374
2772 + * stop setting /usr/doc symlink in postinst
2773 +
2774 + -- Bdale Garbee <bdale@gag.com> Sat, 12 Oct 2002 01:54:24 -0600
2775 +
2776 +sudo (1.6.6-1.1) unstable; urgency=high
2777 +
2778 + * NMU - patch from Colin Watson <cjwatson@debian.org>, in bts.
2779 + * Revert patch to auth/pam.c that left pass uninitialized, causing a
2780 + segfault (Closes: #144665).
2781 +
2782 + -- LaMont Jones <lamont@debian.org> Fri, 26 Apr 2002 22:36:04 -0600
2783 +
2784 +sudo (1.6.6-1) unstable; urgency=high
2785 +
2786 + * new upstream version, fixes security problem with crafty prompts,
2787 + closes: #144540
2788 +
2789 + -- Bdale Garbee <bdale@gag.com> Thu, 25 Apr 2002 12:45:49 -0600
2790 +
2791 +sudo (1.6.5p1-4) unstable; urgency=high
2792 +
2793 + * apply patch for auth/pam.c to fix yet another way to make sudo segfault
2794 + if ctrl/C'ed at password prompt, closes: #131235
2795 +
2796 + -- Bdale Garbee <bdale@gag.com> Sun, 3 Mar 2002 23:18:56 -0700
2797 +
2798 +sudo (1.6.5p1-3) unstable; urgency=high
2799 +
2800 + * ugly hack to add --disable-saved-ids when building on sparc in response
2801 + to 131592, which will be reassigned to glibc for a real fix
2802 + * urgency high since the sudo currently in testing for sparc is worthless
2803 +
2804 + -- Bdale Garbee <bdale@gag.com> Sun, 17 Feb 2002 22:42:10 -0700
2805 +
2806 +sudo (1.6.5p1-2) unstable; urgency=high
2807 +
2808 + * patch from upstream to fix seg faults caused by versions of pam that
2809 + follow a NULL pointer, closes: #129512
2810 +
2811 + -- Bdale Garbee <bdale@gag.com> Tue, 22 Jan 2002 01:50:13 -0700
2812 +
2813 +sudo (1.6.5p1-1) unstable; urgency=high
2814 +
2815 + * new upstream version
2816 + * add --disable-root-mailer option supported by new version to configure
2817 + call in rules file, closes: #129648
2818 +
2819 + -- Bdale Garbee <bdale@gag.com> Fri, 18 Jan 2002 11:29:37 -0700
2820 +
2821 +sudo (1.6.4p1-1) unstable; urgency=high
2822 +
2823 + * new upstream version, with fix for segfaulting problem in 1.6.4
2824 +
2825 + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 20:09:46 -0700
2826 +
2827 +sudo (1.6.4-1) unstable; urgency=high
2828 +
2829 + * new upstream version, includes an important security fix, closes: #127576
2830 +
2831 + -- Bdale Garbee <bdale@gag.com> Mon, 14 Jan 2002 09:35:48 -0700
2832 +
2833 +sudo (1.6.3p7-5) unstable; urgency=low
2834 +
2835 + * only touch /var/run/sudo/* if /var/run/sudo is there, closes: #126872
2836 + * fix spelling error in init.d, closes: #126847
2837 +
2838 + -- Bdale Garbee <bdale@gag.com> Sat, 29 Dec 2001 11:21:43 -0700
2839 +
2840 +sudo (1.6.3p7-4) unstable; urgency=medium
2841 +
2842 + * use touch to set status files to an ancient date instead of removing them
2843 + outright on reboot. this achieves the desired effect of keeping elevated
2844 + privs from living across reboots, without forcing everyone to see the
2845 + new-sudo-user lecture after every reboot. pick a time that's 'old enough'
2846 + for systems with good clocks, and 'recent enough' that broken PC hardware
2847 + setting the clock to commonly-seen bogus dates trips over the "don't trust
2848 + future timestamps" rule. closes: #76529, #123559
2849 + * apply patch from Steve Langasek to fix seg faults due to interaction with
2850 + PAM code. upstream confirms the problem, and says they're fixing this
2851 + differently for their next release... but this should be useful in the
2852 + meantime, and would be good to get into woody. closes: #119147
2853 + * only run the init.d at boot, not on each runlevel change... and don't run
2854 + it during package configure. closes: #125935
2855 + * add DEB_BUILD_OPTIONS support to rules file, closes: #94952
2856 +
2857 + -- Bdale Garbee <bdale@gag.com> Wed, 26 Dec 2001 12:40:44 -0700
2858 +
2859 +sudo (1.6.3p7-3) unstable; urgency=low
2860 +
2861 + * apply patch from Fumitoshi UKAI that fixes segfaults when hostname not
2862 + resolvable, closes: #86062, #69430, #77852, #82744, #55716, #56718,
2863 + * fix a typo in the manpage, closes: #97368
2864 + * apply patch to configure.in and run autoconf to fix problem building on
2865 + the hurd, closes: #96325
2866 + * add an init.d to clean out /var/run/sudo at boot, so privs are guaranteed
2867 + to not last across reboots, closes: #76529
2868 + * clean up lintian-noticed cosmetic packaging issues
2869 +
2870 + -- Bdale Garbee <bdale@gag.com> Sat, 1 Dec 2001 02:59:52 -0700
2871 +
2872 +sudo (1.6.3p7-2) unstable; urgency=low
2873 +
2874 + * update config.sub/guess for hppa support
2875 +
2876 + -- Bdale Garbee <bdale@gag.com> Sun, 22 Apr 2001 23:23:42 -0600
2877 +
2878 +sudo (1.6.3p7-1) unstable; urgency=low
2879 +
2880 + * new upstream version
2881 + * add build dependency on mail-transport-agent, closes: #90685
2882 +
2883 + -- Bdale Garbee <bdale@gag.com> Thu, 12 Apr 2001 17:02:42 -0600
2884 +
2885 +sudo (1.6.3p6-1) unstable; urgency=high
2886 +
2887 + * new upstream version, fixes buffer overflow problem,
2888 + closes: #87259, #87278, #87263
2889 + * revert to using --with-secure-path option at build time, since the option
2890 + available in sudoers is parsed too late to be useful, and upstream says
2891 + it won't get fixed quickly. This reopens 85123, which I will mark as
2892 + forwarded. Closes: #86199, #86117, #85676
2893 +
2894 + -- Bdale Garbee <bdale@gag.com> Mon, 26 Feb 2001 11:02:51 -0700
2895 +
2896 +sudo (1.6.3p5-2) unstable; urgency=low
2897 +
2898 + * lose the dh_suidregister call since it's obsolete
2899 + * stop using the --with-secure-path option at build time, and instead show
2900 + how to set it in sudoers. Closes: #85123
2901 + * freshen config.sub and config.guess for ia64 and hppa
2902 + * update sudoers man page to indicate exempt_group is on by default,
2903 + closes: #70847
2904 +
2905 + -- Bdale Garbee <bdale@gag.com> Sat, 10 Feb 2001 02:05:17 -0700
2906 +
2907 +sudo (1.6.3p5-1) unstable; urgency=low
2908 +
2909 + * new upstream version, closes: #63940, #59175, #61817, #64652, #65743
2910 + * this version restores core dumps before the exec, while leaving them
2911 + disabled during sudo's internal execution, closes: #58289
2912 + * update debhelper calls in rules file
2913 +
2914 + -- Bdale Garbee <bdale@gag.com> Wed, 16 Aug 2000 00:13:15 -0600
2915 +
2916 +sudo (1.6.2p2-1) frozen unstable; urgency=medium
2917 +
2918 + * new upstream source resulting from direct collaboration with the upstream
2919 + author to fix ugly pam-related problems on Debian in 1.6.1 and later.
2920 + Closes: #56129, #55978, #55979, #56550, #56772
2921 + * include more upstream documentation, closes: #55054
2922 + * pam.d fragment update, closes: #56129
2923 +
2924 + -- Bdale Garbee <bdale@gag.com> Sun, 27 Feb 2000 11:48:48 -0700
2925 +
2926 +sudo (1.6.1-1) unstable; urgency=low
2927 +
2928 + * new upstream source, closes: #52750
2929 +
2930 + -- Bdale Garbee <bdale@gag.com> Fri, 7 Jan 2000 21:01:42 -0700
2931 +
2932 +sudo (1.6-2) unstable; urgency=low
2933 +
2934 + * drop suidregister support for this package. The sudo executable is
2935 + essentially worthless unless it is setuid root, and making suidregister
2936 + work involves shipping a non-setuid executable in the .deb and setting the
2937 + perms in the postinst. On a long upgrade run, this can leave the sudo
2938 + executable 'broken' for a long time, which is unacceptable. With this
2939 + version, we ship the executable setuid root in the .deb. Closes: #51742
2940 +
2941 + -- Bdale Garbee <bdale@gag.com> Wed, 1 Dec 1999 19:59:44 -0700
2942 +
2943 +sudo (1.6-1) unstable; urgency=low
2944 +
2945 + * new upstream version, many options previously set at compile-time are now
2946 + configurable at runtime.
2947 + Closes: #39255, #20996, #29812, #50705, #49148, #48435, #47190, #45639
2948 + * FHS support
2949 +
2950 + -- Bdale Garbee <bdale@gag.com> Tue, 23 Nov 1999 16:51:22 -0700
2951 +
2952 +sudo (1.5.9p4-1) unstable; urgency=low
2953 +
2954 + * new upstream version, closes: #43464
2955 + * empty password handling was fixed in 1.5.8, closes: #31863
2956 +
2957 + -- Bdale Garbee <bdale@gag.com> Thu, 26 Aug 1999 00:00:57 -0600
2958 +
2959 +sudo (1.5.9p1-1) unstable; urgency=low
2960 +
2961 + * new upstream version
2962 +
2963 + -- Bdale Garbee <bdale@gag.com> Thu, 15 Apr 1999 22:43:29 -0600
2964 +
2965 +sudo (1.5.8p1-1) unstable; urgency=medium
2966 +
2967 + * new upstream version, closes 33690
2968 + * add dependency on libpam-modules, closes 34215, 33432
2969 +
2970 + -- Bdale Garbee <bdale@gag.com> Mon, 8 Mar 1999 10:27:42 -0700
2971 +
2972 +sudo (1.5.7p4-2) unstable; urgency=medium
2973 +
2974 + * update the pam fragment provided so that sudo works with latest pam bits,
2975 + closes 33432
2976 +
2977 + -- Bdale Garbee <bdale@gag.com> Sun, 21 Feb 1999 00:22:44 -0700
2978 +
2979 +sudo (1.5.7p4-1) unstable; urgency=low
2980 +
2981 + * new upstream release
2982 +
2983 + -- Bdale Garbee <bdale@gag.com> Sun, 27 Dec 1998 16:13:53 -0700
2984 +
2985 +sudo (1.5.6p5-1) unstable; urgency=low
2986 +
2987 + * new upstream patch release
2988 + * add PAM support, closes 28594
2989 +
2990 + -- Bdale Garbee <bdale@gag.com> Mon, 2 Nov 1998 00:00:24 -0700
2991 +
2992 +sudo (1.5.6p2-2) unstable; urgency=low
2993 +
2994 + * update copyright file, closes 24136
2995 + * review and close forwarded bugs believed fixed in this upstream version,
2996 + closes 17606, 15786.
2997 +
2998 + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
2999 +
3000 +sudo (1.5.6p2-1) unstable; urgency=low
3001 +
3002 + * new upstream release
3003 +
3004 + -- Bdale Garbee <bdale@gag.com> Mon, 5 Oct 1998 22:30:43 -0600
3005 +
3006 +sudo (1.5.4-4) frozen unstable; urgency=low
3007 +
3008 + * update postinst to use groupadd, closes 21403
3009 + * move the suidregister stuff earlier in postinst to ensure it always runs
3010 +
3011 + -- Bdale Garbee <bdale@gag.com> Sun, 19 Apr 1998 22:07:45 -0600
3012 +
3013 +sudo (1.5.4-3) frozen unstable; urgency=low
3014 +
3015 + * change /etc/sudoers from a conffile to being handled in postinst,
3016 + closes 18219
3017 + * add suidmanager support, closes 15711
3018 + * add '-Wno-comment' to quiet warnings from gcc upstream maintainer is
3019 + unlikely to ever fix, and which just don't matter. closes 17146
3020 + * fix FSF address in copyright file, and submit exception for lintian
3021 + warning about sudo being setuid root
3022 +
3023 + -- Bdale Garbee <bdale@gag.com> Thu, 9 Apr 1998 23:59:11 -0600
3024 +
3025 +sudo (1.5.4-2) unstable; urgency=high
3026 +
3027 + * patch from upstream author correcting/improving security fix
3028 +
3029 + -- Bdale Garbee <bdale@gag.com> Tue, 13 Jan 1998 10:39:35 -0700
3030 +
3031 +sudo (1.5.4-1) unstable; urgency=high
3032 +
3033 + * new upstream version, includes a security fix
3034 + * change default editor from /bin/ae to /usr/bin/editor
3035 +
3036 + -- Bdale Garbee <bdale@gag.com> Mon, 12 Jan 1998 23:36:41 -0700
3037 +
3038 +sudo (1.5.3-1) unstable; urgency=medium
3039 +
3040 + * new upstream version, closes bug 15911.
3041 + * rules file reworked to use debhelper
3042 + * implement a really gross hack to force use of the sudo-provided
3043 + lsearch(), since the one in libc6 is broken! This closes bugs
3044 + 12552, 12557, 14881, 15259, 15916.
3045 +
3046 + -- Bdale Garbee <bdale@gag.com> Sat, 3 Jan 1998 20:39:23 -0700
3047 +
3048 +sudo (1.5.2-6) unstable; urgency=LOW
3049 +
3050 + * don't install INSTALL in the doc directory, closes bug 13195.
3051 +
3052 + -- Bdale Garbee <bdale@gag.com> Sun, 21 Sep 1997 17:10:40 -0600
3053 +
3054 +sudo (1.5.2-5) unstable; urgency=LOW
3055 +
3056 + * libc6
3057 +
3058 + -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 00:06:22 -0600
3059 +
3060 +sudo (1.5.2-4) unstable; urgency=LOW
3061 +
3062 + * change TIMEOUT (how long before you have to type your password again)
3063 + to 15 mins, disable PASSWORD_TIMEOUT. This makes building large Debian
3064 + packages on slower machines much more tolerable. Closes bug 9076.
3065 + * touch debian/suid before debstd. Closes bug 8709.
3066 +
3067 + -- Bdale Garbee <bdale@gag.com> Sat, 26 Apr 1997 00:48:01 -0600
3068 +
3069 +sudo (1.5.2-3) frozen unstable; urgency=LOW
3070 +
3071 + * patch from upstream maintainer to close Bug 6828
3072 + * add a debian/suid file to get debstd to leave my perl postinst alone
3073 +
3074 + -- Bdale Garbee <bdale@gag.com> Fri, 11 Apr 1997 23:09:55 -0600
3075 +
3076 +sudo (1.5.2-2) frozen unstable; urgency=LOW
3077 +
3078 + * change rules to use -O2 -Wall as per standards
3079 +
3080 + -- Bdale Garbee <bdale@gag.com> Sun, 6 Apr 1997 12:48:53 -0600
3081 +
3082 +sudo (1.5.2-1) unstable; urgency=LOW
3083 +
3084 + * new upstream version
3085 + * cosmetic changes to debian package control files
3086 +
3087 + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:50:00 -0700
3088 +
3089 +sudo (1.5-2) unstable; urgency=LOW
3090 +
3091 + * add /usr/X11R6/bin to the end of the secure path... this makes it
3092 + much easier to run xmkmf, etc., during package builds. To the extent
3093 + that /usr/local/sbin and /usr/local/bin were already included, I see
3094 + no security reasons not to add this.
3095 +
3096 + -- Bdale Garbee <bdale@gag.com> Wed, 30 Oct 1996 09:44:58 -0700
3097 +
3098 +sudo (1.5-1) unstable; urgency=LOW
3099 +
3100 + * New upstream version
3101 + * New maintainer
3102 + * New packaging format
3103 +
3104 + -- Bdale Garbee <bdale@gag.com> Thu, 29 Aug 1996 11:44:22 +0200
3105 +
3106 +Tue Mar 5 09:36:41 MET 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
3107 +
3108 + sudo (1.4.1-1):
3109 +
3110 + * hard code SECURE_PATH to:
3111 + "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
3112 +
3113 + * enable ENV_EDITOR
3114 +
3115 + * enabled EXEMPTGROUP "sudo"
3116 +
3117 + * moved timestamp dir to /var/log/sudo
3118 +
3119 + * changed parser to check for long and short filenames (Bug#1162)
3120 +
3121 +Wed Apr 17 13:03:31 MET DST 1996 Michael Meskes <meskes@informatik.rwth-aachen.de>
3122 +
3123 + sudo (1.4.2-1):
3124 +
3125 + * New upstream source
3126 +
3127 + * Fixed postinst script
3128 + (thanks to Peter Tobis <tobias@et-inf.fho-emden.de>)
3129 +
3130 + * Removed special shadow binary. This version works with and without
3131 + shadow password file.
3132 +
3133 +Mon May 20 09:35:22 MET DST 1996 Michael Meskes <meskes@debian.org>
3134 +
3135 + sudo (1.4.2-2):
3136 +
3137 + * Corrected editor path to /bin/ae (Bug#3062)
3138 +
3139 + * Set file permission to 4755 for sudo and 755 for visudo (Bug#3063)
3140 +
3141 +Mon Jun 17 12:06:41 MET DST 1996 Michael Meskes <meskes@debian.org>
3142 +
3143 + sudo (1.4.3-1):
3144 +
3145 + * New upstream version
3146 +
3147 + * Changed sudoers permission to 440 (owner root, group root) to make
3148 + sudo usable via NFS
3149 +
3150 +Wed Jun 19 10:56:54 MET DST 1996 Michael Meskes <meskes@debian.org>
3151 +
3152 + sudo (1.4.3-2):
3153 +
3154 + * Applied upstream patch 1
3155 +
3156 +Thu Jun 20 09:02:57 MET DST 1996 Michael Meskes <meskes@debian.org>
3157 +
3158 + sudo (1.4.3-3):
3159 +
3160 + * Applied upstream patch 2
3161 +
3162 +Fri Jun 28 12:49:40 MET DST 1996 Michael Meskes <meskes@debian.org>
3163 +
3164 + sudo (1.4.3-4):
3165 +
3166 + * Applied upstream patch 3 (fixes problems with an NFS-mounted
3167 + sudoers file)
3168 +
3169 +
3170 +Sun Jun 30 13:02:44 MET DST 1996 Michael Meskes <meskes@debian.org>
3171 +
3172 + sudo (1.4.3-5):
3173 +
3174 + * Corrected postinst to use /usr/bin/perl instead of /bin/perl
3175 + [Reported by jdassen@wi.leidenuniv.nl (J.H.M.Dassen)]
3176 +
3177 +Wed Jul 10 12:44:33 MET DST 1996 Michael Meskes <meskes@debian.org>
3178 +
3179 + sudo (1.4.3-6):
3180 +
3181 + * Applied upstream patch 4 (fixes several bugs)
3182 +
3183 + * Changed priority to optional
3184 +
3185 +Thu Jul 11 19:23:52 MET DST 1996 Michael Meskes <meskes@debian.org>
3186 +
3187 + sudo (1.4.3-7):
3188 +
3189 + * Corrected postinst to create correct permission for /etc/sudoers
3190 + (Bug#3749)
3191 +
3192 +Fri Aug 2 10:50:53 MET DST 1996 Michael Meskes <meskes@debian.org>
3193 +
3194 + sudo (1.4.4-1):
3195 +
3196 + * New upstream version
3197 +
3198 +
3199 +sudo (1.4.4-2) admin; urgency=HIGH
3200 +
3201 + * Fixed major security bug reported by Peter Tobias
3202 + <tobias@et-inf.fho-emden.de>
3203 + * Added dchanges support to debian.rules
3204 +
3205 +sudo (1.4.5-1) admin; urgency=LOW
3206 +
3207 + * New upstream version
3208 + * Minor changes to debian.rules
3209 --- sudo-1.6.8p12.orig/debian/sudo_root.8
3210 +++ sudo-1.6.8p12/debian/sudo_root.8
3211 @@ -0,0 +1,135 @@
3212 +.TH sudo_root 8 "February 8, 2006"
3213 +
3214 +.SH NAME
3215 +sudo_root \- How to run administrative commands
3216 +
3217 +.SH SYNOPSIS
3218 +
3219 +.B sudo
3220 +.I command
3221 +
3222 +.B sudo \-i
3223 +
3224 +.SH INTRODUCTION
3225 +
3226 +By default, the password for the user "root" (the system
3227 +administrator) is locked. This means you cannot login as root or use
3228 +su. Instead, the installer will set up sudo to allow the user that is
3229 +created during install to run all administrative commands.
3230 +
3231 +This means that in the terminal you can use sudo for commands that
3232 +require root privileges. All programs in the menu will use a graphical
3233 +sudo to prompt for a password. When sudo asks for a password, it needs
3234 +.B your password,
3235 +this means that a root password is not needed.
3236 +
3237 +To run a command which requires root privileges in a terminal, simply
3238 +prepend
3239 +.B sudo
3240 +in front of it. To get an interactive root shell, use
3241 +.B sudo \-i\fR.
3242 +
3243 +.SH ALLOWING OTHER USERS TO RUN SUDO
3244 +
3245 +By default, only the user who installed the system is permitted to run
3246 +sudo. To add more administrators, i. e. users who can run sudo, you
3247 +have to add these users to the group 'admin' by doing one of the
3248 +following steps:
3249 +
3250 +.IP * 2
3251 +In a shell, do
3252 +
3253 +.RS 4
3254 +.B sudo adduser
3255 +.I username
3256 +.B admin
3257 +.RE
3258 +
3259 +.IP * 2
3260 +Use the graphical "Users & Groups" program in the "System settings"
3261 +menu to add the new user to the
3262 +.B admin
3263 +group.
3264 +
3265 +.SH BENEFITS OF USING SUDO
3266 +
3267 +The benefits of leaving root disabled by default include the following:
3268 +
3269 +.IP * 2
3270 +Users do not have to remember an extra password, which they are likely to forget.
3271 +.IP * 2
3272 +The installer is able to ask fewer questions.
3273 +.IP * 2
3274 +It avoids the "I can do anything" interactive login by default \- you
3275 +will be prompted for a password before major changes can happen, which
3276 +should make you think about the consequences of what you are doing.
3277 +.IP * 2
3278 +Sudo adds a log entry of the command(s) run (in \fB/var/log/auth.log\fR).
3279 +.IP * 2
3280 +Every attacker trying to brute\-force their way into your box will
3281 +know it has an account named root and will try that first. What they
3282 +do not know is what the usernames of your other users are.
3283 +.IP * 2
3284 +Allows easy transfer for admin rights, in a short term or long term
3285 +period, by adding and removing users from the admin group, while not
3286 +compromising the root account.
3287 +.IP * 2
3288 +sudo can be set up with a much more fine\-grained security policy.
3289 +
3290 +.SH DOWNSIDES OF USING SUDO
3291 +
3292 +Although for desktops the benefits of using sudo are great, there are
3293 +possible issues which need to be noted:
3294 +
3295 +.IP * 2
3296 +Redirecting the output of commands run with sudo can be confusing at
3297 +first. For instance consider
3298 +
3299 +.RS 4
3300 +.B sudo ls > /root/somefile
3301 +.RE
3302 +
3303 +.RS 2
3304 +will not work since it is the shell that tries to write to that file. You can use
3305 +.RE
3306 +
3307 +.RS 4
3308 +.B ls | sudo tee /root/somefile
3309 +.RE
3310 +
3311 +.RS 2
3312 +to get the behaviour you want.
3313 +.RE
3314 +
3315 +.IP * 2
3316 +In a lot of office environments the ONLY local user on a system is
3317 +root. All other users are imported using NSS techniques such as
3318 +nss\-ldap. To setup a workstation, or fix it, in the case of a network
3319 +failure where nss\-ldap is broken, root is required. This tends to
3320 +leave the system unusable. An extra local user, or an enabled root
3321 +password is needed here.
3322 +
3323 +.SH GOING BACK TO A TRADITIONAL ROOT ACCOUNT
3324 +
3325 +.B This is not recommended!
3326 +
3327 +To enable the root account (i.e. set a password) use:
3328 +
3329 +.RS 4
3330 +.B sudo passwd root
3331 +.RE
3332 +
3333 +Afterwards, edit
3334 +.B /etc/sudoers
3335 +and comment out the line
3336 +
3337 +.RS 4
3338 +%admin ALL=(ALL) ALL
3339 +.RE
3340 +
3341 +to disable sudo access to members of the admin group.
3342 +
3343 +.SH SEE ALSO
3344 +.BR sudo (8),
3345 +.B https://wiki.ubuntu.com/RootSudo
3346 +
3347 --- sudo-1.6.8p12.orig/debian/sudo-ldap.postinst
3348 +++ sudo-1.6.8p12/debian/sudo-ldap.postinst
3349 @@ -0,0 +1,62 @@
3350 +#!/usr/bin/perl
3351 +
3352 +# remove old link
3353 +
3354 +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
3355 +
3356 +# make sure we have a sudoers file
3357 +if ( ! -f "/etc/sudoers") {
3358 +
3359 + print "No /etc/sudoers found... creating one for you.\n";
3360 +
3361 + open (SUDOERS, "> /etc/sudoers");
3362 + print SUDOERS "# /etc/sudoers\n",
3363 + "#\n",
3364 + "# This file MUST be edited with the 'visudo' command as root.\n",
3365 + "#\n",
3366 + "# See the man page for details on how to write a sudoers file.\n",
3367 + "#\n\nDefaults\tenv_reset\n\n",
3368 + "# Host alias specification\n\n",
3369 + "# User alias specification\n\n",
3370 + "# Cmnd alias specification\n\n",
3371 + "# User privilege specification\nroot\tALL=(ALL) ALL\n";
3372 + close SUDOERS;
3373 +
3374 +}
3375 +
3376 +# make sure sudoers has the correct permissions and owner/group
3377 +system ('chown root:root /etc/sudoers');
3378 +system ('chmod 440 /etc/sudoers');
3379 +
3380 +# must do a remove first to un-do the "bad" links created by previous version
3381 +system ('update-rc.d -f sudo remove >/dev/null 2>&1');
3382 +
3383 +#system ('update-rc.d sudo start 75 S . >/dev/null');
3384 +
3385 +# make sure we have a sudo group
3386 +
3387 +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
3388 +
3389 +$gid = 27; # start searcg with gid 27
3390 +setgrent;
3391 +while (getgrgid($gid)) {
3392 + ++$gid;
3393 +}
3394 +endgrent;
3395 +
3396 +if ($gid != 27) {
3397 + print "On Debian we normally use gid 27 for 'sudo'.\n";
3398 + $gname = getgrgid(27);
3399 + print "However, on your system gid 27 is group '$gname'.\n\n";
3400 + print "Would you like me to stop configuring sudo so that you can change this? [n] ";
3401 + $ans = <STDIN>;
3402 + if ($ans =~ m/^[yY].*/) {
3403 + print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
3404 + exit 1;
3405 + }
3406 +}
3407 +
3408 +print "Creating group 'sudo' with gid = $gid\n";
3409 +system("groupadd -g $gid sudo");
3410 +
3411 +print "";
3412 --- sudo-1.6.8p12.orig/debian/sudo.lintian
3413 +++ sudo-1.6.8p12/debian/sudo.lintian
3414 @@ -0,0 +1,3 @@
3415 +sudo: setuid-binary usr/bin/sudo 4755 root/root
3416 +sudo: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo
3417 +sudo: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo
3418 --- sudo-1.6.8p12.orig/debian/postinst
3419 +++ sudo-1.6.8p12/debian/postinst
3420 @@ -0,0 +1,62 @@
3421 +#!/usr/bin/perl
3422 +
3423 +# remove old link
3424 +
3425 +unlink ("/etc/alternatives/sudo") if ( -l "/etc/alternatives/sudo");
3426 +
3427 +# make sure we have a sudoers file
3428 +if ( ! -f "/etc/sudoers") {
3429 +
3430 + print "No /etc/sudoers found... creating one for you.\n";
3431 +
3432 + open (SUDOERS, "> /etc/sudoers");
3433 + print SUDOERS "# /etc/sudoers\n",
3434 + "#\n",
3435 + "# This file MUST be edited with the 'visudo' command as root.\n",
3436 + "#\n",
3437 + "# See the man page for details on how to write a sudoers file.\n",
3438 + "# Host alias specification\n\n",
3439 + "# User alias specification\n\n",
3440 + "# Cmnd alias specification\n\n",
3441 + "# Defaults\n\nDefaults\t!lecture,tty_tickets,!fqdn\n\n",
3442 + "# User privilege specification\nroot\tALL=(ALL) ALL\n";
3443 + close SUDOERS;
3444 +
3445 +}
3446 +
3447 +# make sure sudoers has the correct permissions and owner/group
3448 +system ('chown root:root /etc/sudoers');
3449 +system ('chmod 440 /etc/sudoers');
3450 +
3451 +# must do a remove first to un-do the "bad" links created by previous version
3452 +system ('update-rc.d -f sudo remove >/dev/null 2>&1');
3453 +
3454 +#system ('update-rc.d sudo start 75 S . >/dev/null');
3455 +
3456 +# make sure we have a sudo group
3457 +
3458 +exit 0 if getgrnam("sudo"); # we're finished if there is a group sudo
3459 +
3460 +$gid = 27; # start searcg with gid 27
3461 +setgrent;
3462 +while (getgrgid($gid)) {
3463 + ++$gid;
3464 +}
3465 +endgrent;
3466 +
3467 +if ($gid != 27) {
3468 + print "On Debian we normally use gid 27 for 'sudo'.\n";
3469 + $gname = getgrgid(27);
3470 + print "However, on your system gid 27 is group '$gname'.\n\n";
3471 + print "Would you like me to stop configuring sudo so that you can change this? [n] ";
3472 + $ans = <STDIN>;
3473 + if ($ans =~ m/^[yY].*/) {
3474 + print "'dpkg --pending --configure' will restart the configuration.\n\n\n";
3475 + exit 1;
3476 + }
3477 +}
3478 +
3479 +print "Creating group 'sudo' with gid = $gid\n";
3480 +system("groupadd -g $gid sudo");
3481 +
3482 +print "";
3483 --- sudo-1.6.8p12.orig/debian/compat
3484 +++ sudo-1.6.8p12/debian/compat
3485 @@ -0,0 +1 @@
3486 +4
3487 --- sudo-1.6.8p12.orig/debian/init.d
3488 +++ sudo-1.6.8p12/debian/init.d
3489 @@ -0,0 +1,31 @@
3490 +#! /bin/sh
3491 +
3492 +### BEGIN INIT INFO
3493 +# Provides: sudu
3494 +# Required-Start: $local_fs $remote_fs
3495 +# Required-Stop:
3496 +# Default-Start: S 1 2 3 4 5
3497 +# Default-Stop: 0 6
3498 +### END INIT INFO
3499 +
3500 +N=/etc/init.d/sudo
3501 +
3502 +set -e
3503 +
3504 +case "$1" in
3505 + start)
3506 + # make sure privileges don't persist across reboots
3507 + if [ -d /var/run/sudo ]
3508 + then
3509 + find /var/run/sudo -type f -exec touch -t 198501010000 '{}' \;
3510 + fi
3511 + ;;
3512 + stop|reload|restart|force-reload)
3513 + ;;
3514 + *)
3515 + echo "Usage: $N {start|stop|restart|force-reload}" >&2
3516 + exit 1
3517 + ;;
3518 +esac
3519 +
3520 +exit 0
3521 --- sudo-1.6.8p12.orig/debian/sudo-ldap.lintian
3522 +++ sudo-1.6.8p12/debian/sudo-ldap.lintian
3523 @@ -0,0 +1,3 @@
3524 +sudo-ldap: setuid-binary usr/bin/sudo 4755 root/root
3525 +sudo-ldap: postrm-contains-additional-updaterc.d-calls /etc/init.d/sudo-ldap
3526 +sudo-ldap: script-in-etc-init.d-not-registered-via-update-rc.d /etc/init.d/sudo-ldap
3527 --- sudo-1.6.8p12.orig/debian/sudo-ldap.dirs
3528 +++ sudo-1.6.8p12/debian/sudo-ldap.dirs
3529 @@ -0,0 +1,7 @@
3530 +etc/pam.d
3531 +usr/bin
3532 +usr/share/man/man8
3533 +usr/share/man/man5
3534 +usr/sbin
3535 +usr/share/doc/sudo-ldap/examples
3536 +usr/share/lintian/overrides
3537 --- sudo-1.6.8p12.orig/debian/sudo-ldap.docs
3538 +++ sudo-1.6.8p12/debian/sudo-ldap.docs
3539 @@ -0,0 +1,11 @@
3540 +debian/OPTIONS
3541 +BUGS
3542 +RUNSON
3543 +UPGRADE
3544 +PORTING
3545 +TODO
3546 +HISTORY
3547 +README
3548 +README.LDAP
3549 +TROUBLESHOOTING
3550 +sudoers2ldif
3551 --- sudo-1.6.8p12.orig/debian/postrm
3552 +++ sudo-1.6.8p12/debian/postrm
3553 @@ -0,0 +1,21 @@
3554 +#! /bin/sh
3555 +
3556 +set -e
3557 +
3558 +case "$1" in
3559 + purge)
3560 + rm -f /etc/sudoers
3561 + ;;
3562 +
3563 + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
3564 + ;;
3565 +
3566 + *)
3567 + echo "postrm called with unknown argument \`$1'" >&2
3568 + exit 1
3569 +
3570 +esac
3571 +
3572 +#DEBHELPER#
3573 +
3574 +exit 0
3575 --- sudo-1.6.8p12.orig/debian/OPTIONS
3576 +++ sudo-1.6.8p12/debian/OPTIONS
3577 @@ -0,0 +1,61 @@
3578 +The following options were used to configure sudo for Debian GNU/Linux.
3579 +
3580 + --with-exempt=sudo
3581 +
3582 + Any user in group 'sudo' will not need to type their password. It
3583 + is strongly recommended that no users be put in group sudo, and that
3584 + instead the NOPASSWD option in the sudoers file be used if desired.
3585 +
3586 + --with-pam
3587 +
3588 + Support for pluggable authentication modules.
3589 +
3590 + --with-ldap
3591 +
3592 + Support for LDAP authentication.
3593 +
3594 + --with-fqdn
3595 +
3596 + Allow use of fully qualified domain names in the sudoers file.
3597 +
3598 + --disable-root-mailer
3599 +
3600 + Send mail as the invoking user, not as root.
3601 +
3602 + --with-logging=syslog
3603 + --with-logfac=authpriv
3604 +
3605 + Where logging information goes.
3606 +
3607 + --with-env-editor
3608 + --with-editor=/usr/bin/editor
3609 +
3610 + Honor the EDITOR and VISUAL environment variables. If they are not
3611 + present, default to the Debian default system editor.
3612 +
3613 + --with-timeout=15
3614 + --with-password-timeout=0
3615 +
3616 + Allow 15 minutes before a user has to re-type their passord, versus
3617 + the sudo usual default of 5. Never time out while waiting for a
3618 + password to be typed, this is a seriously big deal for Debian package
3619 + developers using 'dpkg-buildpackage -rsudo'.
3620 +
3621 + --with-secure-path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:\
3622 + /sbin:/bin:/usr/X11R6/bin"
3623 +
3624 + Give a reasonable default path for commands run as root via sudo.
3625 +
3626 + --with-all-insults
3627 +
3628 + Include all the insults in the binary, won't be enabled unless turned
3629 + on in the sudoers file.
3630 +
3631 + --with-sendmail=/usr/sbin/sendmail
3632 +
3633 + Use Debian policy to know the location of sendmail instead of trying
3634 + to detect it at build time.
3635 +
3636 + --disable-setresuid
3637 +
3638 + Linux 2.2 kernels don't support setresgid.
3639 --- sudo-1.6.8p12.orig/debian/copyright
3640 +++ sudo-1.6.8p12/debian/copyright
3641 @@ -0,0 +1,72 @@
3642 +This is the Debian GNU/Linux prepackaged version of sudo. sudo is
3643 +used to provide limited super user privileges to specific users.
3644 +
3645 +This package was put together by Bdale Garbee <bdale@gag.com> using sources
3646 +from
3647 + ftp://ftp.cs.colorado.edu/pub/sudo/
3648 +
3649 +Sudo is distributed under the following BSD-style license:
3650 +
3651 + Copyright (c) 1994-1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
3652 + All rights reserved.
3653 +
3654 + Redistribution and use in source and binary forms, with or without
3655 + modification, are permitted provided that the following conditions
3656 + are met:
3657 +
3658 + 1. Redistributions of source code must retain the above copyright
3659 + notice, this list of conditions and the following disclaimer.
3660 +
3661 + 2. Redistributions in binary form must reproduce the above copyright
3662 + notice, this list of conditions and the following disclaimer in the
3663 + documentation and/or other materials provided with the distribution.
3664 +
3665 + 3. The name of the author may not be used to endorse or promote products
3666 + derived from this software without specific prior written permission
3667 + from the author.
3668 +
3669 + 4. Products derived from this software may not be called "Sudo" nor
3670 + may "Sudo" appear in their names without specific prior written
3671 + permission from the author.
3672 +
3673 + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
3674 + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
3675 + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
3676 + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
3677 + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
3678 + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
3679 + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
3680 + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
3681 + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
3682 + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3683 +
3684 +
3685 +Additionally, lsearch.c, fnmatch.c, getcwd.c, snprintf.c, strcasecmp.c
3686 +and fnmatch.3 bear the following UCB license:
3687 +
3688 + Copyright (c) 1987, 1989, 1990, 1991, 1993, 1994
3689 + The Regents of the University of California. All rights reserved.
3690 +
3691 + Redistribution and use in source and binary forms, with or without
3692 + modification, are permitted provided that the following conditions
3693 + are met:
3694 + 1. Redistributions of source code must retain the above copyright
3695 + notice, this list of conditions and the following disclaimer.
3696 + 2. Redistributions in binary form must reproduce the above copyright
3697 + notice, this list of conditions and the following disclaimer in the
3698 + documentation and/or other materials provided with the distribution.
3699 + 3. Neither the name of the University nor the names of its contributors
3700 + may be used to endorse or promote products derived from this software
3701 + without specific prior written permission.
3702 +
3703 + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
3704 + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3705 + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3706 + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
3707 + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3708 + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3709 + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3710 + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3711 + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3712 + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3713 + SUCH DAMAGE.
3714 --- sudo-1.6.8p12.orig/debian/sudo.pam
3715 +++ sudo-1.6.8p12/debian/sudo.pam
3716 @@ -0,0 +1,4 @@
3717 +#%PAM-1.0
3718 +
3719 +@include common-auth
3720 +@include common-account
3721 --- sudo-1.6.8p12.orig/debian/source.lintian-overrides
3722 +++ sudo-1.6.8p12/debian/source.lintian-overrides
3723 @@ -0,0 +1 @@
3724 +sudo source: maintainer-script-lacks-debhelper-token debian/postinst
3725 --- sudo-1.6.8p12.orig/sample.sudoers
3726 +++ sudo-1.6.8p12/sample.sudoers
3727 @@ -35,16 +35,16 @@
3728 # Cmnd alias specification
3729 ##
3730 Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
3731 - /usr/sbin/rrestore, /usr/bin/mt
3732 -Cmnd_Alias KILL = /usr/bin/kill
3733 + /usr/sbin/rrestore, /bin/mt
3734 +Cmnd_Alias KILL = /bin/kill
3735 Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
3736 -Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
3737 -Cmnd_Alias HALT = /usr/sbin/halt
3738 -Cmnd_Alias REBOOT = /usr/sbin/reboot
3739 -Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
3740 - /usr/local/bin/tcsh, /usr/bin/rsh, \
3741 - /usr/local/bin/zsh
3742 -Cmnd_Alias SU = /usr/bin/su
3743 +Cmnd_Alias SHUTDOWN = /sbin/shutdown
3744 +Cmnd_Alias HALT = /sbin/halt
3745 +Cmnd_Alias REBOOT = /sbin/reboot
3746 +Cmnd_Alias SHELLS = /sbin/sh, /bin/sh, /bin/csh, /usr/bin/ksh, \
3747 + /usr/bin/tcsh, /usr/bin/rsh, \
3748 + /usr/bin/zsh
3749 +Cmnd_Alias SU = /bin/su
3750 Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
3751 /usr/bin/chfn
3753 @@ -82,7 +82,7 @@
3754 sudoedit /etc/printcap, /usr/oper/bin/
3756 # joe may su only to operator
3757 -joe ALL = /usr/bin/su operator
3758 +joe ALL = /bin/su operator
3760 # pete may change passwords for anyone but root on the hp snakes
3761 pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
3762 @@ -96,13 +96,13 @@
3764 # users in the secretaries netgroup need to help manage the printers
3765 # as well as add and remove users
3766 -+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
3767 ++secretaries ALL = PRINTING, /usr/sbin/adduser, /usr/bin/rmuser
3769 # fred can run commands as oracle or sybase without a password
3770 fred ALL = (DB) NOPASSWD: ALL
3772 # on the alphas, john may su to anyone but root and flags are not allowed
3773 -john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
3774 +john ALPHA = /bin/su [!-]*, !/bin/su *root*
3776 # jen can run anything on all machines except the ones
3777 # in the "SERVERS" Host_Alias
3778 --- sudo-1.6.8p12.orig/sudo.tab.c
3779 +++ sudo-1.6.8p12/sudo.tab.c
3780 @@ -138,6 +138,7 @@
3781 } \
3782 match[top].user = UNSPEC; \
3783 match[top].cmnd = UNSPEC; \
3784 + match[top].cmndall= UNSPEC; \
3785 match[top].host = UNSPEC; \
3786 match[top].runas = UNSPEC; \
3787 match[top].nopass = def_authenticate ? UNSPEC : TRUE; \
3788 @@ -153,6 +154,7 @@
3789 } \
3790 match[top].user = match[top-1].user; \
3791 match[top].cmnd = match[top-1].cmnd; \
3792 + match[top].cmndall= match[top-1].cmndall; \
3793 match[top].host = match[top-1].host; \
3794 match[top].runas = match[top-1].runas; \
3795 match[top].nopass = match[top-1].nopass; \
3796 @@ -1739,6 +1741,7 @@
3797 }
3798 }
3800 + SETMATCH(cmnd_all, TRUE);
3801 yyval.BOOLEAN = TRUE;
3802 }
3803 break;
3804 @@ -1769,6 +1772,7 @@
3805 YYERROR;
3806 }
3807 }
3808 + SETMATCH(cmnd_all, FALSE);
3809 yyval.BOOLEAN = NOMATCH;
3810 }
3811 free(yyvsp[0].string);
3812 @@ -1800,6 +1804,7 @@
3813 free(yyvsp[0].command.cmnd);
3814 if (yyvsp[0].command.args)
3815 free(yyvsp[0].command.args);
3816 + SETMATCH(cmnd_all, FALSE);
3817 }
3818 break;
3819 case 65:
3820 --- sudo-1.6.8p12.orig/ldap.c
3821 +++ sudo-1.6.8p12/ldap.c
3822 @@ -256,9 +256,10 @@
3823 * Walks through search result and returns true if we have a
3824 * command match
3825 */
3826 -int sudo_ldap_check_command(ld,entry)
3827 +int sudo_ldap_check_command(ld,entry,all)
3828 LDAP *ld;
3829 LDAPMessage *entry;
3830 + int* all;
3831 {
3832 char **v=NULL;
3833 char **p=NULL;
3834 @@ -267,6 +268,8 @@
3835 int ret=0;
3836 int foundbang;
3838 + *all=0;
3839 +
3840 if (!entry) return ret;
3842 v=ldap_get_values(ld,entry,"sudoCommand");
3843 @@ -277,6 +280,7 @@
3845 /* Match against ALL ? */
3846 if (!strcasecmp(*p,"ALL")) {
3847 + *all=1;
3848 ret=1;
3849 if (ldap_conf.debug>1) printf(" MATCH!\n");
3850 continue;
3851 @@ -711,6 +715,7 @@
3852 /* flags */
3853 int ldap_user_matches=0;
3854 int ldap_host_matches=0;
3855 + int command_all=0;
3857 if (!sudo_ldap_read_config()) return VALIDATE_ERROR;
3859 @@ -896,7 +901,7 @@
3860 /* add matches for listing later */
3861 sudo_ldap_add_match(ld,entry) &&
3862 /* verify command match */
3863 - sudo_ldap_check_command(ld,entry) &&
3864 + sudo_ldap_check_command(ld,entry,&command_all) &&
3865 /* verify runas match */
3866 sudo_ldap_check_runas(ld,entry)
3867 )
3868 @@ -907,6 +912,7 @@
3869 sudo_ldap_parse_options(ld,entry);
3870 /* make sure we dont reenter loop */
3871 ret=VALIDATE_OK;
3872 + if(command_all) SET(ret,FLAG_CMND_ALL);
3873 /* break from inside for loop */
3874 break;
3875 }
3876 --- sudo-1.6.8p12.orig/sudo.c
3877 +++ sudo-1.6.8p12/sudo.c
3878 @@ -106,10 +106,11 @@
3879 static void set_loginclass __P((struct passwd *));
3880 static void usage __P((int));
3881 static void usage_excl __P((int));
3882 +static void create_admin_success_flag __P((void));
3883 static struct passwd *get_authpw __P((void));
3884 extern int sudo_edit __P((int, char **));
3885 extern void list_matches __P((void));
3886 -extern char **rebuild_env __P((char **, int, int));
3887 +extern char **rebuild_env __P((char **, int, int, int));
3888 extern char **zero_env __P((char **));
3889 extern struct passwd *sudo_getpwnam __P((const char *));
3890 extern struct passwd *sudo_getpwuid __P((uid_t));
3891 @@ -368,11 +369,15 @@
3893 /* Build a new environment that avoids any nasty bits if we have a cmnd. */
3894 if (ISSET(sudo_mode, MODE_RUN))
3895 - new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC));
3896 + new_environ = rebuild_env(envp, sudo_mode, ISSET(validated, FLAG_NOEXEC), ISSET(validated, FLAG_CMND_ALL));
3897 else
3898 new_environ = envp;
3900 if (ISSET(validated, VALIDATE_OK)) {
3901 + /* If the user is in the admin group, create a dotfile to signal that
3902 + * sudo was executed successfully. */
3903 + create_admin_success_flag();
3904 +
3905 /* Finally tell the user if the command did not exist. */
3906 if (cmnd_status == NOT_FOUND_DOT) {
3907 warnx("ignoring `%s' found in '.'\nUse `sudo ./%s' if this is the `%s' you wish to run.", user_cmnd, user_cmnd, user_cmnd);
3908 @@ -1156,3 +1161,46 @@
3909 putchar('\n');
3910 exit(exit_val);
3911 }
3912 +
3913 +static void create_admin_success_flag(void)
3914 +{
3915 + struct group* admin;
3916 + char** g;
3917 + int is_admin;
3918 + char flagfile[PATH_MAX];
3919 + int f;
3920 +
3921 + if (!sudo_user.pw || !sudo_user.pw->pw_name || !sudo_user.pw->pw_dir)
3922 + return;
3923 +
3924 + /* check whether the user is in the admin group */
3925 + admin = getgrnam("admin");
3926 + if (!admin || !admin->gr_mem)
3927 + return;
3928 + is_admin = 0;
3929 + for (g = admin->gr_mem; *g; ++g) {
3930 + if (!strcmp(*g, sudo_user.pw->pw_name)) {
3931 + is_admin = 1;
3932 + break;
3933 + }
3934 + }
3935 + if (!is_admin)
3936 + return;
3937 +
3938 + /* build path to flag file */
3939 + snprintf(flagfile, sizeof(flagfile), "%s/.sudo_as_admin_successful",
3940 + sudo_user.pw->pw_dir);
3941 + if (strlen(flagfile) >= sizeof(flagfile)-1)
3942 + return;
3943 +
3944 + /* do nothing if the file already exists */
3945 + if (!access(flagfile, F_OK))
3946 + return;
3947 +
3948 + /* create file */
3949 + f = open(flagfile, O_CREAT|O_WRONLY|O_EXCL, 0644);
3950 + if(f >= 0) {
3951 + fchown(f, sudo_user.pw->pw_uid, sudo_user.pw->pw_gid);
3952 + close(f);
3953 + }
3954 +}
3955 --- sudo-1.6.8p12.orig/sudo.h
3956 +++ sudo-1.6.8p12/sudo.h
3957 @@ -65,6 +65,7 @@
3958 #define FLAG_NO_HOST 0x080
3959 #define FLAG_NO_CHECK 0x100
3960 #define FLAG_NOEXEC 0x200
3961 +#define FLAG_CMND_ALL 0x400
3963 /*
3964 * Pseudo-boolean values
3965 --- sudo-1.6.8p12.orig/parse.c
3966 +++ sudo-1.6.8p12/parse.c
3967 @@ -200,7 +200,8 @@
3968 set_perms(PERM_ROOT);
3969 return(VALIDATE_OK |
3970 (no_passwd == TRUE ? FLAG_NOPASS : 0) |
3971 - (no_execve == TRUE ? FLAG_NOEXEC : 0));
3972 + (no_execve == TRUE ? FLAG_NOEXEC : 0) |
3973 + (cmnd_all == TRUE ? FLAG_CMND_ALL : 0));
3974 } else if ((runas_matches == TRUE && cmnd_matches == FALSE) ||
3975 (runas_matches == FALSE && cmnd_matches == TRUE)) {
3976 /*
3977 --- sudo-1.6.8p12.orig/parse.h
3978 +++ sudo-1.6.8p12/parse.h
3979 @@ -29,6 +29,7 @@
3980 struct matchstack {
3981 int user;
3982 int cmnd;
3983 + int cmndall;
3984 int host;
3985 int runas;
3986 int nopass;
3987 @@ -46,6 +47,7 @@
3989 #define user_matches (match[top-1].user)
3990 #define cmnd_matches (match[top-1].cmnd)
3991 +#define cmnd_all (match[top-1].cmndall)
3992 #define host_matches (match[top-1].host)
3993 #define runas_matches (match[top-1].runas)
3994 #define no_passwd (match[top-1].nopass)